Privacy Policy
Draft — subject to legal review before launch
1. Who we are
Mészáros János, sole proprietor (Hungary, EU), the operator of grabtheslot.com and the GrabTheSlot platform (the Operator).
Contact: [email protected]
The Operator acts in two roles: as a data controller for the data of its own subscribers (businesses using GrabTheSlot), and as a data processor for the personal data of the subscribers' end-customers (the people who book appointments). The processor relationship is governed in detail by the Data Processing Agreement (DPA).
2. Personal data we process
Subscribers (business customers)
- Name, email address, phone number
- Business name, address, tax/VAT number
- Payment card details are processed exclusively by Paddle as Merchant of Record — the Operator never stores them
End-customers (people who book)
- Name, email address, phone number
- Booking time and the selected service
- IP address (technically necessary)
Visitors of this website
- This marketing site is static and sets no analytics cookies. A single functional preference (dark/light theme) is stored in your browser; it identifies nobody.
3. Legal bases (GDPR Art. 6)
- Performance of a contract (Art. 6(1)(b)) — providing the booking service
- Legitimate interest (Art. 6(1)(f)) — system security and service improvement
- Consent (Art. 6(1)(a)) — marketing communications, where applicable
4. Sub-processors
| Provider | Purpose | Data location |
|---|---|---|
| Paddle.com Market Limited | Payments and invoicing (Merchant of Record) | EU / UK |
| Supabase Inc. | Database, authentication | EU (Frankfurt) |
| Resend Inc. | Transactional email delivery | US (EU–U.S. Data Privacy Framework) |
| Hetzner Online GmbH | Server operation and hosting | EU (Nuremberg / Falkenstein, Germany) |
5. Retention
- Account data: until the account is deleted
- Booking data: 5 years from the booking date (accounting obligations)
- Invoicing records: 8 years (Hungarian Accounting Act, as the Operator is established in Hungary)
6. Your rights
- Right of access — request a copy of the data we hold about you
- Right to rectification — have inaccurate data corrected
- Right to erasure ("right to be forgotten")
- Right to data portability — receive your data in a machine-readable format
- Right to object — to processing based on legitimate interest
To exercise your rights, write to [email protected]. We respond within 30 days.
7. Complaints
If you believe your personal data is processed in violation of the GDPR, you may lodge a complaint with your local EU supervisory authority, or with the authority competent for the Operator: the Hungarian National Authority for Data Protection and Freedom of Information (NAIH), 1055 Budapest, Falk Miksa utca 9-11, Hungary · naih.hu · [email protected]