Supplement — jointhesport.com
This privacy policy describes the shared processing practices for sportagvalasztoteszt.hu and jointhesport.com. For jointhesport.com — registration, account management, profile settings, newsletter and cookie/consent management — we add the following:
| Service | jointhesport.com — registration, sign-in, profile, newsletter, content |
| Additional data | Name, email and password (hashed) provided at registration; optional sport interest selections (multiple sports may be chosen), used for personalised newsletter and tips where you have given consent; language preference. |
| Legal basis (sport interests, newsletter) | GDPR Article 6(1)(a) — consent (via explicit checkboxes and/or consent records). |
| Cookies | Strictly necessary cookies for operation; analytics and marketing cookies only after prior consent by category. |
| Retention | Beyond the general retention principles in the full policy, unsubscribed newsletter records may be retained for a limited period for accountability; see the full text and internal record of processing. |
1. Details of the Data Controller
| Data Controller: | Janos Nagy (private individual) |
| Website: | https://jointhesport.com |
| Related website: | https://sportagvalasztoteszt.hu |
| Email: | info@jointhesport.com |
| Hosting provider: | Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany) |
| Server location: | Hetzner data center, Frankfurt am Main, Germany (European Union) |
2. Purpose and Scope of this Policy
The purpose of this Privacy Policy is to provide transparent and easy-to-understand information to users of the jointhesport.com website and the related sportagvalasztoteszt.hu website (collectively, the "Website" or "Websites") about our personal data processing activities.
jointhesport.com is a bilingual (Hungarian/English) digital sports selection and sports encyclopedia platform that helps young people, parents, coaches and sports enthusiasts discover sports. The related sportagvalasztoteszt.hu is a Hungarian-language sports recommendation web application that helps users identify the most suitable sport for them from 24 categories by using a weighted questionnaire algorithm. After completing the questionnaire, the result may also be sent by email, and the user may subscribe to the newsletter.
This Policy applies to all visitors and users of both Websites.
3. Governing Laws
The following laws and legal instruments govern our data processing activities:
- Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, "GDPR");
- Relevant recommendations and guidance issued by the Hungarian National Authority for Data Protection and Freedom of Information ("NAIH"), the competent supervisory authority.
4. Definitions
The terms used in this Policy shall be interpreted in accordance with the definitions set out in Article 4 GDPR. The most important terms are summarized below:
- Personal data: any information relating to an identified or identifiable natural person.
- Processing: any operation performed on personal data (such as collection, recording, storage, alteration, retrieval, use, disclosure or erasure).
- Controller: the natural or legal person that determines the purposes and means of the processing of personal data.
- Processor: the natural or legal person that processes personal data on behalf of the controller.
- Data subject: the natural person whose personal data are being processed.
- Consent: any freely given, specific, informed and unambiguous indication of the data subject's wishes.
5. Personal Data Processed and Details of Processing
5.1. Completion of the Questionnaire (Sports Selection Test)
| Data processed: | Answers provided in the questionnaire (sports preferences, answers relating to physical characteristics, interests). These data generally do not qualify as personal data on their own, but may become personal data when processed together with a session identifier and IP address. |
| Purpose of processing: | To generate a personalized sports recommendation for the user based on the weighted algorithm. |
| Legal basis: | Article 6(1)(b) GDPR - processing necessary to take steps at the request of the data subject prior to entering into a contract (provision of the service). |
| Retention period: | For the duration of the questionnaire session. After the result has been generated, session data are deleted from server memory. Aggregated, anonymized statistical data may be retained without limitation. |
| Whether provision is mandatory: | Voluntary. Without completing the questionnaire, no sports recommendation can be generated. |
5.2. Sending the Result by Email
| Data processed: | Email address, questionnaire result (recommended sports and scores). |
| Purpose of processing: | To send the questionnaire result to the email address provided by the user. |
| Legal basis: | Article 6(1)(b) GDPR - provision of the requested service at the user's request (the result is sent at the user's express request). If the email address is also used for newsletter subscription, Article 6(1)(a) GDPR (consent) applies to that additional purpose. |
| Retention period: | The email address is stored for up to 30 days after the email has been sent for logging and troubleshooting purposes and is then automatically deleted, unless the user has also subscribed to the newsletter. |
| Whether provision is mandatory: | Voluntary. The result can also be viewed on the Website without requesting email delivery. |
5.3. Newsletter Subscription
| Data processed: | Email address, date of subscription, source of subscription, IP address (to document consent). |
| Purpose of processing: | Sending the JoinTheSport newsletter containing sports tips, updates and content related to the sport selected by the user. |
| Legal basis: | Article 6(1)(a) GDPR - the data subject's explicit, voluntary consent. |
| Retention period: | Until consent is withdrawn (unsubscribe). After unsubscription, the email address and the fact of consent may be retained for 5 years from the date of unsubscription for evidentiary and accountability purposes under Article 5(2) of the GDPR (accountability principle). |
| Whether provision is mandatory: | Voluntary. Newsletter subscription is not a condition for using the service. |
| How to unsubscribe: | Via the unsubscribe link included in every newsletter or by email to info@jointhesport.com. |
5.4. User Account (Admin Panel)
| Data processed: | Username, email address, password (in encrypted/hashed form), authorization level. |
| Purpose of processing: | Identification and access control required to use the administrative interface. |
| Legal basis: | Article 6(1)(b) GDPR - performance of a contract (administration necessary for operating the service). |
| Retention period: | Until the account is deleted or the legal relationship ends. |
| Whether provision is mandatory: | Necessary for system administration. Applies only to persons designated by the Data Controller. |
5.5. Server Log Files
| Data processed: | IP address, browser type and version (user agent), referrer URL, time of visit, pages viewed, operating system. |
| Purpose of processing: | Ensuring the technical operation of the Website, troubleshooting, investigating security incidents, and preventing abuse. |
| Legal basis: | Article 6(1)(f) GDPR - the Data Controller's legitimate interest in the security and stability of the IT system. |
| Retention period: | Up to 90 days, after which the logs are automatically deleted. |
| Whether provision is mandatory: | Automatic when the Website is visited. |
| How data subjects are informed (Article 14 GDPR): | As these data are not obtained directly from the data subject but are collected automatically, data subjects are informed of the fact and details of the processing through this Privacy Policy in accordance with Article 14 GDPR. |
6. Cookies
6.1. General Information About Cookies
The Website uses cookies to improve the user experience, ensure proper service operation, and carry out statistical analysis. A cookie is a small text file placed by the website on the user's device (computer, phone or tablet).
6.2. Strictly Necessary (Functional) Cookies
| Purpose: | To ensure the core functionality of the Website (session management, security token, language setting). |
| Legal basis: | Section 155(4) of the Electronic Communications Act - storing data on the user's terminal equipment where technically strictly necessary for providing the service; prior user consent is not required. The processing legal basis is Article 6(1)(b) GDPR, as the processing is necessary to provide the requested service. |
| Retention period: | Until the end of the browser session (session cookie) or for a maximum of 30 days. |
| Can they be disabled?: | These cookies cannot be switched off because the Website would not function properly without them. |
6.3. Statistical (Analytics) Cookies - Google Analytics
| Purpose: | To analyze Website usage habits and improve the service. |
| Provider: | Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) |
| Legal basis: | Section 155(3) of the Electronic Communications Act - prior, informed user consent is required for placing such cookies. The processing legal basis is Article 6(1)(a) GDPR - the data subject's consent. Consent is obtained through the cookie banner shown on the first visit to the Website. Statistical cookies are placed only after consent has been given. |
| Data processed: | Anonymized IP address (with IP anonymization enabled), browsing habits, visit time, device information. |
| Retention period: | Up to 14 months (Google Analytics 4 default setting). |
| Data transfer: | Data are transferred to Google LLC servers located in the United States. The transfer is based on the European Commission Implementing Decision of July 10, 2023 (C(2023) 4745 final) on the EU-U.S. Data Privacy Framework, under which Google LLC is a certified participant. |
| How to disable: | Consent may be refused or withdrawn at any time through the cookie banner, or Google Analytics may be disabled via the browser add-on available at https://tools.google.com/dlpage/gaoptout. |
6.4. Security Cookies - Google reCAPTCHA v2
| Purpose: | Protection against spam and automated abuse when completing the questionnaire. |
| Provider: | Google LLC |
| Legal basis: | Article 6(1)(b) GDPR - necessary for the secure provision of the service (the questionnaire operates with reCAPTCHA protection); additionally Article 6(1)(f) GDPR - the Data Controller's legitimate interest in protecting the Website against automated abuse. Based on the Data Controller's balancing test, the necessity of anti-spam protection outweighs the limited impact on data subjects. |
| Data processed: | IP address, browser and device information, cookies placed by Google, user interactions. |
| Data transfer: | See Section 6.3 above (EU-U.S. Data Privacy Framework). |
| Further information: | Google Privacy Policy |
7. External Service Providers (Processors)
The Data Controller uses the following external service providers, which act as processors:
7.1. Hetzner Online GmbH (Hosting Provider)
| Registered office: | Industriestr. 25, 91710 Gunzenhausen, Germany |
| Activity: | Provision of server infrastructure (VPS), physical data storage |
| Location of data: | Frankfurt am Main, Germany (EU) |
| Legal basis: | Data processing agreement under Article 28 GDPR |
| Privacy notice: | https://www.hetzner.com/legal/privacy-policy |
7.2. Google LLC (Analytics, reCAPTCHA, Email Sending)
| Registered office: | 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA |
| Activity: | Web analytics (Google Analytics), spam protection (reCAPTCHA v2), email sending (Gmail SMTP) |
| Transfer mechanism: | EU-U.S. Data Privacy Framework - adequacy decision dated July 10, 2023 |
| Privacy notice: | https://policies.google.com/privacy |
7.3. Sentry (Functional Software, Inc.) - Error Tracking
| Registered office: | 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA |
| Activity: | Application error tracking, performance monitoring |
| Data processed: | Technical data related to error events (IP address, browser information, error messages, stack trace). We do not intentionally collect personal data through Sentry. |
| Transfer mechanism: | EU-U.S. Data Privacy Framework - Functional Software, Inc. is a certified participant; additionally, as a supplementary safeguard, the European Commission's Standard Contractual Clauses ("SCCs"; Commission Implementing Decision (EU) 2021/914) are applied. |
| Legal basis: | Article 6(1)(f) GDPR - the Data Controller's legitimate interest in ensuring the proper operation of the service |
| Privacy notice: | https://sentry.io/privacy/ |
8. Transfers to Third Countries
Google LLC and Functional Software, Inc. (Sentry) are established in the United States of America. The lawfulness of such transfers is ensured as follows:
-
EU-U.S. Data Privacy Framework: Under the European Commission Implementing Decision of July 10, 2023 (C(2023) 4745 final), the United States ensures an adequate level of protection for personal data processed by organizations certified under the framework.
-
Standard Contractual Clauses (SCCs): As an additional safeguard, both Google and Sentry also apply the Standard Contractual Clauses adopted by the European Commission under Commission Implementing Decision (EU) 2021/914. In Sentry's case, SCCs serve as the primary contractual transfer safeguard.
-
Data Processing Agreement (DPA): In accordance with Article 28 GDPR, the Data Controller enters into a data processing agreement with each processor that has access to personal data. For Google services, the applicable Data Processing Terms apply. Processors may engage sub-processors; their lists are available in the providers' privacy documentation.
The Data Controller continuously monitors the validity of the EU-U.S. Data Privacy Framework. If the Court of Justice of the European Union or the European Commission invalidates or materially amends the framework, the Data Controller will promptly review the legal basis for transfers and, where necessary, implement additional safeguards (for example, relying exclusively on SCCs) or switch to an alternative provider.
We do not otherwise transfer personal data to countries outside the EU/EEA.
9. Data Security
The Data Controller implements appropriate technical and organizational measures to protect personal data, in particular against unauthorized access, alteration, transmission, disclosure, deletion, destruction, accidental destruction and damage. These measures include in particular:
- Encrypted communication: The Website is accessible only through HTTPS (TLS/SSL).
- Password protection: Passwords are stored using the bcrypt algorithm with a high-security hashing method.
- JWT-based session management: User sessions are managed through JSON Web Token (JWT) technology.
- reCAPTCHA protection: Questionnaire completion is protected by Google reCAPTCHA v2 against automated abuse.
- Access restriction: Only authorized persons may access the administrative interface.
- Regular backups: Server data are backed up regularly.
- Firewall and security headers: The server is protected by a firewall and the Website applies appropriate HTTP security headers (such as CSP, HSTS and X-Frame-Options).
- Software updates: The server operating system and application components are updated regularly.
10. Rights of Data Subjects
Under the GDPR, you have the following rights in relation to the processing of your personal data:
10.1. Right to Be Informed (Articles 13-14 GDPR)
You have the right to receive clear and transparent information about the processing of your personal data before the processing starts, or afterwards where the data are not obtained directly from you.
10.2. Right of Access (Article 15 GDPR)
You have the right to obtain confirmation as to whether your personal data are being processed and, if so, to access the personal data and the related information.
10.3. Right to Rectification (Article 16 GDPR)
You have the right to request the correction of inaccurate personal data concerning you and the completion of incomplete personal data.
10.4. Right to Erasure ("Right to Be Forgotten") (Article 17 GDPR)
You have the right to request the erasure of your personal data if the purpose of the processing no longer exists, you withdraw your consent, or the processing is unlawful. The Data Controller may refuse erasure where processing is necessary: (a) for exercising the right of freedom of expression and information; (b) for compliance with a legal obligation; (c) for the performance of a task carried out in the public interest; or (d) for the establishment, exercise or defence of legal claims (Article 17(3) GDPR).
10.5. Right to Restriction of Processing (Article 18 GDPR)
You have the right to request restriction of processing if you contest the accuracy of the data, if the processing is unlawful, or if the Data Controller no longer needs the data but you require them for legal claims.
10.6. Right to Data Portability (Article 20 GDPR)
You have the right to receive the personal data concerning you that you have provided to the Data Controller in a structured, commonly used and machine-readable format (for example JSON or CSV), and to transmit those data to another controller. The Data Controller will respond without undue delay and in any event within one month of receiving the request, subject to the GDPR rules on possible extension.
10.7. Right to Object (Article 21 GDPR)
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data based on Article 6(1)(e) or (f) GDPR. Where personal data are processed for direct marketing purposes, you may object at any time without restriction, and in that case the Data Controller may no longer process the personal data for that purpose (Article 21(2)-(3) GDPR).
10.8. Right to Lodge a Complaint with a Supervisory Authority (Article 77 GDPR)
You have the right to lodge a complaint with a supervisory authority, in particular the Hungarian National Authority for Data Protection and Freedom of Information (NAIH), if you believe that the processing of your personal data infringes the GDPR. NAIH's contact details are set out in Section 11.2.
10.9. Right to Withdraw Consent (Article 7(3) GDPR)
Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.
10.10. How to Exercise Your Rights
To exercise your rights, please contact us using one of the following details:
- Email: info@jointhesport.com
- Subject line: "Privacy request - [your name]"
The Data Controller will review and respond to the request without undue delay and in any event within one month of receipt; where necessary, this period may be extended by a further two months, in which case the requester will be informed of the reasons for the delay. The Data Controller may request reliable proof of identity before fulfilling the request.
11. Remedies
If you believe that your rights have been infringed in connection with the processing of your personal data, the following remedies are available:
11.1. Complaint to the Data Controller
Please first contact us directly at info@jointhesport.com. We will investigate your complaint within 30 days.
11.2. Complaint to the Supervisory Authority
You have the right to lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH):
| Name: | Hungarian National Authority for Data Protection and Freedom of Information |
| Registered office: | Falk Miksa utca 9-11, 1055 Budapest, Hungary |
| Postal address: | 1363 Budapest, Pf. 9, Hungary |
| Phone: | +36 (1) 391-1400 |
| Email: | ugyfelszolgalat@naih.hu |
| Website: | https://www.naih.hu |
11.3. Judicial Remedy
Data subjects may also bring proceedings before the courts if their rights are infringed. The action may, at the data subject's choice, also be brought before the competent court for the data subject's domicile or place of residence in accordance with Article 79 GDPR.
12. Relationship Between jointhesport.com and sportagvalasztoteszt.hu
jointhesport.com and sportagvalasztoteszt.hu operate under the same data controller (Janos Nagy). jointhesport.com is the primary platform and sportagvalasztoteszt.hu is its supplementary service. This Privacy Policy applies to both Websites. After the sportagvalasztoteszt.hu questionnaire result is displayed, the user may subscribe to the JoinTheSport newsletter.
Data transfer between the two websites takes place only on the basis of the user's explicit consent.
13. Automated Processing, Profiling and Operation of the Algorithm
When the questionnaire is completed, the Website uses a weighted scoring algorithm to generate the sports recommendation. This automated processing does not constitute solely automated decision-making within the meaning of Article 22 GDPR, because:
- the result is merely a recommendation, does not produce legal effects and does not similarly significantly affect the user;
- the user is free to disregard the recommendation;
- the user may complete the questionnaire again using different answers.
Description of the algorithm's logic (Articles 13(2)(f) and 15(1)(h) GDPR):
Under the GDPR, the user has the right to obtain information about the logic of the algorithm used in the processing. The algorithm works as follows:
- The user answers questions in several steps regarding interests, physical characteristics, preferences and lifestyle.
- Each answer is assigned predefined weight values (scores), which are mapped to the relevant sports.
- After completion of the questionnaire, the algorithm totals the scores assigned to each sport.
- Based on the aggregated scores, the algorithm ranks the 24 available sports and recommends those with the highest scores.
- The algorithm uses only the answers provided during the questionnaire; it does not take previous completions, user profiles or external data sources into account.
The algorithm's weight values and question structure are managed and, where necessary, modified by the administrator through the administrative interface.
14. Protection of Minors' Data
The services of the Website are available without age restriction because completion of the questionnaire does not require personal data. Providing an email address is required only for sending the result by email and for newsletter subscription.
Persons under the age of 16 must have the consent of a parent or legal guardian before providing their email address (Article 8(1) GDPR). The Data Controller informs users of this age-related requirement when an email address is entered. If the Data Controller becomes aware that a person under 16 has provided personal data without parental or guardian consent, the data will be deleted without delay.
15. Personal Data Breaches
In the event of a personal data breach, the Data Controller acts in accordance with Articles 33 and 34 GDPR:
- the breach will be notified to NAIH within 72 hours of becoming aware of it if the breach is likely to result in a risk to the rights and freedoms of data subjects;
- where the breach is likely to result in a high risk to data subjects, the affected data subjects will also be informed without undue delay;
- an internal register of breaches is maintained, including the facts of the breach, its effects and the remedial measures taken.
16. Amendments to this Privacy Policy
The Data Controller reserves the right to amend this Privacy Policy. Amendments become effective upon publication on the Website. In the event of a material change, users will be informed by means of a notice displayed on the Website. Continued use after publication of the amended Policy constitutes acceptance of the changes.
Previous versions of this Privacy Policy are available upon request by email at info@jointhesport.com.
17. Contact
If you have privacy-related questions, requests or complaints, please contact us:
- Email: info@jointhesport.com
- Website: https://jointhesport.com
Dated: April 8, 2026
Janos Nagy, Data Controller
