OptiMonk Privacy Policy
(for Clients)
The Clients of OptiMonk are generally companies, therefore, the processing of company data is generally not subject to the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR or Regulation). However, it is possible that, in spite of the aforementioned, you provide data qualifying as personal data to us (e.g. telephone number), therefore, we comply with the provisions of Regulation regarding the processing of your data.
All employees of OptiMonk agree to protect the personal data obtained in the course of their work in a confidentiality agreement.
1. Data Controller
Name of data controller: OptiMonk International Zrt. (OptiMonk or Company or we)
Principal Office: 4028 Debrecen, Kassai út 129.
Balázs Tar, support@optimonk.com, + 36 1-415-800-4445
VAT No.: 26335498-2-09
2. Data Processors
3. You are entitled to the following rights regarding the processing of your data:
Right to preliminary information
The data subject is entitled to receive information of the facts and information related to data processing prior to the commencement of such processing.
Furthermore, the controller shall provide information on action taken on a request under Articles 15 to 22 to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.
(Article 12-14 of the Regulation)
Right of access
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and any related information as set forth in the Regulation.
(Article 15 of the Regulation)
Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
(Article 16 of the Regulation)
Right to erasure („right to be forgotten”)
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies.
(Article 17 of the Regulation)
Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the grounds specified in the Regulation applies.
(Article 18 of the Regulation)
Notification obligation regarding rectification or erasure of personal data or restriction of processing
The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 of the Regulation to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.
(Article 19 of the Regulation)
Right of data portability
On the conditions specified in the Regulation, the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
(Article 20 of the Regulation)
Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point e) (processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller) or f) (processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party) of Article 6(1) of the Regulation.
(Article 21 of the Regulation)
Automated individual decision-making, including profiling
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
(Article 22 of the Regulation)
Restrictions
Union or Member State law to which the data controller or processor is subject may restrict by way of a legislative measure the scope of the obligations and rights provided for in Articles 12 to 22 and Article 34, as well as Article 5 in so far as its provisions correspond to the rights and obligations provided for in Articles 12 to 22, when such a restriction respects the essence of the fundamental rights and freedoms and is a necessary and proportionate measure in a democratic society.
(Article 23 of the Regulation)
Communication of a personal data breach to the data subject
When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.
(Article 34 of the Regulation)
Right to lodge a complaint with a supervisory authority (right to official remedy)
The data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.
(Article 77 of the Regulation)
The data Subject can submit a complaint against a possible infringement of the data manager to the Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság)
1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal address: 1530 Budapest, Postafiók: 5.
Tel.: +36-1-391-1400
E-mail: ugyfelszolgalat@naih.hu
Right to an effective judicial remedy against a supervisory authority
Without prejudice to any other administrative or non-judicial remedy, each natural or legal person shall have the right to an effective judicial remedy against a legally binding decision of a supervisory authority concerning them, where the supervisory authority does not handle a complaint or does not inform the data subject within three months on the progress or outcome of the complaint.
(Article 78 of the Regulation)
Right to an effective judicial remedy against a controller or processor
Each data subject shall have the right to an effective judicial remedy where he or she considers that his or her rights under the Regulation have been infringed as a result of the processing of his or her personal data in non-compliance with the Regulation.
(Article 79 of the Regulation)
4. DATA PROCESSING RELATED TO THE PERFORMANCE OF CONTRACTS
Data processing for performing tax and accounting obligations
On the legal grounds of fulfilling legal obligation (GDPR Article 6 (1) point c), the Company may process the data of natural persons specified in laws entering into a business relationship with the Company, either as a customer or supplier, for the purpose of fulfilling statutory tax and accounting obligations (accounting, taxation). The data processed in this manner include the following specifically pursuant to Section 169 and 202 of Act CXXVII of 2007 on Value Added Tax: name, address, designation of the person or organisation ordering the transaction, the signature of the person certifying the execution of the order and, depending on organisation, the signature of the auditor, the signature of the recipient on the documents of stock movements and money management, and the signature of the payer on counter receipts, based on Act CXVII of 1995 on Personal Income Tax: the business licence number, the ID card number of small-scale producers and the tax ID number of the same.
The retention period pertaining to the personal data is eight (8) years following the termination of the legal relationship providing grounds for data processing.
Recipients of the personal data: the finances staff of the Company and the accountant data processor of Innonic Group Zrt.
The programs used by finances staff:
Számlázz.hu – billing program
Zoho – administrative system
BrainTree – data of credit card payment
Gmail e-mail account – the interface of keeping contact with clients regarding billing
5. IT processes
- Development and site building
The employees of this department are responsible for ensuring the technical operation and development of OptiMonk.
The employees examine the software bugs arising in relation to the operation of OptiMonk (bugs) and fix the same (bugfix). In the course of such activities, the developers may access the personal data of clients using the services.
- Development and Operation (DevOps)
The employees working in this division are responsible for operating the servers and technical background of optimonk.hu and optimonk.com. This work requires fast problem management and solution. In the course of such activities, the developers may access the personal data of customers using the services and the data of other employees of the company.
In order to ensure the built-in and default data privacy, we implemented the following technical and organisational measures:
Any and all employees engaged in server development who wishes to implement a technical operation implying access to personal data shall forwards its request to the DevOps manager.
- Tech Support
The employees working in this department are responsible for fulfilling the technical requests filed by the customers served by optimonk.hu and optimonk.com and for averting any technical issues. This job requires fast problem management and solution. In the course of such activities, the developers may access the personal data of the customers.
In order to ensure the built-in and default data privacy, we implemented the following technical and organisational measures:
All employees agree to protect the personal data obtained in the course of their work in a confidentiality agreement.
6. Marketing
- Registration on the website of the Company
Natural persons registering on the website may give their consent to the processing of their data by ticking the relevant check-box. The box may not be checked in advance.
The data subject to processing: name of the natural person (first name and last name), telephone number, e-mail address, online ID.
The purpose of data processing:
- Registration to the FREE planl (creation of the client’s own OptiMonk account)
- Contact by enquiries made electronically or via telephone.
- Information of the products and services of the Company.
- Analysis of the use of the website.
The legal ground for data processing: the consent of the data subject (GDPR Article 6 (1) point a).
The recipients of personal data and the categories of recipients: the employees of the Company performing tasks regarding customer service and marketing activity, as data processors:
Admin interfaces of OptiMonk accounts, Mailchimp (The Rocket Science Group, LLC), Hubspot, Zendesk (Zendesk Inc.), Unbounce, Intercom, Mixpanel, Outreach, Zoho softwares.
The retention period of personal data: 5 years or until the consent of the data subject has been withdrawn (erasure request).
2. Data processing related to promotional materials and newsletter services
The natural person registering for the promotional materials and newsletter services on the website may give his consent to the processing of his personal data by ticking the relevant check-box. Ticking the checkbox in advance is prohibited. The Privacy Notice (annex) shall also be displayed during the subscription process with an URL. The data subject may unsubscribe from the newsletter by means of the “unsubscribe” application of the newsletter, in writing, or by a statement made via e-mail at any time, which act shall be construed as the withdrawal of the consent. In such case, any and all data of the subscriber shall be erased.
The scope of personal data to be processed: the name (first name, last name) and e-mail address of the natural person.
The purpose of processing the personal data:
- Sending newsletters in the matter of the products and services of the Company.
- Sending promotional materials.
- Information of the products, services, terms and discounts of the Company.
Legal ground for processing: the consent of the data subject (GDPR Article 6 (1) point a).
The recipients of personal data and the categories of recipients: the employees of the Company performing tasks regarding customer service and marketing activity, as data processors:
Admin interfaces of OptiMonk accounts, Mailchimp (The Rocket Science Group, LLC), Hubspot, Zendesk (Zendesk Inc.), Unbounce, Intercom, Mixpanel, Outreach, Zoho softwares.
The retention period of personal data: until the client unsubscribes from the newsletter services, or until the consent of the data subject has been withdrawn (erasure request).
7. Customer service
The employees of the Customer Service are responsible for assisting the clients of OptiMonk International Zrt. in relation to the operation of the OptiMonk campaigns in the following ways:
- Via an e-mail submitted to support@optimonk.com or to a private business e-mail address of one of the customer support representatives.
- Via phone.
- Via 1-on-1 meeting scheduled in advance.
- During the FREE plan period
(1) The scope of data processed: the data of the client provided for the purpose of keeping contact (name, e-mail address, telephone number).
Purpose of data processing: keeping contact, delivering marketing messages.
Legal ground of data processing: the consent of the data subject (GDPR Article 6 (1) point a).
Duration of data processing: lifelong, unless requested by the client to delete the account
(2) The scope of data processed in the case of an order: billing data (name, address, tax registration number)
Legal ground for data processing: performance of the contract (GDPR Article 6 (1) point b).
Duration of data processing: until the services are retained
The recipients of personal data and the categories of recipients: the employees of the Company performing tasks regarding customer service and marketing activity, as data processors: Mailchimp, Hubspot, Amazon.
- Contact data of natural person representatives of legal person clients, customers, and suppliers
(1) The scope of personal data subject to processing: name, address, telephone number and e-mail address of the natural person.
(2) The purpose of processing the personal data: performance of the contract concluded with the legal person partner of the Company, business engagement.
Legal ground: the consent of the data subject (GDPR Article 6 (1) point a).
(3) The recipients of personal data and the categories of recipients: the employees of the Company performing marketing tasks.
(4) The retention period of personal data: for 5 years from the end of the business relationship and the capacity of the data subject as representative.
(5) The legal person partner of the Company and its representative are held liable for the accuracy, credibility and lawfulness of the data given to the Company.
8. Data processing of visitors on the website of the Company / Cookie Policy
(1) Cookies are short data files placed by the visited website on the user’s computer. Cookies are small files containing a line of characters that is placed on the device of the user when the user visits a website. The purpose of cookies is to facilitate the particular info communication internet services and to make it more convenient. When the user repeatedly visits such site, the website will be able to recognise the browser of the user owing to the cookies. The cookies may store user settings (e.g. chosen language) and other information. Amongst others, cookies collect information of the visitor and his or her device, they remember the settings of the visitor and may be used for example when using online shopping carts. Generally, cookies facilitate the use of the website, help the website in providing a real online experience to users and are used as an effective source of information. They also allow the operator of the site to inspect the operation of the site, the prevention of abuses and to provide the services of the website in an uninterrupted manner and in proper quality.
(2) There are several types of cookies, but generally they may be divided into two categories. One of them is the category of temporary cookies only placed by the website on the device of the user during a particular session (e.g. during the security authentication of an online banking transaction), the other type being the permanent cookie (e.g. the language setting of a particular website), that stays on the computer unless deleted by the user. Pursuant to the directives of the European Commission, cookies may only be placed on the device of the user upon the consent of the same (unless the cookies are essentially necessary for using the particular services).
(3) In the case of cookies not subject to the user’s consent, information shall be provided during first visit of the website. It is not required to display the entire text of the information pertaining to cookies on the website, it is sufficient if the website operators briefly summarise the essence of the information and refer to the accessibility of the complete information through an URL.
(4) In the case of cookies subject to consent, the information may be related to the first visit of the website if the data processing related to the use of cookies commences upon visiting the site. If the use of the cookies is related to the use of the function expressly requested by the user, the information may be displayed in relation to the use of such function. In this case, it is not necessary to display the entire text of the information pertaining to cookies, it is sufficient to display a short summary on the essence of the information and to refer to the accessibility of the full information through an URL.
(5) The information contained in cookies is stored only for the strictly necessary period, which shall not, in any case, exceed 1 year. At the end of this period, Users and/or Subscribers will have to renew their consent for the installation of cookies.
(6) Users and/or Subscribers are informed that they can prevent cookies from being saved on any hardware by changing the settings of their browser. Users and/or Subscribers can accept or refuse cookies used by the website entirely or partially. However, refusing cookies may prevent normal operation of OPTIMONK services.
- Information of the use of cookies
(1) In accordance with general practice, our Company also uses cookies on its website. Our Company’s website will record and process the following data of the visitor and the device used by the same for browsing during the use of the website:
- IP address used by the visitor,
- browser type,
- features of the operation system of the device used for browsing (set language),
- time of visit,
- the visited (sub)site, function or services.
(2) It is not mandatory to accept and approve the use of cookies. You may reset the settings of your browser to reject all cookies or to warn you when a cookie is being sent. Although most browsers accept cookies by default, these settings may be changed so that automatic acceptance may be prevented, and the possibility of choice will be offered each time.
For more information on the cookie settings of the most popular browsers, see the following URLs:
- Google Chrome: https://support.google.com/accounts/answer/61416?hl=hu
- Firefox: https://support.mozilla.org/hu/kb/sutik-engedelyezese-es-tiltasa-amit-weboldak-haszn
- Microsoft Internet Explorer 11: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-11
- Microsoft Internet Explorer 10: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-10-win-7
- Microsoft Internet Explorer 9: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-9
- Microsoft Internet Explorer 8: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-8
- Microsoft Edge: http://windows.microsoft.com/hu-hu/windows-10/edge-privacy-faq
- Safari: https://support.apple.com/hu-hu/HT201265
Besides all the above, we would like to warn you that some website functions or services will not operate properly without cookies.
(3) The cookies used on the website are not suitable to identify the person of the user.
- Cookies used on the website of the Company
(1) Technically essential session cookies
These cookies are necessary for visitors to browse the website, to use its functions fully and without interruptions, with special regard to remembering the operations made by a visitor on a particular site during a visit. The period of data processing of such cookies only pertain to the actual visit of the visitor, at the end of the session, and by closing the browser, this type of cookies will be automatically deleted from the device.
Data processed: OptiMonkClient, OptiMonkClientId, OptiMonkSession, omLastFilled
The legal ground for processing in this case is Paragraph (3) of Section 13/A of Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services.
The purpose of data processing: ensuring the proper operation of the website.
(2) Cookies requiring consent
These cookies provide an opportunity to the Company to remember the choices of the user related to the website. Prior to using the services and during the same, the Visitor may prohibit such data processing at any time. These data may not be associated with the identification data of the user and may not be transferred to a third party without the consent of the user.
(3) Cookies facilitating use
The legal ground for data processing is the consent of the data subject (GDPR Article 6 (1) point a).
The purpose of data processing: Increasing the effectiveness of the services, bettering user experience and making the use of the website more comfortable.
The period of data processing: 5 years.
(4) Cookies ensuring performance
Google Analytics cookies – for more information see:
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
Google AdWords cookies – for more information see:
https://support.google.com/adwords/answer/2407785?hl=hu
- Community guidelines / Data processing on the Facebook page of the Company
(1) The Company maintains a Facebook page for the purpose of introducing and promoting its products and services.
(2) Questions asked on the Facebook page of the Company may not be construed as a complaint lodged officially.
(3) The personal data published by the visitors on the Facebook page of the Company are not processed by the Company.
(4) The Data Privacy and Services Terms and Conditions of Facebook are applicable to the visitors.
(5) In the case of publishing unlawful or offensive content, the Company may remove the data subject from the members or may delete his comment without giving prior notice to the same.
(6) The Company may not be held liable for any data content or comments made by Facebook users violating any laws. The Company may not be held liable for any defects or operational irregularities arising from the operation of Facebook or any problems arising from the change of operation of the system.