Tengr.ai Privacy Policy

Last modified 24 July 2023.

The Tengrai Artificial Intelligence kft. (registered office: 6724 Szeged, Rókusi boulevard 21, 1. floor, door 4, registered at the Commercial Court of the General Court of Szeged under company registration number 06-09-028918, tax number: 32315028-2-06, EU VAT ID: HU32315028, email: privacy@tengrai.com, hereinafter referred to as: Company/Service Provider ) hereby informs the Users in relation to certain data processing in connection with the use of the artificial intelligence-based image generation softwar „Tengr-ai” and the activities performed by the Service Provider in accordance with Regulation 2016/679 of the European Parliament and of the Council on the General Data Protection Regulation (hereinafter: GDPR) and the provisions of Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (hereinafter: Infotv.).

This Privacy Policy applies to the processing of personal data provided by the User to the Company, as well as to any personal data collected by the Company either through the Company's online interfaces or through the use of “cookies”.

I. Interpretative provisions

For the purposes of this Privacy Policy:

§ Personal data: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person;

§ Data management: any operation or set of operations which is performed on personal data or stages of personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, use, retrieval, consultation, disclosure, dissemination, or otherwise making available, alignment or combination, restriction, erasure or destruction;

§ Data Controller: the natural or legal person, public authority, agency, or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law;

§ Data processor: the natural or legal person, public authority, agency, or any other body which processes personal data on behalf of the controller;

§ Data destruction: the complete physical destruction of the storage medium containing the data;

§ Data transmission: making the data available to a specified third party;

§ Data deletion: making the data unrecognizable in such a way that its recovery is no longer possible;

§ User: the person using the Services or visiting or browsing the Portal (data subject);

§ Portal: the website operated by the Company (https://tengr.ai/).

II. General provisions on data processing

In this Privacy Policy, the Data Controller informs the data subjects about which data are processed, for what purpose, on what legal basis, for how long, and what rights the data subjects have concerning the processing.

The Data Controller may unilaterally amend this Privacy Policy at any time. The Data Controller shall publish any changes to the Privacy Policy on the Portal by posting a notice to that effect. Please read the Privacy Policy carefully on each visit.

This Privacy Policy is continuously available on the Portal. Data subjects may access, view, print, and save this Privacy Policy on the Portal, but they may not modify it; only the Data Controller may do so.

III. Scope of personal data processed by the Service Provider, purpose, legal basis, method, and duration of data processing

The legal bases for data processing are as follows:

a) according to Article 6, paragraph (1) point a) of the GDPR, the user's voluntary consent to data management based on adequate information (from now on Consent);

b) according to GDPR Article 6 paragraph (1) point b), data management is necessary for the performance of a contract in which the User, as an affected party, is one of the parties (from now on Performance of the Contract)

c) according to GDPR Article 6 paragraph (1) point c), data processing is necessary to fulfill the legal obligation of the data controller (such as the fulfillment of accounting and bookkeeping obligation – from now on: Fulfillment of legal obligations)

d) according to GDPR Article 6 paragraph (1) point d), data processing is necessary to protect the vital interests of the data subject or another natural person (from now on Vital interest);

e) according to GDPR Article 6 paragraph (1) point f), data processing is necessary to enforce the legitimate interests of the data controller or a third party (from now on: Legitimate interest).

A) Data management in connection with the Portal

1. Data processed during the automated collection of data related to the Portal

The Service Provider uses cookies and other programs on the Portal to anonymously learn about the needs of the Portal Users and to improve the Portal based on these needs. The Service Provider provides anonymous statistics on visits to the Portal.

The above data processing is in the legitimate business interest of the Service Provider because it enables it to develop its Portal further and make it more secure. The scope of the processed and collected data is insignificant; the Service Provider uses them only anonymously for statistics and analysis, does not collect behavioral preferences, and no automated decision-making is made based on these data, nor does the Service Provider send personalized offers to Users on this basis. Therefore, the fundamental rights and freedoms of the User are not disproportionately affected by this processing.

2. Registration

Users can register to use the services available on the Portal by filling in the form available on the Portal with the following information. The provision of the data is voluntary, based on the consent of the Users, and is necessary for the condition of the services of the Service Provider for the provision of the services available on the Portal, the content and quality of the contract between the Service Provider and the User. The User gives their consent to processing the data indicated below by expressly accepting this Privacy Policy after having read and understood it –by ticking the relevant box – or by using the Website, registering, or voluntarily providing the data in question.

By submitting a request, the User gives his/her explicit and voluntary consent for the Data Controller to send news and information related to the website to the e-mail address provided by the User during registration.

IV. Data controller and processors

The data controller is the Service Provider for the data specified in point III.:

Tengrai Artificial Intelligence Korlátolt Felelősségű Társaság

registered office: 6724 Szeged,21 Rókusi boulevard, 1 floor, door 4

registered at the Commercial Court of the General Court of Szeged

company registration number: 06-09-028918

Tax number: 32315028-2-06

E-mail address: privacy@tengrai.com

The Service Provider's employees have access to Users' data to the extent strictly necessary for their work performance.Access rights to Your data are set out in strict internal rules.

The data processors

No data processor is used to manage the User's data.

Automated decision-making, profiling

The Service Provider does not carry out any automated decision-making or profiling with the data processed by this Privacy Policy.

V. Privacy policy applied by the Company

The Company respects the rights of Users under the law.

The Company will use the personal data provided to it in connection with the Portal by the legal bases set out herein and only for the purposes set out herein. The Company will use Users' personal data as defined in Section III only in the manner and for the purposes set out in this Privacy Policy.

The Company, as the data controller, undertakes to process the data in its possession by the provisions of the GDPR, the Infotv. and other applicable laws and this Privacy Policy and not to transfer them to third parties other than the data controllers specified in this Privacy Policy. An exception to this provision is the use of data in statistically aggregated, anonymized form, which may not contain the name of the User concerned or any other identifiable data in any form. It, therefore, does not constitute data processing or data transmission.

The Company is obliged to disclose the User's available data to third parties in some instances, in particular in response to a formal judicial or police request, legal proceedings, copyright, property or other infringements or reasonable suspicion of such violations, or case of prejudice to the interests of the Company, endangering the provision of its services, or based on court or other authority decisions unless otherwise provided by law, or with the User's prior express consent.

The Company will make every effort to ensure that the applicable legislation protects the processing and handling of Users' data.

VI. Protection of personal data

The Company will comply with its obligations under applicable data protection legislation by

• storing and destroying personal data securely;
• not collecting or retaining excessive amounts of data;
• protecting personal data from loss, misuse, unauthorized access, and disclosure, and ensuring that appropriate technical measures are in place to protect personal data.

The Company shall take appropriate technical and organizational measures to protect the User's data against accidental or unlawful destruction or accidental loss or alteration, unauthorized disclosure or access, in particular where the processing involves, for example, the transmission of data over a network, and against all unlawful forms of processing.

Accordingly, the Company applies, among other things, different levels of access rights to the data, ensuring that only persons with the appropriate rights have access to the data, who need to know the data to fulfill their obligations arising from or in connection with their work.

VII. Rights of the User

Under the legislation on data protection, the User is entitled to:

a) request access to his/her personal data,

b) request the rectification of his/her personal data,

c) request the erasure of his/her personal data,

d) request the restriction of the processing of personal data,

e) object to the processing of his/her personal data,

f) request data portability,

g) object to the processing of his/her personal data (including objection to profiling; and other rights related to automated decision-making),

h) withdraw his/her consent or complain to the competent supervisory authority.

a) Right of access

The User has the right to receive feedback from the controller as to whether his or her personal data are being processed and, if such processing is ongoing, to request access to his or her personal data.

The User can request a copy of the personal data subject to processing. For identification purposes, the data controller may request additional information from the User or charge a reasonable fee for additional copies as an administrative charge.

b) The right to rectification

The User has the right to request the controller to correct inaccurate personal data concerning the User. Depending on the purpose of the processing, the User has the right to request the completion of incomplete personal data, including using a supplementary declaration.

c)The right to erasure („the right to be forgotten")

The User has the right to ask the controller to delete his/her personal data, and the controller must delete these personal data. In this case, the data controller cannot provide further services to the User.

d) Right to restriction of processing

The User has the right to request the restriction of the processing of his/her personal data. In this case, the controller will identify the personal data that it may process only for specific purposes.

e) The right to object

The User shall have the right to object to processing his/her personal data, including profiling, by the controller at any time on grounds relating to his/her particular situation or to request the controller to no longer process his/her personal data.

In addition, if the Company processes the User's personal data based on a legitimate interest, the User has the right to object at any time to processing his or her personal data for this purpose.

In addition, the User can request human intervention in individual matters related to automated decision-making. Please note that the controller does not use automated decision-making mechanisms.

f) The right to data portability

The User has the right to receive the personal data provided in a structured, commonly used, machine-readable format (i.e., digital format) and request the transfer of such data to another controller, where such transfer is technically feasible, without the Company's hindrance.

g) The right to withdraw consent

Suppose the User's personal data is processed based on his/her consent. In that case, he/she may withdraw his/her consent at any time without giving any reason by clicking on the link in the newsletters or changing the settings of his/her Portal account or mobile device. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

If the User withdraws his/her consent to the Company's processing of his/her personal data, the Company may not be able to provide the requested services at all or only partially.

h) Right to complain with a supervisory authority.

Suppose the User believes that his or her personal data has been misused. In that case, he or she may also contact the local data protection authority and complain, particularly in the Member State, of his or her habitual residence, place of work, or place of the alleged breach.

You can also contact Hungary's National Authority for Data Protection and Freedom of Information:H-1055, Hungary, Budapest, 9-11 Falk Miksa street; phone: +36-1 391-1400; fax: +36-1 391-1410; e-mail: privacy@tengrai.com.

VIII. Contact

If the User wishes to exercise his/her rights about data protection issues or to lodge a complaint, he/she may do so by sending an e-mail to the e-mail address below. In addition, you may contact the Company by post to the addresses below.

E-mail: privacy@tengrai.com

Mailing address: 6724 Szeged, 21 Rókusi boulevard, floor 1, door 4

IX. Other provisions

In the event of a data protection incident, the Company shall notify the supervisory authority of the data protection incident within 72 hours of becoming aware of it by the law and keep records of such incidents; in cases specified by law, it shall also inform the users concerned.

The data controller regularly monitors its online platforms and the information provided and makes every effort to ensure that it is up-to-date and accurate. However, you may find information on online platforms that is no longer current. The Company accepts no financial responsibility for such information.

Visitors to the online interfaces and Users may also visit other portals not operated by the Company from the Company's online interfaces. The Company assumes no responsibility for the accuracy of the information provided therein, the content of the websites, or the security of the data supplied by visitors to the online areas and Users of the Company's online interfaces, so please check the privacy policy of the company concerned when using these websites.

This Privacy Policy is effective from 24 July 2023.