Privacy Policy

This Privacy Policy explains how Livegames Kft. (“we”, “us”, “our”) collects, uses, and protects personal data when you use the Is Open At platform at isopenat.com (also available as mostszabad.hu for the Hungarian market, collectively “the Platform”).

Data Controller

Livegames Kft. Registered seat: 1183 Budapest, Vajk utca 18., Hungary Company registration number: 01-09-380396 Tax number: 29135125-1-43 EU VAT number: HU29135125 Email: info@nevezz.hu

We are not required to appoint a Data Protection Officer under the GDPR. For any data protection inquiries, please contact us at info@nevezz.hu.

What the Platform Does

Is Open At is a booking platform that enables businesses (“Organizations”) to create booking pages where their customers (“Customers”) can reserve courts, rooms, or appointments online. We facilitate the booking process and payment handling between Organizations and their Customers.

What Personal Data We Collect and Why

Organization Account Data

When you register as an Organization, we collect:

• Name and email address
• Business name and details
• Stripe account identifier (for payment processing)
• Booking configuration and scheduling data

Legal basis: Performance of a contract (GDPR Article 6(1)(b)) — this data is necessary to provide you with the Platform’s services under our Terms of Service.

Retention: Until account deletion, plus 5 years thereafter to comply with Hungarian commercial and tax record-keeping obligations.

Customer Booking Data

When a Customer makes a booking, we collect:

• Name and email address
• Booking details (date, time, resource booked)
• Transaction identifier and payment status (for paid bookings)

Customers do not need to create an account to make a booking.

Legal basis: Performance of a contract (GDPR Article 6(1)(b)) — this data is necessary to process the booking and provide the service.

Retention: 1 year from the date of the booking.

Waitlist Data

When a Customer joins a waitlist for a fully booked time slot, we collect their email address to send an automatic notification if the slot becomes available.

Legal basis: Performance of a contract (GDPR Article 6(1)(b)) — the waitlist is part of the booking service.

Retention: Until the waitlist entry is fulfilled or the relevant time slot has passed.

Payment Data

Online card payments are processed by Stripe, Inc. We do not store or have access to your full card details. We only receive a transaction identifier, payment status, and the payment amount from Stripe. Stripe acts as an independent data controller for the payment data it processes. For details on how Stripe handles your data, see Stripe’s Privacy Policy.

Technical and Log Data

When you use the Platform, our infrastructure automatically processes:

• IP address
• Browser type and version
• Pages visited and timestamps
• Security-related data (for fraud prevention and protection against attacks)

Legal basis: Legitimate interest (GDPR Article 6(1)(f)) — to maintain the security, availability, and performance of the Platform.

Retention: 1 year.

Billing and Invoicing Data (Organizations)

For Organizations using paid features (service fee invoicing), we process billing name, address, tax number, and transaction records for invoicing purposes.

Legal basis: Legal obligation (GDPR Article 6(1)(c)) — to comply with Hungarian accounting and tax law (Act C of 2000, Sections 166–169).

Retention: 8 years from the date of invoice issuance, as required by law.

Cookies

The Platform uses only strictly necessary cookies. These are essential for the Platform to function and cannot be switched off. They include:

• Authentication cookies — to identify logged-in users and maintain sessions
• Cloudflare security cookies (__cf_bm) — to protect the Platform from bots and malicious traffic
• Stripe cookies (__stripe_mid, __stripe_sid) — for fraud prevention during payment transactions

Because we only use strictly necessary cookies, no cookie consent banner is required under the ePrivacy Directive (Directive 2002/58/EC, Article 5(3)) and GDPR. These cookies do not track you for advertising or analytics purposes.

We do not use any analytics, marketing, or tracking cookies.

Who We Share Your Data With

We share personal data only with the following categories of recipients, and only to the extent necessary to operate the Platform:

Data Processors

These service providers process data on our behalf, under our instructions:

• Cloudflare, Inc. — hosting, content delivery, and security. Privacy policy: cloudflare.com/privacypolicy
• Resend, Inc. — transactional email delivery (booking confirmations, waitlist notifications, account-related emails). Privacy policy: resend.com/legal/privacy-policy

Independent Data Controllers

These service providers process data for their own purposes in addition to ours:

• Stripe, Inc. — payment processing. Stripe independently determines how it processes payment data. Privacy policy: stripe.com/privacy

Organizations

When a Customer makes a booking, the relevant booking and transaction data is shared with the Organization that manages that resource. The Organization is an independent data controller for the data it receives about its Customers.

We do not sell personal data to any third party. We do not share data with advertisers.

International Data Transfers

Some of our service providers (Stripe, Resend, Cloudflare) are based in the United States. When personal data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place:

• Transfers to the United States are covered by the EU-U.S. Data Privacy Framework, where the recipient is certified, or by Standard Contractual Clauses (SCCs) adopted by the European Commission.
• We verify that each provider maintains adequate data protection measures in accordance with GDPR Article 46.

Your Rights Under the GDPR

As a data subject, you have the following rights regarding your personal data:

• Right of access (Article 15) — You can request confirmation of whether we process your data and obtain a copy of it.
• Right to rectification (Article 16) — You can request correction of inaccurate data or completion of incomplete data.
• Right to erasure (Article 17) — You can request deletion of your data when it is no longer necessary for the purposes for which it was collected, or when you withdraw consent (where applicable). This right may be limited where we have a legal obligation to retain data.
• Right to restriction of processing (Article 18) — You can request that we limit the processing of your data in certain circumstances.
• Right to data portability (Article 20) — You can request to receive your data in a structured, commonly used, machine-readable format, where the processing is based on consent or contract and is carried out by automated means.
• Right to object (Article 21) — You can object to processing based on legitimate interests. We will stop processing unless we demonstrate compelling legitimate grounds that override your interests.

To exercise any of these rights, contact us at info@nevezz.hu. We will respond within one month of receiving your request. This period may be extended by a further two months if the request is complex, in which case we will inform you of the extension within the first month.

Account Deletion

Organizations can request account deletion by emailing info@nevezz.hu. We will process the deletion within 15 days. Transaction data related to past bookings will remain available to the relevant parties for 1 year following the event, as required for contract performance and record-keeping.

Customers who have made bookings without an account can request erasure of their data by contacting us at info@nevezz.hu.

Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These include encrypted data transmission (HTTPS/TLS), access controls, and regular security reviews. The Platform is hosted on Cloudflare’s infrastructure, which provides DDoS protection, web application firewall, and other security features.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority (NAIH) without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify affected individuals directly, in accordance with GDPR Article 34.

Data Processing Agreements

We maintain Data Processing Agreements (DPAs) with all service providers that process personal data on our behalf (Cloudflare and Resend), in accordance with GDPR Article 28. For Organizations that act as data controllers and require a Data Processing Agreement with us, one is available upon request at info@nevezz.hu.

Automated Decision-Making

We do not use automated decision-making or profiling as defined by GDPR Article 22.

Children’s Data

The Platform is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the “Last updated” date at the top of this page. If the changes are significant, we will notify registered Organizations by email. Continued use of the Platform after changes constitutes acceptance of the updated policy.

Complaints and Legal Remedies

If you believe your data protection rights have been violated, we encourage you to contact us first at info@nevezz.hu so we can resolve the issue.

You also have the right to lodge a complaint with the supervisory authority:

Nemzeti Adatvedelmi es Informacioszabadsag Hatosag (NAIH) Address: 1055 Budapest, Falk Miksa utca 9-11., Hungary Postal address: 1363 Budapest, Pf. 9. Phone: +36 (30) 683-5969 or +36 (30) 549-6838 Website: naih.hu

You may also file a complaint with the supervisory authority of the EU Member State where you reside or work.

Additionally, you have the right to an effective judicial remedy before a competent court. In Hungary, such cases fall under the jurisdiction of the regional courts (torvenyszekek). You may choose to bring proceedings before the court of your habitual residence.