OptiMonk Privacy Policy
(for Clients)
The Clients of OptiMonk are generally companies, therefore, the processing of company data is generally not subject to the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR or Regulation). However, it is possible that, in spite of the aforementioned, you provide data qualifying as personal data to us (e.g. telephone number), therefore, we comply with the provisions of Regulation regarding the processing of your data.
All employees of OptiMonk agree to protect the personal data obtained in the course of their work in a confidentiality agreement.
1. Data Controller
Name of data controller: OptiMonk International Zrt. (OptiMonk or Company or we)
Principal Office: 4028 Debrecen, Kassai út 129.
support@optimonk.com, + 36 1-415-800-4445
VAT No.: 26335498-2-09
2. Information of the use of cookies / Cookie Policy
(1) In accordance with general practice, our Company also uses cookies on its website. Our Company’s website will record and process the following data of the visitor and the device used by the same for browsing during the use of the website:
- IP address used by the visitor,
- browser type,
- features of the operation system of the device used for browsing (set language),
- time of visit,
- the visited (sub)site, function or services.
(2) It is not mandatory to accept and approve the use of cookies. You may reset the settings of your browser to reject all cookies or to warn you when a cookie is being sent. Although most browsers accept cookies by default, these settings may be changed so that automatic acceptance may be prevented, and the possibility of choice will be offered each time.
For more information on the cookie settings of the most popular browsers, see the following URLs:
- Google Chrome: https://support.google.com/accounts/answer/61416?hl=hu
- Firefox: https://support.mozilla.org/hu/kb/sutik-engedelyezese-es-tiltasa-amit-weboldak-haszn
- Microsoft Internet Explorer 11: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-11
- Microsoft Internet Explorer 10: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-10-win-7
- Microsoft Internet Explorer 9: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-9
- Microsoft Internet Explorer 8: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-8
- Microsoft Edge: http://windows.microsoft.com/hu-hu/windows-10/edge-privacy-faq
- Safari: https://support.apple.com/hu-hu/HT201265
Besides all the above, we would like to warn you that some website functions or services will not operate properly without cookies.
(3) The cookies used on the website are not suitable to identify the person of the user.
(4) Cookies are short data files placed by the visited website on the user’s computer. Cookies are small files containing a line of characters that is placed on the device of the user when the user visits a website. The purpose of cookies is to facilitate the particular info communication internet services and to make it more convenient. When the user repeatedly visits such site, the website will be able to recognise the browser of the user owing to the cookies. The cookies may store user settings (e.g. chosen language) and other information. Amongst others, cookies collect information of the visitor and his or her device, they remember the settings of the visitor and may be used for example when using online shopping carts. Generally, cookies facilitate the use of the website, help the website in providing a real online experience to users and are used as an effective source of information. They also allow the operator of the site to inspect the operation of the site, the prevention of abuses and to provide the services of the website in an uninterrupted manner and in proper quality.
(5) There are several types of cookies, but generally they may be divided into two categories. One of them is the category of temporary cookies only placed by the website on the device of the user during a particular session (e.g. during the security authentication of an online banking transaction), the other type being the permanent cookie (e.g. the language setting of a particular website), that stays on the computer unless deleted by the user. Pursuant to the directives of the European Commission, cookies may only be placed on the device of the user upon the consent of the same (unless the cookies are essentially necessary for using the particular services).
(6) In the case of cookies not subject to the user’s consent, information shall be provided during first visit of the website. It is not required to display the entire text of the information pertaining to cookies on the website, it is sufficient if the website operators briefly summarise the essence of the information and refer to the accessibility of the complete information through an URL.
(7) In the case of cookies subject to consent, the information may be related to the first visit of the website if the data processing related to the use of cookies commences upon visiting the site. If the use of the cookies is related to the use of the function expressly requested by the user, the information may be displayed in relation to the use of such function. In this case, it is not necessary to display the entire text of the information pertaining to cookies, it is sufficient to display a short summary on the essence of the information and to refer to the accessibility of the full information through an URL.
(8) The information contained in cookies is stored only for the strictly necessary period, which shall not, in any case, exceed 1 year. At the end of this period, Users and/or Subscribers will have to renew their consent for the installation of cookies.
(9) Users and/or Subscribers are informed that they can prevent cookies from being saved on any hardware by changing the settings of their browser. Users and/or Subscribers can accept or refuse cookies used by the website entirely or partially. However, refusing cookies may prevent normal operation of OPTIMONK services.
Cookies used on the website of the Company
(1) Technically essential session cookies
These cookies are necessary for visitors to browse the website, to use its functions fully and without interruptions, with special regard to remembering the operations made by a visitor on a particular site during a visit. The period of data processing of such cookies only pertain to the actual visit of the visitor, at the end of the session, and by closing the browser, this type of cookies will be automatically deleted from the device.
Data processed: OptiMonkClient, OptiMonkClientId, OptiMonkSession, omLastFilled
The legal ground for processing in this case is Paragraph (3) of Section 13/A of Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services.
The purpose of data processing: ensuring the proper operation of the website.
(2) Cookies requiring consent
These cookies provide an opportunity to the Company to remember the choices of the user related to the website. Prior to using the services and during the same, the Visitor may prohibit such data processing at any time. These data may not be associated with the identification data of the user and may not be transferred to a third party without the consent of the user.
(3) Cookies facilitating use
The legal ground for data processing is the consent of the data subject (GDPR Article 6 (1) point a).
The purpose of data processing: Increasing the effectiveness of the services, bettering user experience and making the use of the website more comfortable.
The period of data processing: 5 years.
(4) Cookies ensuring performance
Google Analytics cookies – for more information see:
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
Google AdWords cookies – for more information see:
https://support.google.com/adwords/answer/2407785?hl=hu
3. Data processing on the website
Registration on the website of the Company
Registration on the website is also required to use the OptiMonk application. The separate privacy policy related to the application is available at the link below.
The data subject to processing: name of the natural person (first name and last name), telephone number, e-mail address, online ID.
The purpose of data processing:
- Registration to the FREE planl (creation of the client’s own OptiMonk account)
- Contact by enquiries made electronically or via telephone.
- Information of the products and services of the Company.
- Analysis of the use of the website.
The legal ground for data processing: the consent of the data subject (GDPR Article 6 (1) point a).
The recipients of personal data and the categories of recipients: the employees of the Company performing tasks regarding customer service and marketing activity, as data processors:
Admin interfaces of OptiMonk accounts, Mailchimp (The Rocket Science Group, LLC), Hubspot, Zendesk (Zendesk Inc.), Unbounce, Intercom, Mixpanel, Outreach, Zoho softwares.
The retention period of personal data: 5 years or until the consent of the data subject has been withdrawn (erasure request).
Data processing related to promotional materials and newsletter services
The natural person registering for the promotional materials and newsletter services on the website may give his consent to the processing of his personal data by ticking the relevant check-box. Ticking the checkbox in advance is prohibited. The Privacy Notice (annex) shall also be displayed during the subscription process with an URL. The data subject may unsubscribe from the newsletter by means of the “unsubscribe” application of the newsletter, in writing, or by a statement made via e-mail at any time, which act shall be construed as the withdrawal of the consent. In such case, any and all data of the subscriber shall be erased.
The scope of personal data to be processed: the name (first name, last name) and e-mail address of the natural person.
The purpose of processing the personal data:
- Sending newsletters in the matter of the products and services of the Company.
- Sending promotional materials.
- Information of the products, services, terms and discounts of the Company.
Legal ground for processing: the consent of the data subject (GDPR Article 6 (1) point a).
The recipients of personal data and the categories of recipients: the employees of the Company performing tasks regarding customer service and marketing activity, as data processors:
Admin interfaces of OptiMonk accounts, Mailchimp (The Rocket Science Group, LLC), Hubspot, Zendesk (Zendesk Inc.), Unbounce, Intercom, Mixpanel, Outreach, Zoho softwares.
The retention period of personal data: until the client unsubscribes from the newsletter services, or until the consent of the data subject has been withdrawn (erasure request).
Customer service
The employees of the Customer Service are responsible for assisting the clients of OptiMonk International Zrt. in relation to the operation of the OptiMonk campaigns in the following ways:
- Via an e-mail submitted to support@optimonk.com or to a private business e-mail address of one of the customer support representatives.
- Via phone.
- Via 1-on-1 meeting scheduled in advance.
Contact data of natural person representatives of legal person clients, customers, and suppliers
(1) The scope of personal data subject to processing: name, address, telephone number and e-mail address of the natural person.
(2) The purpose of processing the personal data: performance of the contract concluded with the legal person partner of the Company, business engagement.
Legal ground: processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (GDPR Article 6 (1) point f).
(3) The recipients of personal data and the categories of recipients: the employees of the Company performing marketing tasks.
(4) The retention period of personal data: for 5 years from the end of the business relationship and the capacity of the data subject as representative.
(5) The legal person partner of the Company and its representative are held liable for the accuracy, credibility and lawfulness of the data given to the Company.
4. Data processing for performing tax and accounting obligations
On the legal grounds of fulfilling legal obligation (GDPR Article 6 (1) point c), the Company may process the data of natural persons specified in laws entering into a business relationship with the Company, either as a customer or supplier, for the purpose of fulfilling statutory tax and accounting obligations (accounting, taxation). The data processed in this manner include the following specifically pursuant to Section 169 and 202 of Act CXXVII of 2007 on Value Added Tax: name, address, designation of the person or organisation ordering the transaction, the signature of the person certifying the execution of the order and, depending on organisation, the signature of the auditor, the signature of the recipient on the documents of stock movements and money management, and the signature of the payer on counter receipts, based on Act CXVII of 1995 on Personal Income Tax: the business licence number, the ID card number of small-scale producers and the tax ID number of the same.
The retention period pertaining to the personal data is eight (8) years following the termination of the legal relationship providing grounds for data processing.
Recipients of the personal data: the finances staff of the Company and the accountant data processor of Innonic Group Zrt.
The programs used by finances staff:
Számlázz.hu – billing program
Zoho – administrative system
BrainTree – data of credit card payment
5. Data transfer, data processors
We record the contact and billing data provided by you in the following programs (we work with the following data processors):
MailChimp
c/o The Rocket Science
Group, LLC
675 Ponce de Leon Ave NE
Suite 5000
Atlanta, GA 30308
MOSS No. EU 826 477 914
Service or task: e-mail marketing automation scope of transferred data: e-mail address, first name, last name, and phone number of the user are collected with a purpose of contact with a user because of marketing purposes.
Hubspot
25 First Street, 2nd Floor
Cambridge, MA 02141
United States
Service or task:CRM system scope of transferred data: e-mail address, first name (and last name if provided), company name, phone number of the user with a purpose of user history storage.
Zoho Corp
Federal ID 80-0722734
4141 Hacienda Drive
Pleasanton California 94588
Service or task: ERP System scope of transferred data: e-mail address, company name and billing address of the user with a solely purpose of invoice storage of the user.
DigitalOcean, LLC
101 Avenue of the Americas, 10th Floor
New York, NY 10013
(We use only their EU data centers (Frankfurt))
Service or task: Server hosting provider.
Zendesk
Zendesk, Inc.
1019 Market St
San Francisco, CA
94103
telefon number: (888) 670-4887
e-mail address: ar@zendesk.com
Service or task: Ticketing system provider scope of transferred data: e-mail address and name of the user provided when the e-mail has been submitted to OptiMonk’s support team.
Unbounce
#400 – 401 West Georgia Street
Vancouver, BC V6B5A1
Canada
Service or task: landing page builder
Scope of transferred data: email address (first name and phone number where requested) collected with marketing purposes.
CIB Bank Zrt.
1027 Budapest, Medve u. 4-14.
Service or task: OptiMonk International Zrt Bank account holder
Scope of transferred data: Users Billing address, bank account number used when the payment is completed
Braintree
United States
222 W Merchandise Mart Plaza
Suite 800
Chicago, IL 60654
Service or task: bank card payment processor
Scope of transferred data: bank card details, e-mail address and full name of the user who subscribed with OptiMonk. Data is collected only because of the payment process purposes
Intercom
55 2nd Street
4th Floor
San Francisco, CA 94105
Service or task: online chat support and intelligent in-app message provider
Scope of transferred data: all the personal data of the users are collected which is provided during the time of the registration
Logrocket
87 Summer St.
Boston, MA 02110
e-mail address: support@logrocket.com
Service or task: collects action based information about the users within their OptiMonk account.
6. You are entitled to the following rights regarding the processing of your data:
The Data Subject can submit his/her request in any way (in writing, electronically or even orally) to the contact details of the Data Controller listed above.
The Data Controller will inform the Data Subject of the decision made following the request without undue delay, but within one month at the latest – which can be extended by another two months if necessary.
Right of access
The Data Subject is entitled to receive feedback from the Data Controller as to whether his/her personal data is being processed, and if so, he/she is entitled to access the personal data and the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed;
- the envisaged period for which the personal data will be stored;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- the source of the personal data;
- the existence of automated decision-making.
Based on Article 15 (3) of the GDPR, the data subject is entitled to request a copy of the data relating to him free of charge, in accordance with the procedure contained in Article 12.
Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure („right to be forgotten”)
The Data Subject may request the deletion of his/her personal data processed by the Data Controller if one of the following reasons exists:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed or the data subject withdraws consent on which the processing is based
- the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2)
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
Right to restriction of processing
At the request of the Data Subject, the Data Controller restricts data processing if one of the following conditions is met:
- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
- the data subject has objected to processing on public interest or legitimate interest, in this case, the restriction applies to the period until it is established whether the legitimate grounds of the controller override those of the data subject.
If the processing is subject to restrictions based on the above, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
Right of data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, with the exceptions listed in Article 20 of the Regulation.
In exercising his or her right to data portability, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
The right to data portability shall not adversely affect the rights and freedoms of others.
Right to object
The Data Subject may object to the processing of his/her personal data if the processing of personal data is necessary solely for the fulfillment of a legal obligation arising from public interest or for the enforcement of the legitimate interests of the Data Controller or a third party.
Automated individual decision-making, including profiling
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
Right to complain and legal remedy
The Data Subject may file a complaint regarding the data management directly with the Hungarian National Data Protection and Freedom of Information Authority (Nemzeti Adatvédelmi és Információszabadság Hatóság, NAIH).
Address: 1055 Budapest, Falk Miksa street 9-11.
Mailing address: 1363 Budapest, P.O.B 9.
Phone number: +36-1-391-1400
E-mail address: ugyfelszolgalat@naih.hu
Website: www.naih.hu
Right to an effective judicial remedy against a controller or processor
Each data subject shall have the right to an effective judicial remedy where he or she considers that his or her rights under the Regulation have been infringed as a result of the processing of his or her personal data in non-compliance with the Regulation.
7. Community guidelines / Data processing on the Facebook page of the Company
(1) The Company maintains a Facebook page for the purpose of introducing and promoting its products and services.
(2) Questions asked on the Facebook page of the Company may not be construed as a complaint lodged officially.
(3) The personal data published by the visitors on the Facebook page of the Company are not processed by the Company.
(4) The Data Privacy and Services Terms and Conditions of Facebook are applicable to the visitors.
(5) In the case of publishing unlawful or offensive content, the Company may remove the data subject from the members or may delete his comment without giving prior notice to the same.
(6) The Company may not be held liable for any data content or comments made by Facebook users violating any laws. The Company may not be held liable for any defects or operational irregularities arising from the operation of Facebook or any problems arising from the change of operation of the system.
Effective from: 24.08.2023.
