The purpose of this General Privacy Notice (hereinafter: Privacy Notice) is to provide you detailed information about how Esports Digital Uniting Korlátolt Felelősségű Társaság processes your personal data, either about how you use its website at https://www.iesf.gg (hereinafter: the Website) including but not limited to using `cookies` or if you purchase services from us. The Privacy Notice helps you to better understand how we use your personal data and explains how we collect and use it and with whom it is shared.
The data controller is Esports Digital Uniting Korlátolt Felelősségű Társaság (former company name: Hégely’s Share Befektetési Korlátolt Felelősségű Társaság; company registration number: 04-09-015912; registered seat: 5600 Békéscsaba, Gyulai út 65/1.; tax ID number: 29309030-2-04; hereinafter: EDU or as the context may require: we, or, us). This means that EDU determines the purposes for which and the means by which personal data is processed.
EDU has appointed a Data Protection Officer (hereinafter: DPO) to ensure compliance with the applicable data protection laws and oversee our state of compliance, also, to ensure your data protection related questions are answered.
If you have any further questions about the Privacy Notice or how we handle your personal data, please contact us by sending your query to our DPO via a letter sent to our registered seat or by email at [email protected].
Personal data relates to a living individual who can clearly be identified from that data, in particular your name, address, phone number, email address, credit or bank card number. Identification can be made by the information alone or in conjunction with any other information otherwise in the data controller’s possession or likely to come into such possession.
We will use your data for the purposes below:
If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, we will provide you with an updated privacy notice explaining all conditions relating to the new processing prior to the new processing takes place. If required, we will seek your consent before commencing the new data processing activity.
For the purposes outlined in Clause 3.1, we process the data categories indicated below:
We would like to draw your attention to the fact that the personal data you provide us with during the creation of your Account will be used for ordering and/ or accessing services. This is why you should make sure that you provide us with correct personal data during the registration process that exactly matches your identification document that you use for obtaining certain services from us.
Sensitive personal data: In certain cases, we also need to process special categories of personal data (sensitive personal data). To process your sensitive personal data, we may need to obtain your explicit consent. Where we are required to obtain your explicit consent and you do not provide this, we may not be able to provide you with the requested service(s). If you withdraw your consent or do not provide the consent for the use of your sensitive data, we may not be able to provide all or parts of the services you have requested from us.
Please be aware that if we need to perform a contract between you and us or provide you with our services or personalized offers, we will need your personal data. If you do not provide us with the requested personal data, we will not be able to provide you with all or parts of the services you have requested from us.
To process your personal data, we may rely on the legal bases below:
We may process your personal data for the purposes and legal bases indicated below:
Purpose of data processing | Categories of personal data processed | Legal Basis |
---|---|---|
Website Operation | - Website and Application Data; - Analytics Data | - Contractual Basis - Legitimate Interest |
EDU Website Account management | - Account Data | - Contractual Basis |
Provision of services, payment | - Account Data - Service Provision Related Data - Service Communication Data (in case of sensitive data: Explicit Consent) | - Contractual Basis - Legal Obligation - Explicit Consent |
Third parties’ service offerings | - Third Party Services Data - Direct Marketing | - Consent |
Marketing communications and newsletters | - Third Party Services Data - Direct Marketing | - Consent |
Security and safety | - Security and Operational Safety Data (in case of sensitive data: Substantial Public Interest) | - Legitimate Interest - Substantial Public Interest |
Secure legal compliance | - Compliance Data - Tax and Accounting Data | - Legitimate Interest - Legal Obligation |
Provide User and Customer Support services | - User and Customer Support Data | - Legitimate Interest |
When we process personal data to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests are not overridden by your interests or fundamental rights and freedoms.
We have conducted the balancing test to conclude our prevailing legitimate interests. We considered the extent to which your interests, rights and freedoms may be impacted by our data processing activities, as well as the organizational structure and operation of the Companies and the privacy guarantees provided by us. On this basis, we have concluded that our relevant data processing activities (as outlined below) do not disproportionately restrict your interests, personal rights and freedoms.
Processing activity | Balancing test |
---|---|
Website Operation | EDU has a legitimate interest in the processing of your data in the context of operating its website and mobile application to provide you with the content requested from us. |
Provision of services, payment | If you are a legally entity contact person, then EDU has a legitimate interest to maintain business communication with such contact person. If a customer contact person has directly contacted EDU with a question or complaint or the legal entity is the contracting party for the services provided by EDU, it is reasonable for the relevant contact persons to expect that their data will be processed to facilitate a response or to provide the service. |
Security and safety | EDU has a legitimate interest to prevent and detect fraud of any kind that poses a threat to EDU or to the customers, its employees, business partners (including its subcontractors) and their employees and to respond to legal process or requests for information issued by government authorities or other third parties. Individual persons expect EDU to take compliance with the law and information security seriously and there is a public interest in ensuring that this is the case. Serious harm could arise if EDU were not able to process data in this way and the wider community also benefit from this. For this reason, EDU may disclose unwanted security intrusion, unauthorized access, disclosure and acquisition of information, data and system breaches to authorities and courts and to respond to legal demands and requests from third persons. |
Provision of User and Customer Support services | EDU has a legitimate interest in processing data to respond to customer’s questions, inquiries, and complaints because it is critical to engage with customers if they have queries to maintain their confidence in EDU. If a customer has directly contacted EDU with a question or complaint, it is reasonable for them to expect that their data will be processed to facilitate a response. |
Secure legal compliance | EDU has a legitimate interest in processing data for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court (non-litigious) procedure. |
For more detailed information regarding our legitimate interests and the results of the balancing tests, please contact us at [email protected].
We process your personal data in accordance with the purposes as set out in this Privacy Notice for the period of limitation prescribed in the relevant laws.
Purpose of data processing | Retention time |
---|---|
Website Operation | We store internal search data collected concerning you for 180 days. Certain cookies that are collected with your express consent are stored for the period of time set forth in the Cookie Policy. |
EDU Website Account management | We keep your personal data for no longer than reasonably necessary: for a period of six (6) years from the fulfillment of the contract concluded with us (i.e., deletion of your EDU Account) in order to comply with applicable data retention laws. |
Provision of services, payment | We keep your personal data for a period of six (6) years from the fulfillment of the contract concluded with us in order to comply with applicable data retention laws. In the case of consent-based data processing, personal data will be processed until the consent is withdrawn. |
Third parties’ service offerings | We keep your personal data for no longer than reasonably necessary: for a period of six (6) years from the fulfillment of the contract concluded with us in order to comply with applicable data retention laws. In the case of consent-based data processing, personal data will be processed until the consent is withdrawn. |
Marketing communications and newsletters | We store internal search data collected concerning you for 180-365 days. We process your personal data until your consent is withdrawn in relation to marketing related communications. |
Security and safety | We keep your personal data for a period of six (6) years from the fulfillment of the contract concluded with us or in order to comply with applicable data retention laws. If an authority, court or disciplinary procedure is initiated, then the personal data will be retained until the administration or disciplinary procedure is finished, as well as the retention of the data thereafter. In the case of civil claims, data will be deleted after the civil law statute of limitation runs. |
Secure legal compliance | In the case of accounting data, such data will be deleted after six (6) years from the closing of the financial year, in accordance with Section 169 of Act C of 2000 on Accounting. We keep taxation related papers and files in line with Section 78 (3) of the Act No. CL of 2017 (Act on the Order of Taxation) and Section 201 of the Act No. CXVII of 2007 (Act on Value Added Tax) until the end of the sixth year from issuing the invoice related to the service. If an authority, court or disciplinary procedure is initiated, then the personal data will be retained until the termination of the proceedings, including the duration of any possible remedy, which may follow. |
Provide User and Customer Support services | We keep your data in line with Act in Section 17/A of the Act No. CLV of 1997 (Consumer Protection Act) five (5) years from the year when the complaint was made. |
EDU, in the course of its operation, may utilize the services of various data processors and external service providers to handle and process your personal data for specific purposes on behalf of and in accordance with the instructions of EDU.
The transfer of your personal data outside of the European Economic Area may be necessary to provide you with a service that you have requested, and your personal data may be accessed by data processors and service providers operating in such regions that provide the same level of data protection as provided in the European Economic Area. EDU has implemented suitable measures, which in relation to the recipients of your personal data, is necessary to ensure an adequate level of protection as defined by the applicable data protection law. In particular, this includes the application of the Standard Contractual Clauses (SCCs) as required by decision of the European Commission with states outside the country only in the recipient of the transferred personal data provides an adequate level of data protection.
If, in relation to data transfers abroad, an adequate level of protection of personal data cannot be ensured, then we shall request your express consent relating to any such data transfers abroad. Please note that such data transfers may be associated with certain risks, particularly that in the country of the data recipient, unauthorised third parties may also have unreasonable access to said data and you may not be able to exercise the rights of the data subject and/or your right to object against acts that may harm your personal data and your right to privacy.
On the Website among the service descriptions, you can find the third countries where your personal data may be transferred, or where it may be accessed from, based on the service providers we use to perform our services. These currently include Republic of Korea.
We may disclose your personal data to the following categories of third parties (recipients) for the purposes described below.
You are entitled to exercise your rights indicated below:
The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. If you withdraw your consent or do not provide the consent for the use of your sensitive data, we may not be able to provide all or parts of the services you have requested from us. Please note that in these circumstances you will not be able to get a refund or avoid any fees you have paid.
If you would like to exercise your data protection related rights, you can submit your request via email at [email protected].
If you have any further questions about the Privacy Notice or how we handle your personal data please contact us by sending your query to us through the described in Clause 9.3 above or by writing to our competent data protection team by mail sent to our registered seat.
If you consider that your privacy and data protection rights have been infringed, you may contact the competent data protection authority.
In case of EDU, the Hungarian National Data Protection and Freedom of Information Authority (Nemzeti Adatvédelmi és Információszabadság Hatóság – NAIH; seat: H-1024 Budapest, Falk Miksa st. 9-11.; website: www.naih.hu; phone: +36-1-391-1400; email address: [email protected]; fax: +36 1 391 1410) is the lead supervisory authority under the GDPR.
You can also contact the competent data protection regulatory authority located in the European Union’s relevant Member State where your habitual residence, place of work or place of the alleged infringement is.
In relation to the use of your Customer ID, registration for online events, and certain marketing related activities (provided always if you use the respective service element), EDU and the International Esports Federation (registered seat: 6F #615, Suyeongangbyeon-daero 140 Haeundae-gu, 48058 Busan, Korea; hereinafter: IESF) are considered as joint data controllers, also in relation to the co-branded membership scheme and the provision of services related to use of Customer ID on certain gaming platforms.
EDU and IESF have signed a joint controller arrangement, which sets out their roles and responsibilities. EDU is responsible for taking care of your privacy related questions, queries or complaints. Irrespective of the terms of the arrangement, data subjects may exercise their rights in respect of and against each of the joint data controllers. EDU is also responsible for providing you with information in relation to this processing (as set out in this Privacy Notice) and notifying the relevant supervisory authority in the event of a data breach. If you need more details regarding the joint controller arrangement, please contact us at [email protected].
If you choose to register your Account or log in to our Platform and/or to use our services using a social media account (social login), we may have access to certain information about you. Our Website offers you the ability to register and login using your third-party social media account details (like your Facebook or Google logins). Where you choose to do this, we will receive certain profile information about you from your social media provider.
The profile information we receive may vary depending on the social media provider concerned, but will often include your name, email address.
We will use the information we receive only for the purposes that are described in this Privacy Notice or that are otherwise made clear to you on the relevant Website.
Please note that we do not control, and are not responsible for, other uses of your personal information by your third-party social media provider. We recommend that you review their privacy notice to understand how they collect, use and share your personal information, and how you can set your privacy preferences on their sites and apps.
Our Website may contain links to third party websites. These linked websites are not under our control and are regulated by their own privacy policies. We are not responsible for the privacy practices of any such linked websites. Our Website uses cookies and similar technologies. For more information read our Cookie Policy.