Our company believes that with the help of our easy-to-use, personalized and high-quality chatbot services the life of the users in the 21th century will be better, easier and more efficient. After all, there are still 24 hours in a day, just like a 100 years ago; however it is also true that computer, internet, smart phone and different social networks did not exist back then. Our generation lives in such a running world where we cannot even imagine our lives without our different gadgets but especially without internet. With carrying on these thoughts, catching up to the achievements of technology, we would like to make easier our day to day administration with our chatbots. For instance, how good it would be in case we did not have to spend hours of waiting until our call is being directed to a competent colleague at the call center; or in case we feel like going on an errand at night, the opening hours shouldn’t hold us back either. Our robots are less about the competition and more about the compliance with the era; and to the latter belong the adequate technical and organizational security measures, honoring the right of informational self-determination and the protection of private sector.
Since basically we do not work on our own, but in order to operate our chatbot service more effectively we invoke the different social media sites of our Partners and the Partners’ chat widget platforms embedded in their website, therefore we kindly ask you to also study the information about data protection of the platforms you are using, since our Company is obligated by these third party data protection practices and policies, as well as its own regulations.
Name: Talk-A-Bot Kft.
Seat: Pusztaszeri road 5., 2nd floor No. 1, Budapest H-1025
Registration No.: 01-09-286391
Tax No.: 25735967-2-41
Represented by: Ákos Gyula Deliága, Gergely Ákos Kalydi, Réka Székely managing director, each individually
Based on Article 37 of GDPR our company is not obliged to designate a data protection officer, however we do accept your data protection related questions at the following e-mail: firstname.lastname@example.org
Our Company in order to provide a high-quality service claims the services of the following data processors, and there are external service providers, to whom – either directly or indirectly – in order to provide services personal services are transferred or could be transferred, as well as these external service providers could transfer personal data to the data controller. External service providers are those service providers as well, with whom the data controller are not in a contractual relationship, however for providing service to our Partners – either by the contribution of the End user (for example connecting the individual account to the service, and in order to make easier the registration or log in the service) or without a contribution – due to they have access to the platforms and the data available on those platforms, hereby they could collect data about the end users and all end users’ activity, from which in certain cases – individually or together with other collected data by these external service providers – end users could be identified.
Such external service providers are the following ones, for example, but not exclusively: Facebook Ireland LTD., Google LLC, Instagram LLC., Twitter International Company, Viber Media LLC.
IT issues: FlexiSys Informatikai Szolgáltató Kft. (seat: Csengery street 82. 3rd floor 18., Budapest, H-1067; Reg.No.: 01-09-736543; Tax No.: 13464154-2-42)
Web development: Echobase Service Monitoring Kft. (seat: Fuvallat street 58. ground floor 1; Budapest, H-1163; Company Reg. No.: 01-09-308856; Tax No.: 26226462-2- 42)
Storage service: Servergarden Kft. (seat: Lajos street 28-32. Budapest, H-1023; Company Reg. No.: 01-09-186097; Tax No.: 24855608-2-41)
Microsoft Ireland Operations Limited (Székhely: One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521)
Accounting matters: Energens Könyvviteli és Tanácsadó Kft. (seat: Hengermalom road 19-21. Budapest, H-1117; Company Reg. No.: 01-09-735095; Tax No.: 13436300-2-43)
As regards invoicing: InCash Ügyvitel Zrt. (seat: Forgách street 19. Budapest, H-1139; Company Reg. No.: 01-10-049156; Adószám: 12745265-2-41)
HR cases: under the brand name Mikor HR Partner: Kreutz Zsolt Individual Entrepreneur (Address: 2316 Tököl, Fácán köz 5.; Reg. No. 52681367; Tax No.: 69088254-1-33; Contact person: Noémi Perlaky)
Google Analytics web analysing system, web analytics service: Google Analytics LLC (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
Relating to social platforms, external service providers ensuring tailor-made message sendings in case you an interaction took place in fact one of the relevant platforms: Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland); Viber Media LLC
Our data processors are under obligation of secrecy and contractual guarantee for preserving the personal data gained during the performance of their assignment, and they process the personal data solely for the purpose and according to the instructions defined in the contract obtained between them. In case we change the range of our partners, the modifications will be transcribed in this Informative.
Our data processing principles are in accordance with the data protection laws being in force, hence in particular with the followings:
– Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data
– Act CXII of 2011 on Informational Self-Determination and Freedom of Information
– Act V of 2013 on the Civil Code
– Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services
– Act C of 2003 on Electronic Communications
– Act CLV of 1997 on Consumer Protection
– Act CLXV of 2013 on Complaints and Public interest Disclosures
– Act I of 2012 on the Labor Code
– Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities.
“platform”: Facebook Messenger and Viber applications, Webchat, and other popular social platforms and chat widgets embedded in website through which the end users use the Chatbot Services.
“end user”: the clients/subscribers/partners of our Partners, namely each natural person or legal entity, unincorporated other organization, who or that use the Chatbot Services operated by the Company and its Partners on the Platforms of Partners contracting with the Company, register on the Platforms to use the Chatbot Services, and use the functions of the Chatbot Services, and as part of that they provide – at their option – their data;
“chatbot service”: the Chatbot Services accessible for the End Users, developed by our Company alongside the expectations of our Partners, the scope of services that our Partners are entitled to specify, modify, even to abolish certain services, introduce new services and modify existing services at their own control, freely and at all times;
ABOUT OUR DATA PROCESSING, PURPOSES AND PRINCIPLES
Together with our Partners it is our priority aim to protect the personal data of the data subject and to respect the right of informational self-determination of the data subjects, to protect their private sector, therefore we handle the personal data confidentially and take all security, technical and organizational measures that guarantee the safety of such data.
In the agreement concluded between our Company and our Partners for the purpose of providing the Chatbot Services for the End Users of our Partners, based on the assignment and instructions of our Partners we set out in detail the rules of data processing activity carried out by our Company, as well as our related data protection obligations.
We can say in general about our data controlling, that we take into account the following principles:
(i) “lawfulness, fairness and transparency”: we process personal data lawfully, fairly and in a transparent manner in relation to the data subject;
(ii) “purpose limitation”: personal data collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
(iii) “data minimisation”: adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
(iv) “accuracy”: accurate and, where necessary, kept up to date scope of data; we take every reasonable step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
(v) “storage limitation”: while choosing the storage form we focus on that the personal data shall be identified for no longer than is necessary for the purposes for which the personal data are processed;
(vi) “integrity and confidentiality”: we process data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Our Company cooperates in good faith and according to the requirements of transparency and righteousness with data subjects during data controlling. Our Company controls only those data provided in the law or provided by data subjects, for the data controlling purposes listed in the following. Bearing in mind the purpose of data controlling, we do not control any data more than unjustifiable.
Our Company does not verify the provided personal data, solely the provider is responsible for their adequacy.
Our Company does not transfer the processed personal data to any third party, beside the Processors and Outside suppliers included in the present Informative. An exception to these provisions is the use of data in a statistically cumulated form that must not include in any form such data that is suitable for the identification of the User concerned, therefore does not constitute as Processing, nor transferring.
The data subjects are entitled to withdraw their consent at any time. The withdrawal of consent does not affect the legality of processing based on consent prior the withdrawal.
ABOUT OUR CERTAIN DATA PROCESSING
About our Chatbot Service related data processing:
The purpose of data processing: The operation of Chatbot application at Partners, providing Chatbot Service. In more details: the first step of familiarizing with the bot after establishing contact with the chatbot available on social site is the understanding of the related informative about data processing and expressing its content. In the absence of adaption the bot notes that data subject does not wish to have a closer look at the bot. The whole part of the conversation with the data subject will be recorded as an incoming message on the Partner’s social site by the social site. The personal data necessary for identifying the data subject as well as certain answers of the data subject will be also recorded on the Partner’s chatbot platform, which serves the customized operation of the chatbot.
In conjunction with our Chatbot services, the data provided by the End User – whether directly or during registration with its social profile – is controlled and processed by our Company with the following purpose – illustratively, since it is always defined within the framework of agreement signed with the Partner -: effective providing of Chatbot Service; identification of end users registered on Platform; the use of Chatbot Services available on Platforms; providing information for the users registered on the Platform regarding the functioning of Chatbot Services (for example messages of technical nature, information related to the modification of Chatbot Services, etc.); solving operational problems; establishing a contract, defining and modifying its content, implementing the contract and following its implementation, invoicing the related charges, as well as exercising the related legal claims; ensuring the communication between our Partners and the End User; performing Customer Service tasks, complaint-handling; the usage of data for cumulated, anonymised and statistical purpose, creation of surveys, statistics and estimates; facilitating and ensuring the payment activity of bank cards and other; increasing efficiency, improving operation and development of Platform; personalizing and customizing the account of End User on Platform – related to Chatbot Services available on Platform.
Legal base: consent of data subject [Article 6. (1) a) point of GDPR]
Scope of controlled personal data: Briefly: social site identity of data subject. In greater detail: social profile data that are accessible, with that naturally we do not store all of these data, solely the strict minimum:
· Viber user ID (Public Account specific), Individual identification, chosen name of Viber User, chosen avatar photo of Viber User (URL), country code of Viber User, language set on Viber client, version of Viber client, version of operating system running the Viber client, type of instrument running the Viber client, instrument running the Viber client phone number country code MCC, instrument running the Viber client phone number network code MNC;
· FB Messenger user ID (FB page specific), Individual identification, chosen name of User, chosen avatar photo of User (URL), country code of User, language set for User, e-mail address of User (if provided on public profile), gender of User (if provided on public profile)
Duration of data processing: until the withdrawal of the data subject’s consent, and the completion of the purpose of data processing.
About the processing of the data of our contracting partners and their contact persons:
The purpose of data processing: Our Company with the legal ground of the performance of the contract processes the data of partners contracting as buyer, supplier and their contact persons with the aim of entering into, performing, terminating a contract or to provide benefit.
Legal base: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract [Article 6. (1) point b) of GDPR]
Scope of controlled personal data: name, birth name, date of birth, mother’s name, address, tax code, tax number, number of self-employment farmer card, number of ID card, seat, address of establishment, phone number, e-mail address, website address, bank account number, buyer number (customer number, order number), online identification (buyers, list of suppliers, lists of regular purchases) of natural person.
The consignees of personal data: The employees and data processors of our Company performing the tasks related to taxation and accounting, as well as the employees performing customer service.
Duration of data processing: Our Company, processes the personal data provided in the contract as well as the address, e-mail address and phone number, online identification of the natural person acting on behalf of – signing the contract – the legal entity entering into contract on the legal base of legitimate interest and for the purpose of communication and exercising the rights and obligations arising out of contract. The period of time of storing these data is 8 years following the termination of employment relationship providing the legal base, taking into account the performance of accounting and tax related obligations, as well as 5 years following the existence of contact quality. The contact person has a contractual relationship for employment with our Partner, as a contracting party, therefore that data processing does not have a negative impact on the rights of data subject. Our Partner agrees to inform at all times the concerned contact person regarding the data processing related to its contact person quality.
About the controlling of personal data of those applying for job advertisement:
The purpose of data processing: In case of applying for a position at our Company, the application file submitted to email@example.com by the applicant is controlled by our Company, as the data controller, during the implementation of the selection process and the selection, understanding the professional and human values, level of education, previous work experience of applicants in order to find the best candidate to fill the vacant position.
Legal base: consent of data subject [point a) paragraph (1) of Article 6 of GDPR], having regard that with submitting the application file to our Company, data subject indicates clearly and actively its consent of controlling their personal data submitted upon applying.
Scope of controlled personal data: Personal data included in application file submitted to our Company, thus CV and motivation letter in the first place.
The consignees of personal data: only those employees of our Company are entitled to control the personal data included in the application file, who are eligible to make proposal or decision regarding the appointment of the advertised job.
Duration of data processing: solely until the position has been filled, but maximum up to 1 year.
About the controlling carried out to perform tax and accounting obligations:
The purpose of data processing: Our Company, in order to perform the tax and accounting related obligations (accounting, issuing invoices and storing issued invoices) provided by law, controls the personal data provided in the law of those entering into contract with them as buyer or supplier.
Legal base: processing is necessary for compliance with a legal obligation to which the controller is subject [point c) paragraph (1) of Article 6 of GDPR]
Scope of controlled personal data: based on paragraph 169 and 202 of Act CXXVII of 2017 on Value Added Tax, in particular: tax number, name, address, tax status, based on paragraph 167 of Act C of 2000 on Accounting: name, address, name of the person or body ordering the economic transaction, signatures of persons effecting payment and verifying execution, as well as, depending on the organization, the signature of the inspector; in documents of movements of inventories and liquid assets receipts, the signature of the recipient, and the signature of payer in counter-receipts, based on Act CXVII of 1995 on Personal Income Tax: number of private entrepreneur identification card, number of farmer identification card, taxpayer identification.
The consignees of personal data: The employees and data processors of our Company performing the tasks related to taxation, accounting, payroll and social security.
Duration of processing: based on Section 169 (2) of the Act of 2000 on Accounting 8 years after termination of relationship providing the legal base.
About the controlling of personal data of those persons who contact our Company:
The purpose of data processing: Anyone may get in touch with our Company on our website at https://talkabot.net/#contact-us platform. In case our Company receives any requests our Company is controlling the questions and all content of those requests which is shared by the individuals with us – including the individuals’ personal data in the request addressed to us contains such data –, in order to answer the requests addressed to our Company. Having regard the content of each requests one of our most competent colleagues will answer the questions within the shortest possible time.
Legal base: consent of data subject [point a) paragraph (1) of Article 6 of GDPR], having regard that with addressing the requests to our Company, data subject indicates clearly and actively its consent of controlling their personal data submitted upon contacting our Company.
Scope of controlled personal data: Personal data included in the requests addressed to our Company, thus primarily name, e-mail address, subject of the request and all information which is shared with our Company by the individuals contacting us on the platform devoted such purpose on our website.
The consignees of personal data: only those employees of our Company are entitled to control the personal data included in the request, who are eligible and competent to answer the request addressed to us.
Duration of data processing: until the request is answered fully, but maximum up to 1 year.
The transmission of the data of data subjects must take place solely within the framework specified in legislation, as in the case of our data processors we ensure the data subjects’ personal data not to be used in contrast to the originally determined aim with the help of contractual term clauses.
For the purpose of providing information, reporting data or making papers available, the court, the public prosecution and other authorities (for example: police, tax office, National Agency for Data Protection) shall contact our Company. In these cases, we must obey our obligation of providing data, but solely up to an extent that is absolutely necessary to attain the aim of the enquiry.
The contributors and employees taking part in our Company’s data controlling and data processing are entitled to learn – under obligation of confidentiality – your personal data to a specified extent defined in advance.
We protect the personal data with appropriate technical and other measures, also ensure the protection and availability of the data, as well as protect them against being accessed unauthorized, modified, damaged and published and unauthorized used unauthorized.
Within the framework of organizational measures in our buildings we control the physical accessibility, we constantly educate our employees and store our paper documents sealed off with appropriate protection. In the context of technical measures we use encryption, password protection and anti-virus software. Our Company shall do everything in its power to make the processes as safe as possible, regarding the data received by our Company we follow strict provisions in order to ensure the safety and to prevent the unlawful access of personal data. However, we draw your attention to the fact that data transmission via internet cannot be regarded as fully safe.
Together with our Partners we take the measures – concerning the safety of data processing – as prescribed in GDPR regulation Article 32, that is to say, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
(i) pseudonymisation and encryption of personal data;
(ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services and systems used for the processing of personal data;
(iii) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
(iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing;
(v) in assessing the appropriate level of security account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed;
vi) steps to ensure that any natural person acting under the authority of the controller or the processor who has access to personal data does not process them except on instructions from the controller, unless he or she is required to do so by Union or Member State law.
If the data subjects use the Chatbot Service provided by our Partners with a social profile, in that case depending on their own settings, shall make available certain data of their social profiles on the various social media platforms for the data controller and processor (including but not limited to name; user name; e-mail address; phone number; social media profile; gender; age; information about the way of usage of social sites and about the type of activities carried out on such sites; areas of interest; marital status; photographs; comments published by data subject; other information regarding online behaviour). The Platforms create the opportunity to select the way for sharing personal data on the social media profiles.
Our Company for operating the Chatbot Service uses and controls only the most necessary data from the data made available by the data subject.
Our Company may collect personal data through cookies or similar technologies, without restriction including the following: IP-address; cookie identifier; browser; place of location; websites visited by the data subject on the website related to the Project; the ads viewed or clicked through; etc.
The data security standards mean the support of personal data protection by technical and personal measures, as well as physical and IT solutions. Our Company acts in line with the data protection rules and jurisprudence, shall meet the regulations of the law in force, as well as shall take into account the more important national recommendations related to the data protection.
Rights and judicial remedy:
Data subjects about data controlling are entitled to
a) ask for information,
b) ask for the rectification, modification and supplementation of their personal data,
c) object to the data controlling and to ask for the deletion their data (with the exception of the statutory data controlling),
d) seek judicial remedy,
e) issue a claim or to initiate a procedure at the supervisory authority (https://naih.hu/panaszuegyintezes-rendje.html). Supervisory Authority: National Agency for Data Protection (Seat: Szilágyi Erzsébet avenue 22/c, Budapest, H-1125; Postal address: Mailbox 5., Budapest, H-1530; Telephone: +36 (1) 391-1400; Fax: +36 (1) 391-1410; E-mail: firstname.lastname@example.org; Website: https://naih.hu/).
However, we kindly ask you to contact our Company before turning to supervisory authority or court with your complaint – in order to consult and solve the arisen problem as quickly as possible – since our Company undertakes the task of providing information at the request of the data subjects about their controlled and processed data, about their sources, about the purpose and basis of processing, about the duration of processing, and in case it is not possible, about the factors of defining that period of time, about the name, address and the processing related activity of our processors, about the circumstances, effects of personal data breach and the measures taken to control them and prevent them from happening, as well as about the legal basis and the addressed of transmission in case of personal data transmission. We shall provide information regarding these types of inquiries as soon as possible, up to a maximum of 1 month.
Our Company informs the data subjects as well as those to whom the data have been formerly transmitted for the purpose of processing, about the correction, indication and deletion of personal data. No notification is sent in case the absence of notification does not undermine a legitimate interest of the data subject. In case of rejection of application for correction or deletion we also indicate our reasons for rejections and give information about the possibilities for judicial remedy as well as turning to the Authorities.
In case of objecting to data processing, our Company shall examine the objection within less than 1 month upon submitting the request. We will give a written report about the decision of our Company. In case of justified opposition we shall terminate the processing and delete the concerned data. In this case as well, we shall inform those to whom the data involved in objection have been formerly transmitted and those who are obliged to take measures to enforce the right to object.
In some cases, priority shall be given to certain other compelling reasons and justifications for data controlling to the data processing interest and rights of the data subjects. Naturally it is not obligatory to agree with us, we might even miss a deadline. In this case, within 30 days from communicating our decision and from the last day of the deadline, you can turn to court.