FirstApp is operated from the European Union and is built to comply with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR"). This page summarises the rights the GDPR gives you and explains, in plain terms, how to exercise them. It complements our full Privacy Policy.

1. Who is responsible (the controller)

Controller
SmartData Technologies Kft.
Registered seat
1089 Budapest, Korányi Sándor utca 4. 4. ajtó, Hungary
Tax number (Adószám)
27056190-2-42
Activity
Information technology consultancy (NACE / TEÁOR 6220)
Privacy contact
privacy@firstapp.app

We are not required to appoint a Data Protection Officer under Article 37 GDPR; our privacy contact above handles all data-protection matters.

2. Why we can process your data (legal bases)

Under Article 6 GDPR we process personal data only where we have a lawful basis: to perform our contract with you (Art. 6(1)(b)), to comply with a legal obligation (Art. 6(1)(c)), for our legitimate interests in operating, securing and improving the Service (Art. 6(1)(f)), or on the basis of your consent where we ask for it (Art. 6(1)(a)). The mapping of each purpose to its basis is set out in our Privacy Policy.

3. Your rights under the GDPR

Subject to the conditions and exemptions in the GDPR, you have the following rights in respect of your personal data:

Article 15

Right of access

Obtain confirmation of whether we process your data and receive a copy of it, together with information about how and why we use it.

Article 16

Right to rectification

Have inaccurate personal data corrected and incomplete data completed without undue delay.

Article 17

Right to erasure

Have your personal data deleted ("right to be forgotten") where one of the grounds in the GDPR applies.

Article 18

Right to restriction

Ask us to limit how we process your data in certain circumstances, for example while accuracy is being verified.

Article 20

Right to portability

Receive the data you provided in a structured, commonly used, machine-readable format and transmit it to another controller.

Article 21

Right to object

Object to processing based on our legitimate interests, and object at any time to direct marketing.

Article 22

Automated decisions

Not be subject to a decision based solely on automated processing that produces legal or similarly significant effects on you. We do not carry out such decision-making.

Article 7(3)

Withdraw consent

Where processing is based on consent, withdraw it at any time, without affecting processing carried out before withdrawal.

4. How to exercise your rights

To exercise any of these rights, email privacy@firstapp.app from the address associated with your account, or write to us at the registered seat above. Please tell us which right you wish to exercise and include enough detail for us to locate your data. Much of your account and project data can also be viewed, exported or deleted directly from within the FirstApp application.

5. Who else processes your data

We use carefully selected processors (sub-processors) that act only on our documented instructions under Article 28 GDPR agreements — including cloud and edge infrastructure (Cloudflare, Inc.), AI model providers, our payment processor, and email/communication providers. We do not sell personal data. A current overview is available on request at privacy@firstapp.app.

6. International data transfers

We process personal data primarily within the European Economic Area (EEA). Where a processor transfers data outside the EEA, we ensure an appropriate safeguard under Chapter V GDPR is in place — typically the European Commission's Standard Contractual Clauses, an adequacy decision, or a certified transfer framework — supported by technical measures such as encryption. You can request details of these safeguards at any time.

7. Your right to lodge a complaint

If you consider that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority — in particular in the EU country of your residence, place of work, or the place of the alleged infringement. Our lead supervisory authority is:

Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)
Hungarian National Authority for Data Protection and Freedom of Information
1055 Budapest, Falk Miksa utca 9–11, Hungary (postal: 1363 Budapest, Pf. 9)
Phone: +36 (1) 391 1400 · Email: ugyfelszolgalat@naih.hu · Web: naih.hu

We would, however, appreciate the chance to address your concerns directly first — please contact privacy@firstapp.app.

8. More information

For full details of the data we collect, the purposes and legal bases, retention periods and security measures, please read our Privacy Policy. For cookies, see our Cookie Policy.