Privacy policy

CONSENT AND PRIVACY NOTICE

regarding data processing related to the KÖKI application

Last modified: October 1st 2025.

Users are requested to carefully read this consent and privacy notice (hereinafter: “Consent and Privacy Notice”) before downloading the KÖKI application (hereinafter: “Application”) and before creating a profile for the loyalty program.

KEQI Zártkörűen Működő Részvénytársaság (registered office: 1191 Budapest, Vak Bottyán utca 75/A-C., company registration number: 01 10 142956, tax number: 32631607-2-43), as data controller (hereinafter: “Data Controller 1”) and Cushman & Wakefield Nemzetközi Ingatlan Tanácsadó Korlátolt Felelősségű Társaság (registered office: 1052 Budapest, Deák Ferenc utca 5., company registration number: 01-09-263277, tax number: 10833375-2-41) as data controller (hereinafter: “Data Controller 2”) hereby inform the users of the Application (hereinafter: “User” or “Users”) about data processing related to the Application:

1. Joint data processing

As Data Controllers, we always ensure that the collection, processing and storage of personal data is carried out in accordance with the applicable laws.

Data Controller 1 and Data Controller 2 carry out joint data processing in relation to the Application (Data Controller 1 and Data Controller 2 hereinafter referred to as “Joint Data Controllers”). Data Controller 1, as the holder of the rights to use the Application, is responsible for the maintenance and development of the Application, while Data Controller 2, as the person entrusted with the management of the KÖKI Shopping Center (hereinafter referred to as the “Shopping Center”), is responsible for the content of the Application. The Joint Data Controllers inform Users that their requests regarding data processing will be received by Data Controller 2 and answered by Data Controller 1 in the manner specified in Section 6 of this notice, and that Data Controller 1 will publish this notice (making it available to Users) in the Application.

2. Age Limit

The loyalty program is not intended for use by children under the age of 16. No one under the age of 16 may provide personal data in connection with the loyalty program. If you are under the age of 16, please do not use our services. If we become aware that we have collected or received personal data from a child under the age of 16, we will delete this data immediately.

If you believe that we have data from or about a child under the age of 16, please contact us at info@kokibevasarlokozpont.hu.

3. Applicable legislation

The most important laws we follow when handling data:

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as: „GDPR”)
Act CXII of 2011 on the right to self-determination and freedom of information (hereinafter referred to as: „Infotv.”).

4. Scope of the data processed, its purpose, legal basis and duration of data processing

To minimize data processing, we only collect personal data that is strictly necessary for the provision of the service.

We collect Users' personal data in the following ways:

directly from the User; and/or
based on the User's use of the services

The Joint Data Controllers process personal data in connection with the Application as follows (overview of data processing, types of personal data, legal basis and duration of data processing):

Purpose of data processing	Personal data processed	Legal basis for data processing	Duration of data processing
Management of registration in the application	Direct registration: Information provided directly by the User (name, email address, phone number, password, other information, device ID) Registration via Facebook: Information provided directly by the User or provided via Facebook (full name, email address, profile picture, phone number, Facebook user ID, password, other information, device ID) Registration via Apple ID: Information provided directly by the User (full name, password, email address, device ID) Without registration: device ID and guest ID	Direct registration/registration via Facebook/registration via Apple ID: GDPR Article 6(1)b), acceptance of the General Terms and Conditions. Without registration: Based on legitimate interest in providing the service, GDPR Article 6(1)f)	Personal data will be processed and stored until the User deletes their account registered in the Application. After that, the User account data will be anonymized. Account data will be stored for 180 days in the automatic backup system.
Management of participation in events held by Data Controller 1 at the KÖKI Shopping Center	Information provided directly by the User: full name, email address, telephone number, other information, device ID	GDPR Article 6(1)b), acceptance of the General Terms and Conditions.	Personal data will be processed and stored until the User deletes their account registered in the Application. After that, the User account data will be anonymized. Account data will be stored for 180 days in the automatic backup system.
Management of offers and benefits related to the loyalty program	Information provided directly by the User: full name, email address, telephone number, other information, device ID Information about benefits obtained in the loyalty program	GDPR Article 6(1)b), acceptance of the General Terms and Conditions.	Personal data will be processed and stored until the User deletes their account registered in the Application. After that, the User account data will be anonymized. Account data will be stored for 180 days in the automatic backup system.
Location data	Information provided directly by the User: location data indicated near or within the Shopping Center	Based on the User's consent to the processing of their location data, GDPR Article 6(1)a).	Personal data will be processed and stored until the User deletes their account registered in the Application, revokes their consent to the processing of location data, or has been inactive in the Application for 24 months. Thereafter, the User account data will be anonymized.
Sending information for marketing purposes	Information provided directly by the User: email address, consent data/statement	Based on the User's consent, GDPR Article 6(1)a).	Personal data will be processed and stored until the User deletes their account registered in the Application, revokes their consent to the processing of location data, or has been inactive in the Application for 24 months. Thereafter, the User's documents authorizing access to location data will be stored and processed by the Data Controllers for 2 years.
Receipt of support requests and feedback related to the service	Information provided directly by the User: Questionnaire responses regarding the evaluation of the service provided by the Data Controllers, full name and email address, device ID	Based on the Data Controllers' legitimate interest in providing support, better understanding Users, improving services, and providing appropriate services or offers, GDPR Article 6(1)f).	Personal data will be processed and stored until the User deletes their account registered in the Application. After that, the User account data will be anonymized. Account data will be stored for 180 days in the automatic backup system.
Submission of legal claims, enforcement or defense of	Personal data relevant in connection with litigation or legal disputes	The data controller's legitimate interest in ensuring documentation related to legal protection of, GDPR Article 6(1)f).	The User's personal data will be stored and processed by Data Controllers until the legal dispute is resolved and the limitation period expires.
Analysis of the User's information/use of the service for the following purposes: Providing personalized offers and better understanding of the User's expectations and needs, as well as developing new features and services	Information provided directly by the User: Any information provided by the User to the Data Controllers Device ID Data collected from the User's activity: user activity in the Application, participation in events organized by the Shopping Center, and use of the loyalty program.	Processing of activity and operational data in the application for the purpose of developing and improving the service, as well as processing for marketing purposes based on the User's consent, Article 6(1)a) of the GDPR.	Personal data will be processed and stored until the User deletes their account registered in the Application, revokes their consent to the processing of location data, or has been inactive in the Application for 24 months. Thereafter, the User account data will be deleted or anonymized.
Responding to requests regarding personal data	Information provided directly by the User: Full name and email address, device ID	Based on legal obligation, GDPR Article 6(1)c).	Personal data will be processed and stored until the User deletes their account registered in the Application. After that, the User's account data will be anonymized. Account data will be stored for 180 days in the automatic backup system.
Receipt scanning function	Information provided by the User when scanning a receipt: Store name, address of the shopping center, date of purchase, purchase amount, items purchased	The provision of this function is based on Article 6(1)b) of the GDPR (acceptance of the General Terms and Conditions). The creation and development of the function is based on the legitimate interests of the Data Controllers, Article 6(1)f) of the GDPR.	Personal data will be processed and stored until the User deletes their account registered in the Application or if they have not been active in the Application for 24 months. After that, the User's account data will be anonymized. Account data will be stored for 180 days in the automatic backup system.

The data processing operations performed by Data Controller 1 are as follows: access, use, deletion, while the data processing operations performed by Data Controller 2 are as follows: collection, access, use, disclosure by transmission, deletion.

5. When the User uses the application (event tracking)

The Application uses “event tracking” to collect information about the use of the Application. By tracking events, the Application collects data about the use of the application, regardless of whether the User has registered by creating a profile or not.

The following information is recorded from the User's device when the User uses the Application:

Device name (e.g., “iPhone 8” or “Samsung SM-G955F”)
OS version (e.g.: „12.3.1” or „8.1”)
Application version (e.g.: „4.1.1”)
Guest ID (identifier assigned by the system)

We collect information about the User’s usage of the Application through event tracking. When the User performs an action in the Application, the system registers an event that describes the User’s action.

The system registers an event each time the User performs any of the following actions:

Launching the application
Granting consent
Viewing a screen in the Application (e.g., screen name and viewing duration (in seconds))
Viewing marketing material in the Application
Activities related to the loyalty program (e.g., redeeming a benefit)
Clicking on a button (e.g., following/unfollowing a store or redeeming a prize)

The Application collects and analyzes events for the following purposes:

Continuous user interface optimization to improve usability
Identification of errors and other problems
Personalized marketing
Support management
Preparation of aggregated (statistical) marketing reports for the Data Controllers

The Data Controllers analyze device and usage information to ensure that the Application works smoothly on different devices and to better understand how Users use the Application. The legal basis for analyzing this information is the legitimate interest of the Data Controllers, pursuant to Article 6(1)f) of the GDPR.

6. If the User consents to access their location data

In order to determine the User's location in the Shopping Center, the Application - or the Data Controllers - will ask the User to enable the Bluetooth function on their mobile phone. The User's location can be tracked using beacons located in the Shopping Center. A beacon is a Bluetooth-based device used by smart devices to register when a device is nearby. The legal basis for tracking location data is the User's consent, pursuant to Article 6(1)a) of the GDPR. If the User consents to sharing their location with the Application, an event will be registered each time the User is near a beacon in the Shopping Center.

Information about the User's location is used to reward points for visiting the Shopping Center and to enable stores to know how many visits a marketing campaign has influenced. The User's personal data will never be shared with any store in the Shopping Center.

Please note that the User's location cannot be detected outside the Shopping Center and the User cannot share their location via location services. Location tracking is only activated via Bluetooth beacons located in the common areas of the Shopping Center.

The User may disable the sharing of location data at any time in the Application settings. If the User refuses to share location data, they may still use the functions of the Application, but in this case, no points will be automatically awarded for visits to the Shopping Center.

Information collected about the User's location and notifications is mixed with other usage data and used for the same purposes.

7. If the User submits a support request (service support)

Each time the User sends a support request, an event is recorded along with the information contained in the request. Support requests are recorded so that we can investigate and resolve the User's request.

The User's support request is processed using the third-party system “Zendesk”, which is based in the United States. Data related to the User's support requests is processed outside the EU.

The transfer of User data to Zendesk is based on the data protection framework (DPF) adopted by the European Commission. If the DPF is invalid, the standard contractual clauses (SCC) shall apply.

The legal basis for processing the User's support request is based on legitimate interest pursuant to Article 6(1)(f) of the GDPR.

If the User decides not to share the above information with third parties, they will not be able to submit a service support request within the Application. However, this request may be submitted directly at any time to the Data Controller at info@kokibevasarlokozpont.hu, and the User's personal data will not be shared with data processors outside the EU.

8. If the User uses the receipt scanning feature in the Application

After the User has made a purchase at one of the partner stores in the Shopping Center, they have the option to scan the receipt using the Application and thus collect loyalty points or receive rewards. This process is part of the service and is based on a contract, pursuant to Article 6(1)b) of the GDPR. The processing of receipt data is based on legitimate interests in the development and improvement of the function, pursuant to Article 6(1)f) of the GDPR. Considering the type of data processed and the nature of the activity, the interest in developing the function is to offer a better product to the User, and this interest outweighs the User's right not to have this data processed.

The information collected when scanning the receipt includes the following:

Store name

Address of the shopping center
Date of purchase
Purchase amount
Terms and conditions of purchase
NAV code

This data is collected to verify that the purchase was made at the Shopping Center. In addition, the date, amount, and items are cross-referenced to ensure a valid transaction. This process uses artificial intelligence technology. In addition, these items serve a statistical function in the operation of the Shopping Center.

If all information is correct, the User receives the points within the Application.

In addition, the collected data is used to improve machine recognition to make the review process more efficient over time.

This data is retained until the User deletes their account in the Application or remains inactive for 24 consecutive months. After that, the data is deleted or anonymized. Receipt data is handled and stored in accordance with standard processing procedures and remains inaccessible to other users of the loyalty program.

It is important to note that after uploading, the receipt image will not be visible; only the history of manually scanned receipts can be viewed.

Please note that certain stores may be excluded from the receipt scanning function at the Shopping Center's discretion. Consequently, no points or rewards can be collected for receipts from these stores.

The process and detailed rules for collecting loyalty points as regulated in this section are set out in the relevant regulations (hereinafter: “Point Collection Regulations).

9. If the User registers an account in the Application

After account registration, information collected from the User's device and about the use of the application will be linked to the information registered in the account, but information collected prior to account registration will never be linked to the information registered in the account.

If the User wishes to register an account in the Application, they may do so by providing their data:

“Manually”;
Using a Facebook account; or
If the User is using the iOS version of the Application, they can register using their Apple ID.

10. “Manual” registration

If the User registers a user account in the Application “manually”, they must provide us with the following information:

Personal	Source of data	Purpose of data processing
Email	Directly from the User	Login confirmation
Password	Directly from the User	Login confirmation
Phone	Directly from the user	Login approval / two-factor authentication, sending and receiving authentication SMS
First	Directly from the User	Account information

11. Registration via Facebook profile

If the User registers a user account in the Application via their Facebook profile, they must provide us with the following information, or the Application will download this information from the User's Facebook profile:

Personal	Source of data	Purpose of data processing
Email	Provided by the data subject (User) during registration via Facebook	Login approval and account notifications
Password	Provided by the data subject (User) via Facebook during registration	Login confirmation
Phone	Provided by the data subject (User) via Facebook during registration	Login confirmation / two-factor authentication, sending and receiving authentication SMS
Profile	Provided by the data subject (User) via Facebook during registration	Account information
Full name	Provided by the data subject (User) via Facebook during registration	Account information
Facebook user ID	The data subject (User) provides this during registration via Facebook	Sending personalized marketing material on Facebook (if sharing with third parties is permitted)

The User's email address, password, phone number, and Facebook user ID (if collected) will be used by the Application to authenticate the User when they log into their account. The User's name and profile picture will be used to display the User's name and picture on their profile in the Application. Information collected about the User during registration, information about their device, and information about their use of the Application will be analyzed to display the most relevant marketing content to the User in the Application.

It is important to note that the User can create a user account without using their Facebook profile.

Accordingly, in the case of “manual” registration, an account can be created in the Application without using Facebook if the User refuses to provide a third-party identifier from the optional data. In this case, the information collected about the User will not be transferred to Facebook.

12. Registration using Apple ID

Personal data	Source of data	Purpose of data processing
Email	Directly from the User	Login confirmation
Password	Directly from the User	Login approval
Full name	Directly from the user	Account information

If the User wishes to register using their Apple ID, they can choose to hide their personal email address. If they do so, a random Apple email address will be assigned to their account.

13. Optional information

If the User wishes to register a user account using one of the three methods (points 10, 11, and 12), we may ask the User for additional information during the registration process. The provision of each additional piece of information is optional:

Personal data	Source of data	Purpose of data processing
Last name	Directly from the User	Account information
Age / year of birth	Directly from the User	Sending personalized marketing materials based on age
No	Directly from the User	Sending personalized marketing materials based on gender
Postal	Directly from the User	Account information

The User is not required to provide the additional personal information mentioned above. The purpose of providing this information is solely to help improve the service for the User.

14. Notifications from the Application

If the User consents to receiving notifications from the Application, the Application will register an event each time a notification is received. The information collected about the User's location (if consented to, pursuant to Article 6(1)a) of the GDPR) and the notifications will be combined with other usage data and used for the same purposes.

15. Legal basis for the processing of data relating to the User

To ensure that the legal basis for the processing of data relating to the User is always well-founded, compliance with the GDPR is always ensured.

The legal basis for data processing may be, for example, the User's consent pursuant to Article 6(1)a) of the GDPR, a contract pursuant to Article 6(1)b) of the GDPR, a legal obligation pursuant to Article 6(1)c) of the GDPR, or a legitimate interest pursuant to Article 6(1)f) of the GDPR. Further information can be found in section 4 of this Consent and Privacy Notice (scope of data processed, purpose, legal basis and duration of data processing).

If the processing is based on the User's consent, a record will be stored and processed, which records when and how the User gave their consent, and a record will also be kept of exactly what information was provided at that time.

The User may withdraw their consent to the processing of their personal data in the Application at any time and without justification and may also do so by deleting their account registered in the Application, in accordance with Article 7(3) of the GDPR. If the User deletes their account, their account data will be anonymized, which means that the data can no longer be linked to the User. If the User decides to withdraw their consent, this does not affect the lawfulness of the processing of personal data based on the consent given prior to the withdrawal and until the time of withdrawal. If the User withdraws their consent, this shall therefore only take effect from that moment, in accordance with Article 7(3) of the GDPR.

The User is not obliged to provide personal data.

16. With whom is information about the User shared?

Personal data will be shared with data processors who assist in the collection, analysis, and storage of personal data.

16.1. Data processors within the EU

We work with data processors who are either based in the EU or have their data centers within the EU, which means that the User's personal data will not be transferred outside the EU, apart from the data processor Zendesk, which is based in the United States. The User's personal data will be shared with data processors for the purposes of providing the service, support requests, marketing, data storage, etc. Users' data will only be shared with data processors who have an adequate level of security.

Another data processor is Emplate ApS (seat: Søren Frichs Vej 42 R, 8230 Åbyhø, Denmark, registration number: 36031034).

We use third-party “ad network providers” to advertise the Application. If the User decides to register an account in the Application, information collected through event tracking in the Application will be shared with Facebook and Google. This enables the use of third-party advertising network providers' tools to measure the advertising of the Application. The privacy policies of third-party advertising network providers can be found here:

If the User does not want their data to be shared with third-party advertising networks, they can disable this in the Profile Settings in the App.

16.2. Data processors outside the EU

If the User uses the support function, their data will be shared with Zendesk, operating in the United States, as detailed in Section 7 (If the User submits a support request (service support)). Furthermore, if the User uses the “scan receipt” feature, the data on the receipt will be transferred to OpenAI, operating in the United States, in order to provide the scanning feature, as detailed in Section 8 above. Personal data will be transferred on the basis of the standard contractual clauses (SCC) approved by the European Commission for data transfers between the EU and countries outside the EU or the data protection framework (DPF) adopted by the European Commission. The DPF ensures that the User's data is transferred securely to the United States. The DPF can be found here: Data Privacy Framework, and the list of DPF-certified organizations can be found here: Data Privacy Framework list.

Furthermore, data transfers outside the EU are always ensured by the preparation of audit reports and the implementation of appropriate security measures.

If the User does not wish to share their data with third parties, they can “opt out” at any time in their profile settings.

17. How information and personal data relating to the User are processed and protected

The protection of the User's privacy and personal data is of prioritized importance. Appropriate technical and organizational security measures have been implemented to prevent accidental or unlawful destruction, loss, alteration or damage to personal data, as well as unauthorized access or misuse.

Information relating to the User's identity is only accessible to employees and agents and whose job / task description includes the performance of tasks for which they need the User's personal data. These employees are informed and instructed on the proper handling of personal data in accordance with the above.

The User's data is stored securely by data processors both within and outside the EU. An agreement is in place with each contractual data processor of the User's personal data in accordance with Article 28 of the GDPR. The contractual data processors undertake in the relevant agreement at to comply with at least the general technical and organizational data protection measures guaranteed by the Data Controllers and to process the User's personal data exclusively on the instructions of the Data Controllers in accordance with present Consent and Privacy Notice.

The User's personal data will be stored and processed as described in detail in Section 4 (Scope of data processed, purpose, legal basis and duration of data processing). If the User has been inactive for 24 months or if they delete their account in the Application (Section 22 of this Privacy Policy (Deletion of user accounts)), their data will be removed from the servers by deletion or anonymization. The User will be notified 1 month prior to such operations (deletion, anonymization).

The record of when and how the User gave their consent and what exactly the consent related to will be stored for two years after the deletion of their account. The data necessary to document the User's registration and consent to the Application will be stored for two years after the withdrawal of consent to prove and document that the marketing communication was lawful, pursuant to Article 6(1)c) of the GDPR.

18. Additional rights of Users

In connection with the data processing described in this Consent and Privacy Notice, the User may exercise the rights set out in Chapter III of the GDPR as follows:

Withdrawal of consent

The User has the right to withdraw their consent to the processing of their personal data at any time, without giving any reason, without this entailing any financial or other obligations for the User. The withdrawal of consent does not affect the lawfulness of data processing prior to the withdrawal.

Right of access and information

The User has the right to receive confirmation as to whether their personal data is being processed and, if so, to access information relating to the processing (purpose of the processing, categories of personal data, information about the source of the personal data, etc.). The User may also request a copy of the personal data that is the subject of data processing.

Right of correction

The User has the right to request the correction or supplementation of personal data processed by Joint Data Controllers.

Right to erasure

The User has the right to request that the Joint Data Controllers erase the personal data processed by them if one of the following grounds applies:

the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
the User withdraws the consent on which the processing is based and there is no other legal basis for the processing;
the User objects to the processing and there are no overriding legitimate grounds for the processing;
the personal data has been unlawfully processed;
the personal data must be erased in order to comply with a legal obligation to which the Joint Data Controllers is subject under Union or Member State law;
the personal data has been collected in relation to the offer of information society services.

However, the right to erasure is not unlimited and may be restricted by the provisions of relevant EU and national data protection legislation.

Right to restriction of processing

The User is entitled to request a restriction of data processing in the following cases:

the User disputes the accuracy of the personal data, in which case the restriction shall apply for a period enabling the Joint Data Controllers to verify the accuracy of the personal data;
the processing is unlawful, and the User requests the restriction of processing instead of erasure;
the Joint Data Controllers no longer need the personal data for the purposes of the processing, but they are required by the User for the establishment, exercise or defense of legal claims; or
the User has objected to the data processing; in this case, the restriction applies for the period until it is determined whether the legitimate grounds of the Joint Data Controllers override the legitimate grounds of the User.

Following the restriction of data processing, the personal data subject to the restriction may, with the exception of storage, only be processed with the consent of the Users or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

Users also have the right to receive their personal data provided to the Joint Data Controllers in an electronic format and to transmit those data to another controller.

Right to object

Users have the right to object to the processing of their personal data if the processing is carried out for direct marketing purposes. In this case, the data subject may no longer be processed for direct marketing purposes.

In matters relating to complaints, the User has the right to lodge a complaint with the competent data protection supervisory authority.

19. General rules for exercising rights:

The Data Controller 1 shall inform the User of the measures taken in response to the request without undue delay, but no later than 30 days from the date of receipt of the request. If necessary, taking into account the complexity of the request and the number of requests submitted by Users, this period may be extended by a further two months. Data Controller 1 shall inform the User of the extension of the deadline within 30 days of receipt of the request, indicating the reasons for the delay.

The Data Controller 1 shall provide the information and take the measures free of charge to the Users. If the User's request is clearly unfounded or excessive, in particular because of its repetitive nature, the Data Controller 1, taking into account the administrative costs of providing the requested information or communication or taking the requested action:

a) a reasonable fee, or

b) refuse to act on the request.

The burden of proving that the request is manifestly unfounded or excessive lies with Data Controller 1.

If the Joint Data Controllers have reasonable doubts as to the identity of the natural person making the request, they may request further information necessary to confirm the identity of the User.

20. Legal remedies:

The User may contact the representative of the Joint Data Controllers at any time regarding the processing of their personal data at the following contact details:

e-mail address: info@kokibevasarlokozpont.hu

Data Controller 1 shall respond to requests received in the manner and within the time limits specified in Section 19 of this Consent and Privacy Notice.

In the event of a violation of their rights, the User may take legal action against the Joint Data Controllers. The court shall hear the case as a matter of priority. The Joint Data Controllers shall be responsible for proving that data processing complies with the provisions of the law. The court of jurisdiction for the case shall be the court of first instance in the capital city. The case may also be brought before the court of first instance at the User's place of residence or domicile.

In the event of a complaint regarding the processing of their personal data, the User may also contact the National Authority for Data Protection and Freedom of Information (Dr. Péterfalvi Attila, President of the National Authority for Data Protection and Freedom of Information, postal address: 1363 Budapest, Pf.: 9., address: Falk Miksa u. 9-11, 1055, telephone: +36 (30) 683-5969; email: ugyfelszolgalat@naih.hu; website: www.naih.hu).

21. Changes to the Consent and Privacy Notice

In accordance with the principles of the GDPR, the general terms and conditions for the processing of personal data, as well as the general and technical measures for the protection of personal data and other internal mechanisms, are regularly updated to ensure that they always comply with the applicable legislation. Any changes to this Consent and Privacy Notice regarding the processing of personal data shall take effect upon publication of the updated General Terms and Conditions through the Application. If changes come into effect that are considered significant and require the User's consent in accordance with the relevant legislation, the User will be informed of this through the Application and, if necessary, the User's consent will be requested.

22. Deletion of user account

The User may request the deletion of their user account and personal data from the Application directly at any time.

The user account can be deleted by following these steps:

Open the application
"Profile settings"
"Delete profile"
"Do you want to delete your profile?" – pop-up window, to delete, type the word "DELETE," after which the "delete" button will appear.