1. Introduction

The purpose of this Data Protection and Privacy Notice (hereinafter referred to as “Notice”) is to inform the Data Controller of the provisions of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter referred to as “the Information Act”).), and Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “Directive on the protection of individuals with regard to the processing of personal data”): Regulation or GDPR), to provide you with simple and transparent information about the details of the processing of your personal data, what data we collect and for what purposes, how and for how long we process and store it, as well as your rights in relation to the processing of your personal data and how you can exercise them.

S-Babee Limited Liability Company (hereinafter referred to as the “Company” or the “Controller”) is committed to ensuring the highest possible level of protection of personal data and will take appropriate and necessary measures to ensure that the processing of personal data is carried out in full compliance with the applicable legal requirements.

Please read the following information carefully! If you have any questions or comments about data protection or data management, or if you wish to exercise your rights in relation to data management, please contact us at office@smart-babee.com.

2. Who is the data controller?

Name of data controller:	S-Babee Ltd.
Data Controller’s registered office:	6723 Szeged, József Attila sugárút 71. B. lház. 1. floor. 19.
Representative of the Data Controller:	Roland Karmann Managing Director
Contact details of the data controller (e-mail):	office@smart-babee.com
Website of the Data Controller:	http://www.smart-babee.com
Tax number of the data controller:	27298628-2-06

3. What personal data do we process?

3.1. Registration on the website and in the app

3.1.1 Purpose of processing: to enable you to register with our Smart Babee app for iOS and Android and to use our services by providing your personal data.

3.1.2. The personal data concerned by the processing:

1. your login credentials, email address, and password;
2. the IT data processed in relation to the verifiability of consent (date of consent, your IP address).

3.1.3 Legal basis for processing: your personal consent in accordance with Article 6(1)(a) of the GDPR.

3.1.4 Duration of processing: personal data provided under point 3.1.2 will be processed until the personal consent is withdrawn. The storage period of the data processed in relation to the justification of consent is the limitation period (5 years) following the cessation of processing.

3.1.5. Data Processor: Rackhost Zrt. (head office: 6722 Szeged, Tisza Lajos körút 41.; tax number: 25333572-2-06; company registration number: 06-10-000489; e-mail address: info@rackhost.hu), and AMAZON WEB SERVICES Trademark of Amazon Technologies, Inc. – Registration Number 3430530 – Serial Number 77275652).

3.1.6 Purpose of the processing: to store your personal data in accordance with the data processing contract (the data processor is not entitled to access your personal data).

3.2. Completing the User Information Form (profile)

3.2.1. Purpose of processing: by providing your personal data, you can create and expand your contact details on your user profile in order to use certain of our online services.

3.2.2. The personal data concerned by the processing:

1. your surnames and first names;
2. your phone number;
3. your e-mail address;
4. your gender;
5. your photo or video recording;
6. the IT data processed in relation to the verifiability of consent (date of consent, your IP address);
7. the IT data processed in relation to the date of registration.

3.2.3 Legal basis for processing: your personal consent in accordance with Article 6(1)(a) of the GDPR.

3.2.4 Duration of processing: personal data provided under 3.2.2 until the withdrawal of personal consent. The storage period for data processed in relation to the justification of consent is the limitation period (5 years) following the cessation of processing.

3.2.5. Data Processor: Rackhost Zrt. (registered office: 6722 Szeged, Tisza Lajos körút 41.; tax number: 25333572-2-06; company registration number: 06-10-000489; e-mail address: info@rackhost.hu), and AMAZON WEB SERVICES Trademark of Amazon Technologies, Inc. – Registration Number 3430530 – Serial Number 77275652).

3.2.6 Purpose of the processing: to store your personal data in accordance with the data processing contract (the data processor is not entitled to access your personal data).

3.3. Provisions on the processing of personal data of minor children

3.3.1.Purpose of data processing: in connection with the use of the SmartBabee app, the purpose of data processing is to record the general personal and specific health data of the minor child for the purpose of continuous monitoring and analysis of the health status by the parent exercising parental control over the child, and to personalize the user experience.

3.3.2.The data subject: a child under 72 months of age (hereinafter referred to as “the baby”), on whose behalf the parental authority authorizes the processing of his or her personal data.

3.3.3. The personal data concerned by the processing,

3.3.3.1. which must be provided in order to access the functions of the application:

1. the sex of the baby;
2. the baby’s date of birth;
3. the baby’s birth weight (g);
4. length of the baby at birth (cm);
5. the baby’s surnames and forenames

3.3.3.2. which are not required to be provided in order to access the functions of the application:

1. the number of children in the family;
2. data on the baby’s development, recorded with the permission of the parent/carer (eating habits, sleeping habits, defecation habits, leisure activity information, nappy changing habits, health development habits – e.g. which teeth have fallen out, how many centimeters have they grown);
3. the baby’s respiratory rate, weight, picture, voice, gas composition;
4. the result of the baby Apgar test;
5. baby’s sleep diary data;
6. the IT data processed in relation to the verifiability of consent (date of consent, your IP address).

3.3.4. The legal basis for the processing, and

3. in the case of points 3.3.3.1 (a) to (d) and 3.3.3.2 (a) to (c) and (g), the consent of the person exercising parental authority pursuant to Article 6(1)(a) of the GDPR;
4. in the case of 3.3.3.2. d) to f), the explicit consent of the person exercising parental authority in accordance with Article 9(2)(a) of the GDPR.

3.3.5 Duration of processing: personal data provided under 3.3.3 until the withdrawal of personal consent. If the data subject has reached the age of 16, he or she may withdraw consent for his or her previously stored personal data without the consent of the person having parental responsibility. The period of storage of data processed in relation to the justification of consent is the limitation period (5 years) following the cessation of processing.

3.3.6. Data Processor.

3.3.7 Purpose of the processing: to store your personal data in accordance with the data processing contract (the data processor is not entitled to access your personal data).

3.4. Contacting, marketing enquiries

3.4.1. Purpose of data processing: to ensure contact between you and our Company, to provide information, marketing enquiries.

3.4.2. The personal data concerned by the processing:

1. your surnames and first names;
2. your e-mail address;
3. the IT data processed in relation to the verifiability of consent (date of consent, your IP address).

3.4.3 Legal basis for processing: your personal consent in accordance with Article 6(1)(a) of the GDPR.

3.4.4 Duration of processing: the personal data provided in section 3.4.2 will be processed until the personal consent is withdrawn. The storage period for data processed in relation to the justification of consent is the limitation period (5 years) following the cessation of processing.

3.5. Contract conclusion, online ordering of services

3.5.1. Purpose of data processing: if you download and install the application, a contract for the use of the application is concluded between you and the Company, the purpose of the data processing is the processing of data that is indispensable for the conclusion of the contract.

3.5.2. The personal data concerned by the processing:

1. your surnames and first names;
2. your phone number;
3. your e-mail address.

3.5.3. Legal basis for processing: your personal consent.

3.5.4 Duration of processing: the data provided in section 3.5.2 will be processed until the personal consent is withdrawn. The storage period for data processed in relation to the justification of consent is the limitation period (5 years) following the cessation of processing.

3.5.5. Data Processor: Rackhost Zrt. (registered office: 6722 Szeged, Tisza Lajos körút 41.; tax number: 25333572-2-06; company registration number: 06-10-000489; e-mail address: info@rackhost.hu), and AMAZON WEB SERVICES Trademark of Amazon Technologies, Inc. – Registration Number 3430530 – Serial Number 77275652).

3.5.6 Purpose of the processing: to store your personal data in accordance with the data processing contract (the data processor is not entitled to access your personal data).

 

3.6. Handling disputes, complaints, and warranty management:

3.6.1 Purpose of data processing: a collection of personal data for the purpose of filing and handling disputes, complaints, and warranty administration.

3.6.2. The personal data concerned by the processing:

1. your surnames and first names;
2. your permanent address (delivery address if different from your permanent address);
3. your phone number;
4. your e-mail address;
5. information about your online purchases (details of the product purchased, date of purchase, method of payment, date, time and amount of the transaction, order ID);
6. the content of the complaint.

3.6.3. Legal basis for processing: legal obligation.

3.6.4 Duration of data processing: pursuant to Article 17/A (7) of Act CLV of 1997 on Consumer Protection, we are obliged to keep the complaint for 5 years.

3.7. Information about the use of cookies

The Data Controller uses so-called cookies when you visit the website. A cookie is a set of letters and numbers that our website sends to your browser to save certain settings, facilitate the use of our website and help us to collect some relevant statistical information about our visitors.

Some of the cookies do not contain any personal information and cannot be used to identify the individual user, but some of them contain a unique identifier – a secret, randomly generated sequence of numbers – that is stored on your device, thus ensuring your identification. The duration of each cookie is described in the relevant description of each cookie.

The legal basis for processing is your consent pursuant to Article 6(1)(a) of the Regulation.

 

Main features of the cookies used by the website:

3.7.1. cookies strictly necessary for the operation of the website: these cookies are essential for the use of the website and allow you to use its basic functions. Without them, many of the site’s features will not be available to you. The lifetime of these types of cookies is limited to the duration of the session.

3.7.2. Cookies to improve the user experience: these cookies collect information about the user’s use of the website, such as which pages are visited most often or what error messages are received from the website. These cookies do not collect any information that identifies the visitor, i.e. they are completely generic and anonymous. We use the information they provide to improve the performance of the website. The lifetime of these types of cookies is limited to the duration of the session.

If you do not accept the use of cookies, certain features will not be available to you. For more information on how to delete cookies, please click on the links below:

• Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11
• Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
• Mozilla: https://support.mozilla.org/hu/kb/weboldalak-altal-elhelyezett-sutik-torlese-szamito
• Safari: https://support.apple.com/kb/ph21411?locale=en_US
• Chrome: https://support.google.com/chrome/answer/95647

There may be more than one processing event for the purposes of contracting and performance. Please note that data processing in relation to complaint handling and warranty management will only take place if you exercise one of these rights.

If you do not make a purchase through the webshop but are a visitor to the website, the marketing processing may apply to you if you give us your consent for marketing purposes.

4. Rights of data subjects

 

4.1. The rights of data subjects

 

1. right to information;
2. right of access;
3. the right to rectification;
4. the right to erasure;
5. the right to restrict processing;
6. the right to data portability;
7. the right to protest;
8. the right to withdraw consent.

4.2. Rules for the enforcement of the rights of the person concerned

The information on the measures taken to enforce the rights of the data subject shall be provided to the data subject without undue delay and at the latest within 30 days of receipt of the request. Such information shall be provided free of charge, but where the request is manifestly unfounded or excessive, in particular, because of its repetitive nature, the Data Controller may charge a fee or refuse to act on the request.

If the data subject considers that the processing of his or her personal data violates his or her rights regarding the protection of personal data, he or she has the right to lodge a complaint with the Company or directly with the supervisory authority, the National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; phone: +36 1 391 1400; e-mail: ugyfelszolgalat@naih.hu).

If the supervisory authority does not deal with a complaint lodged with it, or does not inform the data subject within three months of the procedural developments concerning the complaint or of the outcome of the complaint, or if the data subject considers that the processing of personal data relating to him or her infringes his or her rights relating to the protection of personal data, he or she has the right to take legal action. In such a case, judicial proceedings against the supervisory authority shall be brought before the Metropolitan Court or the court of the place of habitual residence.

5. Data security aspects, data protection measures

The Controller shall ensure the protection of personal data and a level of data security appropriate to the level of risk. The Data Controller shall protect the personal data processed against threats, in particular against unauthorized access, accidental or unlawful alteration, disclosure, loss, disclosure, deletion, accidental or unlawful destruction or accidental loss, loss or destruction resulting from changes in the technology used, and against inaccessibility.

The Data Controller shall ensure the necessary and appropriate technical and organizational measures with regard to data stored by means of IT tools as well as data stored on traditional paper storage media.

The Data Controller shall make every effort, within the organizational and technical possibilities, to ensure that its data processors also take appropriate data security measures when working with the personal data of the data subject.

6. Final provisions

The Data Controller reserves the right to amend this Privacy Notice in a way that does not affect the purpose and legal basis of the processing. By using the website after the amendment comes into force, you accept the amended privacy notice.

Budapest, 4 April 2023.