DELIGO VISION TECHNOLOGIES LIMITED LIABILITY COMPANY

PRIVACY POLICY

This privacy policy (hereinafter referred to as “Privacy Policy”) describes the data processing activities of

‍

Deligo Vision Technologies Limited Liability Company

(registered office: H-1027 Budapest, Horvát u. 14-26. 6th floor; company registration number:

01-09-334165; tax number: 26596648-2-41; e-mail address: privacy@deligovision.com; hereinafter referred to as:

“DELIGO” or “Controller”)

in relation to the Subscription Service provided by DELIGO under its general terms and conditions (hereinafter “Terms and Conditions”) with respect to the personal data of data subjects. Furthermore, this Privacy Policy includes information on the data subjects’ rights and remedies in connection with DELIGO’s data processing.

‍

CONTENTS

1. EXTRACT
2. DETAILED INFORMATION

1. THE SPECIFIC PROCESSING OPERATIONS CARRIED OUT BY DELIGO
   1. Registration of Admin Account
   2. Data processing related to the performance of Subscription Service Contracts
   3. Contact
   4. Newsletter
   5. Other data processing
2. RECIPIENTS TO WHOM PERSONAL DATA ARE DISCLOSED
3. PERSONAL DATA COLLECTED BY DELIGO CHECKOUT
4. METHODS OF STORAGE OF PERSONAL DATA, SECURITY OF PROCESSING
5. DATA SUBJECTS’ RIGHTS, REMEDIES
   1. Right to information
   2. Right of access by the data subject
   3. Right to rectification
   4. Right to erasure
   5. Right to restriction of processing
   6. Right to data portability
   7. Right to object
   8. Automated decision-making in individual cases, profiling
   9. Right to withdraw consent
   10. Procedural rules
   11. Damages and compensation
   12. Right to apply to the courts
   13. Procedure before the Data Protection Authority
6. AMENDMENT OF THE PRIVACY POLICY
   
   

I. EXTRACT

This Section I of the Privacy Policy contains an extract of the main components of the data processing activities in relation to the Subscription Service provided by DELIGO. More detailed information is provided in Section II below.

DELIGO carries out its data processing for purposes such as enabling the use of the service, identifying customers, ensuring cooperation in the performance of the Subscription Service contract and answering enquiries from interested parties in the course of contacting as well as sending direct marketing messages.

The legal basis for the processing for the above purposes is the performance of the service contract between DELIGO as service provider and the Customer and the legitimate interest of DELIGO in answering the enquiries of the interested parties and in the traceability of such enquiries or the data subject’s consent when sending direct marketing messages.

The personal data processed by DELIGO include the e-mail address, the name, telephone number and position of the Customer’s contact person and other personal data provided in messages sent to DELIGO.

The personal data is not disclosed to third parties, however DELIGO uses the services of the various companies listed as data processors in Section 1.6.

The data subject shall have the right to obtain from DELIGO access to, rectification, erasure or restriction of processing of personal data concerning them, to object to the processing of such personal data and to obtain the personal data concerning them and to have them transmitted to another controller (right to data portability).

The data subject may request the deletion or modification of personal data by sending an e-mail to privacy@deligovision.com. In the event of a breach of his or her rights, the data subject may take legal action against DELIGO at a court (competent according to the defendant’s registered office or the place of residence of the data subject, at the data subject’s discretion). Complaints may also be lodged with the National Authority for Data Protection and Freedom of Information (address: H-1055 Budapest, Falk Miksa utca 9-11.; telephone: +36 (1) 391-1400; e-mail: ugyfelszolgalat@naih.hu).

II. DETAILED INFORMATION

Data protection guidelines relating to DELIGO’s data processing are available on an ongoing basis at https://www.deligovision.com/privacy-policy. DELIGO reserves the right to change this Privacy Policy at any time. DELIGO will of course notify the data subjects of any changes in due time.

DELIGO is committed to protecting the personal data of the users of the Subscription Service and attaches the utmost importance to respecting the users’ right to information self-determination. DELIGO keeps personal data confidential and takes all security, technical and organizational measures to ensure the security of the data.

DELIGO describes in detail below its data processing practices in relation to the services it provides through the Subscription Service:

1. THE SPECIFIC PROCESSING OPERATIONS CARRIED OUT BY DELIGO

DELIGO sets out below its data processing principles in relation to each of its processing operations, the expectations it has set and adheres to in relation to itself as a controller. Its data processing principles are in line with the applicable data protection legislation, in particular the following:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “General Data Protection Regulation” or “GDPR”);
• Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter referred to as the “Information Act”); and
• Act V of 2013 on the Hungarian Civil Code (hereinafter “HCC”).
  
  

1.1. Registration of Admin Account

In order to enable DELIGO’s Customers to use the Subscription Service, DELIGO may register an Admin Account for them, for which the Customers will be required to provide login details (email address, password).

The purpose of the data processing: is to enable the use of the service, to identify the Customers, to register them and to distinguish them from each other.

Legal basis for processing: processing is necessary for the performance of the Subscription Service contract consisting of the Terms and Conditions and the Quote (hereinafter “Subscription Service Contract”) or for taking steps at the request of the data subject prior to entering into the contract [Article 6(1)(b) GDPR].

Type of personal data processed: e-mail address, name

Duration of processing: for the duration of the Subscription Service Contract between the parties or until the deletion of the Admin Account.

The provision of the above personal data is a precondition for the conclusion of the contract for the provision of the Subscription Service. Failure to provide the data will result in the service contract not being concluded and the data subject not being able to use the service.

‍

1.2. Data processing related to the performance of Subscription Service Contracts

During the contractual relationship, it may be necessary to process the data of the Customer’s contact person in order to maintain contact with the Customer in the course of the cooperation and in order to maintain and deepen the cooperation on an ongoing basis.

The purpose of the processing: is to maintain contact and ensure cooperation in matters related to the provision of the Subscription Service.

Legal basis for processing: processing necessary for the performance of the contract [Article 6(1)(b) GDPR].

Type of personal data processed: name, telephone number, e-mail address and position of the Customer’s contact person.

Duration of processing: for the duration of the Subscription Service Contract between the parties or until the deletion of the Admin Account.

If the data subject does not provide the above personal data, failure to provide the data may result in DELIGO being unable to properly provide the Subscription Service to the Customer and the cooperation between the parties may become difficult or, as the case may be, impossible.

1.3. Contact

If a prospective or former Customer would like to contact DELIGO as a service provider, they may contact DELIGO using the contact details provided in this Privacy Policy. DELIGO will delete all messages received by it, together with the sender’s name, e-mail address, date, time and other personal data provided in the message, after two years from the date of the communication.

The purpose of the processing: is to answer questions from interested parties, to distinguish between them and to ensure traceability.

Legal basis for processing: DELIGO has a legitimate interest in answering the questions of the interested parties, distinguishing between them and ensuring traceability [Article 6(1)(f) GDPR].

The data processed include: name, e-mail address, date, time and other personal data provided in messages.

Duration of data processing: two years.

Possible consequences of not providing the data: the data subject cannot contact DELIGO.

1.4. Newsletter

DELIGO may send direct marketing messages via electronic newsletters to those who have expressly consented to this.

The consent form can be submitted to DELIGO in several ways, for example in the course of the registration of the Admin Account or through DELIGO’s website.

The purpose of the processing: is to send electronic newsletters containing DELIGO’s offers regarding services, information, and promotions to interested parties, personalizing newsletters, direct marketing communications, and maintaining contact.

Legal basis for processing: the freely given consent of the data subject [Article 6(1)(a) GDPR].

The data processed include: date, time, email address, last name, first name, consent to be contacted for direct marketing purposes.

Duration of data processing: until the consent of the data subject is withdrawn.

Possible consequences of not providing the data: the data subject is not informed about DELIGO’s notifications and offers.

You may request the withdrawal of your consent to receive direct marketing messages and the deletion or modification of your personal data at the following contact details:

• via e-mail: privacy@deligovision.com
• by mail: H-1027 Budapest, Horvát u. 14-26. 6th floor
  

1.5. Other data processing

Any processing not listed in this Privacy Policy will be disclosed at the time of collection.

Data subjects are informed that DELIGO may be contacted by the courts, prosecutors, investigating authorities, law enforcement authorities, administrative authorities, the National Authority for Data Protection and Freedom of Information or other bodies authorized by law to provide information, data, or documents.

DELIGO shall disclose to the authorities - provided that the authorities have indicated the precise purpose and scope of the data - personal data only in the quantity and to the extent strictly necessary for the purpose of the request.

2. RECIPIENTS TO WHOM PERSONAL DATA ARE DISCLOSED

Personal data are not disclosed to third parties, but DELIGO will use the services of the following data processors in the course of the processing:

Name

Address

Task of data processor

Data processing operation

Microsoft Ireland Operations Ltd.

One Microsoft Place, South County Business Park Leopardstown Dublin 18, D18 P521 Ireland

Microsoft Azure cloud services

Registration of Admin Account

Twilio Inc.

251 Little Falls Drive, Wilmington, DE 19808

Sendgrid transactional email platform

Contact

Google Ireland Limited

Gordon House, Barrow Street, Dublin 4, Ireland

Cloud services (email, storage, productivity, hosting)

Performance of Subscription Service Contracts

Hiver (GrexIt, Inc.)

340 S Lemon Ave #9649, Walnut, CA 91789, USA

Customer support ticketing and team inbox management

Performance of Subscription Service Contracts

Intercom R&D Unlimited Company

18–21 St. Stephen’s Green, Dublin 2, Ireland

Customer support and customer communications platform

Performance of Subscription Service Contracts

WhatsApp Ireland Limited

4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Customer support communication channel

Performance of Subscription Service Contracts

Atlassian B.V. (JIRA & Confluence)

Prinsengracht 165, 1015 Amsterdam, Netherlands

Project management, issue tracking, and documentation collaboration

Performance of Subscription Service Contracts

FrontApp, Inc.

300 Montgomery St, Suite 500, San Francisco, CA 94104, USA

Customer support ticketing and team inbox management

Performance of Subscription Service Contracts

Adequate level of data protection guaranteed by processors outside the EU

Twilio Inc.

However, Twilio Inc. is registered in the United States of America, the adequate level of data protection is guaranteed by Twilio’ certification under the EU-U.S. Data Privacy Framework (DPF) as well as Twilio’s Binding Corporate Rules (BCR).

Twilio is officially certified under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and Swiss-U.S. DPF and relies on these certifications as its primary transfer mechanisms for transfers of personal data from the EU, UK and Switzerland to the U.S. The U.S. Federal Trade Commission has jurisdiction over Twilio’s compliance with the DPF. To learn more about the DPF Program, and to view Twilio’s certifications, please visit the DPF website.

In addition, Twilio has established and implemented a set of Binding Corporate Rules for internal transfers of personal data between Twilio Group Members in the European Union and Twilio Group Members elsewhere as a data controller. Twilio’s BCRs have been approved by European Union Data Protection Authorities and are a commitment by Twilio to adequately protect personal data that Twilio processes regardless of where the information resides. You can access Twilio’s Binding Corporate Rules here.

Hiver

Hiver relies on Standard Contractual Clauses for transfers of personal data out of the EU. Standard Contractual Clauses (“SCCs”) are standardized and pre-approved model data protection clauses that allow controllers and processors to comply with their obligations under EU data protection law when transferring personal data internationally. According to Hiver’s Privacy Policy (https://hiverhq.com/privacy#standard-clauses) Hiver has incorporated such SCCs into their Data Processing Addendum (https://hiverhq.com/agreements/dpa/Hiver_-_Data_Processing_Addendum.pdf).

3. PERSONAL DATA COLLECTED BY DELIGO CHECKOUT

When natural persons (hereinafter “Consumers”) who purchase food, beverage and other retail products at a retail outlet operated by DELIGO’s Customer use the Deligo Checkout, their transactional data may contain personal data. DELIGO processes such personal data on behalf of DELIGO’s Customer, therefore, DELIGO acts as a processor and not as a controller in this respect.

In the case of personal data included in the transactional data collected by the Deligo Checkout, DELIGO’s Customer determines the purposes and means of the processing, thus it shall be considered as controller. Hence, it is the Customer’s responsibility to fulfill the controllers’ obligations, such as to inform the Consumers of the Customer’s data processing activity.

4. METHODS OF STORAGE OF PERSONAL DATA, SECURITY OF PROCESSING

DELIGO shall implement appropriate technical and organizational measures to ensure a level of data security appropriate to the scale of the risk, taking into account the state of the art and the cost of implementation, the nature, scope, context and purposes of the processing and the varying degrees of probability and severity of the risk to the rights and freedoms of natural persons.

DELIGO shall select and operate the IT tools used for the processing of personal data in the provision of the service in such a way that the data processed:

1. is accessible to those authorized to access it (availability);
2. its authenticity and authentication are guaranteed (authenticity of processing);
3. its integrity can be verified (data integrity);
4. is protected against unauthorized access (data confidentiality).
   

DELIGO shall take appropriate measures to protect the data against, in particular, unauthorized access, alteration, disclosure, publication, erasure or wipeout, accidental destruction, damage or loss, and inaccessibility resulting from changes in the technology used.

In order to protect the data files managed electronically in its various registers, DELIGO shall ensure, by appropriate technical means, that the data stored cannot be directly linked and attributed to the data subject, except where permitted by law.

DELIGO shall ensure the security of data processing, taking into account the state of the art, by technical and organizational measures which provide a level of protection appropriate to the risks associated with the processing.

In the course of processing, DELIGO shall keep

1. confidentiality (protecting information so that only those have access to it who are authorized to do so);
2. integrity (protecting the accuracy and completeness of the information and the method of processing);
3. availability (ensuring that when the authorized user needs it, they can actually access the information and has the means to do so).
   

DELIGO’s and its partners’ IT systems and networks are protected against computer fraud, espionage, sabotage, vandalism, fire and flood, computer viruses, computer intrusions and denial of service attacks. The operator ensures security through server-level and application-level protection procedures.

Please be informed that electronic messages transmitted over the Internet, regardless of the protocol (e-mail, web, ftp, etc.), are vulnerable to network threats that could lead to fraudulent activity, contract disputes, or disclosure or modification of information. DELIGO will take all reasonable precautions to counter such threats. It shall monitor systems in order to record any security discrepancies and provide evidence of any security incidents. System monitoring also allows the effectiveness of the precautions taken to be verified.

DELIGO, as Controller, keeps a record of any data breaches, indicating the facts related to the data breach, its effects and the measures taken to remedy it.

DELIGO shall notify a potential data protection incident to the National Authority for Data Protection and Freedom of Information without delay and, if possible, no later than 72 hours after the data protection incident has come to its attention, unless the data protection incident is unlikely to pose a risk to the rights and freedoms of natural persons.

5. DATA SUBJECTS’ RIGHTS, REMEDIES

The data subject may request information on the processing of his or her personal data, and may request the rectification, erasure, withdrawal or restriction of processing of his or her personal data, except for mandatory processing, and exercise his or her rights of retention and objection as indicated when the data were collected, at the above contact details of DELIGO.

5.1. Right to information

At the request of the data subject, DELIGO shall take appropriate measures to provide the data subject with all the information referred to in Articles 13 and 14 of the GDPR and all the information referred to in Articles 15 to 22 and 34 of the GDPR concerning the processing of personal data in a concise, transparent, intelligible and easily accessible form, in clear and plain language.

5.2. Right of access by the data subject

The data subject shall have the right to obtain from DELIGO feedback as to whether or not his or her personal data are being processed and, where such processing is taking place, the right to access the personal data and the following information: (a) the purposes of the processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipients to whom or with which the personal data have been or will be disclosed, including in particular recipients in third countries or international organizations; (d) the envisaged period of storage of the personal data; (e) the right to rectification, erasure or restriction of processing and the right to object; (f) the right to lodge a complaint with a supervisory authority; (g) information on the data sources; (h) the fact of automated decision-making, including profiling, and clear information on the logic used and the significance of such processing and the likely consequences for the data subject.

In the event of a transfer of personal data to a third country outside the European Union (EU) and/or European Economic Area (EEA) or an international organization, the data subject is entitled to be informed of the appropriate safeguards for the transfer.

DELIGO shall provide the data subject with a copy of the personal data which are the subject of the processing. For additional copies requested by the data subject, DELIGO may charge a reasonable fee based on administrative costs. Upon the data subject’s request by electronic means, DELIGO shall provide the information in a commonly used electronic format, unless the data subject requests otherwise.

Upon request, information may also be provided orally to the data subject, following a credible proof of identity and identification.

The right to information may be exercised in writing via the contact details of DELIGO:

Name: Deligo Vision Technologies Limited Liability Company

E-mail: privacy@deligovision.com

5.3. Right to rectification

The data subject may request the rectification of inaccurate personal data relating to them processed by DELIGO and the completion of incomplete data.

5.4. Right to erasure

The data subject shall have the right to obtain, upon request and without undue delay, the erasure of personal data relating to them where one of the following grounds applies:

1. the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
2. the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
3. the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
4. the personal data have been unlawfully processed;
5. the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which DELIGO is subject;
6. the personal data have been collected in connection with the provision of information society services.

The erasure of the data cannot be initiated if the processing is necessary: (a) for the exercise of the right to freedom of expression and information; (b) for compliance with an obligation under Union or Member State law to which DELIGO is subject to which requires the processing of personal data, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in DELIGO; (c) on grounds of public interest in the field of public health; (d) for archiving purposes, scientific or historical research purposes or statistical purposes in the public interest; (e) or for the establishment, exercise or defense of legal claims.

5.5. Right to restriction of processing

At the request of the data subject, DELIGO will restrict processing if one of the following conditions is met: (a) the data subject contests the accuracy of the personal data, in which case the restriction shall be for a period of time which allows the accuracy of the personal data to be verified; (b) the processing is unlawful and the data subject opposes the erasure of the data and requests instead that the use of the data be restricted; (c) DELIGO no longer needs the personal data for the purposes of the processing but the data subject requires them for the establishment, exercise or defense of legal claims; or (d) the data subject has objected to the processing, in which case the restriction shall apply for a period of time until it is established whether the legitimate grounds of DELIGO override the legitimate grounds of the data subject.

Where processing is subject to restriction, personal data other than storage may be processed only with the consent of the data subject or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or of an important public interest of the European Union or of a Member State.

DELIGO shall inform the data subject in advance of the lifting of the restriction on processing.

5.6. Right to data portability

The data subject has the right to receive personal data relating to them which they have provided to DELIGO in a structured, commonly used, machine-readable format and to transmit such data to another controller, provided that the processing is based on consent or on a contract and that the processing is carried out by automated means.

5.7. Right to object

The data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of their personal data under Section 1.3 of this Privacy Policy if they consider that DELIGO is processing their personal data in a way that is incompatible with the purposes for which it is collected. DELIGO shall examine the lawfulness of the data subject’s objection and, if the objection is justified, shall terminate the processing and block the personal data processed and shall notify the objection and the action taken on it to all those to whom the personal data concerned by the objection have been disclosed.

In the event of an objection, DELIGO may no longer process the personal data, unless there are compelling legitimate grounds for doing so which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning them for such purposes, including profiling, where it is related to direct marketing.

In the event of an objection to the processing of personal data for direct marketing purposes, the data shall not be processed by DELIGO for such purposes.

5.8. Automated decision-making in individual cases, profiling

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. However, this right shall not apply where the processing is: (a) necessary for entering into, or the performance of, a contract between the data subject and DELIGO; (b) permitted by Union or Member State law applicable to DELIGO which also lays down appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; or (c) based on the data subject’s explicit consent.

5.9. Right to withdraw consent

The data subject shall have the right to withdraw consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal.

5.10. Procedural rules

DELIGO shall inform the data subject of the action taken on the request pursuant to Articles 15 to 22 of the GDPR without undue delay and in any event within one month of receipt of the request. Where necessary, taking into account the complexity of the request and the number of requests, this period may be extended by a further two months.

DELIGO shall inform the data subject of the extension of the time limit, stating the reasons for the delay, within one month of receipt of the request. Where the data subject has made the request by electronic means, the information shall be provided by electronic means, unless the data subject requests otherwise.

If DELIGO does not act on the data subject’s request, the data subject shall be informed without delay and at the latest within one month of receipt of the request of the reasons for the non-action and of the possibility for the data subject to lodge a complaint with a supervisory authority and to exercise their right of judicial remedy.

DELIGO shall provide the requested information and notification free of charge. Where the data subject’s request is manifestly unfounded or excessive, in particular because of its repetitive nature, DELIGO may, taking into account the administrative costs of providing the information or information requested or of taking the action requested, charge a reasonable fee or refuse to act on the request.

DELIGO shall inform each recipient to whom or with which the personal data have been disclosed of any rectification, erasure or restriction of processing that it has carried out, unless this proves impossible or involves a disproportionate effort. DELIGO shall inform the data subject, at their request, of these recipients.

DELIGO shall provide the data subject with a copy of the personal data which are the subject of the processing. For additional copies requested by the data subject, DELIGO may charge a reasonable fee based on administrative costs. If the data subject has made the request by electronic means, the information shall be provided in electronic format, unless the data subject requests otherwise.

5.11. Damages and compensation

Any person who has suffered pecuniary or non-pecuniary damage as a result of a breach of the General Data Protection Regulation shall be entitled to receive compensation from DELIGO or the processor for the damage suffered. A processor shall only be liable for damage caused by the processing if it has failed to comply with the obligations expressly imposed on processors by law or if it has disregarded or acted contrary to lawful instructions from DELIGO.

Where more than one controller or more than one processor, or both controller and processor, are involved in the same processing and are liable for the damage caused by the processing, each controller or processor shall be jointly and severally liable for the total damage.

The controller or processor shall be exempt from liability if it proves that it is not in any way responsible for the event giving rise to the damage.

5.12. Right to apply to the courts

The data subject may bring an action against DELIGO for infringement of their rights in the courts (competent according to the defendant’s registered office or the place of residence of the data subject, at the data subject’s discretion). The court shall decide on the case out of turn. Legal proceedings relating to the protection of personal data shall be free of charge.

5.13. Procedure before the Data Protection Authority

Complaints can be lodged with the National Authority for Data Protection and Freedom of Information:

Name: National Authority for Data Protection and Freedom of Information

Registered office: 9-11, Falk Miksa Street, 1055 Budapest, Hungary.

Address for correspondence: 1363 Budapest, Pf. 9.

Phone: +36 (1) 391-1400

E-mail: ugyfelszolgalat@naih.hu

Website: https://www.naih.hu

6. AMENDMENT OF THE PRIVACY POLICY

DELIGO is entitled to amend this Privacy Policy in case of changes in its data processing activities or in the legal environment. It will, of course, notify the data subjects of any such amendments in due time. The date of the last update of this Privacy Policy is indicated at the end of this document.

Effective as of 5 March, 2026.

‍