Privacy Policy

regarding the OptiMonk application 

OptiMonk International Ltd. provides the following information to the Subscribers and  Users (hereinafter: Data Subjects) in relation to the management of their personal data  related to the use of the OptiMonk application, based on Articles 13 and 14 of the EU’s General Data Protection Regulation (GDPR): 

1. Data Controller’s name and contact details

Name: OptiMonk International Zrt. 

             (hereinafter: OptiMonk) 

Address: 4028 Debrecen, Kassai út 129. 

Phone number: +1-415-800-3057 

E-mail address: support@optimonk.com 

Website: www.optimonk.com

2. Definitions

According to the General Terms and Conditions: 

  • User: any natural (including self-employed) or legal person who uses  OptiMonk’s services within 14 (fourteen) days from the creation of the account. 
  • Subscriber: any user who has subscribed to any subscription plan. 

In the case of a legal person subscriber, the User can also be a natural person acting  on behalf of the Subscriber. 

3. The purposes and legal basis of processing and categories of personal data concerned

3.1 Registration and subscription for natural persons 

Purpose of data processing: user registration in the OptiMonk application, the  identification of Data Subjects and providing access to the application, thereby  ensuring the service included in the contract. 

Data being processed: Name, E-mail address, Telephone number, Google account ID  (optional), IP address 

The data is necessary for the identification and contact of the Data Subject.

In the case of natural person Users, the legal basis for data processing is the consent  of the data subject in accordance with Article 6 (1) point a) of the GDPR during the first  14-day trial period. 

The data subject can freely withdraw his consent at any time. Withdrawal of consent  does not affect the legality of data processing based on consent prior to withdrawal. 

In the case of natural person Subscribers, the legal basis for processing is Article 6 (1)  point b) of the GDPR, data processing is necessary for the performance of a contract  in which the data subject is one of the parties. 

3.2 User registration in the case of a legal entity subscriber 

If the legal person uses the service through a representative of a natural person, the  following applies to the related data processing. 

Purpose of data processing: user registration in the OptiMonk application, the  identification of Data Subjects and providing access to the application, thereby  ensuring the service included in the contract. 

Data being processed: Name, E-mail address, Telephone number, Google account ID  (optional), IP address 

In the case of a User acting on behalf of a legal entity, the legal basis for data  processing – if the User was registered by providing personal data – is the legitimate  interest of the Data Controller and – as a third party – the legal entity [GDPR Article 6  (1) point f)]. 

It is the legitimate interest of the Data Controller and the legal entity Subscriber that  the Subscriber’s employee can use the OptiMonk application within the framework of  the contract between the parties.

4. Period for which the personal data will be stored

The Data Controller also retains the personal data required for issuing the invoice  (name, billing address) even after the service has been completed, in accordance with  Section 169 (2) of the Accounting Act and Section 169 of the VAT Act. in compliance  with its legal obligation [GDPR Article 6 (1) c)]. It is kept for 8 years, solely for the  purpose of fulfilling the accounting obligation. 

The data required for the performance of the contract will be retained until the expiry  of the limitation period set out in the law, as a general rule for 5 years after the  performance of the service. 

Data processed on the basis of consent will be preserved for 2 years after user  registration or until the consent is revoked.

5. Transfer of the data and security measures

OptiMonk’s hosting provider by a data processing agreement is DigitalOcean, LLC (101 Avenue of the Americas, 10th Floor; New York, NY 10013)

The Data Controller ensures the security and lawful use of the data by taking  appropriate technical and organizational measures. Data provided in connection with  the provision of the service will only be handled by OptiMonk employees. 

Additional information about data management not related to the use of the application  can be found in OptiMonk’s General Privacy Policy: 

https://optimonk.com/privacy-policy 

6. Data processing

As part of using the OptiMonk application, personal data is collected in the overlay  windows on the Subscriber’s website and forwarded to the Subscriber in order to  optimize the customer experience of the website, and backups of the data are made  for the reliable and smooth operation of the service. 

With regard to this data, OptiMonk International Zrt. is not considered a Data Controller,  but a Data Processor, who manages personal data for the benefit of the Subscriber.  The parties conclude a data processing agreement about the rules of processing of  the personal data. 

The Subscriber has the option – in the application settings – to turn off backups of the  data, in this case OptiMonk won’t save the data collected on the websites.

7. Rights of the data subject

The Data Subject can submit his/her request in any way (in writing, electronically or  even orally) to the contact details of the Data Controller listed above. 

The Data Controller will inform the Data Subject of the decision made following the  request without undue delay, but within one month at the latest – which can be  extended by another two months if necessary. 

7.1 Right of access by the data subject 

The Data Subject is entitled to receive feedback from the Data Controller as to whether  his/her personal data is being processed, and if so, he/she is entitled to access the  personal data and the following information: 

  • the purposes of the processing; 
  • the categories of personal data concerned; 
  • the recipients or categories of recipient to whom the personal data have been  or will be disclosed; 
  • the envisaged period for which the personal data will be stored; 
  • the existence of the right to request from the controller rectification or erasure of  personal data or restriction of processing of personal data concerning the data  subject or to object to such processing; 
  • the right to lodge a complaint with a supervisory authority; 
  • the source of the personal data;
  • the existence of automated decision-making. 

Based on Article 15 (3) of the GDPR, the data subject is entitled to request a copy of  the data relating to him free of charge, in accordance with the procedure contained in  Article 12. 

7.2 Right to rectification 

The Data Subject may request the correction or completion of his personal data  processed by the Data Controller. 

7.3 Right to erasure 

The Data Subject may request the deletion of his/her personal data processed by the  Data Controller if one of the following reasons exists: 

  • the personal data are no longer necessary in relation to the purposes for which  they were collected or otherwise processed or the data subject withdraws  consent on which the processing is based 
  • the data subject objects to the processing pursuant to Article 21(1) and there  are no overriding legitimate grounds for the processing, or the data subject  objects to the processing pursuant to Article 21(2) 
  • the personal data have been unlawfully processed; 
  • the personal data have to be erased for compliance with a legal obligation in  Union or Member State law to which the controller is subject. 

7.4 Right to restriction of processing 

At the request of the Data Subject, the Data Controller restricts data processing if one  of the following conditions is met: 

  • the accuracy of the personal data is contested by the data subject, for a period  enabling the controller to verify the accuracy of the personal data; 
  • the processing is unlawful and the data subject opposes the erasure of the  personal data and requests the restriction of their use instead; 
  • the controller no longer needs the personal data for the purposes of the  processing, but they are required by the data subject for the establishment,  exercise or defence of legal claims; 
  • the data subject has objected to processing on public interest or legitimate  interest, in this case, the restriction applies to the period until it is established  whether the legitimate grounds of the controller override those of the data  subject. 

If the processing is subject to restrictions based on the above, such personal data shall,  with the exception of storage, only be processed with the data subject’s consent or for  the establishment, exercise or defence of legal claims or for the protection of the rights  of another natural or legal person or for reasons of important public interest of the  Union or of a Member State.

7.5 Right to object 

The Data Subject may object to the processing of his/her personal data if the  processing of personal data is necessary solely for the fulfillment of a legal obligation  arising from public interest or for the enforcement of the legitimate interests of the Data  Controller or a third party. 

7.6 Right to data portability 

The data subject shall have the right to receive the personal data concerning him or  her, which he or she has provided to a controller, in a structured, commonly used and  machine-readable format and have the right to transmit those data to another controller  without hindrance from the controller to which the personal data have been provided,  with the exceptions listed in Article 20 of the Regulation. 

In exercising his or her right to data portability, the data subject shall have the right to  have the personal data transmitted directly from one controller to another, where  technically feasible. 

The right to data portability shall not adversely affect the rights and freedoms of others.

8. Right to complain and legal remedy

The Data Subject may file a complaint regarding the data management directly with  the Hungarian National Data Protection and Freedom of Information Authority  (Nemzeti Adatvédelmi és Információszabadság Hatóság, NAIH). 

Address: 1055 Budapest, Falk Miksa street 9-11. 

Mailing address: 1363 Budapest, P.O.B 9. 

Phone number: +36-1-391-1400 

E-mail address: ugyfelszolgalat@naih.hu 

Website: www.naih.hu 

In the event of a violation of your (the Data Subject) rights, you may go to court.  Adjudication of the lawsuit falls within the jurisdiction of the Regional Court. At the  choice of the data subject, the lawsuit can also be initiated before the Regional Court  of the data subject’s place of residence or temporary residence in Hungary. 

Effective from: 27.03.2023.