Barion Pixel
keyboard_arrow_up

Privacy Policy

Last updated: 12/07/2021

General Privacy Policy

1. Preamble

Capitalized terms used in this Privacy Policy (hereinafter: "PP") are defined in part here, in part in the General Terms and Conditions which is available here.

At Digital Performance Kft. (registered office: HU-1062 Budapest, Andrássy út 91. 2/12; company register no.: 01-09-377616; e-mail: support@joyfulreviews.com; hereinafter: "Service Provider", "We", "Us"), We want to give you the best possible experience to ensure that you enjoy our Service today and in the future. We appreciate that you are trusting Us with information that is important for you, and We believe that transparency is the key to any healthy relationship. So, We want to transparently explain how and why We gather, store, share and use your personal data, outline the controls and choices you have around when as well as the measure We take to keep your personal data safe.

The highest level of protection of personal data is a priority for the Service Provider.

This PP aims to give information to the non-registered users (Shoppers) of www.edureviews.io, www.joyfulreviews.com, www.mlmnext.io, www.stickyfingers.io and www.opportulist.com website (hereinafter "Websites") on the data processing related to the operation. The Service Provider’s data processing is in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as the "GDPR").

The Service Provider, as data controller, accepts the content of this legal notice as mandatory. The Service Provider commits to comply its data processing to the present PP and to the applicable legislation in force.

We hereby inform you on the main aspects of our data processing.

2. General Provisions

The principles of Service Provider’s data processing comply with the existing applicable data protection legislation, in particular the GDPR.

The Service Provider does not process special categories of personal data for the purposes specified in this PP.

For processing your personal data, the Service Provider uses the following processors:

  • Our web hosting service provider for operating our Websites, and
  • Our IT supporter for providing IT support in relation to the operation of our Websites.

The Service Provider only discloses your processed personal data to the members and employees of the Service Provider whose access to your personal data is vital to the achievement of the purpose of processing.

The Service Provider processes your personal data in confidence and implements appropriate technical and organisational measures to ensure their protection. Furthermore, the Service Provider creates appropriate procedures provisions that are necessary to implement the regulations of GDPR and other domestic and international data protection laws.

The Service Provider reserves the right to modify this PP at any time. Naturally, we will notify our partners and customers in sufficient time of any changes.

3. Special Provisions applied to our Data Processing

  • Registration data processing

The non-registered users of the Websites have the opportunity to register to our Websites. The registering users (Brand, Creator, Influencer) have to accept another Privacy Policy (available here) during the registration, in connection with the data processing of the registered user’s data.

  • Processing for marketing purposes
  • Newsletter service / Direct marketing

We may send newsletters to our non-registered users who subscribed to our newsletter/marketing materials on the Websites.

Purpose of the processing: to inform our non-registered users on the latest news regarding our Services, awareness raising and relationship management.

Scope of the processing: e-mail address, the consent of the data subject (declaration of consent)

Legal basis of processing: The legal basis of the Service Provider’s data processing is the freely given consent of the data subject (Article 6 (1) (a) of GDPR).

Data retention period: The Service Provider only processes your collected personal data until it is compatible with its purposes, but no later than the withdrawal of consent by the data subject.

Please note that withdrawal of consent and the erasure or modification of personal data can be requested on the following contact details: e-mail: support@joyfulreviews.com

  • Prize game

We may organize prize game to our non-registered users who apply to the prize game on the Websites.

Purpose of the processing: to participate the non-registered users in the prize game.

Scope of the processing: name, e-mail address, the consent of the data subject (declaration of consent)

Legal basis of processing: The legal basis of the Service Provider’s data processing is the freely given consent of the data subject (Article 6 (1) (a) of GDPR).

Data retention period: The Service Provider only processes your collected personal data until it is compatible with its purposes, but no later than the withdrawal of consent by the data subject.

Please note that withdrawal of consent and the erasure or modification of personal data can be requested on the following contact details: e-mail: support@joyfulreviews.com

  • Processing for the purpose of user relationship management

Purpose of the processing: user relationship management and facilitating to get in contact with the Service Provider. In case you would like to contact us, you can do it on our contact details indicated in this PP and on our Websites (support@joyfulreviews.com).

Scope of the processing: name and contact details (phone number and/or e-mail address) of the data subjects, documents provided by the requesting party, the description of the request and the consent of the data subject (declaration of consent).

Legal basis of processing: The legal basis of the Service Provider’s data processing is the freely given consent of the data subject (Article 6 (1) (a) of GDPR).

Data retention period: The Service Provider only processes your collected personal data until it is compatible with its purposes, but no later than the withdrawal of consent by the data subject.

  • Polls

Customer satisfaction has utmost importance to us, therefore we may send you polls and questionnaires the Users who subscribed to our newsletter/marketing materials or registered on the Websites.

Purpose of the processing: to recognize your opinion about our Services.

Scope of the processing: name and contact details (phone number and/or e-mail address) of the data subject, your opinion and the consent of the data subject (declaration of consent).

Legal basis of processing: The legal basis of the Service Provider’s data processing is the freely given consent of the data subject (Article 6 (1) (a) of GDPR).

Data retention period: The Service Provider only processes your collected personal data until it is compatible with its purposes, but no later than the withdrawal of consent by the data subject.

  • Complaint handling, customer service

Personal data in connection with complaint handling and customer service is processed by us.

Purpose of the processing: to handle complaints concerning our Services. The complaint notice can be registered through email: support@joyfulreviews.com

Scope of the processing: name and contact details (phone number and/or e-mail address) of the data subject, name and price of the Service, time of the purchase and complaint notification, description of defect, claim required to be validated and the mode of settlement.

Legal basis of processing: performance of service (GDPR point b) section 1 of Article 6); compliance with legal obligations (GDPR point c) section 1 of Article 6); consent of data subject (GDPR point a) section 1 of Article 6)

Data retention period: invoices of the purchase, the records of the complaint and the replies and comments in the book of customers are kept until the maximum extent provided by the applicable law.

Data processors: The Service Provider.

Consequence of refusal of data provision: it would be impossible to investigate and settle the complaint.

  • Contacting the Service Provider

Purpose of the processing: In case data subject wishes to contact the Service Provider, it may do so through channels provided in present PP or the Websites.

Scope of the processing: name and contact details (phone number and/or e-mail address) of the data subject, description of the matter, documents attached by the data subject.

Legal basis of processing: The legal basis is the freely given consent of the data subject (Article 6 (1) (a) of GDPR), in case of complaint handling or sales service, compliance with legal obligation (GDPR point c) section 1 of Article 6).

Data retention period: records of the inquiry and the replies are kept until the maximum extent provided by the applicable law, in other case until the withdrawal of consent.

Data processors: The Service Provider.

Consequence of refusal of data provision: it would be impossible to investigate and settle the complaint.

  • Processing on the Websites
  • Logging on the server of the Websites

When visiting one of our Websites, the webserver does not record any personal data.

Data logging for external service providers:

The portal’s html code contains links to external servers that are independent form the Service Provider. The external service provider’s server is directly connected to the user’s computer. Please be aware of the fact, that the aforementioned service providers are able to collect user data (e.g.: IP address, browser, operating system details, cursor movement, name of the visited page and the date of the visit) due to the direct communication with the user’s browser.

  • Cookies at the Websites

The Service Provider and other service partners install cookies (small piece of information) in order to identify and track users and to read them back during internet usage. If your browser returns a previously saved cookie, the cookie operator has the capacity to link the User’s current visit to the previous ones for websites where the Service Provider or the external service providers’ cookies are installed.

The Service Provider uses cookies for the technical operation of the Website, for sending targeted newsletters and for statistical purposes. We inform you that cookies do not damage your computer and they do not contain viruses.

Cookies can be deleted from your computer and be blocked in your browser. To manage cookies, generally you can visit the menu point Tools / Preferences of your browser, then you shall visit the Privacy / History / Custom Settings menu point where cookies are found under the name of cookies or tracing.

The following external service providers have installed cookies on our Websites:

    • Google Analytics
    • Google Adwords
    • Facebook Pixel
    • Instagram
    • Twitter

The following cookies are used by Us on our Websites:

Name
Function
session
Used to identify our users and manage login sessions.
cookiepolicy
Used to determine the accepted cookie policy.
ageconfirm
Used to determine the age confirmation.
articles-viewed
Used to count the number of articles opened to offer a signup opportunity.
  • Google Analytics

Our Websites uses Google Analytics, as an external service provider who assists in the independent measurement and audit of the visits of the website and other web analytic data on the Websites.

Google Analytics uses cookies to operate the site’s web analytical system.

For further information on Google Analytics’(www.google.com/analytics) processing please visit http://www.google.com/intl/hu/policies.

Document called „How Google uses information from sites or apps that use our services” is available at the following link: http://www.google.com/intl/hu/policies/privacy/partners/.

  • Facebook

The data processing activity of the company’s Facebook page

When you are accessing the Service Provider’s Facebook page, we allow Facebook to collect cookies at your devices. We primarily determine the purposes and means of processing that data, upon which the Facebook provides us the statistical data. We inform you, that We as the administrator of our Facebook page and Facebook are considered as joint data controllers for processing these statistical data.

For further information on Facebook’s cookie policy, please visit the following link: https://www.facebook.com/policy/cookies/

Our Websites use Facebook’s services to provide insights about the people who like our Facebook page. The collected data are anonymous to the operator of the website, therefore no conclusion about the identity of the users can be drawn. However, the data is stored and processed by Facebook so that a connection to the users profile is possible, and Facebook can use the data for its own advertising purposes. Our websites include plugins for the social network Facebook. Facebook plugins can be recognized by the Facebook login or the Like button on our site.

For further information on Facebook’s processing please visit: https://www.facebook.com/about/privacy

Document called „Cookies and other storage technologies” is available at the following link: https://www.facebook.com/policies/cookies/

If you do not have a Facebook account, you can opt-out of Facebook-based advertising on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/uk/your-ad-choices

  • Instagram

Functions of the service of Instagram are integrated on our Websites, for further information on Instagram’s processing, please visit: https://help.instagram.com/519522125107875.

Document called „Cookies and other storage technologies” is available at the following link: https://www.facebook.com/help/instagram/1896641480634370.

  • Twitter

Functions of the service of Twitter are integrated on our Website, for further information on Twitter’s processing, please visit: https://twitter.com/en/privacy

  • Other processing

We provide information about processing that is not listed in this PP at the time when personal data are obtained. We inform our users that courts, prosecution, investigating authorities, the authority dealing with administrative offences, administrative authorities, the Office of the Commissioner for Personal Data Protection and other organs under the provisions of the applicable law may contact the Service Provider in order to receive notification or that Service Provider discloses, transfers personal data or provides documents to them.

The Service Provider will only provide information to the authorities – if they have indicated the exact purpose and scope of the personal data – that is .

4. Methods of storing personal data, Security of data processing

We and our data processors by taking into account the state of the technology, the costs of the execution, the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, implement appropriate technical and organisational measures to ensure the appropriate level of data protection.

We choose and operate IT tools for data processing so that the processed personal data:

  • is accessible to the authorised person (availability);
  • its authenticity and authentication are ensured (credibility of processing);
  • can be verified that there is no change in the data (data integrity);
  • is protected against unauthorised or unlawful access (confidentiality of data).

We protect your data with appropriate measures against unlawful access, alteration, transfer, disclosure, erasure or destruction, as well as accidental loss, damage, and the accidental unavailability due to the change of the used technic.

In order to protect the electronic processed personal data that are stored in our various registries, we provide appropriate technical measures to ensure that the stored personal data – unless it is permitted by law – cannot be directly linked and assigned to the data subjects.

The provided technical and organisational measures are in accordance with the current state of technology and they are compatible with the level of risks associated to ensure the security of processing.

During processing we respect and maintain

  • confidentiality: protecting the information so that it can only be accessed by those who are entitled to it;
  • integrity: protecting the accuracy and completeness of information and processing methods;
  • availability: ensuring that when the data subject needs it, he/she can actually access the information and she/he has procedures for it.

The Service Provider’s and our external service providers’ IT systems are protected against computer-aided fraud, espionage, sabotage, vandalism, fire and flood, as well as computer viruses, computer intrusion and denial-of-service attacks. The operator provides security through server-level and application-level security procedures. We inform you that electronic mails apart from the protocols (email, web, ftp etc.) that are transferred through the Internet are vulnerable to network threats that may lead to fraudulent activity, challenge of the contract and disclosure or modification of information. We shall take all the precautionary measures to protect you from such threats. Systems are monitored so that we could record all security dangers and provide evidence of any security incident. System monitoring also allows the controlling of the efficiency of the precautionary measures.

We, as data controller record potential personal data breaches, including facts and effects of the personal data breach and measures taken or proposed to be taken by us to address the personal data breach. We shall notify the Office of the Commissioner for Personal Data Protection on any potential personal data breach without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

Your password protects your account, so we encourage you to use a unique and strong password, limit access to your computer and browser, and – if you are Registered User – log out after you have finished using our Website.

5. Rights of the data subject

We inform you that in relation to the processing of your personal data you dispose the following rights:

    • Transparent information,
    • Right of access by the data subject,
    • Right to rectification,
    • Right to erasure (‘right to be forgotten’),
    • Right to restriction of processing,
    • Right to data portability,
    • Right to object,
    • Right to withdrawal of consent,
    • Right to effective remedy.
  • Transparent information

We are obliged to provide you with information - in accordance with the provisions of the GDPR - about the processing of your personal data. We fulfil our obligation by providing the present Privacy Policy to you. Please be aware of the fact, that if you have further questions in relation to the processing of your personal data you can exercise your right of access.

  • Right of access by the data subject

You have the right to get information whether we process your personal data and if so, you may demand a detailed prospectus that contains the following information:

    • the reason of the data processing,
    • the scope of the processed personal data,
    • the source of the processed data,
    • the recipient of the data,
    • the term of the storage of the processed personal data,
    • in case of an international transfer of your personal data, the guarantees of the transfer, and
    • a repeated information on your rights in relation to the processing of your personal data and your right to lodge a complaint with a supervisory authority.

For your request we may give you a copy of your processed personal data free of charge.

For further copies we may charge you with a reasonable fee taking into account the administrative costs of providing such information. We provide information by electronic means for your request. You may exercise your right of access in writing at the following contact details: e-mail address: support@joyfulreviews.com

Upon your request, the aforementioned information may be provided orally if your identity is proven genuinely.

  • Right to rectification

For your request we rectify, correct or complete your inaccurate personal data (e.g. your date of birth is inaccurate, your e-mail address or your name has changed).

  • Right to erasure

You may request that we erase your processed personal data without undue delay if,

    • the purpose of the data processing no longer justifies the processing,
    • consent is the legal basis of the processing and you have withdrawn your consent (and there is no other applicable legal basis),
    • you object the processing and there are no overriding legitimate grounds for the processing,
    • the personal data have been unlawfully processed, or
    • the personal data have to be erased under legal obligation.

The right of erasure cannot be exercised if the processing is necessary for exercising the right of freedom of expression and information, the compliance with a legal obligation that the Service Provider is subject to, or for the performance of a public task, or reasons of public interest in the area of public health or archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, or for the establishment, exercise or defence of legal claims.

  • Right to restriction of processing

If you exercise this right and according to the applicable law you shall obtain restriction of processing, we cannot process your personal data (therefore we cannot transfer or organise your data) – with the exception of storage – unless you consent or it is necessary for the establishment, exercise or defence of the Service Provider’s legal claims.

When can you exercise this right?

    • If you claim that your personal data is inaccurate, for a period while we examine the accuracy of your data.
    • If the processing is unlawful but instead of erasure, you request the restriction of your data.
    • If we no longer need your personal data (for the purpose of the processing) however you request that we store them (e.g. for the establishment, exercise or defence of legal claims).
    • If you object the processing, for a period while we verify whether our legitimate grounds override those of yours.

We inform you before the restriction of the processing is lifted (e.g. your inaccurate data have been rectified or we declined your request of restriction).

  • Right to data portability

If the legal basis of the processing is your consent or the performance of a contract and the processing is carried out by automated means you may request to receive the personal data that concerns you and which you provided us, in a structured, commonly used and machine-readable format You may also request that we transmit your data to another controller.

We inform you that we do not process your personal data by automated means.

  • Right to object

You may object on the grounds relating to your particular situation, at any time to the processing of personal data concerning you if the legal basis of the processing is the legitimate interest of the Service Provider. In this case, we will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

If we process your personal data for direct marketing purposes (e.g. newsletter) you can object the processing of your personal data concerning you at any time. We will no longer process your personal data if you object the processing.

  • Right to withdraw a consent

You have the right to withdraw your consent at any time during the processing.

We inform you that the withdrawal of your consent shall not affect the lawfulness of processing based on your consent before its withdrawal.

You can exercise your right by the following methods:

    • You can unsubscribe from our newsletter or marketing e-mail by clicking to the unsubscribe button provided in our e-mail.
    • Or you can notify us at the following e-mail address that you would like to withdraw your consent: support@joyfulreviews.com
  • Procedural provisions

Please note that we will notify you on the action taken without undue delay, but within one month of receipt of your request. We may extend the period by further two months if it is necessary due to the complexity and the number of the requests. We inform you on the extension within one month of the receipt of your request.

If you submit your request by electronic means, the Service Provider will give you the information by electronic means (unless you request otherwise).

If we do not take any action on your request, we inform you - without any undue delay and at the latest within one month of the receipt of your request - on its reasons and on the possibility to lodge a complaint with the Data Protection Authority and to seek a judicial remedy.

We inform you that we provide the requested information free of charge. If your request is clearly unfounded or excessive, in particular because of its repetitive character, we can charge you with a reasonable fee for administrative costs or we can refuse to take action on your request.

We communicate any rectification or erasure of personal data or rectification of processing to each recipient with whom we have provided your personal information (unless it is impossible). Upon your request, we inform you about these recipients.

  • Right to compensation

The Service Provider compensates your damages that we caused by unlawful processing or breaching the data protection requirements. In case of the violation of the rights relating to your personality, you are entitled to restitution in accordance with the applicable provisions.

We inform you that the Service Provider is liable for any damages caused by a data processor that we used during the processing of your personal data. The Service Provider shall be relieved of liability if the damage occurred in consequence of unforeseen circumstances beyond our control.

We inform you that the Service Provider is liable for any damages caused by a data processor that we used during the processing of your personal data. The Service Provider shall be relieved of liability if the damage occurred in consequence of unforeseen circumstances beyond our control.

  • Remedies
  • Right to a judicial remedy

If you consider that your rights under data protection law have been infringed (e.g. you couldn’t exercise your aforementioned rights, you didn’t receive any information on the processing etc.) you may file for court action against the controller before the general court in whose jurisdiction your home address or habitual residence is located. The court shall hear such cases in priority proceedings. We inform you that lawsuits related to personal data protection are free of charge.

  • Right to lodge a complaint with a supervisory authority

If you consider that your rights under data protection law have been infringed, you can choose to lodge a complaint with the National Authority for Data Protection and Freedom of Information.

Name: National Authority for Data Protection and Freedom of Information (“Nemzeti Adatvédelmi és Információs Hatóság” in Hungarian)
Seat: Falk Miksa utca 9-11, 1055 Budapest, Hungary.
Mailing address: 1363 Budapest, Pf.: 9.
E-mail: ugyfelszolgalat@naih.hu

Privacy Policy for Account Holders

1. Preamble

At Digital Performance Kft. (registered office: HU-1062 Budapest, Andrássy út 91. 2/12; company register no.: 01-09-377616; e-mail: support@joyfulreviews.com; hereinafter: "Service Provider", "We", "Us"), We want to give you the best possible experience to ensure that you enjoy our Service today and in the future. We appreciate that you are trusting Us with information that is important for you, and We believe that transparency is the key to any healthy relationship. So, We want to transparently explain how and why We gather, store, share and use your personal data, outline the controls and choices you have around when as well as the measure We take to keep your personal data safe.

The highest level of protection of personal data is a priority for the Service Provider.

This Privacy Policy aims to

  • give you information relating to your personal data relationship with Us;
  • ensure that you understand what personal data We collect about you and for how long, the reasons why We collect and use it, and who We share it with;
  • we explain your rights and choices in relation to the personal data We collect and process about you and how We protect your privacy.

We hope this helps you to understand our privacy commitments to you. For information on how to contact us if you ever have any questions or concerns, please see our contact details below.

Definitions with capital letters shall have the same meanings as defined in our General Privacy Policy and our General Terms and Conditions applicable at the time of the data processing.

2. How do we collect your personal data?

We collect personal data in the following ways:

  • When your account (Brand, Creator, Influencer) is created (hereinafter referred to as "Account") in order to use the online services of our Websites (hereinafter referred to as "Online Services"). We collect certain personal data such us your name/company name, email address, password, country (of your location) and the date of birth so you can use the Online Services. This is the only information you have to provide to create an account with us.
  • As a registered user to experience or use our Online Services, you may choose to provide us with additional information, or give us your permission to collect additional data

3. What personal data do we collect from you?

The table below presents the categories of personal data we collect and use about you:

Categories of personal data
Description of category
Account registration data
  • email address
  • name/company name
  • password
  • additional data: country and date of birth
The only personal data that you need to provide us to create an Account and to use the Online Services includes your email address, name/company name and password.
Content of your description and reviews
  • The content of the texts of your description and reviews
If you provide any personal data at your description or your reviews we process it.
Monthly/Yearly subscription
  • name/company name
  • tax number
  • credit or debit card details (card number, expiry date of the card (month/year) and CVC code (card security code)
  • address/seat
  • email address
When you purchase monthly/yearly subscription in order to use our Online Services (namely (i) subscription for advertising as a Brand, (ii) subscription for Creator/Influencer in order to create Reviews) that are only available for registered users We process your personal data related to online payments including your name/company name, your credit or debit card number, the expiration date of your card (month/year) and the CVC code (card security code) (hereinafter referred to as jointly as "Payment Data"). In order to send you an invoice on your purchases We process your address and e-mail address.

We process these data in order to fulfill your payments and to provide you with the necessary invoices.
Purchasing of a product of the Brand
  • name/company name
  • Payment Data
  • address/seat
If you purchase a product of the Brand indicated on our Websites we may collect and process your name/company name, your Payment Data, your address/seat and your email address.
Newsletter services
  • e-mail address
  • name/company name
  • consent to process your data
When you choose to be informed about the latest news regarding our services, we process your name/company name, your e-mail address to provide you with such information.
Complain handling, customer service
  • name/company name
  • contact details (phone number or e-mail address)
  • type of your Account and subscription fee
  • time of the subscription and complaint notification
  • description of defect
  • claim required to be validated and the mode of settlement.
In order to handle complaints concerning our Online Services. The complaint notice can be registered through email: support@joyfulreviews.com. During this procedure, We process your name/company name and contact details (phone number and/or e-mail address) of the data subject, type of your Account and subscription fee, time of the purchase and complaint notification, description of defect, claim required to be validated and the mode of settlement in order to be able to solve your problems.

4. What do we use your personal data for?

We have set out in the table below the reasons why we process personal data, the legal basis we rely upon that legally permits us to process your personal data, and the categories of personal data used for the purposes:

Categories of personal data that We use for the processing purpose
Legal basis for the processing purpose
Description of why We process your personal data
Account registration data
  • email address
  • name/company name
  • password
  • additional data: country and date of birth
Your consent; Section 6 (1) a) of the GDPR
Using the information that we collect, We are able to deliver our Online Services and allow you to create (or delete) your Account. We also collect this data to identify and distinguish you from our other clients.
Content of your description and reviews
  • The content of the texts of your description and reviews
  • Consent of the data subject; Section 6 (1) a) of GDPR;
  • Legal interest of the Service Provider; Section 6 (1) f) of GDPR
Please remember that the Service Provider processes (analyses, follows, records and logs) your activity on the Website.

This includes description, messages, comments, reviews and any other interactions.

We process this data based on your consent and on Our legal interest, in order to prevent and/or investigate unlawful and prohibited activities (e.g. illegal sexual or violent content).
Monthly/Yearly subscription
  • name/company name
  • tax number
  • Payment Data
  • address/seat
  • email address
  • Consent of the data subject; Section 6 (1) a) of GDPR;
  • Performance of a contract; Section 6 (1) b) of GDPR
We process your personal data in order to provide you access our Online Services.
Purchasing of a product of the Brand
  • name/company name
  • Payment Data
  • address/seat
  • email address
  • Consent of the data subject; Section 6 (1) a) of GDPR;
  • Performance of a contract; Section 6 (1) b) of GDPR
We process your personal data in order to act as an intermediary service provider for the Brand.
Newsletter services
  • e-mail address
  • name/company name
  • consent to process your data
  • Consent of the data subject; Section 6 (1) a) of GDPR
We process your data based on your consent to inform you on our latest news related to our Online Services.
Complain handling, customer service
  • name/company name
  • contact details (phone number or e-mail address)
  • type of your Account and subscription fee
  • time of the subscription and complaint notification
  • description of defect
  • claim required to be validated and the mode of settlement.
  • Consent of the data subject; Section 6 (1) a) of GDPR;
  • Performance of a contract; Section 6 (1) b) of GDPR;
  • Legal obligation, Section 6 (1) c) of the GDPR
We process your personal data in order to handle complaints concerning our Online Services. The complaint notice can be registered through email: support@joyfulreviews.com

If you require further information about the balancing test that the Service Provider has undertaken to justify its reliance on the legitimate interest legal basis, please contact us at support@joyfulreviews.com for further details.

5. How do we share your personal data?

Categories of recipients
Reason for sharing
Service Providers
We may transfer your personal data to technical service providers (such as accounting) who process it for us, based on our instructions, and in compliance with this policy and appropriate confidentiality and security measures. These partners provide us with services globally, including for information technology service providers which host, store, manage and maintain our Online Service.

We may transfer your personal data to our server service provider located in a third country (outside EEA). In this case we ensure contractually an essentially equivalent level of protection for your data in accordance with the Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data published by the European Data Protection Board.

We inform you that the rest of our service providers are located within the European Union.
Brand
We may transfer your personal data to the Brand in case of purchase of a product indicated on our Websites.
Law enforcement and data protection authorities
We should share your personal data when it is necessary to do so in order to comply with a legal obligation under applicable law, or respond to valid legal process, such as warrant, a court order, or a subpoena.

We can also share your personal data where it is necessary for the purpose of our own, or a third party’s legitimate interest relating to national security, law enforcement, litigation, criminal investigation, protecting the safety of any person, or to prevent death or imminent bodily harm, provided that we deem that such interest is not overridden by your interests or fundamental rights and freedoms requiring the protection of your personal data.

6. Data retention and deletion

Categories of personal data
Description of category
Your personal data collected
We keep your Account active for [1] year from the expiration date of your subscription, after which the Service Provider deletes your Account, unless you ask for deletion at an earlier time. Before deleting your Account, we send you a warning e-mail in order to inform you thereof.

7. Data retention and deletion

We are committed to protect your personal data so are our processors by taking into account the state of the technology, the costs of the execution, the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, implement appropriate technical and organisational measures to ensure the appropriate level of data protection. However, please note that no system is ever completely secure.

We choose and operate IT tools for processing so that the processed personal data is:

  • accessible to the authorised person (availability);
  • authenticity and authentication (credibility of processing);
  • it can be verified there is no change in the data (data integrity);
  • protection against unauthorised or unlawful access (confidentiality of data).

We protect your data with appropriate measures against unlawful access, alteration, transfer, disclosure, erasure or destruction, as well as accidental loss, damage, and the accidental unavailability due to the change of the used technic.

In order to protect the electronic processed personal data that are stored in our various registries, we provide appropriate technical measures to ensure that the stored personal data - unless it is permitted by law - cannot be directly linked and assigned to the data subjects.

The provided technical and organisational measures are in accordance with the current state of technology and they are compatible with the level of risks associated to ensure the security of processing.

During processing we respect and maintain

  • confidentiality: protecting the information so that it can only be accessed by those who are entitled to it;
  • integrity: protecting the accuracy and completeness of information and processing methods;
  • availability: ensuring that when the data subject needs it, he/she can actually access the information and she/he has procedures for it.

Our and our partners’ IT systems are protected against computer-aided fraud, espionage, sabotage, vandalism, fire and flood, as well as computer viruses, computer intrusion and denial-of-service attacks. The operator provides security through server-level and application-level security procedures. We inform you that electronic mails apart from the protocols (email, web, ftp etc.) that are transferred through the Internet are vulnerable to network threats that may lead to fraudulent activity, challenge of the contract and disclosure or modification of information. We shall take all the precautionary measures to protect you from such threats. Systems are monitored so the we can record all security dangers and provide evidence of any security incident. System monitoring also allows the controlling of the efficiency of the precautionary measures.

We, as data controller record potential personal data breaches, including facts and effects of the personal data breach and measures taken or proposed to be taken by us to address the personal data breach. We shall notify the Hungarian National Data Protection and Freedom of Information Authority on any potential personal data breach without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

Your password protects your account, so we encourage you to use a unique and strong password, limit access to your computer and browser, and – if you are Registered User – log out after you have finished using our Website.

8. Our policy for registration

In case of commercial economy activity, natural persons are not permitted to create Account at our Websites due to the business activity. In this case, natural persons can only register as a sole proprietorship or in any other legal form which entitles them to carry on business activity. The person registering has to make a declaration to that effect.

In case We learn that we have collected the personal information of a natural person without any permission to carry on business activity We will take steps to declare you and – if necessary – delete the Account as soon as possible.

In case of non-commercial economy activity, natural persons (over age of 18 or under age of 18 with a written consent of the legal representative of the child) are permitted to create Account.

In case of the www.joyfulreviews.com, persons under the age of 18 (or any other minimum age in the jurisdiction where that person resides) are not permitted to create Accounts and visit the website.

9. Processing of Our Websites

  • Logging on the server of the Websites
  • When visiting any of our Websites, the webserver does not record any personal data.

    Data logging for external service providers:

    The portal’s html code contains links to external servers that are independent form the Service Provider. The external service provider’s server is directly connected to the User’s computer. Please be aware of the fact, that the aforementioned service providers are able to collect user data (e.g.: IP address, browser, operating system details, cursor movement, name of the visited page and the date of the visit) due to the direct communication with the user’s browser.

  • Cookies at the Websites
  • Our cookie policy available here.

    The Service Provider and other service partners install cookies (small piece of information) in order to identify and track users and to read them back during internet usage. If your browser returns a previously saved cookie, the cookie operator has the capacity to link the User’s current visit to the previous ones for websites where the Service Provider or the external service providers’ cookies are installed.

    The Service Provider uses cookies for the technical operation of the Website, for sending targeted newsletters and for statistical purposes. We inform you that cookies do not damage your computer and they do not contain viruses.

    Cookies can be deleted from your computer and be blocked in your browser. To manage cookies, generally you can visit the menu point Tools / Preferences of your browser, then you shall visit the Privacy / History / Custom Settings menu point where cookies are found under the name of cookies or tracing.

    The following external service providers have installed cookies on our Website:

    • Google Analytics
    • Google Adwords
    • Facebook Pixel
    • Instagram
    • Twitter

Please see the point 3.5.3-3.5.6 of our General Privacy Policy available here for the further information in connection with our external service providers’ cookies.

10. Other processing

We provide information about processing that is not listed in this policy at the time when personal data are obtained. We inform our Users that courts, prosecution, investigating authorities, the authority dealing with administrative offences, administrative authorities, the Office of the Commissioner for Personal Data Protection and other organs under the provisions of the applicable law may contact the Service Provider in order to receive notification or that Service Provider discloses, transfers personal data or provides documents to them.

The Service Provider will only provide information to the authorities – if they have indicated the exact purpose and scope of the personal data – that is strictly necessary to the purpose of the inquiry.

11. Methods of storing personal data, Security of data processing

We and our data processors by taking into account the state of the technology, the costs of the execution, the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, implement appropriate technical and organisational measures to ensure the appropriate level of data protection.

We choose and operate IT tools for data processing so that the processed personal data:

  • is accessible to the authorised person (availability);
  • its authenticity and authentication are ensured (credibility of processing);
  • can be verified that there is no change in the data (data integrity);
  • is protected against unauthorised or unlawful access (confidentiality of data).

We protect your data with appropriate measures against unlawful access, alteration, transfer, disclosure, erasure or destruction, as well as accidental loss, damage, and the accidental unavailability due to the change of the used technic.

In order to protect the electronic processed personal data that are stored in our various registries, we provide appropriate technical measures to ensure that the stored personal data – unless it is permitted by law – cannot be directly linked and assigned to the data subjects.

The provided technical and organisational measures are in accordance with the current state of technology and they are compatible with the level of risks associated to ensure the security of processing.

During processing we respect and maintain

  • confidentiality: protecting the information so that it can only be accessed by those who are entitled to it;
  • integrity: protecting the accuracy and completeness of information and processing methods;
  • availability: ensuring that when the data subject needs it, he/she can actually access the information and she/he has procedures for it.

The Service Provider’s and our external service providers’ IT systems are protected against computer-aided fraud, espionage, sabotage, vandalism, fire and flood, as well as computer viruses, computer intrusion and denial-of-service attacks. The operator provides security through server-level and application-level security procedures. We inform you that electronic mails apart from the protocols (email, web, ftp etc.) that are transferred through the Internet are vulnerable to network threats that may lead to fraudulent activity, challenge of the contract and disclosure or modification of information. We shall take all the precautionary measures to protect you from such threats. Systems are monitored so that we could record all security dangers and provide evidence of any security incident. System monitoring also allows the controlling of the efficiency of the precautionary measures.

We, as data controller record potential personal data breaches, including facts and effects of the personal data breach and measures taken or proposed to be taken by us to address the personal data breach. We shall notify the Office of the Commissioner for Personal Data Protection on any potential personal data breach without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

Your password protects your account, so we encourage you to use a unique and strong password, limit access to your computer and browser, and – if you are Registered User – log out after you have finished using our Website.

12. Rights of the data subject

We inform you that in relation to the processing of your personal data you dispose the following rights:

    • Transparent information,
    • Right of access by the data subject,
    • Right to rectification,
    • Right to erasure (‘right to be forgotten’),
    • Right to restriction of processing,
    • Right to data portability,
    • Right to object,
    • Right to withdrawal of consent,
    • Right to effective remedy.
  • Transparent information

We are obliged to provide you with information - in accordance with the provisions of the GDPR - about the processing of your personal data. We fulfil our obligation by providing the present Privacy Policy to you. Please be aware of the fact, that if you have further questions in relation to the processing of your personal data you can exercise your right of access.

  • Right of access by the data subject

You have the right to get information whether we process your personal data and if so, you may demand a detailed prospectus that contains the following information:

    • the reason of the data processing,
    • the scope of the processed personal data,
    • the source of the processed data,
    • the recipient of the data,
    • the term of the storage of the processed personal data,
    • in case of an international transfer of your personal data, the guarantees of the transfer, and
    • a repeated information on your rights in relation to the processing of your personal data and your right to lodge a complaint with a supervisory authority.

For your request we may give you a copy of your processed personal data free of charge.

For further copies we may charge you with a reasonable fee taking into account the administrative costs of providing such information. We provide information by electronic means for your request. You may exercise your right of access in writing at the following contact details: e-mail address: support@joyfulreviews.com

Upon your request, the aforementioned information may be provided orally if your identity is proven genuinely.

  • Right to rectification

For your request we rectify, correct or complete your inaccurate personal data (e.g. your date of birth is inaccurate, your e-mail address or your name has changed).

  • Right to erasure

You may request that we erase your processed personal data without undue delay if,

    • the purpose of the data processing no longer justifies the processing,
    • consent is the legal basis of the processing and you have withdrawn your consent (and there is no other applicable legal basis),
    • you object the processing and there are no overriding legitimate grounds for the processing,
    • the personal data have been unlawfully processed, or
    • the personal data have to be erased under legal obligation.

The right of erasure cannot be exercised if the processing is necessary for exercising the right of freedom of expression and information, the compliance with a legal obligation that the Service Provider is subject to, or for the performance of a public task, or reasons of public interest in the area of public health or archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, or for the establishment, exercise or defence of legal claims.

  • Right to restriction of processing

If you exercise this right and according to the applicable law you shall obtain restriction of processing, we cannot process your personal data (therefore we cannot transfer or organise your data) – with the exception of storage – unless you consent or it is necessary for the establishment, exercise or defence of the Service Provider’s legal claims.

When can you exercise this right?

    • If you claim that your personal data is inaccurate, for a period while we examine the accuracy of your data.
    • If the processing is unlawful but instead of erasure, you request the restriction of your data.
    • If we no longer need your personal data (for the purpose of the processing) however you request that we store them (e.g. for the establishment, exercise or defence of legal claims).
    • If you object the processing, for a period while we verify whether our legitimate grounds override those of yours.

We inform you before the restriction of the processing is lifted (e.g. your inaccurate data have been rectified or we declined your request of restriction).

  • Right to data portability

If the legal basis of the processing is your consent or the performance of a contract and the processing is carried out by automated means you may request to receive the personal data that concerns you and which you provided us, in a structured, commonly used and machine-readable format You may also request that we transmit your data to another controller.

We inform you that we do not process your personal data by automated means.

  • Right to object

You may object on the grounds relating to your particular situation, at any time to the processing of personal data concerning you if the legal basis of the processing is the legitimate interest of the Service Provider. In this case, we will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

If we process your personal data for direct marketing purposes (e.g. newsletter) you can object the processing of your personal data concerning you at any time. We will no longer process your personal data if you object the processing.

  • Right to withdraw a consent

You have the right to withdraw your consent at any time during the processing.

We inform you that the withdrawal of your consent shall not affect the lawfulness of processing based on your consent before its withdrawal.

You can exercise your right by the following methods:

    • You can unsubscribe from our newsletter or marketing e-mail by clicking to the unsubscribe button provided in our e-mail.
    • Or you can notify us at the following e-mail address that you would like to withdraw your consent: support@joyfulreviews.com
  • Procedural provisions

Please note that we will notify you on the action taken without undue delay, but within one month of receipt of your request. We may extend the period by further two months if it is necessary due to the complexity and the number of the requests. We inform you on the extension within one month of the receipt of your request.

If you submit your request by electronic means, the Service Provider will give you the information by electronic means (unless you request otherwise).

If we do not take any action on your request, we inform you - without any undue delay and at the latest within one month of the receipt of your request - on its reasons and on the possibility to lodge a complaint with the Data Protection Authority and to seek a judicial remedy.

We inform you that we provide the requested information free of charge. If your request is clearly unfounded or excessive, in particular because of its repetitive character, we can charge you with a reasonable fee for administrative costs or we can refuse to take action on your request.

We communicate any rectification or erasure of personal data or rectification of processing to each recipient with whom we have provided your personal information (unless it is impossible). Upon your request, we inform you about these recipients.

  • Right to compensation

The Service Provider compensates your damages that we caused by unlawful processing or breaching the data protection requirements. In case of the violation of the rights relating to your personality, you are entitled to restitution in accordance with the applicable provisions.

We inform you that the Service Provider is liable for any damages caused by a data processor that we used during the processing of your personal data. The Service Provider shall be relieved of liability if the damage occurred in consequence of unforeseen circumstances beyond our control.

We inform you that the Service Provider is liable for any damages caused by a data processor that we used during the processing of your personal data. The Service Provider shall be relieved of liability if the damage occurred in consequence of unforeseen circumstances beyond our control.

  • Remedies
  • Right to a judicial remedy

If you consider that your rights under data protection law have been infringed (e.g. you couldn’t exercise your aforementioned rights, you didn’t receive any information on the processing etc.) you may file for court action against the controller before the general court in whose jurisdiction your home address or habitual residence is located. The court shall hear such cases in priority proceedings. We inform you that lawsuits related to personal data protection are free of charge.

  • Right to lodge a complaint with a supervisory authority

If you consider that your rights under data protection law have been infringed, you can choose to lodge a complaint with the National Authority for Data Protection and Freedom of Information.

Name: National Authority for Data Protection and Freedom of Information (“Nemzeti Adatvédelmi és Információs Hatóság” in Hungarian)
Seat: Falk Miksa utca 9-11, 1055 Budapest, Hungary.
Mailing address: 1363 Budapest, Pf.: 9.
E-mail: ugyfelszolgalat@naih.hu

13. Copyright

All rights reserved of the Website and this Privacy Policy. The content of the website cannot be used for commercial and commercial use across print and digital.

14. Changes to this policy

We may occasionally make changes to this Privacy Policy. When we make material changes to the Privacy Policy, We will provide you with prominent notice and give you the opportunity to review the revised privacy policy before deciding if you would like to continue to use the Online Services.