Privacy Notice (Data Processing Information)
General information
Please note that the websites of Revolution Software Kft. are not intended for private individuals as addressees. Due to the nature of its activities, Revolution Software Kft. does not provide services to private individuals. Its products and services are software solutions supporting the administrative operations of businesses and related services.
When completing the forms available on our website, please provide real corporate contact details.
Revolution Software Kft. (registered office: 1133 Budapest, Váci út 76.; mailing address: 1133 Budapest, Váci út 76.; e-mail: gdpr@revolution.hu; telephone: +36 1 461-8030; hereinafter: REVOLUTION) is committed to protecting the personal data of its customers and partners and considers respecting the right to informational self-determination to be of paramount importance. REVOLUTION treats personal data confidentially and implements all security, technical and organisational measures that ensure the security of data.
REVOLUTION processes any personal data that comes to its knowledge during the use of its websites in accordance with this Privacy Notice and the requirements set out in applicable legislation.
This notice provides information about what data REVOLUTION records and how it uses such data through its website.
You can learn how to verify the accuracy of these data and how to request their deletion from REVOLUTION’s records. Please note that you can view most pages of our website without providing any personal data. However, for the purpose of customer relations it may be necessary to register and identify you as the contact person of a business, budgetary or social organisation.
This notice applies exclusively to REVOLUTION’s websites; it does not apply to websites operated by third parties that may be accessed by clicking through links.
If you are our contracted customer or the contact person of our customer, detailed information about the processing of personal data within the framework of the contractual cooperation is provided in our contractual annex entitled “Revolution Data Processing Statement for Customers”.
Definitions
“personal data”: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“processing”: any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“restriction of processing”: the marking of stored personal data with the aim of limiting their processing in the future.
“controller”: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
“processor”: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
“third party”: a natural or legal person, public authority, agency or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
“consent of the data subject”: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
“personal data breach”: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Data collected and processed by REVOLUTION
This section provides information on how we collect, use and share with third parties your personal data and other data.
Our processing activities – general rules
- The duration of processing always depends on the specific user purpose; however, data must be erased without delay if the originally set purpose has been achieved (and there is no other legal obstacle to erasure).
- You may withdraw your consent to processing at any time. If there is no legal obstacle to erasure, your data will be erased.
- Where consent is the legal basis, you can provide your consent by intentionally ticking the dedicated empty checkbox on the website.
- You may request from REVOLUTION access to personal data concerning you, rectification, erasure or restriction of processing, and you may object to the processing of such personal data.
- Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
- You are entitled to have inaccurate personal data rectified or completed by REVOLUTION without undue delay upon request.
- You are entitled to have personal data concerning you erased by REVOLUTION without undue delay upon request, and REVOLUTION is obliged to erase such personal data without undue delay if there is no other legal basis for processing.
- Modification or deletion of personal data may be initiated by e-mail, telephone or any contact method provided in this notice.
- You have the right to lodge a complaint with the supervisory authority and to seek judicial remedy.
Processing activity: Website registration
| Title, description and purpose of processing |
Website registration
The purpose of the processing is to enable the controller to provide additional services during the operation of the website and to contact you / be able to contact you. |
||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Categories of data subjects | Users registering on the website. | ||||||||||
| Legal basis of processing | Your consent. | ||||||||||
| Categories of data processed and purpose |
|
||||||||||
| Duration of processing and erasure | Processing continues for 3 months following the withdrawal of consent. You may withdraw your consent at any time by sending a message to the contact e-mail address. Based on legitimate interest, the data may be stored for a further 6 months. | ||||||||||
| Who may access the personal data? |
|
||||||||||
| Method of storage | Electronic. |
Processing activity: Product order
| Title, description and purpose of processing |
Product order
Although our products are not intended for private individuals as addressees, during ordering the processing of personal data of private individuals acting as contacts and representatives is unavoidable. The purpose of processing is the conclusion of the contract, determination of its content, amendment and performance, provision of additional services, contacting you, and sending a confirmation e-mail. We can fulfil your order only if you provide your contact and billing details, which are strictly necessary for communication and invoicing. |
||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Categories of data subjects | Representatives of registered website users who order products via the website. | ||||||||||||||
| Legal basis of processing | Your consent; and with regard to name and address: Act CVIII of 2001, Section 13/A; performance of a contract. | ||||||||||||||
| Categories of data processed and purpose |
|
||||||||||||||
| Duration of processing and erasure | Processing is carried out until withdrawal of consent and/or as required by applicable law. You may withdraw your consent at any time by sending a message to the contact e-mail address. Data are erased upon withdrawal of consent. Billing data may be erased only in accordance with legal requirements (8 years). Modification or deletion of personal data may be initiated by e-mail, telephone or letter using the contact details provided above. | ||||||||||||||
| Who may access the personal data? |
|
||||||||||||||
| Method of storage | Electronic. |
Processing activity: Customer database
| Title, description and purpose of processing |
Customer database
The purpose of processing is the conclusion of a contract, maintaining customer relations, and providing information. |
||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Categories of data subjects | Natural persons who may be in a business/customer relationship with the controller, as well as natural-person representatives of non-natural persons who provided their personal data in the contract as necessary for contract performance. | ||||||||||||
| Legal basis of processing | Performance of a contract; legitimate interest. | ||||||||||||
| Categories of data processed and purpose |
|
||||||||||||
| Duration of processing and erasure | For the duration of the customer relationship + the limitation period for the enforcement of civil law claims. | ||||||||||||
| Who may access the personal data? |
|
||||||||||||
| Method of storage | Electronic. |
Processing activity: Complaint handling / requesting information
| Title, description and purpose of processing |
Complaint handling / requesting information
You may submit a complaint related to the ordered service or product, or regarding the controller’s conduct, activities or omission, verbally (in person, by telephone) or in writing (in person or by submitting a document delivered by you or another person, by post, or by e-mail), and you may ask questions. In the case of a telephone call, the conversation will be recorded; however, you have the option to terminate the call before recording starts. |
||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Categories of data subjects | Any natural person who wishes to communicate a complaint verbally or in writing related to the ordered service or the controller’s conduct, activities or omission (complainant). | ||||||||||||||||||||
| Legal basis of processing | The complaint-handling process is initiated on the basis of voluntary consent; however, in the case of a complaint, processing may be mandatory. In line with the purpose of processing, you voluntarily consent that if you provide your contact details during an information request, the controller may contact you via those details to clarify your request or provide an answer. | ||||||||||||||||||||
| Categories of data processed and purpose |
|
||||||||||||||||||||
| Duration of processing and erasure | Within the general civil-law limitation period following the complaint, i.e. for 5 years from the date of the complaint. | ||||||||||||||||||||
| Who may access the personal data? |
|
||||||||||||||||||||
| Method of storage | Electronic. |
Processing activity: Newsletter
| Title, description and purpose of processing |
Newsletter
When subscribing to the newsletter, we are not able to verify the authenticity of the contact details provided, nor can we determine whether the submitted data relate to a private individual or a business. Businesses that contact us are treated as customer partners. The purpose of processing is to send professional materials, advertising-containing electronic messages, information and newsletters, from which you can unsubscribe at any time without any adverse consequences. You may unsubscribe without consequences even if your business ceases to exist, you leave the business, or someone else provided your contact details to us. We may send you newsletters only if you provide your prior and explicit consent to be contacted at the e-mail address provided during registration with our promotional offers, information and other communications. As a result, you may consent to the processing of the personal data necessary for this purpose. (Accordingly, if you wish to receive our newsletter, you are required to provide the necessary data. If you fail to provide the data, we cannot send you newsletters.) |
||||||
|---|---|---|---|---|---|---|---|
| Categories of data subjects | Newsletter subscribers. | ||||||
| Legal basis of processing | Your consent. | ||||||
| Categories of data processed and purpose |
|
||||||
| Duration of processing and erasure | Processing is carried out until withdrawal of consent. You may withdraw your consent at any time by sending a message to the contact e-mail address. Data are erased upon withdrawal of consent. Consent may also be withdrawn via the unsubscribe link provided in newsletters. Modification or deletion of personal data may be initiated by e-mail, telephone or letter using the contact details provided above. | ||||||
| Who may access the personal data? |
|
||||||
| Method of storage | Electronic. |
Data processing (processors)
As controller, for the performance of our activities we use the processors identified in this notice (see below). Processors do not make decisions independently; they act exclusively in accordance with the contract concluded with the controller and the controller’s instructions. Processors make declarations to the controller regarding GDPR-compliant processing and the controller monitors their activities. Processors may engage additional processors only with the controller’s prior consent.
Website operator
For the operation of the website, REVOLUTION uses a website operator as processor, who performs the operation, maintenance and development of the central server, and the personal data provided by the user are stored on the server under the operator’s control.
FreshSales
In its sales activities, REVOLUTION uses the FreshSales software of FreshWorks Inc. In this system we store our prospects’ contact details (name, e-mail address, telephone number), as well as entries generated during communication.
MailMaster
In its marketing activities, REVOLUTION uses the MailMaster software of SalesAutopilot Kft. We send informational e-mails to our customers and prospects from this system.
MailChimp
In its marketing activities, REVOLUTION uses MailChimp. We send informational e-mails to our customers and prospects from this system. In this system we store prospects’ contact details (name, e-mail address, telephone number), as well as entries generated during communication. (Service information: https://mailchimp.com/)
deep.erp
Within the CRM module of deep.erp, we manage the customer database of REVOLUTION Software Kft. (Contact page information: http://www.revolution.hu/kapcsolat )
Freshdesk
REVOLUTION Software’s customer relationship channel is managed through FreshDesk.
Landingi
REVOLUTION Software uses Landingi to create landing pages. Forms can be completed via Landingi, therefore the data are stored there.
REVOLUTION Software Kft. uses LinkedIn for commercial and marketing outreach; lists purchased from company databases may also be uploaded.
Dun & Bradstreet
In its commercial and marketing activities, REVOLUTION Software Kft. purchases official company lists from D&B.
Data transfers performed by the Controller
The Controller transfers data to the following company:
INTRUM JUSTITIA Zrt.
Registered office: 1138 Budapest, Váci út 144-150.
Company registration number: 01-10-044857
Based on Clause 6 of the rEVOL Express Licence Agreement, for the purpose of managing the receivable against the Buyer.
User rights and legal remedies
Data processing principles
REVOLUTION declares that it processes personal data in accordance with this Privacy Notice and complies with the provisions of the applicable legislation, with particular attention to the following principles:
- Personal data must be processed lawfully, fairly and in a transparent manner in relation to the data subject (principle of lawfulness, fairness and transparency).
- Personal data may be collected only for specified, explicit and legitimate purposes (purpose limitation).
- Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes (data minimisation).
- Personal data must be accurate and, where necessary, kept up to date; inaccurate personal data must be erased without delay (accuracy).
- Personal data must be stored in a form which permits identification of data subjects for no longer than is necessary; longer storage is permitted only for archiving in the public interest, scientific or historical research or statistical purposes (storage limitation).
- Personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (integrity and confidentiality).
- Data protection principles apply to any information relating to an identified or identifiable natural person.
Right to information (right of access)
The data subject is entitled at any time to request information about the personal data concerning them processed by REVOLUTION. Upon the data subject’s request, REVOLUTION provides information on the data processed, the purpose, legal basis and duration of processing, and on the recipients who receive or have received the data and for what purposes.
REVOLUTION provides the requested information in writing within 30 days from submission of the request.
For any questions or observations related to processing, the data subject may contact a REVOLUTION employee via the contact details indicated below.
Rectification, erasure and restriction (“blocking”)
The data subject is entitled at any time to request rectification of incorrectly recorded data or erasure of such data via any of the contact methods indicated below.
REVOLUTION erases the data within 3 working days from receipt of the request; in such case the data cannot be restored. Erasure does not apply to processing activities required by law (e.g. accounting regulations); REVOLUTION retains such data for the necessary period.
The data subject may also request restriction of processing (sometimes referred to as “blocking”). REVOLUTION restricts processing if the data subject requests it, or if—based on the information available—it can be presumed that erasure would infringe the data subject’s legitimate interests. Such restricted personal data may be processed only for as long as the processing purpose that precluded erasure continues to exist.
The data subject must be informed of rectification, restriction and erasure, as well as any recipients to whom the data were previously disclosed, unless this proves impossible or would involve disproportionate effort. Notification may be omitted if it does not infringe the data subject’s legitimate interests in view of the purpose of processing.
If REVOLUTION does not comply with the data subject’s request for rectification, restriction or erasure, it informs the data subject in writing within 30 days of receipt of the request of the factual and legal reasons for refusal.
Right to object
The data subject may object to the processing of their personal data. REVOLUTION examines the objection as soon as possible, but no later than within 15 days from submission of the request, decides on its merits, and informs the requester in writing of its decision.
Legal enforcement options
If you experience unlawful processing of personal data, please notify our company so that the lawful situation can be restored within a short period. We will do our best to resolve the issue described.
If, in your opinion, the lawful situation cannot be restored, you may contact the supervisory authority at the following contact details:
National Authority for Data Protection and Freedom of Information (NAIH)
Postal address: 1530 Budapest, Pf.: 5.
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
Telephone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat@naih.hu
Website: https://naih.hu
Coordinates: N 47°30'56''; E 18°59'57''
If your rights are infringed, you may also bring the matter before a court. The court proceeds in the case out of turn. You may initiate proceedings—at your choice—before the competent court of your place of residence or habitual residence.
Method of storage of personal data and security of processing
REVOLUTION’s IT systems and other data storage locations are located at its registered office and on its relevant servers.
REVOLUTION selects and operates IT tools used for processing personal data in such a way that the processed data:
- are accessible only to authorised persons;
- their authenticity and authentication are ensured;
- their integrity (unchanged state) can be verified;
- are protected against unauthorised access.
REVOLUTION protects data using appropriate measures, in particular against unauthorised access, alteration, transmission, disclosure, erasure or destruction, as well as against accidental destruction or damage, and becoming inaccessible due to changes in the applied technology.
Taking into account the state of the art, REVOLUTION implements technical, organisational and organisational measures to protect the security of processing that provide a level of protection appropriate to the risks arising in connection with processing.
Please note that electronic messages transmitted over the internet—regardless of protocol (e-mail, web, ftp, etc.)—are vulnerable to network threats that may lead to unfair activities, contract disputes, or disclosure and modification of information. To protect against such threats, REVOLUTION takes all reasonably expected precautions.
If a personal data breach occurring within REVOLUTION’s systems is likely to result in a high risk to the rights and freedoms of natural persons, the controller informs the data subject of the breach without undue delay.
Cookies and analytics
During visits to the websites www.revolution.hu, www.revolexpress.hu, www.startugyvitel.hu, www.deeperp.eu, www.revol365.hu, www.revol.hu, www.szamlazoprogramot.hu, the service provider sends one or more cookies—small files containing a sequence of characters—to the visitor’s computer, through which the visitor’s browser can be uniquely identified. These cookies are sent only when visiting certain subpages; therefore, they store only the fact and time of visiting the given subpage, and no other information.
The use of such cookies is as follows: external service providers, including Google, use these cookies to store information about whether the user has previously visited REVOLUTION’s websites.
If the user does not wish Google or other service providers to measure the above data in the manner and for the purposes described, the user may install a blocking add-on (browser extension).
The “Help” function in the menu bar of most browsers provides information on how to:
- disable cookies,
- accept new cookies,
- instruct the browser to set a new cookie, or
- disable other cookies.
Google Analytics
For the operation and operation of our websites we use Google Analytics. Google Analytics compiles reports for its customers based on internal cookies about the habits of website users.
On behalf of the website operator, Google uses the information to evaluate how users use the website. As an additional service, it prepares reports related to website activity for the website operator so that the operator can provide further services. Data are stored on Google’s servers in encrypted form to make misuse more difficult and prevent it.
Disabling Google Analytics:
Website users who do not want Google Analytics JavaScript to report on their data can install the Google Analytics Opt-out Browser Add-on. The add-on prevents Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics. The add-on is available for most modern browsers and does not prevent data from being sent to the website itself and to other web analytics services. (See: https://support.google.com/analytics/answer/6004245?hl=hu)
Google’s privacy policy: https://policies.google.com/privacy?hl=hu
More detailed information on the use and protection of data is available at the links above.
Data protection in detail: https://static.googleusercontent.com/media/www.google.com/hu//intl/hu/policies/privacy/google_privacy_policy_hu.pdf
Personal data breach
In the event of a personal data breach, we report it to the supervisory authority within 72 hours from becoming aware of it. Where required by law, we also inform all affected users about the breach.
Customer relations
If you have any observations, questions or issues regarding our company, our processing activities or the use of our services, you can contact us using the contact details available on our website.
Contact details
The data subject may exercise their rights via the following contact details:
Name: Revolution Software Kft.
Mailing address: 1133 Budapest, Váci út 76.
E-mail: gdpr@revolution.hu
Telephone: +36 1 461-8030
Other provisions
Our company reserves the right to unilaterally amend this Privacy Notice while informing the data subjects.
Our company does not verify the personal data provided. The person providing the data is solely responsible for the accuracy of the submitted data. By providing any e-mail address, the data subject also accepts responsibility that only they use the service from the provided e-mail address.
We inform our customers that investigative authorities, the National Authority for Data Protection and Freedom of Information, or other bodies authorised by law may contact Revolution Software Kft. for the purpose of providing information, communicating or transferring data, or making documents available.
Budapest, 24 May 2018