Privacy Policy

Our company in this Privacy Policy presents what there is to know about data processing (not only those related to our chatbots), the data protecting and processing principles our Company is committed to, and presents those legislative and other requirements that are defined and complied towards its Partners as well as itself: in a brief, transparent, obtainable and easily accessible form, drawn up clearly and plainly.

Our Company's aim with this Privacy Policy is to make it possible for those natural persons involved in the data processing, may it be Clients, Partners, Employees, other Concerned Parties, Subscribers, Suppliers, Trading Agents, End Users, (hereinafter referred to as the Concerned) to be informed prior the processing, by means of this Privacy Policy to gain information about the purpose of processing, the path of processing and to be able to see through and recognize what kind of impact does the given data processing has on their right of informational self-determination and private sector, and to make a decision regarding the consent to data processing, based on that.

Since basically we do not work on our own, but in order to operate our chatbot service more effectively we invoke the different social media sites of our Partners and the Partners' chat widget platforms embedded in their website, therefore we kindly ask you to also study the information about data protection of the platforms you are using, since our Company is obligated by these third party data protection practices and policies, as well as its own regulations.

This Privacy Policy is constantly available on the home page of our Company's website, at https://talkabot.net/ noting that our Company reserves the right to modification. We do notify the concerned parties about all modification prior and in due time.

Legal Framework

Our data processing principles are in accordance with the data protection laws being in force, hence in particular with the followings:

• Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data
• Act CXII of 2011 on Informational Self-Determination and Freedom of Information
• Act V of 2013 on the Civil Code
• Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services
• Act C of 2003 on Electronic Communications
• Act CLV of 1997 on Consumer Protection
• Act CLXV of 2013 on Complaints and Public interest Disclosures
• Act I of 2012 on the Labor Code
• Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities

Definitions

"Platform": applications, and other popular social platforms and chat widgets embedded in website through which the end users use the Chatbot Services.

"End user": the clients/subscribers/partners of our Partners, namely each natural person or legal entity, unincorporated other organization, who or that use the Chatbot Services on the Platforms of our Partners, register on the Platforms to use the Chatbot Services, and use the functions of the Chatbot Services, and as part of that they provide – at their option – their data.

"Chatbot service": intelligent chatbot technology providing automatic communication accessible for the End Users and tailor made by our Company alongside the expectations of our Partners. Our chatbots simulate a conversation with the End User, provide information and services to them.

Our Company

• Name: Talk-A-Bot Kft.
• Seat: 1114 Budapest, Bartók Béla út 29. 1. emelet 4.
• Registration No.: 01-09-286391
• Tax No.: 25735967-2-43
• Website: https://talkabot.net/
• E-mail: info@talkabot.net
• Represented by: Ákos Gyula Deliága, Gergely Ákos Kalydi managing director, each individually

Based on Article 37 of GDPR our company is not obliged to designate a data protection officer, however we do accept your data protection related questions at the following e-mail: dpo@talkabot.net

Data Transmission

Our Company in order to provide a high-quality service claims the services of the third-party suppliers, data (sub-) processors, in certain cases also considered as individual data controllers.

Our data processors are under obligation of secrecy and contractual guarantee for preserving the personal data gained during the performance of their assignment, and they process the personal data solely for the purpose and according to the instructions defined in the contract obtained between them. In case we change the range of our partners, the modifications will be transcribed in this Policy.

Additionally, there are external service providers, to whom – either directly or indirectly – in order to provide services personal data are transferred or could be transferred. External service providers are those service providers as well, with whom the data controller are not in a contractual relationship, however for providing service to our Partners – either by the contribution of the Concerned or without a contribution – due to they have access to the platforms and the data available on those platforms, hereby they could collect data about the Concerned and all end users' activity, from which in certain cases end users could be identified.

External service providers are considered as individual data controllers and hereby they define the aim and framework of the data controlling individually in accordance with their own privacy policy. Such external service providers are the following ones, for example, in case you are interacting with the relevant platforms: Facebook Ireland LTD, Google LLC, Instagram LLC, Twitter International Company, Viber Media LLC.

About Our Data Processing, Purposes and Principles

Together with our Partners it is our priority aim to protect the personal data of the data subject and to respect the right of informational self-determination of the data subjects, to protect their private sector, therefore we handle the personal data confidentially and take all security, technical and organizational measures that guarantee the safety of such data.

We can say in general about our data controlling, that we take into account the following principles:

• "Lawfulness, fairness and transparency": we process personal data lawfully, fairly and in a transparent manner in relation to the data subject.
• "Purpose limitation": personal data collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
• "Data minimization": adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
• "Accuracy": accurate and, where necessary, kept up to date scope of data; we take every reasonable step to ensure that personal data that are inaccurate are erased or rectified without delay.
• "Storage limitation": while choosing the storage form, we focus on that the personal data shall be identified for no longer than is necessary for the purposes for which the personal data are processed.
• "Integrity and confidentiality": we process data in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

Our Company cooperates in good faith and according to the requirements of transparency and righteousness with data subjects during data controlling. Our Company controls only those data provided in the law or provided by data subjects, for the data controlling purposes listed in the following.

Our Company does not transfer the processed personal data to any third party, beside the Processors and Outside suppliers included in the present Informative. An exception to these provisions is the use of data in a statistically cumulated form that must not include data suitable for the identification of the User concerned.

The data subjects are entitled to withdraw their consent at any time. The withdrawal of consent does not affect the legality of processing based on consent prior the withdrawal.

Chatbot Service-Related Data Processing

Purpose

The operation of Chatbot application at Partners, providing Chatbot Service. In more details: the first step of familiarizing with the bot after establishing contact with the chatbot is the understanding of the related informative about data processing and expressing its content. In the absence of adaption, the bot notes that data subject does not wish to have a closer look at the bot.

In conjunction with our Chatbot services, the data provided by the End User is controlled and processed by our Company with the following purpose: effective providing of Chatbot Service; identification of end users registered on Platform; the use of Chatbot Services available on Platforms; providing information for the users registered on the Platform regarding the functioning of Chatbot Services; solving operational problems; establishing a contract, defining and modifying its content, implementing the contract and following its implementation, invoicing the related charges, as well as exercising the related legal claims; ensuring the communication between our Partners and the End User; performing Customer Service tasks, complaint-handling; the usage of data for cumulated, anonymized and statistical purpose; facilitating and ensuring the payment activity; increasing efficiency, improving operation and development of Platform; personalizing and customizing the account of End User on Platform.

Legal Base

GDPR article 6. section (1) point a) – the data subject has given consent to the processing of his or her personal data for one or more specific purposes. GDPR article 6. section (1) point f) – legitimate interest of the data controller.

Scope of Controlled Personal Data

Data strictly necessary for the operation of chatbot and made available based on the standard settings of the Platform chosen by Customer, in particular: App user ID, user name, profile picture URL, as well as any other data provided by End User in the Chatbot interaction; in case of Viber the data also shared with the platform (Viber ID, telephone number); data given by Customer for identification purpose (e.g. internal identifier, business e-mail address, e-mail address, phone number, address, data of premises/location, certain characters of tax ID and/or social security number). Beyond this, the platform used by user for the service, language, date of registration, data given during chat communication.

Duration of Data Processing

Until data subject has withdrawn his/her consent. After one year from the last activity of the End User (if the End User does not use again the chatbot service within one year from the last activity) the personal data of chatbot conversations are anonymized (ID is separated from the End User). After five years of the last activity all data of the chatbot conversation is deleted.

Contracting Partners Data Processing

Purpose

Our Company with the legal ground of the performance of the contract processes the data of partners contracting as buyer, supplier and their contact persons with the aim of entering into, performing, terminating a contract or to provide benefit.

Legal Base

Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract [Article 6. (1) point b) of GDPR].

Scope of Controlled Personal Data

Name, birth name, date of birth, mother's name, address, tax code, tax number, number of self-employment farmer card, number of ID card, seat, address of establishment, phone number, e-mail address, website address, bank account number, buyer number, online identification of natural person.

Duration

Our Company processes the personal data provided in the contract for 8 years following the termination of the relationship providing the legal base, taking into account the performance of accounting and tax related obligations, as well as 5 years following the existence of contact quality.

Job Applicant Data Processing

Purpose

In case of applying for a position at our Company, the application file submitted to jobs@talkabot.net by the applicant is controlled by our Company during the implementation of the selection process and the selection, understanding the professional and human values, level of education, previous work experience of applicants in order to find the best candidate to fill the vacant position.

Legal Base

Consent of data subject [point a) paragraph (1) of Article 6 of GDPR], having regard that with submitting the application file to our Company, data subject indicates clearly and actively its consent of controlling their personal data submitted upon applying.

Scope of Controlled Personal Data

Personal data included in application file submitted to our Company, thus CV and motivation letter in the first place.

Duration

Solely until the position has been filled, but maximum up to 1 year.

Tax and Accounting Obligations

Purpose

Our Company, in order to perform the tax and accounting related obligations provided by law, controls the personal data provided in the law of those entering into contract with them as buyer or supplier.

Legal Base

Processing is necessary for compliance with a legal obligation to which the controller is subject [point c) paragraph (1) of Article 6 of GDPR].

Duration

Based on Section 169 (2) of the Act of 2000 on Accounting, 8 years after termination of relationship providing the legal base.

Contact Request Data Processing

Purpose

Anyone may get in touch with our Company on our website. In case our Company receives any requests, our Company is controlling the questions and all content of those requests in order to answer the requests addressed to our Company.

Legal Base

Consent of data subject [point a) paragraph (1) of Article 6 of GDPR], having regard that with addressing the requests to our Company, data subject indicates clearly and actively its consent of controlling their personal data.

Scope of Controlled Personal Data

Personal data included in the requests, thus primarily name, e-mail address, phone number, subject of the request and all information which is shared with our Company.

Duration

Until the request is answered fully, but maximum up to 1 year.

Newsletter Data Processing

Purpose

Every now and then our Company sends information on new chatbot solutions, reports about our operating chatbots and chatbot news from all over the world.

Legal Base

Consent of data subject [point a) paragraph (1) of Article 6 of GDPR], having regard that with subscribing for our services, data subject indicates clearly and actively its consent.

Scope of Controlled Personal Data

Primarily e-mail address and name used for subscription.

Duration

Until the individuals unsubscribe from the newsletter services.

Further Information

The transmission of the data of data subjects must take place solely within the framework specified in legislation. For the purpose of providing information, reporting data or making papers available, the court, the public prosecution and other authorities shall contact our Company. In these cases, we must obey our obligation of providing data, but solely up to an extent that is absolutely necessary to attain the aim of the enquiry.

We protect the personal data with appropriate technical and other measures, also ensure the protection and availability of the data, as well as protect them against being accessed unauthorized, modified, damaged and published and unauthorized used. Our Company shall do everything in its power to make the processes as safe as possible.

Together with our Partners we take the measures as prescribed in GDPR regulation Article 32, that is to say, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: pseudonymization and encryption of personal data; the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

Rights and Judicial Remedy

Data subjects about data controlling are entitled to ask for information, ask for the rectification, modification and supplementation of their personal data, object to the data controlling and to ask for the deletion of their data (with the exception of the statutory data controlling), seek judicial remedy, issue a claim or to initiate a procedure at the supervisory authority.

Supervisory Authority: National Agency for Data Protection (Postal address: PO Box: 603, Budapest, H-1374; Address: Falk Miksa street 22/c, Budapest, H-1055; phone: +36-1-391-1400, fax: +36-1-391-1410, e-mail: ugyfelszolgalat@naih.hu, web: www.naih.hu).

However, we kindly ask you to contact our Company before turning to supervisory authority or court with your complaint in order to consult and solve the arisen problem as quickly as possible. Our Company undertakes the task of providing information at the request of the data subjects about their controlled and processed data, about their sources, about the purpose and basis of processing, about the duration of processing, and about the circumstances, effects of personal data breach and the measures taken to control them and prevent them from happening. We shall provide information regarding these types of inquiries as soon as possible, up to a maximum of 1 month.

In case of objecting to data processing, our Company shall examine the objection within less than 1 month upon submitting the request. We will give a written report about the decision of our Company. In case of justified opposition, we shall terminate the processing and delete the concerned data.