Privacy Policy
ANDREW TAYLOR, INDIVIDUAL ENTREPRENEUR
DATA PROCESSING NOTICE
ON THE PROCESSING OF PERSONAL DATA OF NATURAL
PERSONS USING THE “LUCKFINDERS” MOBILE
APPLICATION
Version: 1.0
Békés, 2026.04.08.
1
Andrew Taylor, a sole proprietor, has set himself the goal of creating and operating the mobile
application called “Luckfinders” (hereinafter referred to as the “Application”) to provide an
opportunity for natural persons using the Application to get to know each other, establish
contacts and communicate, in particular through search and contact functions based on
geographical proximity, and by using the premium services available in the Application.
With regard to the processing of personal data of natural persons who install the Application,
or register and use it (hereinafter collectively referred to as the “Data Subjects”), Andrew
Taylor, a sole proprietor (hereinafter referred to as the “Data Controller”), is considered a data
controller. The Application can only be used after registration, however, the availability of
certain functions and services may differ depending on the user status selected by the Data
Subject (e.g. basic or premium membership).
In view of the above, the Data Controller provides the Data Subjects with the following
information in accordance with the provisions of Regulation (EU) 2016/679 of the European
Parliament and of the Council (EU) on the protection of natural persons with regard to the
processing of personal data and on the free movement of such data, and repealing Directive
95/46/EC (General Data Protection Regulation) (hereinafter: GDPR) and Act CXII of 2011 on
the right to informational self-determination and freedom of information (hereinafter: Infotv.).
The Data Controller undertakes to ensure that the data processing carried out by it complies
with the requirements set out in the applicable legislation, in particular with regard to the
requirement that the information provided to the Data Subjects is provided in a concise,
transparent, clear and comprehensible manner and in an easily accessible form, in the form of
this data processing information.
.
I have summarized the most important information in the data protection notice in
tabular form on the last page.
You can find information on withdrawing your consent to the processing of your personal
data in Section V.
I. The Data Controller
Name: Andrew Taylor I.E.
Headquaters: 5630 Békés Mátra utca 11.
E-mail: info@luckcriptentertainment.com
2
II. Contact information of the Data Controller
You can request information regarding the processing of your data in the following ways:
- by email to the Data Controller at info@luckcriptentertainment.com;
- by post to the following address: 5630 Békés Mátra utca 11.
III. Purpose of data processing
The purpose of data management is for the Data Controller to provide the Data Subjects with
the opportunity to get to know each other, establish contact and communicate within the
Application, as well as to securely operate the basic and premium functions of the application,
including the identification and authentication of users and the provision of the technical and
operational conditions necessary for the use of the Application.
Within this framework, the direct purposes of data processing are:
- identification of the Data Subject and verification of user rights;
- creation and maintenance of a unique user account in the event of registration, and
provision of services related to the account available in the Application;
- creation and display of the user profile based on the data provided by the Data Subject;
- ensuring the establishment of connections and communication between users (e.g. sending
messages);
- operation of search functions based on geographical proximity in order to make it easier
for users to find each other;
- conducting an automated video authentication process used to verify the age and identity
of the Data Subject;
- ensuring the safe use of the Application, preventing abuse, and monitoring and continuous
development of the operation of the Application;
- maintaining contact with the Data Subjects, sending notifications and information related
to the operation of the Application;
- enabling the use of premium services, including the technical processing of in-app
purchases through Apple and Google payment systems.
The above data processing purposes serve the proper functioning and operation of the
Application and the establishment of secure connections between Data Subjects.
IV. Scope of processed data and process description
IV./1. Prerequisite for using the Application – registration
3
The Application cannot be used without registration, the functions of the Application can only
be accessed after registration. Accordingly, the Data Controller does not provide “guest mode”
use and does not process any substantive personal data of Data Subjects who do not complete
the registration process.
However, during the download of the Application and in connection with its technical operation
– within the scope specified in point IV./4. – technical data may be processed.
IV./2. Personal data of registered data subjects
The Data Controller processes the following personal data of the Data Subjects who download
the Application and register within it during the creation and use of the individual user account.
Registration can be done by providing an e-mail address, using a Google and Apple account.
The Data Controller processes the following personal data of the Data Subjects in connection
with the registration and use of the Application:
- the Data Subject's e-mail address and any additional personal data that may appear therein;
- the Data Subject's full name;
- basic data necessary for identification transmitted by the external service provider (Google /
Apple) used during registration;
- the Data Subject's date of birth (for age verification purposes);
- the Data Subject's gender;
- the profile picture and other images uploaded by the Data Subject;
- personal data that may be included in the introductory text provided by the Data Subject;
- data related to interests and contact purposes;
- additional profile data voluntarily provided by the Data Subject (height, languages spoken,
information about work and studies).
After registration, Data Subjects can log in to their individual user account using their email,
Google or Apple account.
IV./3. Additional data processing related to certain functions of the Application
In the case of registered Data Subjects who use certain functions of the Application, the
following additional personal data is processed.
In the case of video authentication:
- a video recording of the Data Subject's face, head and eye movements;
- the result of the automated facial recognition process (authentic / non-authentic status).
When using location-based search:
- the Data Subject's GPS coordinates.
In the case of using communication functions in encrypted form (the Data Controller does not
have access to the content of the messages):
- text messages exchanged between the Data Subjects;
- voice messages.
4
In case of using premium services:
- information regarding the existence of premium user status.
(The Data Controller is not authorized to process payment data, they are processed exclusively
by Apple and Google payment service providers.)
IV./4. Technical and operational data
In order to ensure the technical operation of the Application, the Data Controller processes the
following personal data regarding the Data Subjects:
- the unique device identifier generated by the Application of the smart device used by the
Data Subject;
- the IP address of the Data Subject;
- the unique installation identifiers necessary for the operation of the Application and the
delivery of “push” messages.
Source of personal data:
The Data Controller primarily obtains the above personal data directly from the Data Subject
on a voluntary basis during the use of the Application, the registration process, and the
provision of data within the Application.
If the Data Subject registers with a Google or Apple account, the source of the data is the
given external service provider.
The Data Controller obtains data related to the technical operation of the Application from the
Data Subject’s smart device in an automated manner.
V. Legal basis for data processing
The legal basis for the processing of personal data specified in Section IV of this Data
Protection Notice is the data subject’s consent as defined in Article 6(1)(a) of the GDPR,
which the Data Subject may provide by ticking the checkbox on the Application’s
registration interface prior to the commencement of data processing.
Biometric data for the purpose of uniquely identifying the Data Subject and personal data
concerning the Data Subject’s sex life or sexual orientation are considered to be special
personal data. Their processing is based on the data subject’s explicit consent as defined
in Article 9(2)(a) of the GDPR.
The data subject’s consent complies with the conditions set out in Recitals (32) and (42)-
(43), Article 4(11) and Article 7 of the GDPR, given that:
- az Érintett személyes adatait az Applikációban önkéntesen bocsátja az Adatkezelő
rendelkezésére;
5
- the use of the Application is not mandatory, the Data Subject can freely decide to provide
consent;
- by actively checking the checkbox placed during registration, the Data Subject specifically,
clearly and expressly consents to the processing of his/her personal data;
- the Data Subject can decide to provide consent after reviewing this data management
information;
- the Data Subject can withdraw his/her consent to data management at any time.
The Data Subject is entitled to submit his/her declaration of withdrawal of consent to data
management to the Data Controller at any time in the following ways:
- by deleting the registered user account via the Application;
- by sending an electronic mail to the Data Controller’s e-mail address
info@luckcriptentertainment.com;
- by sending a postal item to the Data Controller’s registered office (5630 Békés
The Data Controller does not impose any content or form requirements regarding the
declaration of withdrawal of consent, however, the declaration must be capable of
unambiguously identifying the Data Subject. Withdrawal of consent does not affect the
lawfulness of data processing prior to the withdrawal of consent.
VI. Duration of data processing
Subject to the provisions of Article 5(1)(e) of the GDPR and Section 4(2) of the Information
Act, personal data may only be processed to the extent and for the period necessary to achieve
the purpose.
The Data Controller shall process the personal data related to the technical operation of the
Application specified in Section IV./4 of this data processing information for the period
necessary for the proper operation of the Application or until the Application is deleted from
the Data Subject's smart device.
If the Data Subject has created a registered user account in the Application, the Data
Controller shall process the personal data specified in Sections IV./2 and IV./3 of this data
processing information for the duration of the user account or until the registration is deleted.
After the user account is deleted, the Data Controller shall delete the personal data without
undue delay, except for data that is necessary until the conclusion of a possible civil law
enforcement procedure.
After the retention period specified above, the Data Controller ensures the deletion of
personal data by means of disposal, which in the case of electronically stored personal data is
achieved by deletion without the possibility of recovery.
6
VII. Data processors, recipients, data transfer
VII./1. Data processors
The Data Controller uses the following data processors to process the personal data of the Data
Subjects:
- to Supabase Inc. (registered office: 3500 S Dupont Hwy, Dover, DE 19901, USA, further
information: https://supabase.com/privacy) to provide backend services, database management,
storage and authentication services necessary for the operation of the Application. Supabase
stores and technically processes all personal data collected by the Application and the data is
stored on Supabase's EU infrastructure.
- to Rackhost Zrt. (registered office: 6722 Szeged, Tisza Lajos körút 41., e-mail:
info@rackhost.hu) to provide IT infrastructure and storage services related to the operation of
the Application.
- to Google Ireland Limited (registered office: Google Building Gordon House, Barrow Street,
Grand Canal Dock, Dublin 4, D04 V4X7, Ireland, further information:
https://policies.google.com/privacy?hl=hu) for the purpose of ensuring electronic
communication (e-mail contact and communication) between the Data Controller and the Data
Subjects.
VII./2. Recipients
The Data Controller may transfer the personal data of the Data Subjects to the following
recipients only to the extent necessary for the operation of the Application:
- to Apple Distribution International Ltd. (registered office: Hollyhill Industrial Estate,
Hollyhill, Cork, Ireland, further information: https://www.apple.com/legal/privacy/) and
Google Payment Ireland Limited (registered office: 70 Sir John Rogerson's Quay, Dublin 2,
Ireland, further information: https://policies.google.com/privacy) for the purpose of processing
purchases within the Application, through the payment systems of the Apple App Store and the
Google Play store. The Data Controller is not authorized to process payment data (e.g. bank
card data), which are processed exclusively by the relevant payment service providers in
accordance with their own data processing terms.
- in the event of possible contact with the Data Subject by post, to Magyar Posta Zrt. (registered
office: 1138 Budapest, Dunavirág utca 2-6., adatvedelem@posta.hu) regarding delivery data.
The Data Controller does not transfer the personal data of the Data Subjects to third parties for
marketing, advertising or business acquisition purposes.
VII./3. Data transfer to a third country
The Data Controller does not intentionally transfer the personal data of the Data Subjects to a
third country outside the European Economic Area (EEA).
If the data processor used by the Data Controller – in particular Supabase, Apple or Google –
carries out part of the data processing operations outside the EEA, the data transfer may only
7
take place subject to the application of the guarantees set out in Chapter V of the GDPR (in
particular the European Commission’s adequacy decision or the general contractual terms and
conditions).
VII./4. Use of additional data processors
The Data Controller does not use any additional data processors beyond those specified in this
data processing information. In the event of involving an additional data processor, the Data
Controller will inform the Data Subjects in advance or without undue delay in accordance
with legal requirements.
VIII. How the data is processed
The Data Controller processes the personal data of the Data Subjects exclusively electronically,
using IT systems. During data processing, the Data Controller uses partially automated data
processing operations in order to ensure the proper functioning of the Application.
Certain functions of the Application – in particular the video authentication procedure – use
automated decision-making. Within this framework, the system determines whether the Data
Subject is an authenticated user or not using an automated facial recognition procedure based
on a video recording made by the Data Subject. Automated decision-making is aimed solely at
authenticating the user account and does not have any legal effect or significant consequences
for the Data Subject.
During the operation of the Application, the Data Controller performs profiling with respect to
certain functions in order to serve the needs of users (Data Subjects) as professionally as
possible.
Only the Data Controller is entitled to access the processed personal data, and the data
processors used by it may only access the data to the extent necessary to fulfill their contractual
obligations.
The Data Controller pays special attention to the confidentiality, integrity and availability of
personal data and, to this end, applies appropriate technical and organizational measures to
ensure that it prevents unauthorized access, alteration, transmission, disclosure or deletion.
Personal data is processed and stored in secure IT systems used by the Data Controller,
primarily on Supabase servers. Only the Data Controller has access to the Supabase system,
and does not provide access to third parties.
The Data Controller processes and stores personal data exclusively in electronic form; paperbased data processing does not take place.
8
After the retention period specified in Section VI. of this data processing notice has expired,
the Data Controller deletes the personal data irretrievably, so that their subsequent recovery is
not possible.
IX. Disclosure
The Data Controller does not disclose the personal data specified in Section IV of this data
protection notice.
Certain profile data voluntarily provided by Data Subjects within the Application will only
become visible to other registered Data Subjects as part of the intended use of the Application,
but will not be disclosed by the Data Controller in this case either.
X. Rights of the Data Subject in connection with the
processing of data
X.1. Right to withdraw consent (Article 7 of the GDPR)
The Data Subject has the right to withdraw consent to any data processing at any time, where
the processing of the Data Subject's personal data is based on the Data Subject's consent. It is
important that the withdrawal of consent does not affect the lawfulness of the data processing
carried out before the withdrawal of consent. In the event that the Data Subject withdraws
consent, it is possible that the Data Controller will not be able to provide certain services to
the Data Subject, and if relevant, the Data Controller will inform the Data Subject of this
when withdrawing consent. The exercise of this right by the Data Subject does not affect the
further processing of personal data processed by the Data Controller on other legal grounds.
The method of withdrawing consent is detailed in Section V of this Data Protection Notice.
X.2. The Data Subject's right to prior information (Articles 13-14 of the GDPR)
If personal data are collected from the Data Subject, the Data Controller shall, at the time of
obtaining the personal data, inform the Data Subject about basic information about the Data
Controller, the purpose of the planned processing of personal data, the legal basis for the
processing, and any data transfer operations. The Data Controller shall also inform the Data
Subject about additional information regarding the processing of his/her data, including,
among others, the duration of data storage, the rights of the Data Subject, and the right to file
a complaint with the authority. The Data Controller shall ensure the enforcement of the Data
Subject's right to prior information by publishing this Data Processing Notice and by
providing it to the Data Subject before the start of the data processing operation.
X.3. Right of access (Article 15 of the GDPR)
9
The Data Subject has the right to request access to his/her personal data, to receive a copy of
his/her personal data processed by the Data Controller and to check whether the data
processing is carried out lawfully by the Data Controller.
X.4. Right to rectification (Article 16 of the GDPR)
The Data Subject has the right to request the rectification of his/her personal data processed
by the Data Controller. Pursuant to this right, the Data Subject has the right to have
incomplete or inaccurate personal data processed by the Data Controller corrected, provided
that in such a case it becomes necessary to verify the authenticity of the newly transmitted
data.
10
X.5. Right to erasure – to be forgotten (Article 17 of the GDPR)
The Data Subject has the right to request the erasure of his/her personal data processed by the
Data Controller. The exercise of this right entitles the Data Subject to request the Data
Controller to erase his/her personal data if there are no good reasons for their further processing.
The Data Subject also has the right to request the erasure of his/her personal data if he/she has
successfully objected to the processing of his/her personal data, if the Data Controller has
processed his/her personal data unlawfully, or if the Data Controller is obliged to erase the Data
Subject’s personal data under Hungarian law. However, the Data Controller is entitled to refuse
to comply with the erasure request in certain cases, of which the Data Subject is obliged to
inform him/her accordingly.
X.6. Right to restriction of data processing (Article 18 of the GDPR)
The Data Subject has the right to request restriction of the processing of his/her personal data
if the Data Controller is engaged in unlawful data processing and the Data Subject does not
want the data to be deleted and instead requests restriction of the use of the data. The Data
Subject also has the right to restriction of data processing if he/she disputes the accuracy of
the data processed by the Data Controller.
X.7. Right to data portability (Article 20 of the GDPR)
The Data Subject has the right to request the transmission of his/her personal data to
himself/herself or to another data controller, and has the right to transmit these data to another
data controller. The Data Subject may exercise this right if the data processing is carried out by
automated means and the processing of the personal data is necessary for the performance of a
legal obligation to which the Data Controller is subject, or if the processing is based on the Data
Subject's consent. In this case, the Data Controller shall provide the Data Subject's personal
data in a structured, commonly used, machine-readable format.
XI. Information on the consequences of failure to provide
data
The provision of personal data specified in Section IV of this data protection notice is a
prerequisite for using the Application. If the Data Subject does not provide the personal data
required for registration and use of the Application, the Data Subject will not be able to create
a user account or will not be entitled to use the functions of the Application.
Certain functions of the Application – in particular the creation of a user profile, locationbased search services, communication options and video authentication – can only be used if
the necessary personal data is provided. Failure to provide data will result in partial or
complete unavailability of these functions.
11
The Data Subject has the right to decide on the use of the Application at any time and to
withdraw his/her consent to the processing of his/her personal data, however, in this case
he/she will not be able to use the services provided by the Application or will only be able to
use them to a limited extent.
12
XII. Legal remedies
If the Data Subject considers that the data processing violates the provisions of the GDPR or
the Infotv., or considers the way in which the Data Controller handles his/her personal data to
be offensive, we recommend that he/she first contact the Data Controller with his/her complaint.
Your complaint will always be investigated.
If, despite the investigation of your complaint or if the deadline for responding has expired
without result, you complain about the way in which we handle your data, or if you wish to
contact an authority directly, you can file a complaint with the National Data Protection and
Freedom of Information Authority (address: 1055 Budapest, Falk Miksa utca 9-11., postal
address: 1363 Budapest, Pf.: 9.
e-mail: ugyfelszolgalat@naih.hu, website: www.naih.hu).
You also have the option of contacting a court in order to protect your data, which will proceed
with the case as a matter of urgency. In this case, you are free to decide whether to file your
claim with the court of your place of residence (permanent address) or your place of stay
(temporary address) (http://birosag.hu/torvenyszekek).
You can find the court of your place of residence or stay at http://birosag.hu/ugyfelkapcsolatiportal/birosag-kereso.
Békés, 2026.04.08.
Andrew Taylor
I.E.
Email:
info@luckcriptentertainment.com