This privacy notice is effective from January 1, 2024.
The main goal of this notice is to lay out the data protection and data handling principles we use here at Infinite AD Limited Liability Company (our official address is 1026 Budapest, Pasaréti út 122-124., commercial registry number: 01-09-412791, tax number: 32222632-2-42). We'll refer to ourselves as the 'Data Controller' or 'Company' throughout this document, and we fully commit to these rules.
This privacy notice also wants to give everyone whose data we handle clear info on how we manage their data. Our goal is to make sure your basic rights and freedoms regarding your personal data and privacy are always protected when we process your data, no matter where you're from or where you live.
This notice covers all the ways we handle data on our website, https://infinite.ad/ (which we'll just call the 'Website'). It applies no matter how that data handling happens.
For all the data handling activities mentioned here, we're the ones who process your personal data. Also, just a heads-up, we haven't appointed a specific data protection officer.
If you have any questions or comments about how we process your data, you can reach out to us using the contact info below.
Name: Infinite AD Limited Liability Company
Address: 1026 Budapest, Pasaréti út 122-124.
Email address: hello@infinite.ad
Below are brief explanations of the terms used in this notice:
Personal data: This means any information that can identify a real person, either directly or indirectly, based on things like an ID, specific factors, or characteristics.
Data handling: This means any action taken with personal data, no matter how it's done. This covers everything from collecting, recording, organizing, storing, changing, retrieving, using, sharing, and making it available, to coordinating, linking, restricting, deleting, and destroying it.
Data Controller: Infinite AD Ltd. (that's us!), who decides why and how personal data is handled.
Data processing: This means carrying out the technical tasks related to handling personal data, no matter what methods or tools are used, or where it happens.
Data Processor: This is a person or company who handles personal data for us (the Data Controller) and based on our instructions.
Consent: This is a voluntary, specific, and informed agreement from the person whose data is being handled, clearly showing they're okay with their personal data being processed.
GDPR: This stands for the General Data Protection Regulation of the European Parliament and Council (No. 2016/679). It contains important rules about how personal data should be handled and what rights people have regarding their data.
Restriction of data processing: This means putting a special mark on stored personal data to limit how it can be used in the future.
Recipient: This is a person, company, public authority, agency, or any other group that receives personal data.
Anonymization: These are steps taken so that personal data can no longer be linked to a specific person. This means the data loses its personal touch, and you can't figure out who it belongs to, nor can the link between the data and the person ever be re-established.
Pseudonymization: These are actions taken so that personal data can no longer be linked to a specific person without extra information, as long as that extra info is kept separate and it's technically impossible to connect the personal data back to an identifiable person.
Supervisory authority: This is an independent authority set up to protect people's rights and freedoms and to help personal data flow freely within the EU when it's being processed. In Hungary, this is the National Authority for Data Protection and Freedom of Information.
Data protection incident: This is a security breach that leads to personal data being accidentally or unlawfully destroyed, lost, changed, shared without permission, or accessed by unauthorized people, whether it's data that's been sent, stored, or processed in any other way.
A cookie is like a tiny digital tag, sometimes just called a 'cookie,' that the Data Controller places on your computer, smart device, or browser when you visit our website at https://infinite.ad/. It's a unique piece of data that helps us save your settings and understand how you found our site and what you did while you were here, all without knowing who you are personally.
Our Website: This is the online platform you can find at https://infinite.ad/, where you can check out and sign up for the services offered by the Data Controller.
Consumer: This means a real person who's using our services for personal reasons, not for their job, business, or independent work.
To meet the data processing goals we've laid out in this notice, the Data Controller handles personal data that you either give us directly or allow us to access.
The Data Controller is super careful to make sure that no unauthorized people can get to the personal data we process. For those who *are* allowed to handle it for us, they can only access it for as long as and as much as they absolutely need to do their job.
As mentioned in point 10 of this notice, other data processors also handle your data, but only to a limited extent. Plus, in point 11, the Data Controller gives you all the details on when other companies (third parties) might get access to your personal data. This includes situations where official bodies contact us, and we have to share data to meet our legal duties.
The Data Controller only processes personal data according to the law, and only for specific reasons that we've clearly defined before we even start processing it, always sticking to those reasons.
The Data Controller handles all personal data we learn about in a legal and fair way, making sure our data processing is always clear and open for you. We only collect and process personal data for the specific, legal reasons explained in this notice, and we're extra careful to make sure your data isn't used in any way that doesn't match these detailed purposes.
The Data Controller wants to make it clear that our data processing isn't about tracking your behavior or creating profiles of what you do.
When deciding how to process data and throughout the whole process, the Data Controller puts in place all the technical and organizational steps needed to uphold data protection rules and protect your rights. We figured out these measures by looking at the latest technology, how much it costs to put them in place, and what risks there might be to people's rights.
The Data Controller wants you to know that we only handle personal data that's absolutely necessary and relevant for our data processing goals. We always try our best to make sure the data we process is accurate and current, and we do everything we can to update or fix any wrong information right away. We'd really appreciate it if you could help us out by letting us know in writing (like an email) if your data changes or needs to be clarified for any other reason.
We only process data for as long as it's absolutely necessary to reach our specific data processing goal. While we're processing your data, the Data Controller takes every technical and organizational step needed to keep your personal data safe. This includes protecting it from illegal processing, accidental loss, destruction, or damage.
If the Data Controller ever wants to use your data for a reason not mentioned in this notice, we'll let you know all about it beforehand, in writing. We'll tell you the new reason for processing your data and any other important details, and we'll make sure there's a legal reason for us to do so.
The Data Controller thinks it's super important to build technical and organizational safeguards into our data processing. This ensures that we only process data for as long as and as much as needed to hit our specific data processing goal, and that access to your data is always handled properly. To make sure we stick to this, the Data Controller has put controls into our data processing systems that help keep everything within these boundaries.
The Data Controller is extra careful to make sure that any data where the processing purpose is done, the time limit for processing has passed, or you've legitimately asked us to delete it, gets deleted right away. If we can't delete it, we'll anonymize it instead. That means we'll make sure it can't be linked back to you anymore.
The Data Controller runs the website at https://infinite.ad/, offering services to our registered users for a monthly fee we set. This lets you launch and manage ads in the Meta system automatically, without needing a human touch, all through our system. You can also review, evaluate, and even create new post texts for Facebook and Instagram using AI!
If you sign up on our Website, you'll need to give us some personal info: your name, email address, company name (if it applies to you), and a password.
We need to process the data you give us during registration so the Data Controller can make sure you can access your account on the Website and use our service. It also helps us handle all the administrative stuff that comes with providing the service, like sending you notifications and letting you pay online with a credit card.
The legal reason we process your personal data during registration is the service agreement you make with the Data Controller.
If a company uses our service, the legal reason we process your personal data during registration is because it's in the legitimate interest of both the Data Controller and the company you're registering for. We've done a check and decided that our legitimate interest, along with the company's you're signing up for, is more important than your interest in keeping that data private. Knowing and processing this data is super important for the Data Controller to give the company the access it needs to use the service. It also allows us to get in touch with the company (through you) during the contract period to share important info. If you ask us in writing, the Data Controller can show you the detailed compatibility test. Since your personal data from registration is processed based on the legitimate interest of the Data Controller and our company partner, you can object to this data processing if you have a special reason. You can find more details about your right to object to data processing in section 12.E.
The Data Controller wants to let you know that if you don't provide your data during registration, or if it's incomplete, we won't be able to accept your registration because we'll be missing crucial info needed to provide the service, and therefore, we won't be able to offer you the service.
The Data Controller also processes data from individual users of the service that's needed for invoicing your service fees. This includes your billing name, billing address, tax number (if you're a sole proprietor), and details about when, how long, and where you used the service, plus any other technical data essential for providing the service. The main reason we process this data is to create an invoice for the service fee you pay. We do this because we have a legal obligation to, as required by specific laws like Section 169 of Act CXXVII of 2007 on General Sales Tax and Section 13/A of Act CVIII of 2001 on electronic commerce services.
The Data Controller wants you to know that because the VAT Act requires us to handle data for invoicing, we have the right to end your service contract if you don't provide your billing data or if it's not complete.
If you're an individual user who pays for our services with a bank transfer, we'll also need to handle your bank account number. We do this to keep track of payments, and it's something we're required to do by accounting laws (specifically Section 169 (2) of Act C of 2000).
We'll keep your data until you delete your account on our website.
Just so you know, accounting laws (specifically Section 169 (2) of Act C of 2000) require us to keep invoices and customer records for 8 years from when they're issued or created. So, we'll hold onto personal data from invoices for individual users (like your billing name, address, and tax number if you're self-employed) for 8 years from the invoice date. Your bank account number will also be kept for 8 years from when your service fee payment is credited. This is true even if you delete your account before that 8-year period ends.
We also handle other data needed for invoicing your service fees (like the date, duration, and location of service use, plus any technical data essential for providing the service) until your service contract with us ends.
We want you to know that the email address you provide when you register is also used to send you general information about using our service. This includes things like confirming your successful registration or sending you a link to confirm your profile deletion. We want to make it clear that these informational emails aren't newsletters, marketing, or ads, so we don't need your consent to send them.
You can contact us through our website's online form to help us figure out which of our services would be best for you.
When you do, we'll collect the following personal data you provide through the online contact form: your name and email address.
We collect this data so we can chat with you directly and recommend the best service for your needs.
We're allowed to process this data because of our legitimate business interest, and we've done a 'balancing test' to make sure it's fair. In this test, we compared our need to use your data with your interest in keeping it private. The test showed that our legitimate interest in using the contact data you provide when you reach out to us is genuinely more important than your interest in not having your data processed this way. If you ask us in writing, we can show you the full details of this balancing test.
Since we process the data you provide when you contact us based on our legitimate business interest, you can object to this data processing if you have a specific reason related to your situation. You can find more details about your right to object in section 12.E.
We'll process the personal data mentioned in this section until you object to us doing so.
We let anyone interested in our service book an online consultation through our website so we can show you what it can do.
If you use this option to book an online consultation through our website, we'll process your name, email address, and the time you booked your appointment.
We process the personal data you provide to register your appointment, remind you about it, and let you join the online consultation. This is allowed under GDPR Article 6(1)(b), as processing your data is necessary for us to provide the online consultation you asked for. We want you to know that if you don't provide all your personal data, or if it's incomplete when booking your appointment, we won't be able to ensure you can participate in the online consultation.
We'll keep your data for this purpose for 180 days from the date and time of the online consultation you registered for on our website.
We use anonymous identifiers called cookies on our website. These cookies make it easier to navigate the site and help us with website management, statistics, and some marketing. A cookie is a small piece of data that basically makes browsing easier by remembering your settings and helping us see how people use our site and what they do on it.
We're allowed to process data collected by cookies that make sure our website works correctly on your device and browser because of our legitimate business interest. We've done a 'balancing test' for this, where we compared our legitimate interests with your interest in not having your data processed. The test showed that our legitimate interest in processing data collected by these cookies is genuinely more important than your interest in not having your data used this way. If you ask us in writing, we can show you the full details of this balancing test.
Since we process data collected by cookies based on our legitimate business interest, you can object to this data processing if you have a specific reason related to your situation. You can find more details about your right to object in section 12.E.
If you agree to use non-essential cookies for our website by clicking the buttons on the cookie banner you see on our homepage, we'll place these cookies on your device and browser. We then read them back to give you a more personalized experience. In this case, we're allowed to process data collected by these cookies because you gave us your permission. You can change your mind and withdraw your consent anytime, but we want to let you know that this won't affect any processing we did with your permission before you withdrew it.
The cookies we use on the website come in different types, and here's a quick rundown of them:
The Data Controller informs the subjects that cookies used on the Website can be distinguished based on expiration as follows:
Details about the cookies used by the Data Controller (cookie name, purpose of the cookie, name of the provider depositing the cookie, expiration, and type of cookie) can be accessed and read by the subjects any time via the cookie panel available on the Website.
When subjects visit the Website, the Data Controller specifically draws their attention to the use of cookies on the homepage. Additionally, the Data Controller points out that cookies are only placed on the subject’s device and browser – except for cookies strictly necessary for the operation of the Website – if the subject explicitly consents to the use of cookies, as well as to the processing of data collected and stored by cookies, using the appropriate settings on the cookie panel appearing on the Website.
The Data Controller informs the subjects that they can delete cookies from their own computer or the smart devices used to view the website at any time, and they can also disable the use of cookies in their browser. However, in this case, it may occur for technical reasons that certain functions of the Website cannot be used at all or only with limitation. Cookie management is usually possible in the browsers’ Tools\/Settings menu under the Privacy menu item, named cookie, sweetie, or tracking.
By clicking the links below – depending on the type of browser used by the subject – affected users can receive further assistance to perform the above settings:
The Data Controller provides the possibility to submit complaints related to the service provided through the Website and its use.
In the course of handling complaints submitted in writing by subjects qualified as consumers, the Data Controller primarily processes the name and address of the subject, but if the subject voluntarily provides additional personal data, the data processing also extends to those personal data.
If the subject using the service exercises their warranty rights arising from the Data Controller’s faulty performance, the Data Controller processes the following personal data of the subject: name, address, the name of the service used, the time and description of reporting the error, the right to be exercised and data related to the settlement of the claim.
During the handling of complaints submitted against the Data Controller, the personal data provided is processed by the Data Controller in order to fulfill the legal obligations described in paragraphs 17\/A (3) – (6) of Act CLV of 1997 on Consumer Protection, as processing these data is necessary for investigating and responding to complaints.
The Data Controller processes the data of subjects asserting warranty claims against the Data Controller for defects in services provided by the Data Controller in order to comply with its obligations under Chapter XXIV of Act V of 2013 on the Civil Code. The Data Controller can only act on the claims assessment and, if the claim is justified, its fulfillment with knowledge of the personal data.
The management of personal data of subjects complaining to the Data Controller is exclusively for the purpose of the Data Controller investigating and responding to written complaints within the legally required time frame. The processing of personal data relating to persons asserting warranty claims against the Data Controller occurs to assess these claims, establish contact with the affected individuals, or inform them of the decision on their request and the measures taken (if the claim is justified).
The Data Controller processes the personal data specified in the written complaint submission and in the response to it for 5 (five) years from the date of the complaint’s response. The data of the subjects asserting their warranty rights are processed by the Data Controller for 5 (five) years from the date of assessing the claim.
The Data Controller informs subjects that there are certain data processing operations for which it uses the assistance of data processors – based on separate written contracts. In this context, the Data Controller ensures that the data processors provide guarantees necessary to ensure compliance with applicable data protection regulations and measures to protect the rights of subjects. The Data Controller informs the subjects that data processors cannot make any substantive decisions regarding data processing, as they can only process data according to the instructions and provisions of the Data Controller.
In the course of its data processing detailed in this notice, the Data Controller collaborates with the following data processors:
If an official authority or court legally asks us to share your data, or part of it, and tells us why they need it, we're required to give them that personal data.
We want you to know that we won't share your data beyond what's explained in this notice, whether it's within the EU, to other countries, or with any other companies, organizations, or people.
We make sure you can use your rights regarding how the Company handles your personal data without any unfair limits or problems.
We also make sure you have the right to see your data, delete it, correct it, limit how it's used, object if we're processing it based on a legitimate reason, take back your permission, move your data, and the option to take legal action against how your data is handled, as explained below.
You can ask us anytime what data we have about you and how we're using it.
If you send us a written request like this, we'll give you a copy of your data and tell you why we're using it, who we're sharing it with, how long we plan to keep it, and what your rights are and how to use them.
We want you to know that we can only provide the first copy of your data for free. If you ask for more copies of the same data after your first request, or send another request for the same thing soon after, we might charge a fee to fulfill that request. We'll let you know the exact amount of this fee in our reply to your request.
We want to remind you that we can only give you a copy of your data if it doesn't violate the rights and freedoms of other people.
If you notice that we're handling your personal data incorrectly, you can ask us in writing at any time to correct it or add any missing information. Just send the correct data to hello@infinite.ad at the same time.
You can ask us to delete your personal data right away if:
We want you to know about your right to delete data, which means we'll make sure it's completely unavailable. If you want to use this right, we'll use every tech solution we have to make sure the Company can't access your data in any way going forward. This includes deleting data files from our backups and, if we can't delete the data for some reason, we'll make it anonymous instead. Also, if you ask, we'll make sure any other companies we work with (our data processors) also delete or destroy your data they have.
We want you to understand that we can't delete your data if we still need to use it for defending our legal rights, exercising free speech and information rights, meeting legal requirements, carrying out a task required by law, research and statistics, or for public health reasons.
We want you to know that once your deletion request is completed, we won't be able to get your data back.
You can ask us to limit how we use your data in these situations and for these timeframes:
If your request is valid, we'll let everyone we've shared your data with know about the restriction. We'll also let you know that even if you ask for a restriction, your data will still be stored, just not processed.
However, if you give us permission to process your data again, or if processing is needed for legal reasons (like making, proving, or defending a claim), or to protect the rights of other people or companies, or for an important public interest at the EU or member state level, we'll keep processing your personal data even with the restriction.
If the reason you asked for the restriction is gone, we'll let you know in writing that the restriction is being lifted, at least 15 days before we remove it.
If we're processing your data because you gave us permission, you can decide to take back this permission anytime. We want you to know that you can only withdraw your permission in writing, sent to hello@infinite.ad. This written rule doesn't apply to personal data collected by cookies with your permission; for those, you can just change your mind using the buttons on the cookie panel.
We want you to know that taking back your permission won't make any data processing we did *before* you withdrew it illegal.
If we or a third party are processing your data based on a 'justified interest,' you can object to this processing anytime, based on your personal situation. We want you to know that if you object, we won't process your data, unless there's another legal reason to do so, or if we have really strong, legitimate reasons that are more important than your interests, rights, and freedoms, or if it's for making, proving, or defending legal claims.
We review requests you send us to use your rights (A-F) right away, no matter what they're about. We'll send you a written response explaining our decision within 1 month.
We can extend this response time by 2 months if your request is really complicated or if we have a lot of other requests to deal with.
If we extend the deadline, we'll let you know in writing within 1 month of getting your request, and we'll tell you why there's a delay. We can't extend the deadline if we decide that your request doesn't need any data protection actions. In those cases, we'll respond to your request right away, but no later than 1 month after we get it. We'll also tell you why we're not taking further steps and what you can do if you disagree with our decision.
We don't charge any fees to review and fulfill your requests or for any actions we take, unless your request is clearly baseless or if you keep sending the same request after we've already reviewed it. In those situations, we might charge a reasonable fee to cover our administrative costs for handling your request, and we'll tell you the exact amount of this fee in our response.
We want you to know that to prevent unauthorized access to your data, we can only fulfill requests about your personal data rights if we can clearly confirm who you are. So, please always include at least your name and email address in your request. We'll check this against the data we have to make sure the request really came from you.
We really try to make sure our data processing follows all legal rules, is fair, and keeps your data safe. So, if you're not happy with how your data is being handled, please reach out to us directly using one of the contact points in Section 2 of this notice.
If you think your personal data wasn't processed legally, you can also file a complaint with the National Authority for Data Protection and Freedom of Information (address: 1055 Budapest, Falk Miksa utca 9-11., mailing address: 1363 Budapest, Pf. 9., email: ugyfelszolgalat@naih.hu). You can find the rules for how they accept and review complaints and handle official proceedings on www.naih.hu. We want you to know that if you disagree with the Authority's decision, or if they don't investigate your complaint on time, or don't tell you about the progress or outcome of your complaint within 3 months, you can take legal action at the competent court where the Authority is located (Fővárosi Törvényszék, address: 1055 Budapest, Markó u. 27., mailing address: 1363 Budapest, Pf. 16.).
If you feel your rights were violated because we didn't handle your data properly, you can directly contact the Fővárosi Törvényszék (address: 1055 Budapest, Markó u. 27., mailing address: 1363 Budapest, Pf. 16.) for a solution, or start a procedure at the court closest to where you live or usually stay.
You can find contact info for the relevant courts at this link: https://birosag.hu/birosag-kereso. We want to let you know that you'll need a lawyer to represent you in court, so you can only pursue your claims in court with proper legal help.
If we or our data processor handle your data in a way that doesn't follow data protection rules, and you suffer damage because of it, you can file a claim for compensation. For non-material damage, you can ask for a restitution fee from us or our processor. However, the processor is only responsible for damage if they didn't follow specific rules for data processors, or if they ignored or went against our instructions.
You can choose to pursue your compensation claim at the competent court where we or the data processor who violated the rules are located, or at the court closest to your own residence or usual place of stay.
You can find contact info for eligible courts at this link: https://birosag.hu/birosag-kereso.
The Data Controller undertakes all necessary measures to ensure that personal data processed by it is adequately secured. The selection of the most appropriate data security measure is always based individually on the risks present and likely concerning the processed data.
To ensure data security, the Data Controller ensures that electronic records enabling personal data processing and programs processes are consistently guaranteed with their confidentiality throughout the data processing duration, the electronic records, files containing data receive necessary protection, and they are resistant to unauthorized intervention, attacks, or accidental data destruction, data loss. The Data Controller guarantees that the records, and programs used for processing are available both to carry out data processing operations and for exercising and enforcing the rights entitled to the subjects to the required extent and throughout.
Before the start of data processing, and throughout the entire period of data processing, the Data Controller continuously monitors and evaluates the risks likely regarding the personal data at the given moment, particularly those risks associated with accidental or unlawful destruction, alteration, loss, or unauthorized access to the data processed by the Data Controller.
The Data Controller draws the subjects’ attention to the fact that despite the data security measures implemented and adhered to throughout the personal data processing process, unfortunate and unwanted events can still occur that breach or threaten the protection and security of the data processed (data protection incidents).
Should an incident concerning personal data under the Data Controller’s handling arise, the Data Controller ensures, in compliance with GDPR regulations, that the incident report is submitted to the National Authority for Data Protection and Freedom of Information immediately, but no later than within 72 hours from its discovery.
The Data Controller asks subjects not to be surprised if they receive a notification about a data protection incident as, in such cases, the Data Controller fulfills its legal obligation requiring it to inform the subjects of incidents likely posing a high risk to the rights and freedoms of the subjects.
High risk, in particular, applies if the incident involves a data set considered sensitive (e.g., special categories of data, financial status information, identity theft, or affecting subjects’ social reputation).
