Privacy notice

„Rabbit by Aliz” ( application and website („Website”)

Effective from: 2022.12.01

I. Subject of this privacy notice

  1. The purpose of this privacy notice is to inform data subjects about the details of data processing, including the rights and remedies available to data subjects in relation to such data processing.

  2. Data Controller: Aliz Labs Kft. (registered seat at 1143 Budapest, Gizella út 42-44., registered by Fővárosi Törvényszék at 01-09-380414).

II. Details of the data processing activities

  1. The following categories of personal data are affected by data processing:

    a) contact details of potential customers (contact person name, e-mail addresses, telephone numbers);

    b) contact details and roles of users appointed to the Google Cloud Platform („GCP”) of the customer (name, e-mail addresses, telephone numbers);

    c) potential other personal data included by such users in the GCP of the customer and visible for the provision of the service by Data Controller (e.g. resource names such as folders and project identifiers; roles, access rights and involvement of specific users to certain projects etc.)

  2. The purpose of data processing are the following:

    a) collecting and using the contact details of current customers of the Data Controller and those of potential customers for the purposes of making offers to current and potential customers for the provision of services by Data Controller (contact persons of potential and actual customers, contact details);

    b) responding to messages sent to the Data Controller through any contact form, responding to inquiries regarding provision of services;

    c) offering similar products or services to existing or previous customers (if customers were given the opportunity to object, free of charge and in an easy manner, to such use of electronic contact details at the time of their collection and on the occasion of each message sent);

    d) performance the contract and providing the services by the Data Controller to its actual customers, including invoicing and related debt collections after performance (if necessary) and retaining of information related to performance until the lapse of the applicable limitation periods.

  3. The legal basis for 2. a), b) and c) is the legitimate interest of the Data Controller in order to offer and provide services to its customers and generate revenue from such activities. The legal basis for data processing set out in section 2 d) above is the performance of the service agreement.

  4. Data Controller’s service necessarily relies on the use of GCP services as provided by the relevant Google entities as the service is built on examining customer’s expenditure of GCP. Therefore, any use of the services provided by Google will inevitably involve a data transfer to a third country under the conditions and safeguards set by the relevant Google entity, relying on provisions of 2.c.) of Article 46 of the Regulation (EU) 2016/679 of the European Parliament and of the Council („GDPR”). For technical reasons, such data export of personal data to third countries not designated as providing adequate protection to personal data is neither initiated, nor can be avoided by the Data Controller, and Data Controller is in no way to provide any supplementary measures for such data processing beyond what is already provided by the Google entity.

  5. Processing of the personal data by the Data Controller shall be for the term of the service agreement for the purpose of and only to the extent required to provide the services set out in the service agreement, provided that Personal Data shall not be processed for longer than is necessary for the purpose for which it was collected or is being processed (except where a statutory exception applies). If no service agreement is concluded between the potential customer and Data Controller, the Data Controller shall process the personal data of potential customers for 1 year from the date of filling in the contact form.

  6. Information related to the cookies used

    Some of the code running on the Website stores data on the device of the customer in the form of a cookie. When accessing the Website, by giving specific consents, the customer may confirm or reject that it accepts that the Data Controller running such code on the Website will place a cookie on the device used by the customer. If, following acceptance, the customer later decides not to accept the use of cookies any longer, the customer may disable the setting of cookies in its browser for all cookies and delete cookies from its browser by clicking on delete cookies in browser settings.

The following cookies are currently stored in the browser code running on the Website.

Cookie namePurpose of using the cookieTerm of the cookie
_gaGoogle Analytics (gtags.js and analysis.js) cookie, used to track visitors’ browsers across sites using Google Analytics to distinguish them from other browsers. Data Controller does not have access to the data processed on the basis of this cookie, except in the statistical analysis interface of the Website, where the data can only be displayed in aggregate form, by categories that cannot be linked to an individual. Details of cookie usage can be found here:
2 years
HotJarHotJar cookies are used for heatmaps and other recordings in order to analyse customer’s behaviour during the use of Website.1 year
ActiveCampaignActiveCampaign cookie is used for collecting personal data of customers through filling in the contact form.1 year
  1. By providing an e-mail address, a user is responsible for the fact that he/she is the only one to use in the service from the e-mail address provided. Any liability in connection with access to an e-mail address is the sole responsibility of the user who registered the e-mail address.
  1. Data Controller shall act with due care in connection with the data processing and storage of personal data. In the area of information security, the Data Controller shall use appropriate state-of-the-art tools and procedures reasonably accessible.

  2. As part of its staffing measures, Data Controller will ensure that all employees or partners who have access to the personal data sign a confidentiality agreement before they have access to the equipment containing the data. Data Controller shall ensure that, in the event of termination of the employment (or, where appropriate, change of function) of any employee who has access to the data, the right of access is terminated within 10 working days.

  3. The Data Controller shall design and implement the data processing operations in a way to ensure the protection of the privacy of the data subjects, to reduce the risk of unauthorised access or changes to the system in operation.

  4. The Data Controller shall ensure the secure processing of the data, and shall take the technical and organisational measures and establish the procedural rules necessary to enforce the provisions of the GDPR and other data protection and confidentiality rules (in particular the provisions of Annex 1, points 8-14 of the above ISO 27001 standard).

  5. The Data Controller shall ensure the security of data processing by technical and organisational measures that provide a level of protection appropriate to the risks associated with the data processing activity.

  6. Data Controller’s IT systems and network are protected against computer fraud, espionage, sabotage, vandalism, fire and flood, computer viruses, computer intrusions and attacks that could lead to denial of service. The Data Controller ensures security through server-level and application-level protection procedures.

  7. Electronic messages transmitted over the Internet, regardless of the protocol (e-mail, web, ftp, etc.) are vulnerable to network threats that could lead to fraudulent activity or to the disclosure or modification of information. To protect against such threats, Data Controller will take all reasonable precautions. Systems will be monitored to ensure that any security discrepancies are recorded and evidence of any security incidents is available. However, as is well known to all customers, the Internet is not 100% secure. The Data Controller shall not be liable for any damage caused by an unprotected attack, despite the utmost care used by the Data Controller.

IV. Data subject’s rights

  1. Right of access

    The GDPR gives you the right to access information that we hold about you. If you want to access that information, please send your request to If all complies, you will be provided with the copy of your personal data. If a person’s request for information or measures is clearly unjustified or excessive, a reasonable fee may be asked, or the action taken may be refused.

  2. Right of rectification

    You can have your personal data rectified at any time, in case it is inaccurate or incomplete. You should notify us to correct or update your personal data. You can notify us at any time at

  3. Right of erasure

    You can request us to delete your personal data at any time by contacting us at

  4. Right to restrict processing

    In certain circumstances, you have a right to restrict or block us from processing your personal data.

  5. Right to object

    At any given time, you have a right to object to the processing of your personal data at:

If you have any questions or comments, please contact the Data Controller at: The user may exercise his/her rights before the courts in accordance with the GDPR, the Data Protection Act and the Act V of 2013 on Hungarian Civil Code. Legal remedies and complaints may be lodged with the National Authority for Data Protection and Freedom of Information (NAIH):

Name: National Authority for Data Protection and Freedom of Information

post address 1374 Budapest, Pf. 603.

address: 1055 Budapest, Falk Miksa utca 9-11.

Phone number: +36 (1) 391-1400

Fax: +36 (1) 391-1410



VI. Changes to this privacy notice

Data Controller may update the privacy notice from time to time. Data Controller will notify you of changes by posting an announcement on the Website or during the use of the Website or other service provided. You are bound by any changes to this privacy notice when you use our service after you are notified of these changes (by an announcement on the Website or during other service).