Privacy Policy

Privacy Policy

Introduction
Parasol Software Trading LLC, Office 1405, Latifa Tower, Sheik Zayed Road, Dubai, United Arab Emirates, (Trade License No. 758273) (hereinafter: Service Provider, data controller) [The ORGANISATION]submits to the following policy regarding the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46 (General Data Protection Regulation) OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (EU) 2016/679 (April 27, 2016). According to the General Data Protection Regulation, we provide the following information. This Privacy Policy governs the data processing of the following pages/mobile applications:

Definitions

1. Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
2. Data processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transfer, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
3. Data controller: a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
4. Data processor: a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
5. Recipient: a natural or legal person, public authority, agency, or another body to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
6. Consent of the data subject: any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
7. Personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

Principles of Processing of Personal Data
Personal data must be

1. processed lawfully, fairly, and in a transparent manner in relation to the data subject (‘lawfulness, fairness, and transparency’);
2. ollected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes shall not be considered incompatible with the initial purposes (‘purpose limitation’ in accordance with Article 89 (1));
3. adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, subject to implementation of the appropriate technical and organizational measures required by this Policy in order to safeguard the rights and freedoms of the data subject (‘limited storage’);
6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).

The data controller is responsible for compliance with the above, and must be able to demonstrate compliance (‘accountability’).
The data controller declares that the processing of data is carried out in accordance with the principles set forth in this section.

Using the Affinect Service (Direct Marketing Activity)

1. Description/Operation of the Service: Affinect is a software suitable for direct marketing purposes. The software provides a registration interface accessible through the data controller's WiFi network to Guests (data subjects) visiting the data controller's Stores. The purpose of voluntary registration is to collect personal data provided with clear consent from individuals within the clientele and process them through profiling to create a returning clientele and conduct targeted direct marketing activities for these individuals. The software, using the WiFi network and utilizing the provided personal and non-personal data, identifies and documents the occurrences of previously registered individuals in the data controller's store(s). For this marketing activity, the software operator provides a web interface to the data controller, where based on the collected data, the data controller can conduct targeted direct marketing activities for the targeted clientele through the software's mailing system. The software provides interfaces to the data controller for editing marketing campaigns and campaign vouchers. The software also offers clientele analytics, providing the data controller with opportunities for proper planning of marketing activities. The Affinect software also provides analysis and evaluation of the effectiveness of conducted campaigns. Through the collection and categorization of personal data, the software is capable of defining an extended target audience and a larger target audience including the user (look alike). After registration, the Affinect software identifies and records every visit of the user with their MAC address as returning guest data, which can be used in determining target groups.
2. In accordance with Section 6 of Act XLVIII of 2008 on the Basic Conditions and Certain Limitations of Economic Advertising Activities, Users may expressly consent during registration to be contacted by the Service Provider with advertising offers and other communications at the contact details provided during registration.
3. Furthermore, Users, keeping in mind the provisions of this information, may consent to the processing of their personal data necessary for sending advertising offers by the Service Provider.
4. The Service Provider does not send unsolicited advertising messages, and Users can unsubscribe from receiving offers without restriction or justification, free of charge. In this case, the Service Provider will erase all personal data necessary for sending advertising messages from its records and will not contact the User with further advertising offers. Users can unsubscribe from advertisements by clicking on the link in the message.
5. Fact of data collection, scope of processed data, and purpose of data processing: Personal Data Purpose, Legal Basis, Name, E-mail address, phone number, date of birth, gender Identification, registration (creating user accounts), sending advertising messages Article 6 (1) a) of the General Data Protection Regulation (consent of the data subject) Section 6 (5) of Act XLVIII of 2008 on the Basic Conditions and Certain Limitations of Economic Advertising Activities. Profile data from social media accounts, profile picture, MAC address of the connecting device, operating system of the connected device, browser type, city, location data Profiling, direct marketing activity (display of targeted ads) Article 6 (1) a) of the General Data Protection Regulation (consent of the data subject) Date of visit, duration, frequency Profiling, direct marketing activity (display of targeted ads) Article 6 (1) a) of the General Data Protection Regulation (consent of the data subject) Time of registration, IP address at the time of registration Technical operation execution Article 6 (1) a) of the General Data Protection Regulation (consent of the data subject) For the e-mail address, it is not necessary to contain personal data.
6. Scope of Data Subjects: All data subjects using the Affinect service.
7. Purpose of Data Processing: Sending personalized electronic messages containing advertisements (E-mail, SMS, push messages) to the data subject, providing information about current information, products, promotions, new features, etc. The data controller conducts marketing activities via E-mails and campaigns for the target audience defined by itself.
8. Duration of Data Processing, Deadline for Data Erasure: Until the withdrawal of consent. The data subject can request withdrawal of consent from the data controller or delete their Affinect profile. With the deletion of the profile, personal data will be erased.
9. Identity of Potential Data Controllers Authorized to Access the Data, Recipients of Personal Data: The personal data can be processed by the data controller, as well as its sales and marketing employees, while respecting the above principles.
10. Description of the Rights of Data Subjects related to Data Processing: The data subject may request access to their personal data, rectification, erasure, or restriction of processing, and may object to the processing of personal data. The data subject also has the right to data portability, aswell as to withdraw consent at any time.
11. Data subjects can initiate access to personal data, its erasure, modification, or restriction of processing, data portability, or objection to the following methods: by post to the following address: 1121 Budapest, Laura u. 21/4, by e-mail to the ....... e-mail address, by phone at phone No. n/a.
12. Data subjects can delete their Affinect profile at any time, free of charge.
13. We inform you that: Data processing is based on your consent. Providing personal data is necessary if you want to receive targeted marketing messages. Failure to provide data will result in us being unable to send you targeted advertisements. You can withdraw your consent anytime by deleting your profile. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.