Dayliner ← Back to sign in

Privacy Policy · Last updated: 2026-04-23

Privacy Policy

Document version: 1.0 Effective date: 2026-04-23 Last updated: 2026-04-23 Primary jurisdiction: Hungary (with UK provisions taking effect on launch in the United Kingdom)

This Privacy Policy explains how Balazs Okros (the "Operator", "we", "us") handles personal data in connection with the Dayliner production-management service (the "Service"). It is written to meet the transparency requirements of Articles 13 and 14 of the General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR"), as supplemented in Hungary by Act CXII of 2011 on Informational Self-Determination and Freedom of Information (the "Info Act" / "Infotv."), and (for users in the United Kingdom) the UK GDPR and the Data Protection Act 2018.

This policy covers the Service itself. Your use of the Service is also governed by our Terms of Service, including the intellectual-property and content rules in Schedule 1 of those Terms, which describe how rights in the Service and in the content you upload are handled.

A Hungarian-language translation of this policy is available on request. In the event of any discrepancy, the Hungarian version prevails for users whose habitual residence is in Hungary.


1. Who is responsible for your data

The Service is a multi-tenant business application. Two different relationships apply, and they decide who is responsible for what.

Operator (controller / processor) contact details:

Legal name Balazs Okros
Registered address Hamer Avenue 36, Carterton, OX18 3GS United Kingdom
Company registration number -
Tax number -
Data-protection contact dayliner@pelso.co.uk

We have not appointed a Data Protection Officer under Article 37 GDPR, as we are not required to. Data-protection questions and requests should be sent to dayliner@pelso.co.uk.


2. The personal data we process

Category Examples Our role
Account & identity Name, email, password (hashed), avatar, language, roles and permissions, two-factor settings Controller
Authentication & security Login timestamps, IP address, user-agent, session and "remember me" tokens, policy-acceptance records (timestamp, user, IP, document version) Controller
Activity & audit logs Records of who created, changed or deleted content, and when Controller
Customer content Performer profiles, biographies, photos, riders, setlists, personnel and guest lists, deals and contracts, transport and accommodation details, messages and email collected into the Service, and any other content the Customer uploads Processor (Customer is controller)
External portal users Performers, suppliers and guests who authenticate to a scoped portal via a token to view or submit material for a specific performance or task Processor (Customer is controller)
Communications with us Support requests and correspondence with account administrators Controller
Billing Customer company details and subscription/invoice records Controller

We do not intentionally seek out special-category data (Article 9 GDPR). Customers may, however, include such data in free-text fields, riders, or dietary/accessibility notes (for example, allergies in catering requirements). Where that happens, the Customer is responsible for having a lawful basis, and we process it only as part of operating the Service for them.


3. Why we process it, and our legal basis

As controller, we rely on the following bases under Article 6 GDPR:

As processor, we process Customer content only on the documented instructions of the Customer and for the purposes set out in our agreement with them (hosting, storage, rendering thumbnails and PDFs, sending email and attachments, transmitting setlists to collective rights organisations such as Artisjus when instructed, and similar operating functions). The Customer is responsible for establishing the legal basis for that processing.

We do not use Customer content to train machine-learning models, and we do not sell personal data.


4. Cookies and similar technologies

The Service uses cookies that are strictly necessary for it to function — to keep you signed in (session and authentication cookies), to protect form submissions against cross-site request forgery (CSRF), and to remember your interface preferences. These do not require consent under the ePrivacy Directive 2002/58/EC (as implemented in Hungary by Act C of 2003 on Electronic Communications) and Article 6(1)(f) GDPR.

We do not use advertising cookies. Any analytics or other non-essential cookies, if introduced, will be loaded only after you give consent, and this policy and the consent banner will be updated accordingly.


5. Who we share data with

We share personal data only as needed to run the Service:

We do not sell personal data and do not share it for third-party advertising.


6. International transfers

We host and process personal data within the European Economic Area (EEA), and we do not transfer it to countries outside the EEA. If this ever changes — for example, if we engage a sub-processor located outside the EEA — we will put an appropriate safeguard under Chapter V GDPR in place (such as a European Commission adequacy decision or the Standard Contractual Clauses), update this policy, and tell you which safeguard applies before the transfer takes effect.


7. How long we keep data

When personal data is no longer needed, we delete or irreversibly anonymise it.


8. Your rights

Subject to the conditions in the GDPR, you have the right to:

How to exercise them. If your data is in the Service because an organisation uploaded it (we are the processor), please contact that organisation; we will support them in responding. For data where we are the controller, contact us at dayliner@pelso.co.uk. We respond within one month, as required by Article 12(3) GDPR. We may need to verify your identity first.

Right to complain. You may lodge a complaint with the Hungarian supervisory authority:

Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH) 1055 Budapest, Falk Miksa utca 9-11., Hungary Web: naih.hu · Email: ugyfelszolgalat@naih.hu

UK users may complain to the Information Commissioner's Office (ICO), ico.org.uk. You may also complain to the authority in your country of habitual residence.


9. How we protect data

We apply technical and organisational measures appropriate to the risk (Article 32 GDPR), including: encryption of traffic in transit; hashing of passwords; multi-tenant isolation with server-side scoping so records cannot be read across organisation boundaries; role-based access control and per-entity access grants; storage isolation that prevents enumeration of other tenants' files; session-bound media URLs; audit logging of content lifecycle events; and least-privilege, ticket-based access for support staff. No system is perfectly secure, but we work to protect your data and to detect and respond to incidents.

In the event of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours where required (Article 33 GDPR) and, where the breach is likely to result in a high risk, affected individuals without undue delay (Article 34 GDPR).


10. Automated decision-making

We do not make decisions producing legal or similarly significant effects about you based solely on automated processing, and we do not carry out profiling of that kind (Article 22 GDPR).


11. Children

The Service is a business tool intended for use by professionals and is not directed at children. We do not knowingly collect personal data from children. Customers are responsible for any data concerning minors (for example, a minor performer) that they choose to enter, and for the lawful basis for doing so.


12. Changes to this policy

We may update this policy. Material changes will be announced through the Service's in-app notification system and/or by email to account administrators, and the "Last updated" date above will change. Continued use of the Service after a change takes effect constitutes acceptance of the updated policy.


13. Contact

Questions, requests, or the Hungarian-language version of this policy:

Balazs Okros Hamer Avenue 36, Carterton, OX18 3GS United Kingdom Email: dayliner@pelso.co.uk