Application

Privacy Policy

1. Data Controller

1.1. Grow Zone Kft.

  • Registered office: 1078 Budapest, Hernád utca 15, basement level 2
  • Tax number: 32612277-2-42
  • Website: www.growzone.hu

1.2.

The Data Controller is the gym operating under the name Grow Zone (hereinafter referred to as the “Grow Zone Gym”). The Data Controller carries out activities related to informing clients about its services, supporting the use of its systems, serving users, organizing professional events in the fields of sport, wellness, and health, organizing training courses related to sport and healthy lifestyle, publishing professional studies, and performing related administrative tasks.
Within this framework, the processing of personal data of Data Subjects is conducted in compliance with applicable legal regulations and the rules of business ethics.

2. Legal Basis for Data Processing

2.1.

The legal basis for data processing is the consent of the Data Subject, as well as Section 13/A (3) of Act CVIII of 2001 on Electronic Commerce Services and Services Related to the Information Society.

2.2.

The Data Subject provides consent to data processing by using the services of the Data Controller, registering, using the Data Controller’s website, completing certain questionnaires, and voluntarily providing personal data.

2.3.

Consent extends in particular to the following data processing operations: collection, recording, registration, organization, storage, alteration, use, transmission, disclosure, alignment or combination, restriction, deletion, and destruction of data.

2.4.

In the case of minors lacking legal capacity or having limited legal capacity, consent of the legal representative is required, except for service elements involving registrations that occur commonly in everyday life and do not require special consideration.

3. Purpose of Data Processing

3.1.

The purpose of data processing is to inform clients about the Data Controller’s services and products, provide advice related to the development of sports, health, and wellness activities, support the use of related systems, serve users, organize professional events in the fields of sport, health, and wellness, publish professional studies, maintain contact with clients, develop services, conduct opinion polls, send newsletters, and perform related administrative tasks.

These purposes include, in particular:

  • Registration for trainings and workshops, purchases, contact and communication — communication with applicants, informing and serving participants;
  • Registration for camps, purchases, contact and communication — communication with applicants, informing and serving participants;
  • Registration for fitness training, personal training, and group fitness classes — communication with applicants, informing and serving participants;
  • Registration for fitness assessments, purchases, contact and communication — communication with applicants, informing and serving participants;
  • Serving webshop customers — informing customers and maintaining contact;
  • Registration for free or paid participation in professional or business events and open days — informing participants and maintaining contact;
  • Serving customers of IT and other services or educational products — informing customers and maintaining contact;
  • Handling customer service inquiries and communication — informing clients and maintaining contact;
  • Evaluation of job applications and communication with applicants — informing applicants and maintaining contact;
  • Sending professional and business newsletters, direct marketing — newsletter distribution.

4. Scope of Processed Data

4.1.

Depending on the specific data processing purpose, the Data Controller processes the following personal data of Data Subjects:

  • Trainings and workshops: last name, first name, email address, company name, mobile phone number, landline phone number, billing company data;
  • Online trainings: last name, first name, email address, company name, mobile phone number, billing company data;
  • Camps: last name, first name, email address, company name, mobile phone number, landline phone number, billing company data;
  • Fitness, personal and group training: last name, first name, email address, company name, mobile phone number, landline phone number, billing company data;
  • Fitness assessment sessions: last name, first name, mother’s maiden name, address, place and date of birth, email address, company name, mobile phone number, landline phone number, billing company data;
  • Webshop customers: last name, first name, email address, company name, mobile phone number, landline phone number, billing company data;
  • Professional/business events and open days: last name, first name, email address, website, company name, additional notes, mobile phone number;
  • Customer service inquiries: last name, first name, email address, company name, mobile phone number;
  • Job applicants: last name, first name, email address, mobile phone number, willingness to complete test tasks, professional skill assessment results, CV, additional notes;
  • Newsletters and direct marketing: last name, first name, place of residence, email address, mobile phone number.

5. Duration of Data Processing

5.1.

Personal data are processed from the time of data provision until deletion by the Data Controller.

5.2.

Unless deleted earlier at the request of the Data Subject, data processing for each purpose lasts 12 months.

5.3.

Consent to newsletter distribution may be withdrawn via the unsubscribe link at the bottom of newsletters or through the Data Controller’s customer service.

5.4.

Data may also be deleted upon request; data processing continues until the Data Subject explicitly requests deletion.

5.5.

The Data Controller deletes the data no later than 30 calendar days from receipt of the request.

5.6.

The above provisions do not affect statutory retention obligations (e.g. accounting requirements). Data appearing on invoices and accounting documents cannot be deleted due to legal obligations.

6. Method of Data Processing

By using the Motibro platform, users accept the following statement:
“I acknowledge that my provided data are stored by MotiBro Szolgáltató Korlátolt Felelősségű Társaság (4482 Kótaj, Kert utca 1.) as a data processor in the Motibro software, which supports gym administration tasks, including guest registration, ticket and pass purchases, management of purchased tickets and passes, and sending administrative emails.”

6.1.

Personal data are provided via registration, website usage, questionnaires, postal or electronic communication, or other individual methods.

6.2.

Personal data are recorded separately according to each data processing purpose.

6.3.

Access to personal data is limited to:

  • employees of the Data Controller;
  • employees of the Data Processors listed below;
  • authorities requesting data during official procedures as required by law;
  • debt collection agencies engaged by the Data Controller for overdue claims;
  • other persons with the explicit consent of the Data Subject.

6.4.

The Data Controller undertakes an unlimited and strict confidentiality obligation regarding personal data and shall not disclose them to third parties without the Data Subject’s consent.

7. Data Processing Partners

7.1.

The Data Controller uses the following data processors:

  • Motibro — registration and customer management system
  • Carrd — website system

8. Data Security

8.1.

The Data Controller ensures the security of personal data and implements appropriate technical and organizational measures to comply with data protection regulations.

8.2.

Personal data are protected against unauthorized access, alteration, transmission, disclosure, deletion, destruction, and accidental loss or damage.

9. Information Requests, Rectification, Deletion, Restriction

9.1.

The Data Subject may:

  • request information about the processing of their personal data;
  • request rectification of personal data;
  • request deletion or restriction of personal data;
  • object to the processing of personal data.

9.2.

Information may only be refused in cases specified in Sections 9(1) and 19 of the Hungarian Information Act (Infotv.).

9.3.

Upon request, the Data Controller provides written information within 30 calendar days regarding processed data, purposes, legal basis, duration, data processors, and recipients.

9.4.

Inaccurate personal data must be rectified.

9.5.

Personal data must be deleted if:

  • processing is unlawful;
  • deletion is requested by the Data Subject;
  • data are inaccurate and cannot be lawfully corrected;
  • the purpose of processing has ceased;
  • statutory retention periods have expired;
  • deletion is ordered by a court or the data protection authority.

10. Legal Remedies

10.1.

The Data Subject may object to data processing under Section 21 of the Infotv. The Data Controller shall investigate the objection within 15 calendar days and inform the Data Subject in writing.

10.2.

If the Data Subject disagrees with the decision or the deadline is missed, they may initiate court proceedings within 30 calendar days.

10.3.

Legal action may be brought before the competent court, in Budapest before the Budapest-Capital Regional Court.

10.4.

Complaints may also be submitted to the Hungarian National Authority for Data Protection and Freedom of Information:

  • Name: National Authority for Data Protection and Freedom of Information
  • Address: 1024 Budapest, Szilágyi Erzsébet fasor 22/C
  • Website: www.naih.hu
  • Phone: +36 (1) 391-1400
  • Email: ugyfelszolgalat@naih.hu

11. Unilateral Amendment

11.1.

The Data Controller reserves the right to unilaterally amend this Privacy Policy.

11.2.

The current version of the Privacy Policy is published on the website www.growzone.hu. By using the services of the Data Controller, the Data Subject accepts the amended Privacy Policy by implication.