Terms of Use

Főoldal Terms of Use

Data Processing Notice

Entry into force: 2026. 01. 16.


Data controller details

Name: Máté Szokol EV.

Registered office: 2030 Érd Vince utca 12/b

Email: info@webgym.hu

Tax number: 48907259-1-33

Data protection officer: info@webgym.hu


1. Legal basis and principles

Data processing is carried out in accordance with EU Regulation 2016/679 (GDPR) and Hungarian Act CXII of 2011 on the right to self-determination in relation to information.

1.1. Legal basis:

Performance of a contract (GDPR Article 6(1)(b)): User account management, provision of services, subscription management.

Legitimate interest (GDPR Article 6(1)(f)): Prevention of abuse, system security, statistical analysis (anonymized).

Consent (GDPR Article 6(1)(a)): Marketing communications, Newsletter, Management of optional data.

Legal obligation (GDPR Article 6(1)(c)): Accounting and tax obligations, Requests from authorities.

1.2. Special data (GDPR Article 9): We request your express, voluntary consent to process health-related data (body weight, body composition, nutrition, training).

Withdrawal of consent: Possible at any time, but may make it difficult or impossible to provide the service.

2. Scope of data processed

2.1. Registration and identification data: Email address (mandatory), Name, Phone number (optional). (Purpose: Identification. Retention: Account deletion + 5 years).

2.2. Personal and physical data: Date of birth, Gender, Height, Weight, Body composition. (Purpose: Personalized calculations. Retention: Withdrawal of consent or deletion).

2.3. Goals and preferences: Fitness goals, Activity level, Dietary preferences, Weekly number of workouts. (Purpose: Recommendations. Retention: Active use + 1 year).

2.4. Food diary: Food consumed, Calories, Macronutrients, Fluid intake. (Purpose: Diary keeping, statistics. Retention: Until deleted).

2.5. Training diary: Exercises performed, Weights, repetitions, sets, Duration. (Purpose: Performance tracking. Retention: Until deletion).

2.6. Subscription and payment data: Package type, Subscription period, Stripe customer ID. We do NOT store credit card details! (Retention: 8 years).

2.7. Technical and usage data: IP address, Device type, Operating system, Logins, Logs. (Retention: 2 years).

2.8. Communication data: Customer service inquiries. (Retention: 3 years).


3. Data transfer and data processors

3.1. Stripe Inc. (payment service provider): Payment processing. (USA - based on SCC, PCI-DSS).

3.2. Cloud service provider: Application operation, data storage (within the EU, GDPR compliance).

3.3. Email service provider: Transactional and marketing emails.

3.4. Analytics provider (optional): Usage statistics (anonymized).

3.5. Data transfer to third countries: In the case of Stripe Inc., the USA (based on SCC). All other data remains in the EU.

3.6. Official requests: In case of legal obligations (NAV, police).


4. Data security

4.1. Technical measures: HTTPS/TLS encryption, password encryption (bcrypt), multi-factor authentication (PIN), backup, firewall.

4.2. Organizational measures: training, internal regulations, minimization of privileges, DPA contracts.

4.3. Data protection incident: We will notify the NAIH within 72 hours and users immediately. IMPORTANT: 100% security does not exist, liability is limited.

5. Rights of data subjects

5.1. Right of access: You may request information about the processing of your data (response: 30 days).

5.2. Right to rectification: Correction of inaccurate data in your Profile.

5.3. Right to erasure: Request the erasure of your data (except for accounting data).

5.4. Right to restriction of processing: Request the blocking of your data.

5.5. Right to data portability: Request your data in JSON/CSV format.

5.6. Right to object: Objection to processing based on legitimate interests.

5.7. Withdrawal of consent: Possible at any time (e.g., unsubscribing from marketing communications).

5.8. Automated decision-making: We do not use automated decisions with legal effects.


6. Cookies

6.1. Cookie types: Strictly necessary (session), Functional (settings), Analytical (statistics), Marketing.

6.2. Cookie management: Cookies can be disabled in your browser (this may result in loss of functionality).


7. Protection of children's data

Age restriction: Not recommended for persons under 18 years of age. Persons under 16 years of age may only register with parental consent. In the event of registration without parental consent, the account and data will be deleted immediately.


8. Data retention periods

Data type Legal basis Retention period

Name, email, telephone Contract Account deletion + 5 years

Weight, height, gender Consent Withdrawal or deletion

Nutrition log Contract, consent Until deletion or account termination

Training log Contract, consent Until deletion or account termination

Subscription data Legal obligation 8 years (Accounting Act)

Payment transactions Legal obligation 8 years

IP address, technical data Legitimate interest 2 years

Communication (support) Contract 3 years

Marketing consent Consent Until withdrawal


9.Remedies

9.1. Complaints to the Data Controller: info@webgym.hu (Response time: 30 days).

9.2. Complaints to the supervisory authority (NAIH): 1055 Budapest, Falk Miksa utca 9-11., ugyfelszolgalat@naih.hu, www.naih.hu.

9.3. Court proceedings: Court of jurisdiction based on place of residence.


10. Amendment to the Data Processing Policy

The Service Provider is entitled to modify the information sheet (legislation, new functions). We will send an email notification 15 days in advance of any significant changes.


11. Contact

Data protection issues (DPO): info@webgym.hu.

General customer service: info@webgym.hu, Monday to Friday, 9:00 a.m. to 5:00 p.m.

Postal address: 2030 Érd Vince utca 12/b.

Contact

Címünk: 2030 Érd, Vince utca 12/B.

Telefon: +36706787191 E-mail: mateszokol@gmail.com