PRIVACY & DATA PROCESSING NOTICE

Effective from: August 1, 2025 until further notice

1. Data Controller’s Identity and Contact Details
Name of the contact person for data protection matters: Rozgonyi R. Gábor
Email addresses: support@rgmdigitalmedia.hu and support@rgmdigitalmedia.com
Phone number: +34 6587645761
(hereinafter referred to as: "Data Controller")

The Data Controller acts on behalf of RGM MEDIA LTD., the operator of the websites accessible via the domains rgmdigitalmedia.hu and rgmdigitalmedia.com, and is the designated processor of our clients’ personal data.

Registered office of RGM MEDIA LTD.: The Round House, Dormans Park Road, East Grinstead, West Sussex, UK, RH19 2EN
Company Registration Number: 09510788
Company Register: England/Wales

The Data Controller acts on behalf of a company registered in England. Our primary business activity is media content provision and IT services. All services accessible through our website are offered in connection with this core activity.

The data processing described in this Notice constitutes joint processing under the GDPR together with our Data Processor, as users may voluntarily provide personal data via our website.

2. Legal Basis for Data Processing

- Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (Hungary)
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR)

3. Definitions

Data Controller: a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. The purposes and means of processing may be determined by Union or Member State law, including provisions regarding the designation of the controller;

Data Processing: any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Data Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;

Supervisory Authority or NAIH: National Authority for Data Protection and Freedom of Information (Hungary);

Personal Data: any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

User or Client: any individual who shows interest in or uses the services offered on our website and, in connection with such use, voluntarily provides data that may identify them.

Cookie: To ensure high-quality service, we place a small text file (so-called "cookie") on the User’s computer or mobile device. Cookies are used to enhance user experience. Users may delete cookies from their devices or configure their browser to reject cookies. Please note that disabling cookies may result in limited functionality and an incomplete user experience on our website.

IP Address: An IP address (Internet Protocol address) is a unique numerical identifier assigned to devices communicating over the Internet Protocol. Every device connected to the internet—including computers, smartphones, tablets, as well as servers and hosting providers—has an IP address. A specific IP address is not necessarily tied permanently to a single device; some devices may have multiple addresses.

4. Principles of Data Processing
The legal basis for processing data collected through our website is the User’s voluntary consent to the processing of their personal data. Processing continues until such consent is withdrawn by the User.

To ensure appropriate data security, all personal data provided will be:

- processed lawfully, fairly and transparently (lawfulness, fairness and transparency);

- collected for specified, explicit and legitimate purposes;

- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimisation);

- retained only for as long as necessary for the purposes of processing (storage limitation);

- processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (integrity and confidentiality).

Purpose and Scope of This Notice

The purpose of this Notice is to describe in detail the data protection and processing principles of the websites accessible under the domains rgmdigitalmedia.hu and rgmdigitalmedia.com, as well as the privacy practices of RGM MEDIA LTD., which operates these sites and recognises this Notice as binding upon itself as Data Controller.

This Privacy Notice does not extend to the policies of other websites or third-party services, even if our website contains links or redirects to them.

When visiting other websites, their operators may collect your personal data in accordance with their own privacy policies. We assume no responsibility for third-party policies or processing activities.

We strongly recommend that you review the privacy policy of any website you visit before providing personal information to its operator.

Categories of Personal Data Processed

With the User’s consent, the Data Controller may process the following personal data in connection with the use of services available through our website:

Name, phone number, email address, IP address of last login, timestamp of last activity.

If the User contacts us via email (e.g., a message or inquiry), the Data Controller may store the User’s name and email address and process this data to the extent and for the duration necessary to provide the requested service.

Scope of Cookies (Tracking Technologies) Used by the Data Controller

To enhance service delivery, the Data Controller may place a small data file (a "cookie") on the User’s device. Cookies help ensure optimal website functionality and improve the user experience through personalised features. Users may delete cookies or configure their browser to reject them.

Please note that disabling cookies may result in limited functionality and an incomplete user experience.

Depending on the cookie type, the Data Controller may process the following personal data to deliver personalised services: demographic data, interests, browsing habits, and preferences (based on browsing history).

Our website currently DOES NOT use such tracking technologies!

Additional Methods of Data Processing:

Communication with the User; identification of the User and their entitlements (i.e., services accessible to them); personalisation of services and advertisements; enabling convenience features; handling individual User requests; generating statistics and analytics; direct marketing communications (e.g., newsletters, eDMs, etc.).

Providing platform (storage) for User-generated content (e.g., comments, chat); enabling identification and communication between Users in community features; technical development of IT systems; protection of Users’ rights; and enforcement of the Data Controller’s legitimate interests.

The Data Controller may process personal data for any of the purposes listed above.

The Data Controller will not use the provided personal data for purposes other than those described herein. Processing is based on the User’s voluntary, informed and explicit consent, which includes acknowledgment that personal data provided during website use—or data generated about the User—may be processed accordingly.

Users may withdraw their consent at any time. However, such withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal.

Data Processing in Connection with Content Services

In addition to the User’s voluntary consent, the legal basis for processing may include the Data Controller’s legitimate interests, as well as the fundamental rights to information and freedom of expression, within the limits defined by applicable laws.

Where legitimate interest serves as the legal basis, the Data Controller has conducted—or may in the future conduct—an assessment balancing its interests against the rights of data subjects, in accordance with GDPR requirements, to demonstrate that the processing is justified.

Upon request, the Data Controller will provide further information regarding such assessments, as outlined in this Notice.

Data sharing with the Data Processor(s) identified in this Notice may occur without the User’s separate consent. Disclosure of personal data to third parties or authorities—unless otherwise required by law—is permitted only based on a valid official decision or with the User’s prior explicit consent.

The User warrants that any personal data concerning other individuals, provided during service use, has been lawfully obtained with the data subject’s valid consent.

The User assumes full responsibility for any content uploaded or shared via the Services. By providing an email address or registration data (e.g., username, identifier, password, etc.), the User confirms that only they will access and use the services from that email or with those credentials.

Accordingly, any activity associated with a given email address or set of credentials is solely the responsibility of the User who registered them.

Principles and Methods of Data Processing

The Data Controller processes personal data in accordance with the principles of good faith, fairness, transparency, applicable laws, and the provisions of this Notice. Personal data strictly necessary for service delivery is processed only with the User’s consent and solely for the specified purposes. The scope of processed data is proportionate to the purpose and may not exceed it.

If the Data Controller intends to use personal data for purposes other than those originally stated, the User will be informed in advance and asked for explicit consent, or given the option to object to such use.

The Data Controller does not verify the accuracy of submitted personal data. The person providing such data is solely responsible for its correctness. Personal data of individuals under 16 years of age may be processed only with the consent of a parent or legal guardian.

The Data Controller is unable to verify the legal capacity or content of such parental consent. Therefore, the User (or the parent/guardian) warrants that their consent complies with all applicable legal requirements.

In the absence of valid parental consent, the Data Controller does not collect personal data from individuals under 16—except for the IP address automatically recorded due to the technical nature of internet services.

The Data Controller will not disclose personal data to third parties other than the Data Processors and external service providers referenced in this Notice.

This restriction does not apply to the use of anonymised, statistically aggregated data that cannot identify any individual user in any form; such use does not constitute data processing or sharing under data protection laws.

In specific circumstances—such as official court or police requests, legal proceedings due to suspected copyright, property, or other violations, or threats to the Data Controller’s legitimate interests or service integrity—the Data Controller may disclose the User’s personal data to third parties.

The Data Controller may collect data about User activity that cannot be linked to registration details or to data generated through other websites or services.

If personal data is corrected, restricted or erased, the Data Controller will notify the User and any third parties previously provided with the data for processing purposes. Notification may be omitted if it would not adversely affect the User’s legitimate interests in relation to the processing purpose.

The Data Controller ensures the security of personal data by implementing appropriate technical and organisational measures and establishing internal procedures to prevent accidental loss, unauthorised destruction, access, use, alteration, or distribution of data.

The Data Controller draws the attention of all Data Processors receiving personal data to this obligation.

In accordance with the GDPR, the Data Controller is not required to appoint a Data Protection Officer.

Duration of Data Processing

Automatically recorded IP addresses are retained for a maximum of 7 days. For email inquiries from non-registered Users, the email address is deleted 90 days after the matter is resolved—unless the Data Controller’s legitimate interest justifies further retention, in which case data is kept only as long as that interest persists.

Personal data provided by the User will be retained as long as the User remains subscribed to the service under their username or until they request data deletion. Upon such request, the data will be erased from our systems.

Even if the User unsubscribes or deletes their registration (thereby losing login access), their personal data may continue to be processed until they explicitly request in writing that processing be discontinued.

Withdrawing consent for data processing (without unsubscribing) does not affect the User’s right to use the service—but certain features may become unavailable due to the lack of required personal data.

In cases of fraudulent, misleading use of personal data, criminal acts, or system attacks by the User, the Data Controller may immediately delete personal data upon account termination—but may also retain it for the duration of any related legal or civil proceedings if fraud or liability is suspected.

Data automatically generated and recorded for technical reasons during system operation is stored only for the period necessary to ensure proper system functionality.

The Data Controller ensures that such automatically collected technical data cannot be linked to other personal data—except where legally required.

If the User withdraws consent or unsubscribes, their identity can no longer be associated with technical logs (except for law enforcement or expert investigations).

If a court or authority orders the deletion of personal data, the Data Controller will comply. Alternatively—and with the User’s notification—the Controller may restrict processing instead of deleting data if the User requests it or if deletion would likely harm the User’s legitimate interests.

Personal data will not be deleted as long as the processing purpose that prevents deletion remains valid.

User Rights and How to Exercise Them

Users may request confirmation as to whether their personal data is being processed and, if so, access to that data.

Requests for information may be submitted in writing to the Data Controller’s address via registered or registered-with-return mail, or by email to support@rgmdigitalmedia.hu.

Written requests are deemed authentic only if they allow clear identification of the User. Email requests are considered valid only if sent from the User’s registered email address—though the Controller may use additional verification methods before responding.

Requests may cover: the personal data processed; its source; purpose, legal basis, and duration of processing; names and addresses of any Data Processors; details of processing activities; and, if applicable, recipients of data sharing and their purposes.

Users may request correction or amendment of their personal data. Considering the purpose of processing, they may also request completion of incomplete data. Once modified or deleted, previous data cannot be restored. Users may also request erasure of their personal data.

Erasure may be refused if processing is necessary: (i) for exercising the right of freedom of expression and information; (ii) for compliance with a legal obligation; or (iii) for the establishment, exercise or defence of legal claims.

In all cases of refusal, the Data Controller will inform the User of the specific reason.

Once personal data is erased, it cannot be recovered. Marketing emails may be unsubscribed via the link included in each message. Upon unsubscription, the User’s data is removed from the mailing list. Users may also request restriction of processing if they contest the accuracy of their data.

In such cases, restriction applies only for the period needed to verify data accuracy. The Controller will flag any data whose accuracy is disputed but cannot be definitively proven incorrect.

Users may also request restriction if processing is unlawful but they oppose erasure and instead request limitation of use.

Restriction may also be requested when the processing purpose has been fulfilled, but the User requires the data to be retained for legal claims.

Users have the right to receive their personal data, provided to the Controller in a structured, commonly used, machine-readable format, and to request its transmission to another controller.

Users may object to processing of their personal data if: (i) processing is necessary for compliance with a legal obligation or for the Controller’s or a third party’s legitimate interests; (ii) the purpose is direct marketing, opinion polling or scientific research; or (iii) processing serves a task carried out in the public interest.

The Data Controller will review the validity of any objection. If justified, processing will cease, the data will be blocked, and all prior recipients of the data will be notified of the objection and any resulting measures.

Data Processing by Processors

The Data Processor (in this case, acting jointly with the Controller) does not make independent decisions and acts solely in accordance with the Controller’s instructions and contractual agreement.

The Processor processes personal data received from the Controller in full compliance with GDPR requirements and provides a written declaration of compliance.

The Controller supervises the Processor’s activities. The Processor may engage sub-processors only with the Controller’s prior written consent.

External Service Providers

The Data Controller may engage external providers to deliver services and cooperates with them to ensure optimal performance.

For data processed by these providers, their own privacy policies apply. The Controller takes all reasonable steps to ensure that external providers process data lawfully and exclusively for the purposes defined by the User or stated in this Notice.

External providers process data in accordance with GDPR and provide written assurances to the Controller. The Controller informs Users of such data sharing in this Notice.

External Providers Assisting with Registration or Login

The Data Controller may collaborate with external providers offering registration or login facilitation tools (e.g., social login). In such cases, certain personal data (e.g., IP address, email, username) may be shared with these providers.

These providers handle data according to their own privacy policies. Current providers include: Facebook Inc.

Web Analytics and Advertising Providers

The Data Controller works with external providers for web analytics and ad serving.

These providers may access the User’s IP address and often use cookies, web beacons (tracking pixels embedded in websites, emails or apps), click tags (codes identifying ad clicks), or other tracking technologies to personalise content, conduct analytics, or compile statistics.

Users may delete cookies at any time or configure browsers to block them. Identification of third-party cookies is possible via their domain name. Web beacons, click tags, and similar tracking tools cannot be disabled. These providers handle data according to their own privacy policies.

Other External Providers

Some providers may access our website or services—either with or without User interaction—and collect data about Users or their activity, which may, alone or combined with other data, enable identification.

Such providers may include, but are not limited to: Facebook Ireland Ltd., Google LLC, Instagram LLC., Infogram Software Inc., PayPal Holdings Inc., Pinterest Europe Ltd., Playbuzz Ltd., Twitter International Company, Viber Media LLC, Vimeo Inc., YouTube LLC. These providers process data in accordance with their own privacy policies.

Data Disclosure

The Data Controller is entitled and obligated to disclose any lawfully stored personal data to competent authorities when required by law or a binding official decision.

The Controller bears no liability for consequences arising from such legally mandated disclosures.

If the Data Controller transfers part or all of its content or hosting operations to a third party, it may transfer the corresponding personal data to the new operator without seeking separate User consent—but only after providing prior notice and ensuring that Users are not placed in a worse position than under this Notice.

In such cases, Users will be given the opportunity to object to the transfer before it occurs. If an objection is made, the User’s data will not be transferred. The Controller maintains a record of all data transfers for compliance and transparency purposes.

Amendments to This Notice

The Data Controller reserves the right to amend this Notice at any time at its sole discretion.

By continuing to use the website, the User accepts the current version of this Notice. No further explicit consent is required for such updates.

Legal Remedies

Users may file complaints regarding data processing directly with the National Authority for Data Protection and Freedom of Information (NAIH):
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c., Hungary
Phone: +36-1-391-1400
Email: ugyfelszolgalat@naih.hu
Website: www.naih.hu

In case of violated rights, Users may also bring legal action before a court. Jurisdiction lies with the competent tribunal. At the User’s discretion, proceedings may be initiated before the tribunal of their habitual residence or place of stay. Upon request, the Data Controller will inform the User about available legal remedies and procedures.