FirstApp is operated from the European Union and is built to comply with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR"). This page summarises the rights the GDPR gives you and explains, in plain terms, how to exercise them. It complements our full Privacy Policy.
1. Who is responsible (the controller)
- Controller
- SmartData Technologies Kft.
- Registered seat
- 1089 Budapest, Korányi Sándor utca 4. 4. ajtó, Hungary
- Tax number (Adószám)
- 27056190-2-42
- Activity
- Information technology consultancy (NACE / TEÁOR 6220)
- Privacy contact
- privacy@firstapp.app
We are not required to appoint a Data Protection Officer under Article 37 GDPR; our privacy contact above handles all data-protection matters.
2. Why we can process your data (legal bases)
Under Article 6 GDPR we process personal data only where we have a lawful basis: to perform our contract with you (Art. 6(1)(b)), to comply with a legal obligation (Art. 6(1)(c)), for our legitimate interests in operating, securing and improving the Service (Art. 6(1)(f)), or on the basis of your consent where we ask for it (Art. 6(1)(a)). The mapping of each purpose to its basis is set out in our Privacy Policy.
3. Your rights under the GDPR
Subject to the conditions and exemptions in the GDPR, you have the following rights in respect of your personal data:
Right of access
Obtain confirmation of whether we process your data and receive a copy of it, together with information about how and why we use it.
Right to rectification
Have inaccurate personal data corrected and incomplete data completed without undue delay.
Right to erasure
Have your personal data deleted ("right to be forgotten") where one of the grounds in the GDPR applies.
Right to restriction
Ask us to limit how we process your data in certain circumstances, for example while accuracy is being verified.
Right to portability
Receive the data you provided in a structured, commonly used, machine-readable format and transmit it to another controller.
Right to object
Object to processing based on our legitimate interests, and object at any time to direct marketing.
Automated decisions
Not be subject to a decision based solely on automated processing that produces legal or similarly significant effects on you. We do not carry out such decision-making.
Withdraw consent
Where processing is based on consent, withdraw it at any time, without affecting processing carried out before withdrawal.
4. How to exercise your rights
To exercise any of these rights, email privacy@firstapp.app from the address associated with your account, or write to us at the registered seat above. Please tell us which right you wish to exercise and include enough detail for us to locate your data. Much of your account and project data can also be viewed, exported or deleted directly from within the FirstApp application.
- Response time. We respond within one month of receiving your request. We may extend this by up to two further months for complex or numerous requests, and will tell you if we do.
- Verification. To protect your data, we may need to verify your identity before acting on a request.
- Cost. Exercising your rights is free. We may charge a reasonable fee, or refuse, only where a request is manifestly unfounded or excessive, as permitted by Article 12(5) GDPR.
5. Who else processes your data
We use carefully selected processors (sub-processors) that act only on our documented instructions under Article 28 GDPR agreements — including cloud and edge infrastructure (Cloudflare, Inc.), AI model providers, our payment processor, and email/communication providers. We do not sell personal data. A current overview is available on request at privacy@firstapp.app.
6. International data transfers
We process personal data primarily within the European Economic Area (EEA). Where a processor transfers data outside the EEA, we ensure an appropriate safeguard under Chapter V GDPR is in place — typically the European Commission's Standard Contractual Clauses, an adequacy decision, or a certified transfer framework — supported by technical measures such as encryption. You can request details of these safeguards at any time.
7. Your right to lodge a complaint
If you consider that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority — in particular in the EU country of your residence, place of work, or the place of the alleged infringement. Our lead supervisory authority is:
Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)
Hungarian National Authority for Data Protection and Freedom of Information
1055 Budapest, Falk Miksa utca 9–11, Hungary (postal: 1363 Budapest, Pf. 9)
Phone: +36 (1) 391 1400 · Email: ugyfelszolgalat@naih.hu · Web: naih.hu
We would, however, appreciate the chance to address your concerns directly first — please contact privacy@firstapp.app.
8. More information
For full details of the data we collect, the purposes and legal bases, retention periods and security measures, please read our Privacy Policy. For cookies, see our Cookie Policy.