Last updated: 22 January, 2021

Our company in this Privacy Policy presents what there is to know about data processing (not only those related to our chatbots), the data protecting and processing principles our Company is committed to, and presents those legislative and other requirements that are defined and complied towards its Partners as well as itself: in a brief, transparent, obtainable and easily accessible form, drawn up clearly and plainly.

Our Company’s aim with this Privacy Policy is to make it possible for those natural persons involved in the data processing, may it be Clients, Partners, Employees, other Concerned Parties, Subscribers, Suppliers, Trading Agents, End Users, (hereinafter referred to as the Concerned) to be informed prior the processing, by means of this Privacy Policy to gain information about the purpose of processing, the path of processing and to be able to see through and recognize what kind of impact does the given data processing has on their right of informational self-determination and private sector, and to make a decision regarding the consent to data processing, based on that.

Since basically we do not work on our own, but in order to operate our chatbot service more effectively we invoke the different social media sites of our Partners and the Partners’ chat widget platforms embedded in their website, therefore we kindly ask you to also study the information about data protection of the platforms you are using, since our Company is obligated by these third party data protection practices and policies, as well as its own regulations.

This Privacy Policy is constantly available on the home page of our Company’s website, at https://talkabot.net/ and/or https://cheqbot.com/ noting that our Company reserves the right to modification. We do notify the concerned parties about all modification prior and in due time.

Our data processing principles are in accordance with the data protection laws being in force, hence in particular with the followings:

• Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data
• Act CXII of 2011 on Informational Self-Determination and Freedom of Information
• Act V of 2013 on the Civil Code
• Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services
• Act C of 2003 on Electronic Communications
• Act CLV of 1997 on Consumer Protection
• Act CLXV of 2013 on Complaints and Public interest Disclosures
• Act I of 2012 on the Labor Code
• Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities.

Definitions

“platform”: applications, and other popular social platforms and chat widgets embedded in website through which the end users use the Chatbot Services

“end user”: the clients/subscribers/partners of our Partners, namely each natural person or legal entity, unincorporated other organization, who or that use the Chatbot Services on the Platforms of our Partners, register on the Platforms to use the Chatbot Services, and use the functions of the Chatbot Services, and as part of that they provide – at their option – their data

“chatbot service”: intelligent chatbot technology providing automatic communication accessible for the End Users and tailor made by our Company alongside the expectations of our Partners. Our chatbots simulate a conversation with the End User, provide information and services to them.

Our Company

Name: Talk-A-Bot Kft.

Seat: 1114 Budapest, Bartók Béla út 29. 1. emelet 4.

Registration No.: 01-09-286391

Tax No.: 25735967-2-43

Website: https://talkabot.net/ and/or https://cheqbot.com/

E-mail: info@talkabot.net

Represented by: Ákos Gyula Deliága, Gergely Ákos Kalydi managing director, each individually

Based on Article 37 of GDPR our company is not obliged to designate a data protection officer, however we do accept your data protection related questions at the following e-mail: dpo@talkabot.net

Data transmission

Our Company in order to provide a high-quality service claims the services of the third-party suppliers, data (sub-) processors available here, in certain cases also considered as individual data controllers:

Our data processors are under obligation of secrecy and contractual guarantee for preserving the personal data gained during the performance of their assignment, and they process the personal data solely for the purpose and according to the instructions defined in the contract obtained between them. In case we change the range of our partners, the modifications will be transcribed in this Policy.

Additionally, there are external service providers, to whom – either directly or indirectly – in order to provide services personal services are transferred or could be transferred, as well as these external service providers could transfer personal data to the data controller. External service providers are those service providers as well, with whom the data controller are not in a contractual relationship, however for providing service to our Partners – either by the contribution of the Concerned (for example connecting the individual account to the service, and in order to make easier the registration or log in the service) or without a contribution – due to they have access to the platforms and the data available on those platforms, hereby they could collect data about the Concerned and all end users’ activity, from which in certain cases – individually or together with other collected data by these external service providers – end users could be identified.

External service providers are considered as individual data controllers and hereby they define the aim and framework of the data controlling individually in accordance with their own privacy policy, they are responsible for their own data controlling.

Such external service providers are the following ones, for example, in case you are interacting with the relevant platforms: Facebook Ireland LTD, Google LLC, Instagram LLC, Twitter International Company, Viber Media LLC

ABOUT OUR DATA PROCESSING, PURPOSES AND PRINCIPLES

Together with our Partners it is our priority aim to protect the personal data of the data subject and to respect the right of informational self-determination of the data subjects, to protect their private sector, therefore we handle the personal data confidentially and take all security, technical and organizational measures that guarantee the safety of such data.

In the agreement concluded between our Company and our Partners for the purpose of providing the Chatbot Services for the End Users of our Partners, based on the assignment and instructions of our Partners we set out in detail the rules of data processing activity carried out by our Company, as well as our related data protection obligations.

We can say in general about our data controlling, that we take into account the following principles:

(i) “lawfulness, fairness and transparency”: we process personal data lawfully, fairly and in a transparent manner in relation to the data subject;

(ii) “purpose limitation”: personal data collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;

(iii) “data minimization”: adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

(iv) “accuracy”: accurate and, where necessary, kept up to date scope of data; we take every reasonable step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;

(v) “storage limitation”: while choosing the storage form, we focus on that the personal data shall be identified for no longer than is necessary for the purposes for which the personal data are processed;

(vi) “integrity and confidentiality”: we process data in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

Our Company cooperates in good faith and according to the requirements of transparency and righteousness with data subjects during data controlling. Our Company controls only those data provided in the law or provided by data subjects, for the data controlling purposes listed in the following. Bearing in mind the purpose of data controlling, we do not control any data more than unjustifiable.

Our Company does not verify the provided personal data, solely the provider is responsible for their adequacy.

Our Company does not transfer the processed personal data to any third party, beside the Processors and Outside suppliers included in the present Informative. An exception to these provisions is the use of data in a statistically cumulated form that must not include in any form such data that is suitable for the identification of the User concerned, therefore does not constitute as Processing, nor transferring.

The data subjects are entitled to withdraw their consent at any time. The withdrawal of consent does not affect the legality of processing based on consent prior the withdrawal.

ABOUT OUR CERTAIN DATA PROCESSING ACTIVITIES

FURTHER INFORMATION

The transmission of the data of data subjects must take place solely within the framework specified in legislation, as in the case of our data processors we ensure the data subjects’ personal data not to be used in contrast to the originally determined aim with the help of contractual term clauses.

For the purpose of providing information, reporting data or making papers available, the court, the public prosecution and other authorities (for example: police, tax office, National Agency for Data Protection) shall contact our Company. In these cases, we must obey our obligation of providing data, but solely up to an extent that is absolutely necessary to attain the aim of the enquiry.

The contributors and employees taking part in our Company’s data controlling and data processing are entitled to learn – under obligation of confidentiality – your personal data to a specified extent defined in advance.

We protect the personal data with appropriate technical and other measures, also ensure the protection and availability of the data, as well as protect them against being accessed unauthorized, modified, damaged and published and unauthorized used unauthorized.

Within the framework of organizational measures in our buildings we control the physical accessibility, we constantly educate our employees and store our paper documents sealed off with appropriate protection. In the context of technical measures, we use encryption, password protection and anti-virus software. Our Company shall do everything in its power to make the processes as safe as possible, regarding the data received by our Company we follow strict provisions in order to ensure the safety and to prevent the unlawful access of personal data. However, we draw your attention to the fact that data transmission via internet cannot be regarded as fully safe.

Together with our Partners we take the measures – concerning the safety of data processing –  as prescribed in GDPR regulation Article 32, that is to say, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

• pseudonymization and encryption of personal data;
• the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services and systems used for the processing of personal data;
• the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
• a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing;
• in assessing the appropriate level of security account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed;
• vi) steps to ensure that any natural person acting under the authority of the controller or the processor who has access to personal data does not process them except on instructions from the controller, unless he or she is required to do so by Union or Member State law.

If the data subjects use the Chatbot Service provided by our Partners with a social profile, in that case depending on their own settings, shall make available certain data of their social profiles on the various social media platforms for the data controller and processor (including but not limited to name; user name; e-mail address; phone number; social media profile; gender; age; information about the way of usage of social sites and about the type of activities carried out on such sites; areas of interest; marital status; photographs; comments published by data subject; other information regarding online behavior). The Platforms create the opportunity to select the way for sharing personal data on the social media profiles.

Our Company for operating the Chatbot Service uses and controls only the most necessary data from the data made available by the data subject.

Our Company may collect personal data through cookies or similar technologies, without restriction including the following: IP-address; cookie identifier; browser; place of location; websites visited by the data subject on the website related to the Project; the ads viewed or clicked through; etc. You can read more about this in our Cookie Policy: https://talkabot.net/cookie-policy/ and/or https://talkabot.net/cookie-policy/

The data security standards mean the support of personal data protection by technical and personal measures, as well as physical and IT solutions. Our Company acts in line with the data protection rules and jurisprudence, shall meet the regulations of the law in force, as well as shall take into account the more important national recommendations related to the data protection.

Rights and judicial remedy:

Data subjects about data controlling are entitled to

• ask for information,
• ask for the rectification, modification and supplementation of their personal data,
• object to the data controlling and to ask for the deletion their data (with the exception of the statutory data controlling),
• seek judicial remedy,
• issue a claim or to initiate a procedure at the supervisory authority (https://naih.hu/panaszuegyintezes-rendje.html). Supervisory Authority: National Agency for Data Protection (Postal address: PO Box: 603, Budapest, H-1374; Address: Falk Miksa street 22/c, Budapest, H-1055; phone: +36-1-391-1400, fax: +36-1-391-1410, e-mail: ugyfelszolgalat@naih.hu, web: www.naih.hu).
• However, we kindly ask you to contact our Company before turning to supervisory authority or court with your complaint – in order to consult and solve the arisen problem as quickly as possible – since our Company undertakes the task of providing information at the request of the data subjects about their controlled and processed data, about their sources, about the purpose and basis of processing, about the duration of processing, and in case it is not possible, about the factors of defining that period of time, about the name, address and the processing related activity of our processors, about the circumstances, effects of personal data breach and the measures taken to control them and prevent them from happening, as well as about the legal basis and the addressed of transmission in case of personal data transmission. We shall provide information regarding these types of inquiries as soon as possible, up to a maximum of 1 month.

Our Company informs the data subjects as well as those to whom the data have been formerly transmitted for the purpose of processing, about the correction, indication and deletion of personal data. No notification is sent in case the absence of notification does not undermine a legitimate interest of the data subject. In case of rejection of application for correction or deletion we also indicate our reasons for rejections and give information about the possibilities for judicial remedy as well as turning to the Authorities.

In case of objecting to data processing, our Company shall examine the objection within less than 1 month upon submitting the request. We will give a written report about the decision of our Company. In case of justified opposition, we shall terminate the processing and delete the concerned data. In this case as well, we shall inform those to whom the data involved in objection have been formerly transmitted and those who are obliged to take measures to enforce the right to object.

In some cases, priority shall be given to certain other compelling reasons and justifications for data controlling to the data processing interest and rights of the data subjects. Naturally it is not obligatory to agree with us, we might even miss a deadline. In this case, within 30 days from communicating our decision and from the last day of the deadline, you can turn to court.