PRIVACY POLICY

PRIVACY POLICY

BGR Central Europe Kft.
Registered Office: 1047 Budapest, Perényi Zsigmond utca 10. 2. em. 2., Hungary
(Not a business premises! Customer reception only by prior appointment!)
Company Registration Number: 01-09-404629
Tax Number: 32054527-2-41
EU VAT Number: HU32054527

1. INTRODUCTION

This Privacy Policy explains how BGR Central Europe Kft. (“Company”, “we”, “us”, “our”) collects, uses, processes, and protects your personal data when you use our AI-powered chat service (“Service”). This policy complies with the EU General Data Protection Regulation (GDPR) and Hungarian data protection laws.

Last Updated: [Date to be inserted]
Effective Date: [Date to be inserted]

2. DATA CONTROLLER

BGR Central Europe Kft. is the data controller responsible for your personal data.

Contact Information:

  • Address: 1047 Budapest, Perényi Zsigmond utca 10. 2. em. 2., Hungary
  • Email: [To be inserted]
  • Data Protection Officer: [To be inserted if applicable]

3. WHAT PERSONAL DATA WE COLLECT

3.1 Account Information

  • Registration Data: Username, email address, password (encrypted)
  • Profile Information: Any optional profile details you provide
  • Age Verification: Confirmation that you are 18+ years old

3.2 Payment Information

  • Billing Data: Name, billing address, payment method details
  • Transaction Records: Purchase history, Token transactions, timestamps
  • Note: Payment card details are processed by third-party payment processors and are not stored on our servers

3.3 Chat and Usage Data

  • Chat Messages: Your conversations with AI characters (temporarily stored for 24 hours maximum)
  • Usage Analytics: Token consumption, character interaction patterns, session duration
  • Technical Data: Device information, browser type, IP address, access logs

3.4 Automatically Collected Data

  • Cookies and Tracking: Session cookies, preference settings, analytics data
  • Technical Logs: Error logs, security logs, performance metrics
  • Geolocation: General location data (country/region level) for service optimization

4. HOW WE USE YOUR PERSONAL DATA

4.1 Service Provision

  • Creating and managing your user account
  • Processing Token purchases and payments
  • Enabling AI character interactions
  • Providing customer support and technical assistance

4.2 Service Improvement

  • Analyzing usage patterns to improve AI responses
  • Optimizing platform performance and user experience
  • Developing new features and characters
  • Conducting quality assurance and testing

4.3 Legal and Safety

  • Preventing fraud, abuse, and unauthorized access
  • Complying with legal obligations and law enforcement requests
  • Enforcing our Terms and Conditions
  • Protecting the rights and safety of users and third parties

4.4 Communication

  • Sending service-related notifications and updates
  • Responding to inquiries and support requests
  • Providing important policy changes or security alerts

5. LEGAL BASIS FOR PROCESSING

We process your personal data based on the following legal grounds:

5.1 Contract Performance (GDPR Art. 6(1)(b))

  • Account creation and management
  • Token sales and payment processing
  • Service delivery and customer support

5.2 Legitimate Interests (GDPR Art. 6(1)(f))

  • Service improvement and analytics
  • Fraud prevention and security
  • Technical optimization and maintenance

5.3 Legal Compliance (GDPR Art. 6(1)(c))

  • Compliance with Hungarian and EU laws
  • Cooperation with law enforcement when required
  • Regulatory reporting obligations

5.4 Consent (GDPR Art. 6(1)(a))

  • Marketing communications (if opted-in)
  • Non-essential cookies and tracking
  • Optional data processing activities

6. DATA RETENTION PERIODS

6.1 Chat Data

  • Active Sessions: Chat messages are stored for the duration of your session
  • Automatic Deletion: All chat data is automatically deleted after 24 hours
  • Manual Deletion: You can delete chat sessions immediately at any time

6.2 Account Data

  • Active Accounts: Personal data is retained while your account is active
  • Inactive Accounts: Data may be deleted after 3 years of inactivity
  • Account Deletion: Data is deleted within 30 days of account termination

6.3 Transaction Data

  • Payment Records: Retained for 8 years for tax and accounting purposes
  • Token Purchase History: Retained for the lifetime of your account
  • Fraud Prevention: Certain data may be retained longer for security purposes

6.4 Technical Logs

  • Access Logs: Retained for 12 months for security and troubleshooting
  • Error Logs: Retained for 6 months for technical improvement
  • Analytics Data: Aggregated data may be retained indefinitely (anonymized)

7. DATA SHARING AND THIRD PARTIES

7.1 Service Providers

We may share your data with trusted third-party service providers:

  • Payment Processors: For secure payment processing
  • Cloud Hosting: For data storage and service infrastructure
  • Analytics Providers: For usage analytics and service improvement
  • Customer Support: For technical assistance and support services

7.2 Legal Requirements

We may disclose your data when required by law:

  • Court orders, subpoenas, or legal proceedings
  • Law enforcement investigations
  • National security or public safety requirements
  • Regulatory compliance obligations

7.3 Business Transfers

In case of merger, acquisition, or sale of assets, your data may be transferred to the new entity, subject to the same privacy protections.

7.4 No Sale of Data

We do not sell, rent, or lease your personal data to third parties for marketing purposes.

8. INTERNATIONAL DATA TRANSFERS

8.1 EU/EEA Processing

We primarily process data within the European Union and European Economic Area.

8.2 Third Country Transfers

If data is transferred outside the EU/EEA, we ensure adequate protection through:

  • Adequacy Decisions: Transfers to countries with adequate data protection
  • Standard Contractual Clauses: EU-approved contract terms with third parties
  • Certification Schemes: Partners with recognized privacy certifications

9. DATA SECURITY

9.1 Security Measures

We implement appropriate technical and organizational measures:

  • Encryption: Data encryption in transit and at rest
  • Access Controls: Strict employee access limitations
  • Regular Audits: Security assessments and vulnerability testing
  • Incident Response: Procedures for data breach detection and response

9.2 AI-Specific Security

  • Chat Isolation: Each user’s conversations are isolated and protected
  • Automated Deletion: Technical safeguards ensure 24-hour data deletion
  • Content Filtering: Systems to prevent processing of sensitive data

9.3 Limitations

While we implement strong security measures, no system is 100% secure. We cannot guarantee absolute security of your data.

10. YOUR RIGHTS UNDER GDPR

10.1 Access Right (Art. 15)

You can request a copy of all personal data we hold about you.

10.2 Rectification Right (Art. 16)

You can request correction of inaccurate or incomplete personal data.

10.3 Erasure Right (Art. 17)

You can request deletion of your personal data in certain circumstances.

10.4 Restriction Right (Art. 18)

You can request limitation of data processing in specific situations.

10.5 Portability Right (Art. 20)

You can request your data in a structured, machine-readable format.

10.6 Objection Right (Art. 21)

You can object to processing based on legitimate interests or for direct marketing.

10.7 Automated Decision-Making (Art. 22)

You have rights regarding automated decision-making and profiling (if applicable).

10.8 Exercising Your Rights

To exercise these rights, contact us using the information in Section 2. We will respond within one month of receiving your request.

11. COOKIES AND TRACKING TECHNOLOGIES

11.1 Essential Cookies

  • Session Management: Maintaining your login and preferences
  • Security: Protecting against fraud and unauthorized access
  • Functionality: Core service features and performance

11.2 Analytics Cookies

  • Usage Statistics: Understanding how users interact with our service
  • Performance Monitoring: Identifying and fixing technical issues
  • Service Improvement: Optimizing user experience and features

11.3 Cookie Management

You can manage cookie preferences through your browser settings. Blocking essential cookies may affect service functionality.

12. CHILDREN’S PRIVACY

12.1 Age Restriction

Our Service is restricted to users 18 years and older. We do not knowingly collect personal data from minors.

12.2 Parental Notice

If we become aware that we have collected data from someone under 18, we will delete it immediately and terminate the account.

13. CALIFORNIA PRIVACY RIGHTS (CCPA)

13.1 California Residents

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale of personal information
  • Right to non-discrimination for exercising privacy rights

13.2 CCPA Requests

California residents can exercise these rights by contacting us using the information provided in Section 2.

14. CHANGES TO THIS PRIVACY POLICY

14.1 Policy Updates

We may update this Privacy Policy to reflect changes in our practices or applicable laws. We will notify users of material changes.

14.2 Notification Methods

  • Email notification to registered users
  • Prominent notice on our website
  • In-app notifications for significant changes

14.3 Continued Use

Continued use of our Service after policy changes constitutes acceptance of the updated Privacy Policy.

15. COMPLAINTS AND SUPERVISORY AUTHORITY

15.1 Internal Complaints

If you have concerns about our data processing, please contact us first using the information in Section 2.

15.2 Supervisory Authority

You have the right to lodge a complaint with the relevant data protection authority:

Hungary: National Authority for Data Protection and Freedom of Information (NAIH)

  • Website: naih.hu
  • Address: 1055 Budapest, Falk Miksa utca 9-11., Hungary

EU Residents: You may also contact your local data protection authority.

16. CONTACT INFORMATION

For any questions about this Privacy Policy or our data processing practices:

BGR Central Europe Kft.
Address: 1047 Budapest, Perényi Zsigmond utca 10. 2. em. 2., Hungary
Email: [To be inserted]
Customer Service: [To be inserted]

For data protection specific inquiries:
Data Protection Contact: [To be inserted]

This Privacy Policy is available in English. In case of conflicts between different language versions, the English version shall prevail.