Smatch logo
Smatch logo
Sajtóközlemény

PRIVACY POLICY

SmileSync KFT

Last Updated: 17 FEBRUARY 2026

1. Our Privacy Obligations

SmileSync KFT ("Company", "we", "us", "our"), operating under the brand name Smatch, is committed to protecting your privacy and complying with applicable data protection laws.

This Privacy Policy is governed by:

  • The General Data Protection Regulation (GDPR) (EU) 2016/679;
  • Hungarian Act CXII of 2011 on the Right to Informational Self-Determination and on Freedom of Information;
  • Other applicable EU and Hungarian data protection regulations.

"Personal Data" means any information relating to an identified or identifiable natural person ("Data Subject"). An identifiable person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, online identifier, or factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.

This Privacy Policy applies to all Personal Data collected, processed, and/or held by SmileSync KFT in connection with the Smatch Platform (website, mobile applications, API, and related services).

We review this policy regularly and may update it to reflect changes in our practices or legal requirements. Material changes will be communicated via the Platform or email.

2. Types of Personal Data We Collect and Hold

We collect Personal Data to provide our products, services, and customer support through multiple channels including our Website, mobile applications, email, telephone, and in-person interactions.

2.1 Information You Provide Directly

When you register, use our services, or contact support, you may provide:

  • Account Details – Username, password, profile picture, bio, portfolio
  • Contact Details – Email address, phone number, preferred contact method
  • Location Details – Country, city, timezone, billing/shipping address
  • Identity Details – Full legal name, date of birth, government-issued ID (for verification), proof of address
  • Financial Information – Bank account details, payment processor accounts (PayPal, Stripe), tax identification numbers, VAT registration
  • Professional Information – Skills, qualifications, work history, certifications, portfolio samples
  • User-Generated Content – Project descriptions, bids, messages, reviews, contest entries, uploaded files
  • Communication Records – Support tickets, chat logs, email correspondence with our team

2.2 Information Collected from Third Parties

  • Social/Professional Networks: With your consent, we may connect to LinkedIn, Google, or Facebook to import basic profile information.
  • Payment Providers: Transaction confirmations, payment method details, and fraud screening data from processors like Stripe, PayPal, or bank partners.
  • Identity Verification Services: Results from third-party KYC/AML providers used to verify your identity.
  • Public Sources: Professional information from publicly available sources (e.g., company websites, professional registries) where permitted by law.
  • Referrals: Contact details of non-users invited by existing Users (used solely for invitation purposes and abuse prevention).

2.3 Information Collected Automatically

As you interact with the Smatch Platform, we may collect:

  • Technical Metadata – IP address, browser type, OS, device identifiers, language settings, timezone – Platform functionality, security, analytics
  • Usage Data – Pages viewed, clicks, time spent, search queries, feature usage – Service improvement, personalization
  • Location Data – GPS coordinates (mobile apps), IP-based location – Local service matching, fraud prevention
  • Cookies & Similar Tech – Session cookies, preference cookies, analytics cookies – Authentication, preferences, analytics

Note: Not all collected information constitutes "Personal Data." Aggregated, anonymized, or non-identifiable data used for analytics or platform improvement is not covered by this policy unless linked to your identity.

3. How We Collect Personal Data

3.1 Direct Collection

  • Registration forms, profile setup, project postings, messaging systems
  • Customer support interactions (email, chat, phone)
  • Payment processing forms
  • Identity verification uploads

3.2 Indirect Collection

  • Through integrated third-party services (with your consent)
  • Via cookies, web beacons, and similar tracking technologies
  • From public sources or business partners where legally permitted

3.3 Legal Basis for Collection (GDPR Article 6)

We process Personal Data only when at least one of the following applies:

  • Consent – When you explicitly agree (e.g., marketing communications, optional profile features)
  • Contractual Necessity – To perform our agreement with you (e.g., account creation, transaction processing, dispute resolution)
  • Legal Obligation – To comply with Hungarian/EU law (e.g., tax reporting, anti-money laundering, court orders)
  • Legitimate Interests – For platform security, fraud prevention, service improvement, where not overridden by your rights
  • Vital Interests – Rarely, to protect someone's life or safety

You may withdraw consent at any time via Account Settings or by contacting office@smatch.cloud. Withdrawal does not affect the lawfulness of prior processing.

4. How We Use Your Personal Data

We use Personal Data primarily to deliver and improve the Smatch Platform:

  • Service Delivery: Create and manage your account, facilitate transactions, enable communication between Users, process payments
  • Platform Operations: Authenticate users, prevent fraud, debug technical issues, maintain security
  • Customer Support: Respond to inquiries, resolve disputes, provide technical assistance
  • Personalization: Recommend relevant projects, tailor content, remember preferences
  • Analytics & Improvement: Analyze usage patterns, conduct research, test new features
  • Marketing (with consent or legitimate interest): Send service updates, promotional offers, newsletters (opt-out always available)
  • Legal Compliance: Meet tax, accounting, anti-fraud, and regulatory obligations
  • Protection of Rights: Enforce our Terms, protect against abuse, defend legal claims

Automated Decision-Making & Profiling

We use automated systems for:

  • User Ranking: Matching Buyers and Sellers based on skills, ratings, activity, and project outcomes
  • Fraud Detection: Identifying suspicious patterns to protect the marketplace
  • Personalized Recommendations: Suggesting projects or Users based on your profile and behavior

You have the right to:

  • Request human review of significant automated decisions affecting you
  • Opt out of marketing profiling via Account Settings
  • Object to processing based on legitimate interests

Note: Core marketplace functions (e.g., ranking for project matching) are essential to service delivery; opting out may limit Platform access.

5. How We Disclose Personal Data

5.1 Third-Party Service Providers

We engage trusted partners to support Platform operations. All are bound by data processing agreements requiring GDPR-compliant handling:

  • Cloud Infrastructure – AWS, Google Cloud, Microsoft Azure – Account data, content, logs
  • Payment Processors – Stripe, PayPal, bank partners – Transaction details, identity verification
  • Communication Services – Email/SMS providers, chat systems – Contact details, message content
  • Analytics & Marketing – Google Analytics, Meta (with consent) – Usage data, anonymized insights
  • Identity Verification – KYC/AML providers – ID documents, verification results
  • Customer Support – Helpdesk software providers – Support tickets, communication logs

5.2 User-to-User Disclosure

To facilitate transactions:

  • Your name, profile information, and contact details may be visible to other Users involved in a project
  • Transaction details (scope, price, timeline) are shared between contracting parties
  • Reviews and feedback are publicly associated with your profile

5.3 Legal & Regulatory Disclosures

We may disclose Personal Data when required by:

  • Court orders, subpoenas, or lawful requests from Hungarian/EU authorities
  • Tax authorities (e.g., Hungarian NAV, EU VAT reporting)
  • Law enforcement investigating fraud, illegal activity, or threats to safety
  • Regulatory bodies overseeing data protection or financial services

5.4 Business Transfers

In connection with a merger, acquisition, or asset sale, Personal Data may be transferred to the acquiring entity, subject to confidentiality and GDPR-compliant safeguards.

5.5 International Transfers

As a Hungary-based company serving global Users, your data may be processed outside the EU/EEA. We ensure adequate protection via:

  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions (for countries recognized by the European Commission)
  • Binding Corporate Rules (for group entities)

You may request details of specific safeguards by contacting our Data Protection Officer.

6. Data Retention

We retain Personal Data only as long as necessary:

  • Account Information – Duration of active account + 7 years after closure – Contractual records, tax/legal compliance
  • Transaction Records – 7 years from transaction date – Hungarian accounting law, tax obligations
  • Identity Verification Documents – 5 years after verification or account closure – Anti-money laundering compliance
  • Communication Logs – 3 years after last interaction – Dispute resolution, quality assurance
  • Marketing Preferences – Until consent withdrawn or account closed – Consent management
  • Analytics/Aggregated Data – Indefinitely (anonymized) – Service improvement, research

After retention periods expire, data is securely deleted or irreversibly anonymized.

7. Your Rights Under GDPR

As a Data Subject in the EU/EEA, you have the following rights:

  • Access – Request a copy of your data via Account Settings or email – May exclude third-party confidential information
  • Rectification – Update profile directly or contact support – Must provide evidence for corrections
  • Erasure ("Right to be Forgotten") – Request deletion via support – Not applicable where retention is legally required or necessary for contracts
  • Restriction of Processing – Request temporary halt of processing – Applies during verification of accuracy or legal claims
  • Data Portability – Request structured, machine-readable export of your data – Limited to data you provided or that was generated by your activity
  • Object to Processing – Opt out of marketing; object to legitimate interest processing – May limit Platform functionality if core services are affected
  • Withdraw Consent – Via Account Settings or email – Does not affect prior lawful processing
  • Automated Decision Review – Request human review of significant automated decisions – Core marketplace algorithms may be essential to service

To exercise these rights, contact our Data Protection Officer at office@smatch.cloud with "GDPR Request" in the subject line. We respond within 30 days (extendable to 60 days for complex requests).

8. Cookies and Tracking Technologies

8.1 What We Use

  • Strictly Necessary – Authentication, security, core functionality – Session to 1 year – Cannot be disabled
  • Preferences – Remember language, location, settings – 1 year – Via browser or Account Settings
  • Analytics – Measure usage, improve performance (Google Analytics) – Up to 2 years – Opt-out via cookie banner or browser
  • Marketing – Personalize ads, measure campaigns (with consent) – Up to 13 months – Via cookie banner; withdraw consent anytime

8.2 Managing Cookies

  • Cookie Banner: On first visit, choose which non-essential cookies to accept
  • Browser Settings: Block or delete cookies (may affect Platform functionality)
  • Account Settings: Manage marketing preferences and data sharing

For more details, see our Cookie Policy.

9. Data Security

We implement technical and organizational measures to protect your Personal Data:

  • Encryption: TLS/SSL for data in transit; encryption at rest for sensitive data
  • Access Controls: Role-based access, multi-factor authentication for staff
  • Regular Audits: Security testing, vulnerability assessments, penetration testing
  • Staff Training: Data protection training for all employees and contractors
  • Incident Response: Procedures to detect, report, and investigate data breaches

In the event of a breach likely to result in high risk to your rights, we will notify you and the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) without undue delay, as required by GDPR Article 33-34.

Note: No internet transmission is 100% secure. You are responsible for safeguarding your login credentials.

10. Children's Privacy

The Smatch Platform is not intended for individuals under 16 years of age. We do not knowingly collect Personal Data from children under 16. If we become aware of such collection, we will take steps to delete the information promptly. Parents or guardians who believe their child has provided data should contact office@smatch.cloud.

11. Changes to This Privacy Policy

We may update this Privacy Policy to reflect:

  • Changes in our services or data practices
  • New legal requirements or regulatory guidance
  • Technological improvements

Material changes will be communicated via:

  • Email to your registered address
  • Prominent notice on the Platform
  • Updated "Last Updated" date at the top of this policy

Continued use of the Platform after changes constitutes acceptance of the updated policy.

12. Contact Information & Data Protection Officer

For Privacy Inquiries, Rights Requests, or Complaints:

Data Protection Officer (DPO)

SmileSync KFT

Szent-Györgyi Albert utca 2

6726 Szeged, Hungary

📧 office@smatch.cloud

📞 [Insert phone number if applicable]

Supervisory Authority (Hungary):

National Authority for Data Protection and Freedom of Information (NAIH)

Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c, Hungary

Phone: +36 1 391 1400

Email: ugyfelszolgalat@naih.hu

Website: https://www.naih.hu

If you are in another EU Member State, you may also contact your local Data Protection Authority:

🔗 https://edpb.europa.eu/about-edpb/about-edpb/members_en

13. Additional Policies Incorporated by Reference

This Privacy Policy works alongside other Smatch policies, which form part of your agreement with us:

  • [Terms and Conditions]
  • [Code of Conduct]
  • [Cookie Policy]
  • [Identity Verification Policy]
  • [Fees and Charges]

These policies may be updated independently; please review them periodically.

14. Language

This Privacy Policy is provided in English. In the event of any discrepancy between the English version and a translated version, the English version shall prevail, unless Hungarian law requires otherwise for consumers residing in Hungary.

Transparency Note: This document is designed to be clear and accessible. If you have difficulty understanding any section, please contact us for assistance in Hungarian or English.

For questions about this Privacy Policy, contact us:

📧 office@smatch.cloud

📍 6726 Szeged, Szent-Györgyi Albert utca 2, Hungary

🌐 Smatch Platform – SmileSync KFT