Privacy Policy

March 18, 2025.

Thank you for choosing the Grail skincare mobile application (hereinafter: "App"). Protecting your personal data is a top priority for us. The Privacy Policy below explains how we handle your personal data, the purposes we use it for, and the rights you have under applicable data protection legislation — in particular the European Union's General Data Protection Regulation (GDPR).

Data Controller Details

• Name of the data controller: rozmy.com kft.
• Registered office: 1118 Budapest, Ménesi út 9/B II/2
• Contact: [email protected]

2. Purpose and legal basis for processing

The purpose of data processing is to collect, display and store reviews and ratings submitted by users, as well as to provide personalized services and manage user profiles.

3. Categories of data processed

The following data is processed in the app:

A) Reviews and ratings data

• Username or alias
• Review and rating text
• Review date

B) Personal data for profile creation

• Name (real name or chosen username)
• Email address
• Profile picture (optional)
• Login data (e.g. time, IP address)

C) Technical data

• Device type, operating system, app version
• IP address and other device identifiers

4. How we use the data

We use the data we process for the following purposes:

• Creating and managing your profile: storing personal preferences. (storing reviews)
• Communication: sending important notifications (e.g. changes to the Terms of Service).
• Displaying reviews and ratings: to inform the community.
• Personalized recommendations: sending tailored product recommendations and notifications.
• Improving the user experience: developing the app and fixing bugs.

Important: We do not share personal data with third parties!

5. Data storage and retention

• Storage location: Data is stored in encrypted databases within the EU.
• Retention period:
  • Data linked to a profile is stored as long as the user is active or until the user requests account deletion.
  • Reviews and ratings remain in the app until the user requests their deletion.
  • Inactive accounts are deleted after 2 years.

6. Legal basis for processing

Data processing is based on the following legal grounds:

• Performance of a contract: providing the services of the app (GDPR Article 6(1)(b)).
• Consent: for personalized recommendations (GDPR Article 6(1)(a)).
• Compliance with legal obligations: data security and retention obligations (GDPR Article 6(1)(c)).

2.1 Creating and managing the profile

Purpose: Creating a user account, saving individual preferences.

Legal basis: Performance of a contract (GDPR Article 6(1)(b)).

Browsing and comparing products

Purpose: Providing personalized recommendations and displaying product information.

Legal basis: Legitimate interest (GDPR Article 6(1)(f)), and consent (GDPR Article 6(1)(a)).

2.3 Handling reviews and ratings

Purpose: Displaying user reviews so that other users are informed.

Legal basis: Legitimate interest (GDPR Article 6(1)(f)).

2.4 Communication and notifications

Purpose: Sending notifications about the App (e.g. changes to the Terms).

Legal basis: Performance of a contract (GDPR Article 6(1)(b)).

2.5 Data security and preventing abuse

Purpose: Maintaining the security of the App and preventing abuse.

Legal basis: Legitimate interest (GDPR Article 6(1)(f)).

7. User rights

Your rights in connection with data processing:

• Right of access: You may request information about the data we process about you.
• Right to rectification: You may request that we correct inaccurate data.
• Right to erasure: You may request the deletion of your personal data or reviews.
• Right to restriction of processing: You may request that data processing be restricted.
• Right to data portability: You may request that the data you provided be transferred to another service provider.
• Right to object: You may object to the processing of your personal data on the basis of legitimate interest.
• Withdrawal of consent: You may withdraw your consent at any time.

To exercise your rights, please contact us at: [email protected].

5. Transfer of data to third parties

We do not transfer personal data to third parties, except where required by law or where the user gives separate consent.

8. Data security

• Encryption: All personal data is protected with secure encryption.
• Access restrictions: Only authorized staff may access the data.

9. Filing a complaint

If you feel your rights have been infringed, you can file a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH):

• Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
• Postal address: 1530 Budapest, Pf: 5.
• Website: www.naih.hu
• Email: [email protected]
• Phone: +36 (1) 391-1400

10. Modifications

We reserve the right to amend this Privacy Policy. We will inform you of any changes within the app or by email.

Thank you for using Grail!
If you have any questions, feel free to reach out to us at [email protected].