Esports Digital Uniting Korlátolt Felelősségű Társaság

PRIVACY NOTICE

The purpose of this General Privacy Notice (hereinafter: Privacy Notice) is to provide you detailed information about how Esports Digital Uniting Korlátolt Felelősségű Társaság processes your personal data, either about how you use its website at https://www.iesf.gg (hereinafter: the Website) including but not limited to using `cookies` or if you purchase services from us. The Privacy Notice helps you to better understand how we use your personal data and explains how we collect and use it and with whom it is shared.

1. Data Controller

1.1

The data controller is Esports Digital Uniting Korlátolt Felelősségű Társaság (former company name: Hégely’s Share Befektetési Korlátolt Felelősségű Társaság; company registration number: 04-09-015912; registered seat: 5600 Békéscsaba, Gyulai út 65/1.; tax ID number: 29309030-2-04; hereinafter: EDU or as the context may require: we, or, us). This means that EDU determines the purposes for which and the means by which personal data is processed.

Data Protection Officer

EDU has appointed a Data Protection Officer (hereinafter: DPO) to ensure compliance with the applicable data protection laws and oversee our state of compliance, also, to ensure your data protection related questions are answered.

If you have any further questions about the Privacy Notice or how we handle your personal data, please contact us by sending your query to our DPO via a letter sent to our registered seat or by email at [email protected].

2. Your personal data – what is it?

Personal data relates to a living individual who can clearly be identified from that data, in particular your name, address, phone number, email address, credit or bank card number. Identification can be made by the information alone or in conjunction with any other information otherwise in the data controller’s possession or likely to come into such possession.

3. What is the Purpose of Processing the Data?

3.1

We will use your data for the purposes below:

  1. Website Operation: the processing of your data is necessary for the execution and fulfilment of the related Website Terms of Use https://iesf.gg/official/website-terms-of-use and the General Terms and Conditions https://iesf.gg/official/general-terms-and-conditions, as a contract and for the regular operation of the Website;
  2. EDU Website Account management: to create and maintain your Account on the Website, to identify you as a user and give you access to the services and features we offer to our registered users, the processing of your data is necessary for the fulfilment and execution of the General Terms and Conditions;
  3. Provision of services, payment: the processing of your data is necessary for the performance of a contract, the management of your order and payment as well as the fulfilment and execution of the General Terms and Conditions and the corresponding Agreement (if any);
  4. Third parties’ service offerings: We may process your personal data based on your consent to offer third parties’ services and products to you, in particular third party services may include online gaming providers, gaming platforms, online event managers, esports or other sport federations and sport organizations. If you use the Consumer ID with other gaming platforms or service providers, please refer to the applicable Joint Controllers Privacy Notice to understand how we share our responsibilities and roles relative to processing of your data. Otherwise, we have no control over the services and products you may purchase from third parties or how those third parties process your personal data. Consequently, please refer to the relevant third party privacy notice for further information.
  5. Marketing communications and newsletters: the purposes of processing your personal data in relation to marketing communications and newsletters are to carry out customer satisfaction surveys for analytical purposes, for quality improvements, for service developments, to improve the performance of the Website, to measure the success of our advertising campaigns or to tailor services to your needs or send you newsletters through the contact channel of your choice;
  6. Security and safety: We may process your personal data to perform and support administrative tasks, anti-fraud screening, for safety, operational and other reports and security purposes;
  7. Secure legal compliance: to comply with the mandatory provisions of the applicable laws such as accounting, billing, audit purposes, consumer protection. For the purpose of legal compliance, we may pursue especially the below sub-purposes: i) processing your data relative to the exercise of the complainant`s data protection rights; ii) processing your data in legal proceedings related to you; iii) processing your data relative to the exercise of your consumer rights and relative to securing compliance with the related consumer protection laws; iv) processing your data relative to securing compliance with accounting laws, securing accounting discipline and retain accounting documents; v) processing your data relative to securing compliance with tax laws, especially relative to issuing and retaining invoices;
  8. Provide User and Customer Support services: the purpose of processing your personal data is to manage your questions and inquiries to us. Correspondence and/or calls made with our User and Customer helpdesk (if operated by us) team are recorded for the protection and reproducibility of verbal commitments if you give your consent to that and they may be connected with other service-related data. Complaints submitted electronically, via post or via email, are also archived, and may be connected with other order related data for possible future complaints handling.

3.2

If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, we will provide you with an updated privacy notice explaining all conditions relating to the new processing prior to the new processing takes place. If required, we will seek your consent before commencing the new data processing activity.

4. What Personal Data We Process about You

For the purposes outlined in Clause 3.1, we process the data categories indicated below:

4.1

  1. Website and Application Data: Including your browser’s type and version, the operating system you use, the website from which you are visiting us (referrer URL), webpages you visit on our Website, date and time of access on our Website, and internet protocol (IP) address, usage data of our mobile application (if any).
  2. Analytics Data: Including logins, pages viewed, and documents downloaded.
  3. Account Data: Including your title, your name, your date of birth, your gender, your mobile phone number, your email address, and your nationality (citizenship). We may also process social media login data if you register using an existing social media account, such as Facebook or Google. If you choose this option, we will collect the information described in the section titled `Social Login.`
  4. Service Provision Related Data (which depends on the service chosen by you): Including name, nationality, date of birth, email address, account number, identity document data (e.g., name of the document, issuing country, document number, expiry date, machine-readable zone (MRZ)), biometric data like facial images (including selfies) and document scans, and security features. In some cases, we may use automated decision-making processes for verification services. If you prefer, you can request a manual review instead of automated processing.
  5. Service Communication Data: Including user/customer name and contact details (phone number, email address, postal address), account number.
  6. Third Party Services Data: Name, nationality, date of birth, email address.
  7. Direct Marketing Communication Data: Including name and contact details (phone number, email address) and history of selected services and elements.
  8. Complaint and Warranty Support Data: Including user name, address, phone number, IP address, geo-location data, and complaint or claim details.
  9. Tax and Accounting Data: Including transaction data and any information required to ensure compliance with applicable tax and accounting laws.
  10. User and Customer Support Data: including name, address, e-mail address, telephone number, Account number, order history, content of the request, correspondence with the complainant.

4.2

We would like to draw your attention to the fact that the personal data you provide us with during the creation of your Account will be used for ordering and/ or accessing services. This is why you should make sure that you provide us with correct personal data during the registration process that exactly matches your identification document that you use for obtaining certain services from us.

4.3

Sensitive personal data: In certain cases, we also need to process special categories of personal data (sensitive personal data). To process your sensitive personal data, we may need to obtain your explicit consent. Where we are required to obtain your explicit consent and you do not provide this, we may not be able to provide you with the requested service(s). If you withdraw your consent or do not provide the consent for the use of your sensitive data, we may not be able to provide all or parts of the services you have requested from us.

4.4

Please be aware that if we need to perform a contract between you and us or provide you with our services or personalized offers, we will need your personal data. If you do not provide us with the requested personal data, we will not be able to provide you with all or parts of the services you have requested from us.

5. The legal basis for processing your personal data

5.1

To process your personal data, we may rely on the legal bases below:

  1. Your consent: provided to us under the EU Regulation 679/2016 (referred to as GDPR) Article 6 (1) (a) (Consent) or to enable us to process special categories of personal data in general, we rely on your explicit consent under GDPR Article 9 (2) (a) (Explicit Consent).
  2. Contractual Basis: The processing of your personal data is necessary for the performance of a contract with you under the GDPR Article 6 (1) (b) (Contractual Basis).
  3. Legitimate Interest: The processing of your personal data is possible based on our legitimate interest under the GDPR Article 6 (1) (f) (Legitimate Interest).
  4. Legal Obligation: We may process your personal data based on our legal obligations pursuant to Article 6 (1) (c) of the GDPR (Legal Obligation).
  5. Vital Interest: We may process your personal data if the processing is necessary to protect the vital interests of a natural person where the data subject is physically or legally incapable of giving consent pursuant to Article 9 (2) (c) of the GDPR (Vital Interest).
  6. Substantial Public Interest: We may process your personal data if it is necessary for reasons of substantial public interest, on the basis of Union or Member State law, specific measures to safeguard the fundamental rights and the interests of the data subject based on Article 9 (2) (g) of the GDPR (Substantial Public Interest).

5.2

We may process your personal data for the purposes and legal bases indicated below:

Purpose of data processingCategories of personal data processedLegal Basis
Website Operation- Website and Application Data;
- Analytics Data		- Contractual Basis
- Legitimate Interest
EDU Website Account management- Account Data- Contractual Basis
Provision of services, payment- Account Data
- Service Provision Related Data
- Service Communication Data (in case of sensitive data: Explicit Consent)		- Contractual Basis
- Legal Obligation
- Explicit Consent
Third parties’ service offerings- Third Party Services Data
- Direct Marketing		- Consent
Marketing communications and newsletters- Third Party Services Data
- Direct Marketing		- Consent
Security and safety- Security and Operational Safety Data
(in case of sensitive data: Substantial Public Interest)		- Legitimate Interest
- Substantial Public Interest
Secure legal compliance- Compliance Data
- Tax and Accounting Data		- Legitimate Interest
- Legal Obligation
Provide User and Customer Support services- User and Customer Support Data- Legitimate Interest

6. Our legitimate interest

6.1

When we process personal data to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests are not overridden by your interests or fundamental rights and freedoms.

6.2

We have conducted the balancing test to conclude our prevailing legitimate interests. We considered the extent to which your interests, rights and freedoms may be impacted by our data processing activities, as well as the organizational structure and operation of the Companies and the privacy guarantees provided by us. On this basis, we have concluded that our relevant data processing activities (as outlined below) do not disproportionately restrict your interests, personal rights and freedoms.

Processing activityBalancing test
Website OperationEDU has a legitimate interest in the processing of your data in the context of operating its website and mobile application to provide you with the content requested from us.
Provision of services, paymentIf you are a legally entity contact person, then EDU has a legitimate interest to maintain business communication with such contact person. If a customer contact person has directly contacted EDU with a question or complaint or the legal entity is the contracting party for the services provided by EDU, it is reasonable for the relevant contact persons to expect that their data will be processed to facilitate a response or to provide the service.
Security and safetyEDU has a legitimate interest to prevent and detect fraud of any kind that poses a threat to EDU or to the customers, its employees, business partners (including its subcontractors) and their employees and to respond to legal process or requests for information issued by government authorities or other third parties. Individual persons expect EDU to take compliance with the law and information security seriously and there is a public interest in ensuring that this is the case. Serious harm could arise if EDU were not able to process data in this way and the wider community also benefit from this.
For this reason, EDU may disclose unwanted security intrusion, unauthorized access, disclosure and acquisition of information, data and system breaches to authorities and courts and to respond to legal demands and requests from third persons.
Provision of User and Customer Support servicesEDU has a legitimate interest in processing data to respond to customer’s questions, inquiries, and complaints because it is critical to engage with customers if they have queries to maintain their confidence in EDU. If a customer has directly contacted EDU with a question or complaint, it is reasonable for them to expect that their data will be processed to facilitate a response.
Secure legal complianceEDU has a legitimate interest in processing data for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court (non-litigious) procedure.

6.3

For more detailed information regarding our legitimate interests and the results of the balancing tests, please contact us at [email protected].

7. How long do we keep your personal data?

7.1

We process your personal data in accordance with the purposes as set out in this Privacy Notice for the period of limitation prescribed in the relevant laws.

Purpose of data processingRetention time
Website OperationWe store internal search data collected concerning you for 180 days. Certain cookies that are collected with your express consent are stored for the period of time set forth in the Cookie Policy.
EDU Website Account managementWe keep your personal data for no longer than reasonably necessary: for a period of six (6) years from the fulfillment of the contract concluded with us (i.e., deletion of your EDU Account) in order to comply with applicable data retention laws.
Provision of services, paymentWe keep your personal data for a period of six (6) years from the fulfillment of the contract concluded with us in order to comply with applicable data retention laws. In the case of consent-based data processing, personal data will be processed until the consent is withdrawn.
Third parties’ service offeringsWe keep your personal data for no longer than reasonably necessary: for a period of six (6) years from the fulfillment of the contract concluded with us in order to comply with applicable data retention laws. In the case of consent-based data processing, personal data will be processed until the consent is withdrawn.
Marketing communications and newslettersWe store internal search data collected concerning you for 180-365 days. We process your personal data until your consent is withdrawn in relation to marketing related communications.
Security and safetyWe keep your personal data for a period of six (6) years from the fulfillment of the contract concluded with us or in order to comply with applicable data retention laws. If an authority, court or disciplinary procedure is initiated, then the personal data will be retained until the administration or disciplinary procedure is finished, as well as the retention of the data thereafter. In the case of civil claims, data will be deleted after the civil law statute of limitation runs.
Secure legal complianceIn the case of accounting data, such data will be deleted after six (6) years from the closing of the financial year, in accordance with Section 169 of Act C of 2000 on Accounting. We keep taxation related papers and files in line with Section 78 (3) of the Act No. CL of 2017 (Act on the Order of Taxation) and Section 201 of the Act No. CXVII of 2007 (Act on Value Added Tax) until the end of the sixth year from issuing the invoice related to the service. If an authority, court or disciplinary procedure is initiated, then the personal data will be retained until the termination of the proceedings, including the duration of any possible remedy, which may follow.
Provide User and Customer Support servicesWe keep your data in line with Act in Section 17/A of the Act No. CLV of 1997 (Consumer Protection Act) five (5) years from the year when the complaint was made.

8. Who may access to your data?

8.1

EDU, in the course of its operation, may utilize the services of various data processors and external service providers to handle and process your personal data for specific purposes on behalf of and in accordance with the instructions of EDU.

8.2

The transfer of your personal data outside of the European Economic Area may be necessary to provide you with a service that you have requested, and your personal data may be accessed by data processors and service providers operating in such regions that provide the same level of data protection as provided in the European Economic Area. EDU has implemented suitable measures, which in relation to the recipients of your personal data, is necessary to ensure an adequate level of protection as defined by the applicable data protection law. In particular, this includes the application of the Standard Contractual Clauses (SCCs) as required by decision of the European Commission with states outside the country only in the recipient of the transferred personal data provides an adequate level of data protection.

8.3

If, in relation to data transfers abroad, an adequate level of protection of personal data cannot be ensured, then we shall request your express consent relating to any such data transfers abroad. Please note that such data transfers may be associated with certain risks, particularly that in the country of the data recipient, unauthorised third parties may also have unreasonable access to said data and you may not be able to exercise the rights of the data subject and/or your right to object against acts that may harm your personal data and your right to privacy.

8.4

On the Website among the service descriptions, you can find the third countries where your personal data may be transferred, or where it may be accessed from, based on the service providers we use to perform our services. These currently include Republic of Korea.

8.5

We may disclose your personal data to the following categories of third parties (recipients) for the purposes described below.

  1. EDU Service Providers: EDU engages certain third parties to provide assistance during the performance of the services bought from us. Such third parties provide the following services:
    • identity service subcontractors (This category currently includes: SUM AND SUBSTANCE LTD incorporated and registered in England with company number 098587, whose registered office is at 30 St. Mary Axe, London, England, EC3A 8BF);
    • payment processing services; This category currently includes Stripe, Inc., incorporated and registered in the United States with company number [insert company number if known], whose registered office is at 185 Berry Street, Suite 550, San Francisco, CA 94107, USA.
    • third parties, such as law firms or service providers. This category currently includes SendGrid, Inc., a company incorporated and registered in the United States with its registered office at 1801 California Street, Suite 500, Denver, CO 80202, USA.
    • This category currently includes Auth0, Inc., a company incorporated and registered in the United States with its registered office at 10800 NE 8th Street, Suite 700, Bellevue, WA 98004, USA.
    • This category currently includes DigitalOcean, LLC, a company incorporated and registered in the United States with its registered office at 101 Avenue of the Americas, 10th Floor, New York, NY 10013, USA.
    Government authorities and enforcement bodies: Government authorities or enforcement bodies such as the police and regulatory authorities, upon their request and as required by the applicable law or to protect our rights or the rights of other customers and third persons. EDU may be requested to disclose your personal data to government authorities or enforcement bodies such as the police and regulatory authorities, upon their request and as required by applicable law; or to protect our rights or the safety of our customers, staff and assets.

9. Your Rights

9.1

You are entitled to exercise your rights indicated below:

  1. Right of access: You have a right to ask whether or not we have personal data about you and, if that is the case, request to be informed on what personal data we have. We will also have to respond to questions about inter alia why we are using your personal data, details about what data we have and to whom we have provided access to the data. However, this is not an absolute right and the interests of other individuals may restrict your access rights. We may request additional information from you for identification or for further copies requested by you, we may charge a reasonable fee based on administrative costs.
  2. Right to rectification: We are required to rectify inaccurate personal data, or to complete personal data that is incomplete, on request. In line with our General Terms and Conditions, you may change your data provided by you to us by sending us an email at [email protected].
  3. Right to erasure (right to be forgotten): We are in some circumstances required to erase personal data on request by the data subject.
  4. Right to restriction of processing: We are in some circumstances required to restrict our use of personal data on request by the person concerned. In such cases, we may only use the data for certain limited purposes set out by the law.
  5. Right to data portability: You may have the right to receive your personal data to which we have access, in a structured, commonly used and machine-readable format and such persons may then have a right to transmit those data to another entity without hindrance from us.
  6. Right to object and rights relating to automated decision-making: You have the right to object to the processing of your personal data for any reason relating to your situation, and in this case, we may not be able to process your personal data. If you have the right to object and the exercise of this right is justified, your personal data will not be further processed for the purposes of the objection. The exercise of this right does not entail any costs. When the processing of your personal data is based on your consent, you can withdraw your consent at any time without giving reasons and without any cost or charge. Furthermore, under certain circumstances in case of automated individual decision-making, you have the right to challenge the decision and request human intervention.

9.2

The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. If you withdraw your consent or do not provide the consent for the use of your sensitive data, we may not be able to provide all or parts of the services you have requested from us. Please note that in these circumstances you will not be able to get a refund or avoid any fees you have paid.

9.3

If you would like to exercise your data protection related rights, you can submit your request via email at [email protected].

9.4

If you have any further questions about the Privacy Notice or how we handle your personal data please contact us by sending your query to us through the described in Clause 9.3 above or by writing to our competent data protection team by mail sent to our registered seat.

9.5

If you consider that your privacy and data protection rights have been infringed, you may contact the competent data protection authority.

9.6

In case of EDU, the Hungarian National Data Protection and Freedom of Information Authority (Nemzeti Adatvédelmi és Információszabadság Hatóság – NAIH; seat: H-1024 Budapest, Falk Miksa st. 9-11.; website: www.naih.hu; phone: +36-1-391-1400; email address: [email protected]; fax: +36 1 391 1410) is the lead supervisory authority under the GDPR.

9.7

You can also contact the competent data protection regulatory authority located in the European Union’s relevant Member State where your habitual residence, place of work or place of the alleged infringement is.

10. Joint Controllers

10.1

In relation to the use of your Customer ID, registration for online events, and certain marketing related activities (provided always if you use the respective service element), EDU and the International Esports Federation (registered seat: 6F #615, Suyeongangbyeon-daero 140 Haeundae-gu, 48058 Busan, Korea; hereinafter: IESF) are considered as joint data controllers, also in relation to the co-branded membership scheme and the provision of services related to use of Customer ID on certain gaming platforms.

10.2

EDU and IESF have signed a joint controller arrangement, which sets out their roles and responsibilities. EDU is responsible for taking care of your privacy related questions, queries or complaints. Irrespective of the terms of the arrangement, data subjects may exercise their rights in respect of and against each of the joint data controllers. EDU is also responsible for providing you with information in relation to this processing (as set out in this Privacy Notice) and notifying the relevant supervisory authority in the event of a data breach. If you need more details regarding the joint controller arrangement, please contact us at [email protected].

11. Social logins

11.1

If you choose to register your Account or log in to our Platform and/or to use our services using a social media account (social login), we may have access to certain information about you. Our Website offers you the ability to register and login using your third-party social media account details (like your Facebook or Google logins). Where you choose to do this, we will receive certain profile information about you from your social media provider.

11.2

The profile information we receive may vary depending on the social media provider concerned, but will often include your name, email address.

11.3

We will use the information we receive only for the purposes that are described in this Privacy Notice or that are otherwise made clear to you on the relevant Website.

11.4

Please note that we do not control, and are not responsible for, other uses of your personal information by your third-party social media provider. We recommend that you review their privacy notice to understand how they collect, use and share your personal information, and how you can set your privacy preferences on their sites and apps.

12. Third party links

12.1

Our Website may contain links to third party websites. These linked websites are not under our control and are regulated by their own privacy policies. We are not responsible for the privacy practices of any such linked websites. Our Website uses cookies and similar technologies. For more information read our Cookie Policy.