Last updated: 2023-03-26
for SaaS First, provided by GBD Software as a Service Private Limited Company
Who are we, as the Data Controller?
How do we collect your Personal Data?
Why we collect your Personal data - Record of processing activities
How do we protect your Personal Data?
How long do we use Personal Data for?
Sharing information with others
Third parties that provide services
What are your data protection rights?
Please read this privacy policy („Privacy Policy”) carefully to understand how the Data Controller uses the Personal Data (“PD”) we collect from you when you visit or use our Website.
The aim of this Privacy Policy is to inform you about the data processing activities as required by Articles 13 and 14 of the GDPR.
Articles 13 and 14 of the GDPR are about providing transparent information to Customers about how their PD are collected, used, consulted or otherwise processed.
The main difference between them is that Article 13 applies when PD are collected from the Customer, while Article 14 applies when PD are obtained not from the Customer.
This means that Article 13 requires providing privacy information at the time of obtaining the data, while Article 14 requires providing it within a reasonable period after obtaining the data or at least before further processing.
This Privacy Policy applies when we are acting as a data controller with respect to the following PD of our Website Visitors, our User and our Customers.
The Data Controller, who determines the purpose and manner in which your PD is used, is GBD Software as a Service Private Limited Company, a company incorporated under the laws of Hungary, seated: Szikra tanya 93., Lakitelek, 6065, Hungary. Tax number: HU27325162, Company Reg. Number: 03-10-100682 (hereinafter referred to as: “Data Controller”, „Provider”, „Service Provider”, „we”, or „us”). See further definitions as per our Terms of Service.
We collect Personal Data (“PD”) from the following main sources:
The main goal of our data collection is to provide our Users with PD of their Customers, in order to help them run email, chat, popup and browser push marketing campaigns and to use our AI-chatbot service to provide customer support to them.
Our users are able to filter this database in detail in our system in order to send targeted chat, popup, email marketing or browser push notifications to you.
Even though not legally required by Article 30 GDPR based on the size of our Company, we are maintaining a Record of processing activities („ROPA”), in order to inform our Customers and the Customers of our transparent handling of PD.
You shall find the ROPA as Appendix 1 of this Privacy Policy.
This Privacy Policy and our ROPA contains the provision of all data required by the aforementioned GDPR articles.
In our case, the information to be provided where PD are collected from the Customer (Article 13 GDPR) refers to our Users), while the information to be provided where PD have not been obtained directly from the Customer refers to the PD of our Customers, as their PD is provided to us by our Users.
The GDPR requirements we are fulfilling by giving transparent information are the following:
By accessing or using the Website or the Services, you undertake to understand this Privacy Policy about the collection, transfer, storage, disclosure, and use of your PD as described below. Our Services also incorporate privacy controls which affect how we will process your PD. Please refer to the title “What are your data protection rights” for a list of rights with regard to your PD and how to exercise them.
This Policy may change from time to time. If there is a major change in our Privacy Policy which would substantially affect or is likely to substantially affect Customers and their rights, we are going to notify our Users based on the DPAs, in their respective user accounts.
In order to avoid unauthorized use of PD and to avoid misuse of such data, Provider has taken comprehensive technical and operational safety measures. Our safety procedures have regularly been controlled and improved in harmony with technological development, such as:
Please be aware, though, that despite our efforts, no security measures are perfect or impenetrable. We cannot ensure, and do not warrant or guarantee, that the information you transmit to the Provider will remain secure, nor do we guarantee that this information will not be accessed, disclosed, altered, destroyed or used in an unauthorized manner.
If we learn of a security breach, we may attempt to notify you electronically so that you can take appropriate protective steps. If you have any questions about the security of your personal information, please contact us as indicated in the ‘Contact Us’ section below.
The PD that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by companies operating outside the EEA who work for us or for one of our service providers. If we do this we ensure that your privacy rights are respected in line with this Privacy Policy.
We will not keep your PD longer than we need to, and we will only use your PD for the purposes set out in this Privacy Policy and ROPA. We will always keep your PD in accordance with applicable legal and regulatory requirements.
In case we process your Personal Data based on your consent Provider will keep your PD until you withdraw your consent given to the data processing. Once you withdraw your consent, we will delete your data permanently.
Without withdrawing your consent we will keep your Personal Data for up to 1 year following we stopped providing you with our services.
In case we process your Personal Data based on our legitimate interest, we will terminate the processing and delete your Personal Data as soon as we have no further legitimate interest for the processing.
We use cookies and similar tracking technologies to collect and use Personal Information about you, including to serve interest-based advertising. For further information about the types of cookies and tracking technologies we use, why, and how you can control them, please see our Cookie Policy.
We ask that you not send us, and you not disclose, on or through the Services or otherwise to us, any Sensitive Personal Data (e.g., any government-issued identification number; credit or debit card details or financial account number, with or without any code or password that would permit access to the account; or information on race, religion, ethnicity, sex life or practices or sexual orientation, medical or health information, genetic or biometric information, biometric templates, political or philosophical beliefs, political party or trade union membership, or information on any judicial or administrative proceedings).
The Services are not directed to individuals under the age of sixteen (16), and we request that they not provide Personal Data through the Services.
In certain situations, Provider may share your PD with third parties.
These companies may only process personal information pursuant to our instructions and in compliance both with this Privacy Policy and other applicable confidentiality and security measures and regulations.
Specifically, we do not permit these companies to use any personal information we share with them for their own marketing purposes or for any other purpose than in connection with the services they provide to us.
Please see the Annex of Processors as an appendix to this Privacy Policy.
These companies may only process personal information pursuant to our instructions and in compliance both with this Privacy Policy and other applicable confidentiality and security measures and regulations.
Specifically, we do not permit these companies to use any personal information we share with them for their own marketing purposes or for any other purpose than in connection with the services they provide to us.
We will use and disclose Personal Data as we believe to be necessary or appropriate:
We may use and disclose Other Data for any purpose, except where we are not allowed to under applicable law.
Provider would like to make sure you are fully aware of all of your data protection rights. Every Customer is entitled to the following:
The right to express and withdraw your consent - If we ask for consent to process your Data, you can always choose to give it or not. We inform you about the right to withdraw your consent before giving consent. In our Service, we never ask for one consent for different Personal Data processing operations.
Withdrawal of your consent is effective upon execution, and it does not affect the lawfulness of processing based on the consent before you withdraw it. You can always withdraw your consent without detriment. It may, however, render you unable to use some of the features of the Service.
If you no longer wish to receive emails from us, you can use the unsubscribe link at the bottom of any of our communications, or by sending a letter to: GBD Software as a Service Private Limited Company at: Szikra tanya 93., Lakitelek, 6065, Hungary.
For information on your choices related to Cookies and Other Data, please read our Cookie Policy.
The right to access – You have the right to request the Provider for copies of your Personal Data. We may charge you a small fee for this service.
The right to rectification – You have the right to request that the Provider correct any information you believe is inaccurate. You also have the right to request the Provider to complete the information you believe is incomplete.
The right to erasure – You have the right to request that Provider erase your Personal Data, under certain conditions.
The right to restrict processing – You have the right to request that Provider restrict the processing of your Personal Data, under certain conditions.
The right to object to processing – You have the right to object to Provider’s processing of your Personal Data, under certain conditions.
The right to data portability – You have the right to request that Provider transfer the data that we have collected to another organization, or directly to you, under certain conditions.
We have designated a Data Protection Officer – dr. Hám-Szabó Boglárka Barbara (DPO), who you can reach out to about anything related to your Personal Data processing. You can easily contact our DPO. If you would like to exercise any of these rights, please contact us at our email: [email protected]
You also have the right to apply and the right to lodge a complaint with a supervisory authority - You have the right to complain to a supervisory authority concerning the processing of your Personal Data. The supervisory authority in Hungary is the National Authority for Data Protection and Freedom of Information (NAIH). You can contact them at:
Address: H-1055 Budapest, Falk Miksa utca 9-11.
Telephone: +36 1 391 1400
Email: [email protected]
Website: http://www.naih.hu/
If you have any questions about Provider’s Privacy Policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us: Email us at: [email protected], or write to GBD Consulting and Services Private limited company by shares at Szikra tanya 93., Lakitelek, 6065, Hungary.
Annex 1 - Record of processing activities
Annex 2 - List of data processors