Magyar

Applicable from: 25.07.2025

GENERAL PROVISIONS

Tóth Attila EV. (registered office: Hungary 2700, Cegléd, Csengeri street 63., hereinafter referred to as the "Service Provider"), as data controller (hereinafter referred to as the " Data Controller"), is subject to the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) 95/46/EC (General Data Protection Regulation, hereinafter referred to as the "GDPR") and the Hungarian Act on the Right to Information Self-Determination and Freedom of Information of 2011. CXII of 2011 (hereinafter referred to as the "GDPR"), the Data Controller has drawn up the following Privacy Policy.

This Privacy Policy applies to the processing of personal data provided by the User to the Data Controller, as well as to all personal data collected by the Data Controller either within the Muscle App or by using the data provided by the User in the registration interface.

INTERPRETATIVE PROVISIONS

For the purposes of this Privacy Policy:

Personal data: any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Data processing: any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, use, retrieval, consultation, disclosure, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Data controller: the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law;
Data processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
Data destruction: the complete physical destruction of the medium containing the data;
Data transfer: the making available of data to a specified third party;
Data erasure: making data unrecognizable in such a way that it is no longer possible to recover it;
User: the natural person who downloads the application to his/her device and, in doing so, provides the data listed in section 4 below (data subject);
Application: the Muscle App operated by the Data Controller, which can be downloaded from the Googe Play store.

THE PURPOSE OF THE DATA PROCESSING, THE SCOPE OF THE PERSONAL DATA PROCESSED BY THE CONTROLLER

Anyone can access the app without providing any personal data and can freely and without restriction obtain information from the app store.
The Data Controller processes personal data after the download and registration of the application, with the consent of the User and on the basis of the Terms of Use.
Purpose of the data processing:

a) the provision of the services available through the application interface by the Data Controller, as well as the identification of the User and the contacting and maintaining contact with Users. We use the information you provide, for example, to confirm your registration, to send you information about the Services, to update your information, to send you system messages as part of the Services, to send you reminders about the Services, or to respond to your requests for information

What data we process after registration:	On what basis we process this data (legal basis):	How long we process this data (duration):	To whom we transfer this data (data transfer, onward transfer):
User's email address, mobile device ID,	The data processing is necessary for the fulfilment of the Terms of Use that we have entered into with you for the use of the Application and the Services or for taking steps at your request prior to acceptance of the Terms of Use (Article 6(1)(b) of the General Data Protection Regulation ).	10 years for aggregated data that cannot be traced back to the user until the Service is provided. For data processing involving the identification of a user, up to days after the cancellation of the registration for the mobile application	For Data Processors, see the chapter "ADDRESSES".

b) data processing related to complaint handling, complaint, customer service: users submitting a complaint or using customer service (e.g. inquiring about a service), reporting an incident, using an alternative dispute resolution forum

What data we process:	On what basis we process this data (legal basis):	How long we process this data (duration):	To whom we transfer this data (data transfer, onward transfer):
Name of the person lodging the complaint or claim - Name - E-mail address	Complaints: the legal basis for the processing of data is the fulfilment of the legal obligation of the Data Controller pursuant to Article 17/A (7) of Act CLV of 1997 on Consumer Protection.	In the case of complaints: for 5 years from the start of the complaint (statutory time limit).	The Service Provider will not transfer this data, except in the case of a legal obligation (e.g. data protection incident).

The data controllers shall not use the personal data provided for purposes other than those described in this point. If the data controller intends to use the User's personal data for a new purpose not covered by this Privacy Policy, the data controller shall notify the User in writing prior to the new processing, explaining to the User all the conditions that apply to the new processing. If necessary, the consent of the User shall be obtained before the new processing activity is started.
The Data Controller may collect non-personal information about visitors to the application sites, other than personal data, in an unlimited and automatic manner and may automatically (i.e. not by registration) record technical information that is not identifiable (such as the type of device, browser and operating system used by visitors to the online sites, application downloaders).

LEGAL BASIS AND METHOD OF PROCESSING

The legal basis for the data processing activities in the previous part of this Privacy Policy is Article 6(1)(b) GDPR, which states that the processing of data necessary for fulfilment of the Terms of Use for the use of the Services or for taking the necessary steps at your request prior to the acceptance of the Terms of Use, in the case of the use of necessary and statistical cookies or software development kits, is in the legitimate interest of the Data Controller pursuant to Article 6(f) GDPR. The User's consent may be withdrawn at any time, but this shall not affect the lawfulness of the processing until its withdrawal.
Personal data whose processing is necessary for compliance with a legal obligation to which the controller is subject or for the purposes of the legitimate interests pursued by the controller or by a third party (where such interests are proportionate to the restriction of the right to the protection of personal data) may be processed without further specific consent and even after consent has been withdrawn.
Data controllers do not verify the personal data provided to them. The person providing the data is solely responsible for the correctness of the data.
By providing an e-mail address, each User also assumes responsibility for ensuring that only he or she uses the e-mail address provided. With regard to this assumption of responsibility, any liability for accessing the service from an e-mail address is the sole responsibility of the User who registered the e-mail address.

THE DATA PROTECTION POLICY APPLIED BY THE CONTROLLER

The Data Controller respects the rights of the visitors and users of the sites it operates, as defined by law.
Personal data that are indispensable for the use of the services of the Data Controller The Data Controller uses personal data on the basis of the consent of the data subjects and only for the purposes for which they are collected. The Data Controller shall use the personal data of Users as defined in point 4 only in the manner and for the purposes set out in this Privacy Policy.
The Data Controller undertakes to process the data in its possession in accordance with the provisions of the GDPR, the Infotv. and other applicable laws and this Privacy Policy, and not to transfer them to third parties other than the data controllers specified in this Privacy Policy. An exception to the provisions of this clause is the use of data in aggregated statistical form, which may not contain the name of the User concerned or any other identifiable data in any form, and therefore does not constitute processing or transfer of data.
The Data Controller may in certain cases, in particular in response to a formal judicial or police request, legal proceedings, or due to copyright, property or other infringements or reasonable suspicion thereof, or in case of prejudice to the interests of the Data Controller, or in case of endangering the provision of its services, or on the basis of court or other official decisions, unless otherwise provided by law, or with the prior express consent of the User, make available to third parties the User's accessible data.
The Data Controller shall do its utmost to ensure that the processing and handling of Users' data are protected in accordance with the legislation in force, for which purpose the Data Controller shall operate a security system.

THE DURATION OF THE PROCESSING

The data controllers will process the personal data provided by the User for as long as necessary for the purposes indicated in this Privacy Policy.
Data controllers shall not retain personal data for longer than is reasonable. With regard to the users of the services, the controller and the User shall keep financial records for 8 (eight) years from the date of performance of the contract concluded between us, given that the retention of invoices and other financial records relating to purchases is 8 years under Act C of 2000.
In the event of unlawful or fraudulent use of personal data or in the event of a criminal offence or system attack committed by the User, the Data Controller is entitled to delete the data immediately upon termination of the User's registration, but in the event of suspicion of criminal or civil liability, the Data Controller is entitled to retain the data for the duration of the proceedings.
If the User does not unsubscribe from the service or does not cancel his/her registration, the Controller shall process the User's personal data for 8 (eight) years, after which the personal data shall be deleted.

DATA TRANSFER

The Data Controller is entitled and obliged to transmit to the competent authorities any personal data at its disposal and stored by it in accordance with the law, which it is obliged to transmit by law or by a final and binding administrative decision. The Controller shall not be held liable for such transfers and the consequences thereof.

PROTECTION OF PERSONAL DATA

The Data Controller shall comply with its obligations under applicable data protection legislation by.
keeps your personal data up to date;
store and destroy them safely;
does not collect or retain excessive amounts of data;
protect personal data against loss, misuse, unauthorized access and disclosure and ensure that appropriate technical measures are in place to protect personal data.
The Data Controller shall take appropriate technical and organizational measures to protect the User's personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all unlawful forms of processing.

Accordingly, the Data Controller applies, among other things, different levels of access rights to the data, which ensure that only persons with the appropriate rights have access to the data, who need to know the data in order to fulfil their obligations arising from or in connection with their work.

These Services are not directed to persons under 13 years of age. We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and are aware that your child has provided us with personal information, please contact us. If we become aware that we have collected personal information from a person under the age of 13 without verifying parental consent, we will take steps to remove that information from our servers.

RIGHTS OF THE USER

Under the legislation on data protection, the User is entitled to:
- request access to your personal data,
- request the correction of your personal data,
- request the deletion of your personal data,
- request the restriction of the processing of your personal data,
- object to the processing of your personal data,
- request data portability,
- object to the processing of your personal data (including objecting to profiling; and other rights related to automated decision-making),
- withdraw its consent or lodge a complaint with the competent supervisory authority.

a) Right of access

The User has the right to receive feedback from the controller as to whether his/her personal data are being processed and, if such processing is ongoing, to request access to his/her personal data.

The User has the right to request a copy of the personal data processed. For identification purposes, the controller may request additional information from the User or charge a reasonable fee for additional copies as an administrative charge.

b) The right to rectification

The User has the right to request the controller to correct inaccurate personal data concerning the User. Depending on the purpose of the processing, the User may have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.

c) Right to data erasure ("right to be forgotten")

The User has the right to request the controller to delete his/her personal data and the controller is obliged to delete these personal data. In this case, the controller cannot provide further services to the User.

d) Right to restriction of data processing

You have the right to request the restriction of the processing of your personal data. In this case, the controller shall indicate the personal data concerned which it may process only for certain purposes.

e) The right to object

Users have the right to object to the processing of their personal data, including profiling, by the controller at any time on grounds relating to their particular situation, or to request the controller to no longer process their personal data.

In addition, if the Controller processes the User's personal data on the basis of legitimate interest, the User has the right to object at any time to the processing of his or her personal data for this purpose.

In addition, the User is entitled to request human intervention in individual matters related to automated decision-making. Please note that the controller does not use automated decision-making mechanisms.

f) The right to data portability

The User has the right to receive the personal data provided in a structured, commonly used, machine-readable format (i.e. digital format) and the right to request the transfer of such data to another controller, where such transfer is technically feasible, without the Controller's hindrance.

g) Right to withdraw consent

If the User's personal data is processed on the basis of his/her consent, he/she may withdraw his/her consent at any time without giving any reason by clicking on the link in the newsletters or by changing the settings of his/her account or mobile device on the website. The withdrawal of consent does not affect the lawfulness of the processing based on consent prior to its withdrawal.

If the User withdraws the consent given to the Service Provider for the processing of his/her personal data, the Data Controller may not be able to provide the requested services at all or only partially.

h) Right to lodge a complaint with a supervisory authority

If you believe that your personal data have been misused, you may also contact your local data protection authority and lodge a complaint, in particular in the Member State where you have your habitual residence, place of work or place of the alleged breach.

In Hungary, you can also contact the National Authority for Data Protection and Freedom of Information: 1055 Budapest, Falk Miksa street 9-11. phone: +36-1 391-1400; fax: +36-1 391-1410; e-mail: ugyfelszolgalat@naih.hu).

ADDRESSES

In the course of its activities, the Data Controller may use the services of various external service providers (data processors) to process your personal data for specific purposes in order to provide the Service.
Processors may process your personal data for no longer than the period for which the data processing contract with them is valid and in force or for which they are required to retain your data under applicable data retention laws.
We may disclose your personal data to the following processors for the following purposes:

NAME OF DATA PROCESSOR	PURPOSE OF THE DATA PROCESSOR
AdMob	Advertising service provider
Firebase Crashlytics	Service for sending bug reports
Google Analytics for Firebase	Logging usage statistics
Google Play Services	Acting as a data controller in relation to payment instrument information, please refer to their privacy policy for more information on processing.

The processing of data by these third party controllers is subject to their own privacy policies, so please read their privacy policies for more information.
- Google Play Services (https://www.google.com/policies/privacy/)
- AdMob (https://support.google.com/admob/answer/6128543?hl=en)
- Google Analytics for Firebase (https://firebase.google.com/support/privacy)
- Firebase Crashlytics (https://firebase.google.com/support/privacy/)

CONTACT

If the User wishes to exercise his or her rights or lodge a complaint regarding data protection issues, he or she may contact the designated Data Controller's staff member by sending an e-mail to the e-mail address provided below.

On behalf of the Service Provider:

E-mail: muscle.app.23@gmail.com

OTHER PROVISIONS

The controller reserves the right to amend this Privacy Policy at any time by unilateral decision. You may be informed of such amendments through the Application operated by the Controller.
The data controller regularly checks its online or app platforms and the information provided on them and makes every effort to ensure that the information is up-to-date and accurate. Nevertheless, you may find information on the online platforms that is no longer up to date. The Data Controller accepts no financial responsibility for such information.
Visitors to online interfaces and Users may also visit other websites not operated by the Data Controller from the Data Controller's online interfaces. The Data Controller shall not be liable for the accuracy of the data provided therein, the content of the websites or the security of the data provided by visitors to the online areas and Users of the Data Controller's online interfaces. Therefore, when using these websites, please check the privacy policy of the company concerned.
This Privacy Policy is governed by Hungarian law.
If the law in force in your country imposes stricter rules on the parties than those set out in this Privacy Policy, you are obliged to comply with them. However, you acknowledge and agree that the Controller's liability is based on the law applicable to this Privacy Policy and excludes its liability to the fullest extent possible under applicable law and court decisions for non-compliance with the provisions of the User's country.

If you have any questions that are not clearly answered in this Privacy Policy, please send an e-mail to muscle.app.23@gmail.com.