Effective date: Feb 12, 2024

ConfigCat Korlátolt Felelősségű Társaság (seat: H-1136 Budapest, Tátra utca 5/A 1. em. 2. ajtó; company registry number: 01-09-352162; “Operator” or “Data Controller” or “We”) as the operator of the website configcat.com (“Website”) and provider of the services in relation to the software development kits, configuration panels, Website and related services (collectively referred to as: "Services”) is committed to protect the privacy of its –potential– users, clients, partners therefore pays close attention to ensure that the collection, management, use, processing and possible transfer of personal data are conducted in accordance with the provisions of the relevant laws, national and international recommendations with special regard to the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”).

By signing up, registering or using the Website or any of the Services, also by providing your consent via email you acknowledge that you have become aware of the contents of this privacy policy and agree that the Operator as data controller shall treat and record the information provided by you or collected from publicly available sources or third parties in accordance with the applicable law; at the same time, you agree that your contact details will be recorded and stored in the Operator’s Database in order to provide you the Services, also to inform you about the Services, changes thereto, other changes affecting you, and news relating to the Operator as described below in more details.

This privacy policy also applies to visitors to the Website, our contractual partners and our performance assistants and contributors.

This privacy policy will explain how We process, use your personal data collected through the Website or when providing you any of our Services.

1. Definitions

Consent

Voluntary and determined expression of the will of the data subject which is based on appropriate information, and by which the data subject gives his/her unambiguous consent to the complete or specific processing of personal data concerning him or her.

Data Controller or Operator or We

ConfigCat Kft. (seat: Tátra utca 5/A 1. em. 2. ajtó, 1136 Budapest, Hungary; company registry number: 01-09-352162).

Data Privacy Incident

Unlawful handling or processing of personal data, including in particular unauthorized access, alteration, transmission, disclosure, deletion or destruction, and accidental destruction or damage;

Data Processing

Regardless of the method used, any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, including but not limited to collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data Processor

Any natural or legal person, or any organization without legal personality, which processes personal data on behalf of the Data Controller.

EEA State

Member state of the European Union and other state that is member of the Agreement on the European Economic Area, furthermore, state citizen of which shall enjoy the same legal status as a citizen of a member state of the European Economic Area, based on the international agreement concluded between the European Union and its member states and states that are not members of the Agreement on the European Economic Area.

Electronic Logbook

An automated processing system for the purpose of ensuring the verifiability of the lawfulness of processing operations carried out with Personal Data by electronic means.

Personal Data

Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Collectively all information that was submitted to the Website.

Third Country

Any state that is not an EEA State.

Third Party

Any natural or legal person or any organization without legal personality, who is not the Data Subject, the Data Controller or the Data Processor;

Website

configcat.com

2. Your data Controller and its contact details

Company name: ConfigCat Korlátolt Felelősségű Társaság
Seat: H-1136 Budapest, Tátra utca 5/A 1. em. 2. ajtó
Company registry number: 01-09-352162
Website: configcat.com
Contact details: [email protected]

3. Scope and legal basis of the data processing

We only process Personal Data of individuals who agreed to our Terms & Conditions and to the processing or transferring of personal data to third parties or if it is ordered by law or decree of the local government - adopted on the basis of any act, within the scope specified therein - for public interest purpose. Concerning data processed by company administrators who accepted the Terms & Conditions when claiming their respective company listings, the company administrators shall be considered as data processors.

The Operator manages the data of the

  • registered users of the Website;
  • persons who use the Services;
  • persons whose Personal Data is available in public databases or/and websites which operators are entitled to transfer personal data to third parties based on the Consent of the Data Subject;
  • persons whose Personal Data has been transferred to us.

3.1 Sources of Personal Data

Personal Data are either (i) provided by You or (ii) provided by a registered user or (iii) provided by a third parties who are entitled to transfer personal data (iv) partially inferred from publicly available sources over which you have full editing control that are referenced for your benefit and to enable the services the Operator provides.

3.2 Data Processing

By (i) submitting your Personal Data to the Operator through the registration process, (ii) verifying your Consent to the Data Processing via email without visiting the Website, (iii) submitting Personal Data while using the Website without registration, (iii) submitting Personal Data while using the Services, your consent to data processing is deemed to be granted. By storing the information provided during registration, the Operator is enabled to provide a more convenient service but registration is nevertheless optional.

Your Consent is deemed to be granted when You or the administrator of a claimed company (i) click the relevant box of the pop-up message of the Website, (ii) send personal data to our postal, email or other address, (iii) make technical settings while using information society services, and (iv) make any other statement or action which clearly indicates, in the given context, that it is your Consent.

By submitting your personal information to us, you warrant that you are entitled to such processing including in particular the transfer of data and that all data provided are accurate. The Operator disclaims all liability for any claim made in connection with the breach of the above warranty, and at the same time, You shall be liable for any loss or damage suffered by the Operator as a result of the falsity or mistake of these warranties.

3.3 Scope of the processed data

3.3.1 Account information

When You sign up to our Website, your email address and password are required to create a personal account. Once you have an account, you shall minimize the Personal Data uploaded to the Website, however you can edit your personal profile with the information you acknowledge that you would like to make public and accessible. You may be requested to upload your configuration while using our Services. In this case, you agree that your profile information (your name, email address and your company’s name) and the content you post may be viewed by other users of our Service and third parties we do not control.

3.3.2 Information You provide otherwise

If You contact us (via email, phone, chat or through third party services) for technical support or to inquire about any of our services, You may share information about your company listings or personal profile that may be recorded on your behalf. We may also process and store the contents of the message and/or attachments you may send us, and any other information you may choose to provide. We may also receive a confirmation when you open an email from us. You can edit any information added to your personal profile or company listings at any time at your convenience.

3.3.3 Information provided to make payments

When You have to perform a payment, You may be requested the following information: (i) name, (ii) billing address, (iii) credit card information (i.e. card number, name of the card holder, expiration date etc.) and tax number. We do not store payment card details and all payments are processed and handled by third party payment processors. The current processors are: https://chargebee.com, https://stripe.com. While some of the payment pages’ interfaces may resemble our livery, they are operated by such payment processors, which we may choose to change per our full discretion.

The Operator also may process Personal Data if it is required for Know Your Customer (KYC) and Anti-Money Laundering (AML) purposes, and when We need to process your information to execute payments.

3.3.4 Information we automatically receive when You use our services

When you use our Services, we may collect information about your engagement with and utilization of our Services, such as processor and memory usage, storage capacity, navigation of our Services, and system-level metrics. We use this data to operate the Services, maintain and improve the performance and utilization of the Services, develop new features, protect the security and safety of our Services and our customers, and provide customer support. We also use this data to develop aggregate analysis and business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of our business.

3.3.5 Information we receive from third parties

If you choose to link our Services to a third-party account, we may receive information about that account, such as your authentication token from the third-party account, to authorize linking. If you wish to limit the information available to us, you should visit the privacy settings of your third-party accounts to learn about your options.

We may also receive information about you from our third party partners and combine it with data that we have about you. These current third-party partners are the following:

4. Purpose of the data processing

The Operator collects personal information from You only (i) it is ordered by law or decree of the local government, (ii) when we need the personal information to perform the obligation stated in the contract concluded with You; (iiI) when the processing is in our legitimate interests; or (iv) when we have your consent to do so. We have a legitimate interest in operating our Services and communicating with you as necessary to provide these Services, for example when responding to your queries, improving our platform, undertaking marketing, or for the purposes of detecting or preventing illegal activities. In some cases, we may also have a legal obligation to collect personal information from You or may otherwise need the personal information to protect your vital interests or those of another person. If we ask You to provide personal information to comply with a legal requirement or to perform our contractual obligation, we will make this clear at the relevant time and advise you whether the provision of Your personal information is mandatory or not (as well as of the possible consequences if You do not provide your personal information.

The Operator gathers different types of Personal Data to improve its services, in order to personalize valuable features for your benefit, also to enable You to set up an account and customize your public personal profile.

We use your personal information to help You log in, authenticate You, to edit settings, and provide support.

We may provide access to our partners to generally post advertisements on the platform that our service may automatically notify You of (via email, internal message/notification/news feed, phone call) depending on the preferences You have set.

Accordingly, the purpose of the data processing is as follows:

  • using the Services of the Operator;
  • creating and managing a user account in the Website;
  • service development;
  • maintaining contact between the Operator and the users;
  • conducting direct marketing activities;
  • providing support services, including answering any questions you may have about the services advertised by the Operator;
  • enhancing the security and safety of the Website and other users, such as by investigating suspicious activity or violations of applicable terms or policies;
  • to identify and fix bugs that may be present; and
  • conducting data and system analytics, including research to improve the service.

5. Duration of the data processing

Unless a longer retention period is required or permitted by law, we will hold your Personal Data on our system for the period necessary to fulfil the purposes outlined in this privacy policy or until you request that the Personal Data be deleted or depersonalized. Even if we delete or depersonalize your data, it may persist on backup or archival media for legal, tax or regulatory purposes.

6. E-logbook

For the purpose of ensuring the verifiability of the lawfulness of processing operations carried out with Personal Data by electronic means, the Operator records in an automated processing system (“Electronic Logbook”)

  • the scope of the personal data affected by the processing operation;
  • the purpose of and the reason for the processing operation;
  • the exact time of carrying out the processing operation;
  • the person carrying out the processing operation;
  • the recipient of the data transfer if data transfer is implemented.

The Personal Data recorded in the Electronic Logbook may only be accessed and used for the purpose of verifying the lawfulness of processing and enforcing data security requirements, as well as conducting criminal proceedings.

At the request of the authority or a person or organisation engaged in an activity specified by the law for a purpose described in the above paragraph the Operator shall provide access to the Electronic Logbook and shall transfer data from the logbook to the requesting party.

The data recorded in the Operator’s record, as well as the Electronic Logbook, shall be retained for 10 years after the deletion of the processed data.

7. Persons with access to Personal Data

Personal Data provided to the Operator may be known and handled by the Operator's employees, executives, consultants, data processors to whom You consented for your Personal Data to be transferred.

In accordance with the legal requirements, courts and certain authorities have the right to ask for Personal Data processed by the Operator. The court, prosecutor's office and other authorities (e.g. police, tax authorities, Hungarian National Authority for Data Protection and Freedom of Information) may contact the Operator for provision of information or documents or data transfer. In these cases, We have to fulfil our reporting obligation to the extent necessary to achieve the purpose of the request.

9. Handover and transfer of data

We only share Personal Data with third parties in accordance with this privacy policy and if it is required by law, requested by a government entity with due reason, to protect ourselves and users from harm or illegal actions and the general integrity of our services, to respond to an emergency, to fulfil support requirements, or in order to execute a service ordered by You. Our partners include third parties who deliver certain elements and parts of our services. We may utilize such partners to process payments, localise services for your region, deliver elements of services to features, provide support for certain programs and premium services. We may share information with our affiliates to operate affiliate programs. These include data that are outlined in the partner and our cookie policies. This data is intended to internally track when You are routed to partner websites to make purchases or benefit from complimentary services. We may share personal data with affiliates to provide their professional services in order to deliver a financial, technological or commercial service to You on our behalf if required.

If there is a significant change in ownership to our business (acquisition, merger, bankruptcy, sale of our assets or similar) then we shall notify you as soon as possible. When a service requires sharing your personal information with third parties, we explicitly request your consent.

Further to the above primary transfer, the Operator shall rely on the assistance and services of data processors (in particular, but not exclusively accountants, IT service providers) for its data controlling activities. Data Processing is carried out on the basis of a data processing contract concluded between the Operator and the data processor, which ensures the data processor's confidentiality obligation and thus the security of data processing.

We may share Personal Data provided to us in specific cases with third parties who cooperate with us or act on our behalf if this is necessary to achieve the purpose for which the data has been provided. However, We made sure that these third parties shall properly protect the information and data.

The Operator may use external service providers for routine server maintenance, data storage, or other IT tasks in accordance with generally accepted privacy practices.

As soon as the conditions for the lawful control or transfer of data are not met, the Operator shall promptly take action to erase Personal Data from the database and notify You of the fact of erasure.

9. Transfer of personal data to countries outside the European Union

Your Personal Data may be forwarded to third countries, especially to the United States of America, because in certain cases the employees, contractors, sub-contractors of the Operator are located outside of EEA states and perform services from these states. In this case – such as in case of data transfer within the EEA – the transfer of data is conducted in compliance with the applicable laws.

10. Data Security

Personal Data stored in the electronic information systems or the ordinary paper data carriers is processed with the utmost discretion as strictly confidential, and the Operator protects them by all legal means, particularly by technical and organisational measures against unauthorised access, alteration, transfer, publishing, other abuse, erasure and eradication or accidental loss. Within the scope of organisational measures, we ensure surveillance of physical access to our buildings, and store our paper documents confidential with adequate protection and the Personal Data may only be accessed by duly authorized staff that have undertaken confidentiality.

We collect information from multiple sources and your input and primarily store them on global servers that are based in the European Economic Area. These server providers, due to their locations, may have different data privacy standards than those that apply to the Central and Eastern European area.

We will use technical and organisational measures to safeguard your Personal Data. The Operator securely stores your data at

The closed IT system of the Operator offers adequate protection for the processing of Personal Data in electronic information systems, the authenticity and validity of data is ensured, the Personal Data is unaltered, and protected against unauthorised access. We and our partners ensure the protection of the Personal Data and only strictly use them with purpose limitation. Only authorised persons have access to Personal Data, the authenticity and validity of Personal Data is ensured, the Personal Data is unaltered and protected against unauthorised access.

The Operator ensures the security of Personal Data through such technical, management and organisational measures, which offer a level of protection appropriate for the risks arising in connection with Data Processing. We have adopted widely accepted technological and operation safety solutions in order to counter the loss, alteration, eradication or abuse of identifiable Personal Data. We make every effort to ensure the protection of Personal Data processed by the Operator through appropriate confidentiality and technical and security measures. The Operator excludes liability for hacker attacks.

11. Cookies

A cookie is a small file that is sent to your browser and saved on your device when you visit a website. Cookies are stored on the browser or hard drive of your computer or mobile device when someone visits or browses a webpage, based on their consent. The most frequent purpose of cookies is to elevate user experience and data collection regarding the use and visitation of the webpage, allow efficient operation of a website and improve its performances, provide information to the site owner for statistical or advertising purposes, mainly to customize your browsing experience by remembering your preferences. Cookies do not identify the visitor and are not appropriate to run applications or viruses. Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information.

When You visit our Website, We may collect information from you automatically through cookies or similar technology.

We use different types of first-party cookies and third parties (prepared and managed by third parties based on its own privacy policy and not under the control of us, here below some explanatory details:

  • technical cookies (session or navigation): They guarantee the normal navigation and use of the website and are therefore aimed at making functional and optimizing the same navigation within the site.
  • functionality cookies: They are strictly necessary to provide services explicitly requested by the user.
  • analytical first/third-party cookies: They are used and made exclusively to collect information in an aggregate and anonymous form, on the number of users and on how users visit the site.

You can delete the cookies at any time and set your browser to prevent the use of cookies. However, while blocking the use of cookies, occasionally the Website may not operate as expected and designed.

The user has the opportunity to deny the consent in cookie usage by simply visiting the preference panel of the Web Browser used for the website visit. In any case, we clearly state that any potential denial in cookie usage consent by the user may comport a potential limitation during the website use.

11.1 Log information

Upon your consent, We may collect log information about your use of the Website, including the type of browser that you use; the time, duration and frequency of your access; website pages viewed; your IP address; and the page You visited before visiting our Website.

11.2 Device information

Upon your consent, We may collect information about the computer or mobile device that You use to access our Website, including the hardware model, operating system and version, unique device identifiers, and mobile network information.

11.3 Location information

Upon your consent, We may collect information about the location of your device each time you use our Website. We may transfer this information for third parties for direct marketing purposes.

11.4 List of particular cookies

The Website currently uses the following third-party resources that use cookies:

  • Google Analytics & Tags: We may use these resources to collect and analyze certain metrics data inherently to the user’s session data and logs, such as IP address, duration of the visit, device used for the visit, data inherent to the version of the Web Browser and similar information. This information is collected in a totally anonymous way, since it does not give specific data that directly conducts to a specific user. Google Analytics uses its own Cookies. Place of data processing: U.S., Privacy Policy, Opt-Out.
  • Slack: This is the easiest way to implement a communication chat with the visitors or customers of our services. Place of data processing: U.S., Privacy Policy.
  • Social Networks: We may use (now or in the future) various social networks cookies such as Facebook Pixels to analyze conversions and metrics data.
  • Zoho: We currently use this tool to register the user sessions. Place of data processing: U.S., Privacy Policy.
  • Amplitude: We currently use Amplitude for analytics purposes Place of data processing: U.S., Privacy Policy.

If you do not accept the use of cookies particular functions may not be available for you. You may find further information on the deletion of cookies on the following links:

12. Links to other websites

The Website may contain links, call to action buttons to links or promotions that highlight other affiliate or partner websites not operated or controlled by us. We are not responsible for the content, accuracy or opinions expressed on such websites, and We do not consistently monitor or check for accuracy or completeness on these websites. In providing our services, We strive to ensure that only the most relevant partners of the highest quality are recommended, promoted or shown to users. Your browsing and interaction on any other website linked to from www.rocketshepherd.com, are subject to that website's own rules and policies. Such third parties may use their own cookies or other methods to collect information about you, for which We bear no responsibility.

13. Your rights in connection with data processing

13.1. Request for information, right to access

You have the right to request copies of the information We hold about You at any time, furthermore about the source, purpose, legal basis, duration, data processor's name, address and activities related to data processing, as well as the legal basis and recipient of the data transfer.

Requests for information may be sent to the Operator in writing via post, by email to the attention of the Operator’s data protection officer (please see the officer’s contact details in section 17 below). The Operator shall provide the information to the address provided by You in writing, as soon as possible but at the latest within 30 days counted from the delivery of your request.

Please be informed that information on any data is provided free of charge, unless your request is manifestly unfounded or excessive.

13.2 Correction

You have the right to have your Personal Data rectified if it is inaccurate or incomplete.

If You inform the Operator that your Personal Data being processed is inaccurate or incomplete or the Operator itself becomes aware of the inaccuracy during the operation of the Website, the Personal Data will be corrected by the Operator.

The Operator will notify You of the correction or of the rejection of your request for rectification.

13.3 Erasure

You have the right to request the deletion or removal of your Personal Data from our systems.

Personal data shall be blocked if, on the basis of our information, it is presumable that the deletion would harm your legitimate interests. The blocked Personal Data shall only be processed for as long as there is a particular purpose for the data processing which prevented the deletion of the Personal Data.

The Operator will notify You of the erasure or the blocking, or of any refusal of your related request.

13.4 Marking

The Operator shall mark the personal data it processes if you dispute its correctness or accuracy but the inaccuracy of the disputed personal data cannot be clearly established.

13.5 Objection or Restriction of Processing

You have the right to ask us to stop using all or some of your Personal Data or to limit our use of it.

The Operator shall examine the objection or restriction request as soon as possible, but not more than 15 days from the submission of the request, and shall make a decision on its merits and inform you in writing of its decision.

If the request is well founded, the Operator shall restrict the data process accordingly or terminate the processing of the data, including further data collection and transfer, shall block the data, and inform all persons to whom the Personal Data subject to the objection have previously been transmitted, and who are required to take action to enforce the right of objection.

13.6 Data portability

You have the right to receive Personal Data made available to you in a structured, widely used, machine-readable format, and to transfer such data to another data controller without any hindrance from us.

13.7 Non-cooperation in direct marketing

You have the right to refuse cooperation in relation to so-called direct marketing letters at any time without giving any reason. Within this framework, You have the right to refuse or prohibit the inclusion of your name on the contact or acquisition list, the use for direct marketing purposes.

13.8 Notification of change of data

You are entitled and obliged to report any changes in the data processed by the Operator within 15 days. You are solely responsible for the consequences of your failure to do so.

13.9 Withdrawal of consent

The legal basis of Operator’s data processing is your consent, You may withdraw your consent to the data processing at any time, without prejudice to the legal basis of the data processing prior to the withdrawal of the consent. We shall not process your Personal Data after your consent has been withdrawn and it shall be erased from our records of any kind.

13.10 Right to legal remedy

You may seek the advice of the National Authority for Data Protection and Freedom of Information (address: H-1125 Budapest, Szilágyi Erzsébet fasor 22 / c.) in relation to complaints regarding the protection of Personal Data and data processing issues, and may seek legal remedy before a court. Should you wish to report a complaint or if you feel that Operator has not addressed your concern in a satisfactory manner, you may contact the authority via the below contact details:

Postal address: 1530 Budapest, Pf. 5. Email: [email protected].

13.11 Restriction of rights

In exceptional cases, the above rights may be restricted by statutory provision, in particular to protect the rights of the data subject or others.

The Operator shall provide data contrary to your data processing statement to any authorized entity, in cases determined by law exclusively.

The Provider reserves the right to occasionally ask You to make some changes in the usage of its system, Website or Services. Should you not comply with these requirements, the Operator may suspend its Services, and block your account on the Website.

14. Data protection officer

Operator shall employ a data protection officer to comply with the applicable laws and fulfill the rights of the Data Subject.

Name of the data protection officer: Gergely Sinka

E-mail address: [email protected]

Postal address: H-1136 Budapest, Tátra utca 5/A 1. em. 2. ajtó

15. Managing privacy incidents

In order to prevent and manage data protection incidents and comply with applicable legal requirements, the Operator shall log and continuously analyse and monitor access and access attempts on its information systems.

If the employees of the Operator authorised for inspection in the course of performing their duties detect a data protection incident, they shall immediately inform the Operator's manager.

Employees of the Operator are required to report to their direct superior or to the person exercising the employer’s rights if they become aware of a privacy incident.

A privacy incident can be reported to the Operator's email address and telephone number specified in Section 2 above. If a privacy incident is reported, the Operator shall promptly investigate the incident, identifying the incident and deciding whether it is a genuine incident or a false alarm.

In the event of a data protection incident, the Operator shall demarcate, isolate the systems, persons and data concerned and ensure that the evidence supporting the occurrence of the incident are collected and retained, moreover it shall notify the competent authority immediately, but no later than 72 hours after becoming aware of the privacy incident. Thereafter, the Operator shall begin to repair the damage and restore legally compliant operation.

The Operator shall keep a record of privacy incidents, which shall include:

  • the scope of Personal Data concerned;
  • the scope and number of persons affected by the data protection incident;
  • time of the data protection incident;
  • circumstances and effects of the data protection incident;
  • the measures taken to remedy the privacy incident;
  • other data as defined by the law governing the Data Processing.

Records of incidents of data protection incidents shall be retained for 5 years.

16. Privacy Policy of Other Websites

The Website contains links to other websites. Our privacy policy applies only to our Website, so if You click on a link to another website, You should read their privacy policy.

17. Change of Control

We can also share your Personal Data as part of a sale, merger or change in control, or in preparation for any of these events. Any other entity which buys the whole or part of our business will have the right to continue to use your Personal Data, but only in the manner set out in this privacy policy unless You agree otherwise.

18. CHILDREN'S PRIVACY

The Operator does not knowingly collect information from children under the age of 13, and children under 13 are prohibited from using our Services. If you learn that a child has provided us with personal information in violation of this Privacy Policy, you can alert us at our official email address: [email protected].

19. Other provisions

You may use our Website only as per this privacy policy and permitted by law.

The Operator reserves the right to unilaterally amend this privacy policy at any time. In the event of any change to any of these provisions as a result of the above, we shall publish a modified version of this privacy policy on the Website, so please periodically review the current content of this privacy policy.

If We make material changes, We will provide notice through our Website, or by other means, to provide you the opportunity to review the changes before they become effective.

You acknowledge that your continued use of our Website after We publish or send a notice about our changes to this privacy policy means that the processing, use and transfer of your Personal Data is subject to the updated privacy policy.

If You have any questions about this privacy policy, the Personal Data we hold on You, or You would like to exercise one of your data protection rights, please do not hesitate to contact us.

Email us at: [email protected]

Cat with a chat cloud