The Website allows its Users to create documents, and to register the content of these documents onto the Everprove Ledger database. Following the Everprove Ledger registration, the Website creates a unique QR code for the registered document, which will enable the direct download of the document data later from the ledger. The specific content of the document may never be accessed on the public ledger without the individual QR code, as the data is written onto the ledger in a cryptographically secured format. The Website is managed from the territory and applicable law of Hungary.
Operator processes the personal data of the Users completely in accordance with the relevant laws in force which contributes to the secure internet access of the Users.
If the Operator processes the personal data of the Users privately, in accordance with the most strict legal requirements in force – especially the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (27 April 2016; hereinafter as: GDPR) – provides their security, takes all the necessary technical and organizational measures, furthermore forms those procedural rules, which are necessary to comply the relevant legal provisions and other recommendations.
GDPR does not apply to the processing of personal data by a natural person in the course of a purely personal or household activity and thus with no connection to a professional or commercial activity. According to the definitions of GDPR as a main rule, Operator does not process the personal data on behalf of the controller and does not provide the means for processing personal data for such personal or household activities.
The Operator exclusively processes the personal data where the recording is necessary to monetize the attendance of the Website, to practice its rights and fulfill its obligations in the existing legal relationship with Users, within this framework to communicate with them, furthermore to secure business in relation to the Users.
Personal data may be processed only for specified purposes, for the implementation of certain rights or obligations. The recording of personal data shall be done under the principle of lawfulness and fairness.
Personal data may be processed when the data subject has given his consent or when processing is necessary as decreed by law or by a local authority based on authorization conferred by law (hereinafter as “mandatory processing”).
The purpose of processing must be satisfied in all stages of data processing operations.
The personal data processed must be essential for the purpose of the data processing, and it must be suitable to achieve that purpose.
The data controller shall carry out data operations in order to secure the accuracy (correctness) of the processed data.
Personal data may be processed to the extent and for the duration necessary to achieve its purpose.
Personal data shall be erased if processed unlawfully, so requested by the data subject, incomplete or inaccurate and it cannot be lawfully rectified, provided that erasure is not disallowed by statutory provision, the purpose of processing no longer exists or the legal time limit for storage has expired, so instructed by court order or by the competent authority.
Data must be protected by means of suitable measures against unauthorized access, alteration, transmission, public disclosure, deletion or destruction, as well as damage and accidental loss, and to ensure that stored data cannot be corrupted and rendered inaccessible due to any changes in or modification of the applied technique.
If the Users provide personal information to Operator, the Operator shall take all the necessary steps to ensure the security of these data - both at network communication (ie. online data processing) and at data storage and trust (ie. offline data processing).
The data subject may request from the data controller i) information when his personal data is being processed, ii) the rectification of his personal data, and iii) the erasure or blocking of his personal data, excluded the mandatory processing.
Operator respects the principles of data processing and endeavor to enforce them every time.
Operator processes the data set out at Chapter V. referring to the legal basis below.
III.1. The legal basis of the data processing: the voluntary consent of the concerned person (Article 6. Section (1) Point a) of GDPR), processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6. Section (1) Points b) of GDPR), the lawful interest of the User and Operator (Article 6. Section (1) Points d) and f) of GDPR).
Users give their consent electronically by using the Website by checking the tick box during the process of the registration by Users affirmatively.
According the Article 7. Section (3) and Article 13 Section (2) Point c) of GDPR the withdrawal of the consent does not affect the legality of the prior data processing. Users acknowledge that in case of the withdrawal of their consent, they will not be able to use the services any more, but the documents burned onto the public ledger via the Website previously will remain accessible furthermore, without time limitation, through the generated QR code.
IV.1. Operator processes the data set out in Chapter V. in order to (i) provide the services indicated in I.1 above; and to (ii) send direct marketing materials from Operator in connection with the services.
IV.2. The Users can give their consent electronically separated for each purpose above, by using the Website while signing up, checking the tick box during the process of the registration by User affirmatively to Operator to (i) provide the services indicated in I.1 above; or (ii) contact them in subject of direct marketing or electronic advertisement (newsletter, e-mail) on the provided contacts. The consent can be withdrawn anytime without charges, limitations and justification furthermore the consent can be withdrawn as incidentally set out in the electronic advertisement. The consent can be also withdrawn with a declaration posted to the registered office of the Operator. According to the Article 7. Section (3) and Article 13 Section (2) Point c) of GDPR the withdrawal of the consent does not affect the legality of the prior data processing.
Users acknowledge that in case of the withdrawal of their consent in connection with the registrated e-mail address, they will not be able to use the services any more, but the documents they registered on the public blockchain previously will remain accessible furthermore, without time limitation, through the generated QR code. In case of the withdrawal of their consent in connection with the marketing materials only, they will remain able to use the services furthermore.
IV.3. In every case where Operator intends to use the provided personal data for other purposes that the original purpose of the recording informs the User and receives its prior direct consent, furthermore provide possibility to prohibit the use.
V.1. Uploading or creating documents on the Website requires registration. Registration requires Creator Users’ e-mail address.
Users acknowledge that Operator does not inspect the content of the uploaded / created documents, thus Operator does not processes any of the personal data contained by these documents.
V.2. Users under age of 16
To process personal data of users under the age of 16 and to their declarations parental consent is necessary, excluding those parts of the service, where the declaration aims an order common in everyday life and does not requires any particular consideration.
For the validity of the registration by a minor does not require the consent or an ex post approval of the legal representative.
V.3. The Operator does not collect sensitive data under any circumstances, which refers to personal data revealing racial origin or nationality, political opinions and any affiliation with political parties, religious or philosophical beliefs, health, pathological addictions, or criminal record.
V.4. The personal and other data provided by Users to Operator, is not completed or linked to data or information from other sources by Operator.
V.5. A few data of the User, like IP address are recorded in order of monetization the attendance of the Website and the identification of the incidentally bugs and cracks by Operator. These data are processed by Operator only for the necessary time-frame and not linked to those data which are suitable to identify the person of the User (Rendering anonymous). The managing of the data can be performed on foreign servers.
Operator processes the personal data set out in Section V. for 3 years following the deletion of the registration.
Users acknowledge that in case of the withdrawal of their consent in connection with the registrated e-mail address, they will not be able to use the services any more, but the documents they saved on the Website previously will be available furthermore, without time limitation, through the generated QR code. In case of the withdrawal of their consent in connection with the marketing materials only, they will remain able to use the services furthermore.
In case of request on deletion (withdraw of consent to data processing) the data managed by the Operator cannot be managed from the date of the receiving of the request.
In case of request to be forgotten the Operator shall delete from its database all the links with the lawfully managed data prior to the receiving of the request, the profile of the User and automatic decision.
Users acknowledge that in case of the withdrawal of their consent in connection with the registrated e-mail address, they will not be able to use the services any more, but the documents they burned onto the public ledger with the Website previously will be available furthermore, without time limitation, through the generated QR code. In case of the withdrawal of their consent in connection with the marketing materials only, they will remain able to use the services furthermore.
a) if processing or disclosure is carried out solely for the purpose of discharging the Operator’s legal obligation or for enforcing the rights and legitimate interests of the controller, the recipient or a third party, unless processing is mandatory;
b) if personal data is used or disclosed for the purposes of direct marketing, public opinion polling or scientific research; and
c) in all other cases prescribed by law.
In the event of a User's objection, the Operator shall not be entitled to further data processing unless it proves that data processing is justified by compelling legitimate reasons that prevail over the interests and rights of the User or are related to the submission, validation or protection of legal claims.
Regarding the data managed on the legal basis of Article 6. Paragraph (1) Points d) and f) (lawful interest) instead of request of deletion / to be forgotten User is entitled to object to the processing of its data.
In the event of objection, the Operator shall investigate the cause of objection within the shortest possible time inside a 15 days period, adopt a decision as to merits and shall notify the User in writing of its decision.
Upon the User’s request the Operator shall provide information concerning the data relating to the User, the sources from where they were obtained, the purpose, grounds and duration of the processing, the name and address of the recipients and on every activities regarding the data processing.
Operator shall comply with requests for information and provide the information requested in an intelligible form within the shortest possible time but at latest in 25 days, in writing at the User’s request.
The information of the concerned person shall be provided free of charge for any category of data.
The Operator may refuse to provide information to the data subject in the cases defined by law. Where information is refused, the Operator shall inform the User in writing as to the legal provision serving grounds for refusal. Where information is refused, the Operator shall inform the data subject of the possibilities for seeking judicial remedy or lodging a complaint with the competent authority.
According to 20. § of GDPR the User shall have the right to receive the provided data concerning User in a structured, commonly used and machine-readable format and have the right to transmit those data to another data manager.
In exercising his or her right to data portability pursuant to paragraph 1, the User shall have the right to have the personal data transmitted to another data manager, where technically feasible.
The request on data portability can be filed in electronic way through the e-mail address at the Website or in paper format posted to the registered office of the Operator.
If the Operator refuses to comply with the Users’s request on data portability, the factual or legal reasons of the refusal shall be communicated by Operator in writing within 30 days of receipt of the request. Where the request on data portability is refused, the data controller shall inform the data subject of the possibilities for seeking judicial remedy or lodging a complaint with the authority.
Regarding the data managed on the legal basis of Article 6. Paragraph (1) Points d) and f) (lawful interest) User is not entitled to the data portability.
VIII.1. Data storage
Operator stores the managed data on a storage based on virtual server.
Name of the storage provider: AMAZON WEB SERVICES EMEA SOCIÉTÉ À RESPONSABILITÉ LIMITÉE
Address of the storage provider: 38 AVENUE JOHN F. KENNEDY, L-1855 LUXEMBOURG
E-mail address of the storage provider: awsLUX-receivables-support@email.amazon.com
VIII.2. Data process
To improve your experience on the site, we use technologies from third-parties. These technologies help us understand what’s working well and what needs to be improved on the site.
Google Analytics:
Our website uses Google Analytics, a service which transmits website traffic data to Google. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage use. You can read more about this here. You can also read about how Google complies with GDPR.
Hotjar:
Hotjar helps us better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices (in particular device's IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. If you would like to read about how Hotjar complies with GDPR.
You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.
Mailchimp:
We use Mailchimp's service to deliver you occasional email updates if you choose to opt-in for our newsletter. Mailchimp collects certain device and usage information using cookies and similar tracking technologies. This information is used to measure the performance of email campaigns and to provide analytics information. You may read Mailchimp's Privacy Policy for more information. Each of the emails we send contain an unsubscribe option if you wish to stop receiving promotional messages.
VIII.3. Data forwarding
Operator does not forward any of the data to third party.
VIII.4. Safeguards provided by the Operator
The Operator undertakes an unconditional and irrevocable obligation to ensure the protection of the personal data of the User. The Operator is responsible for ensuring the compliance of the partners involved in the further controlling and processing of personal data, thereby ensuring the required protection of personal data.
IX.1. Data security measures
Regarding the processing of personal data provided by Users, the Operator shall act with utmost care. In the field of IT security, the Operator uses the most effective, most modern tools and procedures reasonably available.
Operator plans and implements the data processing operations to protect the privacy of the affected Users. Operator ensures the security of the data, and takes the technical and organizational measures and established the procedural rules to enforce the provisions of all privacy and data protection rules.
Electronic messages transmitted over the Internet independently from protocols (e-mail, web, ftp, etc.) are vulnerable to network threats that may lead to fraudulent activity or disclosure or modification of information. In order to protect such threats, the Operator shall take all precautionary measures that may be expected from it. Operator monitors the systems in order to capture all security dangers and provide evidence of any security incident. However, the Internet is not known - as is well known to the Users - to be 100 percent secure. The Operator shall not be liable for any damages caused by the unavoidable attacks carried out despite the expected maximum care.
VIII.2. Data Protection Officer
Operator declares to not being obliged to have a data protection officer, therefore Operator does not have a data protection officer.
Operator may use the data for statistical purposes only after a rendering anonymous. The aggregated, statistical use of the data cannot be contained in any form the personal data of the User concerned, or any other identifiable data.
The Operator does not use any automatic decision making or profiling.
XII.1. The customer service of Operator receives complaints and user inquiries related to the Operator's service on e-mail for this at the support@everprove.com email address.
Operator does not process personal data on any of the operated social media platforms, as Facebook Page (https://www.facebook.com/everprove/), Twitter account (https://twitter.com/everprove_app), and LinkedIn profile (https://www.linkedin.com/company/everprove), the User questions in posts / comment section does not considered as official complaints.
XII.2. Users can make complaints in connection with the data processing based on this Policy at the competent data processing authority of Hong Kong, or their residence as well.
XIII.1. The Operator may be contacted by court, public prosecutor, investigating authority, offense authority, administrative authority, data protection commissioner or other authorities authorized by law in subject of information request, disclosure and handing over of data, furthermore providing documents.
XIII.2. The Operator - provided the authority has declared the exact purpose and the scope of the data - issues personal data only to the extent that it is indispensable to achieve the purpose of the request.
In case if you do not agree with the above, please do not use the Website.
If you have additional questions regarding data protection, please contact our colleague.
This Policy is public at the Website from the date below from which date it is effective.
Budapest, 8 April 2020
