Privacy Policy

1. Data Controller

2. Contact Person Responsible for the Register

The contact person responsible for the register can be reached via the contact information provided in section 1.

3. Register Name

Hobbly Marketing and Customer Register

4. Legal Basis and Purpose of Personal Data Processing

The legal basis for processing personal data in accordance with the EU Data Protection Regulation is:

5. Register Data Content

We collect and process only such personal data about the data subject that is necessary for the purposes mentioned in this policy.

• Personal basic and contact information as well as authentication-related information, such as name, nickname, username, or other unique identifier, email address, age, gender, phone number.
• IP address used by the person or other similar unique code.
• Device type, operating system, software version used by the person, as well as other possible device and network-specific identifiers.
• Event data from the person's device, including error data, browser data, language data, time when the website was used, and from which address the person came to the website.
• Interest information provided by the person, such as interests, favorites, subject emphasis, location preferences, and other optional information.
• Cookies that may uniquely identify your browser or the website used.
• Permissions and consents given by the person, such as direct marketing permission.
• Other data collected from the data subject themselves, such as customer feedback, contacts, and information related to competitions and raffles.
• Other data provided or disclosed with your consent, such as data collected from external sources.

6. Data Retention Period

We retain your personal data only for as long as necessary to fulfill the purposes mentioned in this policy or as required by law.

• Hobbly account and related personal data are retained until the account holder deletes it themselves. When the account holder deletes this account, the account and related personal data are deleted immediately, but at the latest within 14 days.
• Interest information set by the user is retained until the user removes the selection or when the Hobbly account is deleted. When the user removes the selection or deletes the Hobbly account, the interest information is deleted immediately, but at the latest within 14 days.
• Information related to payment transactions is retained for ten (10) years from the time the user made the payment transaction or deletes their Hobbly account.
• Customer feedback and other similar contacts are retained for 12 months from the time the contact was received.
• Analytics and identification data related to the service are retained for 30 days.
• Analytics and identification data related to websites are retained for 14 months.

At the end of the retention period, we delete the related personal data.

7. Regular Data Disclosures and Data Transfers Outside the EU or EEA

We primarily process personal data using services and partners located in the EU and EEA area. In some cases, some of our service providers may process personal data outside the EU and EEA area.

In such cases, we ensure that the level of data protection is adequate and that transfers are carried out in accordance with applicable legislation, using, for example:

• Standard Contractual Clauses (SCC) approved by the European Commission
• Data Privacy Framework arrangement, or
• another transfer basis in accordance with the EU Data Protection Regulation

We ensure that the protection of personal data remains at an adequate level regardless of where the data is processed or stored.

Personal data is processed only by those individuals who have the right and need to do so based on their work or duties. Every person processing personal data is committed to maintaining confidentiality and ensuring data security and data protection in the manner required by their duties.

We may use reliable service providers in the implementation of our services who assist, for example, in:

• technical maintenance and development of the service
• payment processing and communication
• analytics and monitoring service usage
• marketing and campaign activities
• customer service and contacts

Our service providers process personal data only in accordance with our instructions and contracts.

The data subject can, if desired, request a more detailed list of service providers and recipient groups of personal data by contacting the contact information found at the beginning of this privacy policy.

8. Register Protection Principles

Personal data in the register is processed carefully, and data processed with the help of information systems is protected by appropriate technical and organizational means. When register data is stored on internet servers, we ensure the physical security of their hardware, access control, and digital data security by appropriate means. The data controller ensures that stored personal data is processed confidentially. Server access rights and other security-critical information are available only to those employees whose duties include their processing and for whom it is essential for their job duties.

9. Data Subject's Rights

The data subject has the right to:

• Receive information about the processing of their personal data
• Rectify data
• Access their own data
• Delete data and be forgotten
• Restrict the processing of their data
• Transfer data from one system to another
• Object to data processing
• File a complaint with the supervisory authority
• Not be subject to automated decision-making

If the data subject wishes to check the data stored about them or request a correction, the request must be sent in writing to the data controller. The data controller may, if necessary, request the requester to prove their identity. The data controller will respond to the customer within the time specified in the EU General Data Protection Regulation (1 month).