ConfigCat Szolgáltató és Fejlesztő Korlátolt Felelősségű Társaság (seat: H-1032 Budapest, Bécsi út 219. 9. em. 47.; company registry number: 01-09-352162; “Operator” or “Data Controller” or “We”) as the operator of the website www.configcat.com (“Website”) and provider of the services in relation to the software development kits, configuration panels, Website and related services (collectively referred to as: "Services”) is committed to protect the privacy of its –potential– users, clients, partners therefore pays close attention to ensure that the collection, management, use, processing and possible transfer of personal data are conducted in accordance with the provisions of the relevant laws, national and international recommendations with special regard to the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”).
Voluntary and determined expression of the will of the data subject which is based on appropriate information, and by which the data subject gives his/her unambiguous consent to the complete or specific processing of personal data concerning him or her.
ConfigCat Kft. (seat: 219 Bécsi út, 1032 Budapest, Hungary; company registry number: 01-09-352162).
Unlawful handling or processing of personal data, including in particular unauthorized access, alteration, transmission, disclosure, deletion or destruction, and accidental destruction or damage;
Regardless of the method used, any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, including but not limited to collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Any natural or legal person, or any organization without legal personality, which processes personal data on behalf of the Data Controller.
Member state of the European Union and other state that is member of the Agreement on the European Economic Area, furthermore, state citizen of which shall enjoy the same legal status as a citizen of a member state of the European Economic Area, based on the international agreement concluded between the European Union and its member states and states that are not members of the Agreement on the European Economic Area.
An automated processing system for the purpose of ensuring the verifiability of the lawfulness of processing operations carried out with Personal Data by electronic means.
Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Collectively all information that was submitted to the Website.
Any state that is not an EEA State.
Any natural or legal person or any organization without legal personality, who is not the Data Subject, the Data Controller or the Data Processor;
Company name: ConfigCat Szolgáltató és Fejlesztő Korlátolt Felelősségű Társaság
Seat: H-1032 Budapest, Bécsi út 219. 9. em. 47.
Company registry number: 01-09-352162
Contact details: [email protected]
We only process Personal Data of individuals who agreed to our Terms & Conditions and to the processing or transferring of personal data to third parties or if it is ordered by law or decree of the local government - adopted on the basis of any act, within the scope specified therein - for public interest purpose. Concerning data processed by company administrators who accepted the Terms & Conditions when claiming their respective company listings, the company administrators shall be considered as data processors.
The Operator manages the data of the
Personal Data are either (i) provided by You or (ii) provided by a registered user or (iii) provided by a third parties who are entitled to transfer personal data (iv) partially inferred from publicly available sources over which you have full editing control that are referenced for your benefit and to enable the services the Operator provides.
By (i) submitting your Personal Data to the Operator through the registration process, (ii) verifying your Consent to the Data Processing via email without visiting the Website, (iii) submitting Personal Data while using the Website without registration, (iii) submitting Personal Data while using the Services, your consent to data processing is deemed to be granted. By storing the information provided during registration, the Operator is enabled to provide a more convenient service but registration is nevertheless optional.
Your Consent is deemed to be granted when You or the administrator of a claimed company (i) click the relevant box of the pop-up message of the Website, (ii) send personal data to our postal, email or other address, (iii) make technical settings while using information society services, and (iv) make any other statement or action which clearly indicates, in the given context, that it is your Consent.
By submitting your personal information to us, you warrant that you are entitled to such processing including in particular the transfer of data and that all data provided are accurate. The Operator disclaims all liability for any claim made in connection with the breach of the above warranty, and at the same time, You shall be liable for any loss or damage suffered by the Operator as a result of the falsity or mistake of these warranties.
When You sign up to our Website, your email address and password are required to create a personal account. Once you have an account, you shall minimize the Personal Data uploaded to the Website, however you can edit your personal profile with the information you acknowledge that you would like to make public and accessible. You may be requested to upload your configuration while using our Services. In this case, you agree that your profile information (your name, email address and your company’s name) and the content you post may be viewed by other users of our Service and third parties we do not control.
If You contact us (via email, phone, chat or through third party services) for technical support or to inquire about any of our services, You may share information about your company listings or personal profile that may be recorded on your behalf. We may also process and store the contents of the message and/or attachments you may send us, and any other information you may choose to provide. We may also receive a confirmation when you open an email from us. You can edit any information added to your personal profile or company listings at any time at your convenience.
When You have to perform a payment, You may be requested the following information: (i) name, (ii) billing address, (iii) credit card information (i.e. card number, name of the card holder, expiration date etc.) and tax number. We do not store payment card details and all payments are processed and handled by third party payment processors. The current processors are: https://chargebee.com, https://braintreepayments.com, https://paypal.com, https://stripe.com. While some of the payment pages’ interfaces may resemble our livery, they are operated by such payment processors, which we may choose to change per our full discretion.
The Operator also may process Personal Data if it is required for Know Your Customer (KYC) and Anti-Money Laundering (AML) purposes, and when We need to process your information to execute payments.
When you use our Services, we may collect information about your engagement with and utilization of our Services, such as processor and memory usage, storage capacity, navigation of our Services, and system-level metrics. We use this data to operate the Services, maintain and improve the performance and utilization of the Services, develop new features, protect the security and safety of our Services and our customers, and provide customer support. We also use this data to develop aggregate analysis and business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of our business.
If you choose to link our Services to a third-party account, we may receive information about that account, such as your authentication token from the third-party account, to authorize linking. If you wish to limit the information available to us, you should visit the privacy settings of your third-party accounts to learn about your options.
We may also receive information about you from our third party partners and combine it with data that we have about you. These current third-party partners are the following:
The Operator collects personal information from You only (i) it is ordered by law or decree of the local government, (ii) when we need the personal information to perform the obligation stated in the contract concluded with You; (iiI) when the processing is in our legitimate interests; or (iv) when we have your consent to do so. We have a legitimate interest in operating our Services and communicating with you as necessary to provide these Services, for example when responding to your queries, improving our platform, undertaking marketing, or for the purposes of detecting or preventing illegal activities. In some cases, we may also have a legal obligation to collect personal information from You or may otherwise need the personal information to protect your vital interests or those of another person. If we ask You to provide personal information to comply with a legal requirement or to perform our contractual obligation, we will make this clear at the relevant time and advise you whether the provision of Your personal information is mandatory or not (as well as of the possible consequences if You do not provide your personal information.
The Operator gathers different types of Personal Data to improve its services, in order to personalize valuable features for your benefit, also to enable You to set up an account and customize your public personal profile.
We use your personal information to help You log in, authenticate You, to edit settings, and provide support.
We may provide access to our partners to generally post advertisements on the platform that our service may automatically notify You of (via email, internal message/notification/news feed, phone call) depending on the preferences You have set.
Accordingly, the purpose of the data processing is as follows:
For the purpose of ensuring the verifiability of the lawfulness of processing operations carried out with Personal Data by electronic means, the Operator records in an automated processing system (“Electronic Logbook”)
The Personal Data recorded in the Electronic Logbook may only be accessed and used for the purpose of verifying the lawfulness of processing and enforcing data security requirements, as well as conducting criminal proceedings.
At the request of the authority or a person or organisation engaged in an activity specified by the law for a purpose described in the above paragraph the Operator shall provide access to the Electronic Logbook and shall transfer data from the logbook to the requesting party.
The data recorded in the Operator’s record, as well as the Electronic Logbook, shall be retained for 10 years after the deletion of the processed data.
Personal Data provided to the Operator may be known and handled by the Operator's employees, executives, consultants, data processors to whom You consented for your Personal Data to be transferred.
In accordance with the legal requirements, courts and certain authorities have the right to ask for Personal Data processed by the Operator. The court, prosecutor's office and other authorities (e.g. police, tax authorities, Hungarian National Authority for Data Protection and Freedom of Information) may contact the Operator for provision of information or documents or data transfer. In these cases, We have to fulfil our reporting obligation to the extent necessary to achieve the purpose of the request.
If there is a significant change in ownership to our business (acquisition, merger, bankruptcy, sale of our assets or similar) then we shall notify you as soon as possible. When a service requires sharing your personal information with third parties, we explicitly request your consent.
Further to the above primary transfer, the Operator shall rely on the assistance and services of data processors (in particular, but not exclusively accountants, IT service providers) for its data controlling activities. Data Processing is carried out on the basis of a data processing contract concluded between the Operator and the data processor, which ensures the data processor's confidentiality obligation and thus the security of data processing.
We may share Personal Data provided to us in specific cases with third parties who cooperate with us or act on our behalf if this is necessary to achieve the purpose for which the data has been provided. However, We made sure that these third parties shall properly protect the information and data.
The Operator may use external service providers for routine server maintenance, data storage, or other IT tasks in accordance with generally accepted privacy practices.
As soon as the conditions for the lawful control or transfer of data are not met, the Operator shall promptly take action to erase Personal Data from the database and notify You of the fact of erasure.
Your Personal Data may be forwarded to third countries, especially to the United States of America, because in certain cases the employees, contractors, sub-contractors of the Operator are located outside of EEA states and perform services from these states. In this case – such as in case of data transfer within the EEA – the transfer of data is conducted in compliance with the applicable laws.
Personal Data stored in the electronic information systems or the ordinary paper data carriers is processed with the utmost discretion as strictly confidential, and the Operator protects them by all legal means, particularly by technical and organisational measures against unauthorised access, alteration, transfer, publishing, other abuse, erasure and eradication or accidental loss. Within the scope of organisational measures, we ensure surveillance of physical access to our buildings, and store our paper documents confidential with adequate protection and the Personal Data may only be accessed by duly authorized staff that have undertaken confidentiality.
We collect information from multiple sources and your input and primarily store them on global servers that are based in the European Economic Area. These server providers, due to their locations, may have different data privacy standards than those that apply to the Central and Eastern European area.
We will use technical and organisational measures to safeguard your Personal Data. The Operator securely stores your data at
The closed IT system of the Operator offers adequate protection for the processing of Personal Data in electronic information systems, the authenticity and validity of data is ensured, the Personal Data is unaltered, and protected against unauthorised access. We and our partners ensure the protection of the Personal Data and only strictly use them with purpose limitation. Only authorised persons have access to Personal Data, the authenticity and validity of Personal Data is ensured, the Personal Data is unaltered and protected against unauthorised access.
The Operator ensures the security of Personal Data through such technical, management and organisational measures, which offer a level of protection appropriate for the risks arising in connection with Data Processing. We have adopted widely accepted technological and operation safety solutions in order to counter the loss, alteration, eradication or abuse of identifiable Personal Data. We make every effort to ensure the protection of Personal Data processed by the Operator through appropriate confidentiality and technical and security measures. The Operator excludes liability for hacker attacks.
A cookie is a small file that is sent to your browser and saved on your device when you visit a website. Cookies are stored on the browser or hard drive of your computer or mobile device when someone visits or browses a webpage, based on their consent. The most frequent purpose of cookies is to elevate user experience and data collection regarding the use and visitation of the webpage, allow efficient operation of a website and improve its performances, provide information to the site owner for statistical or advertising purposes, mainly to customize your browsing experience by remembering your preferences. Cookies do not identify the visitor and are not appropriate to run applications or viruses. Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information.
When You visit our Website, We may collect information from you automatically through cookies or similar technology.
The user has the opportunity to deny the consent in cookie usage by simply visiting the preference panel of the Web Browser used for the website visit. In any case, we clearly state that any potential denial in cookie usage consent by the user may comport a potential limitation during the website use.
Upon your consent, We may collect log information about your use of the Website, including the type of browser that you use; the time, duration and frequency of your access; website pages viewed; your IP address; and the page You visited before visiting our Website.
Upon your consent, We may collect information about the computer or mobile device that You use to access our Website, including the hardware model, operating system and version, unique device identifiers, and mobile network information.
Upon your consent, We may collect information about the location of your device each time you use our Website. We may transfer this information for third parties for direct marketing purposes.
The Website may contain links, call to action buttons to links or promotions that highlight other affiliate or partner websites not operated or controlled by us. We are not responsible for the content, accuracy or opinions expressed on such websites, and We do not consistently monitor or check for accuracy or completeness on these websites. In providing our services, We strive to ensure that only the most relevant partners of the highest quality are recommended, promoted or shown to users. Your browsing and interaction on any other website linked to from www.rocketshepherd.com, are subject to that website's own rules and policies. Such third parties may use their own cookies or other methods to collect information about you, for which We bear no responsibility.
You have the right to request copies of the information We hold about You at any time, furthermore about the source, purpose, legal basis, duration, data processor's name, address and activities related to data processing, as well as the legal basis and recipient of the data transfer.
Requests for information may be sent to the Operator in writing via post, by email to the attention of the Operator’s data protection officer (please see the officer’s contact details in section 17 below). The Operator shall provide the information to the address provided by You in writing, as soon as possible but at the latest within 30 days counted from the delivery of your request.
Please be informed that information on any data is provided free of charge, unless your request is manifestly unfounded or excessive.
You have the right to have your Personal Data rectified if it is inaccurate or incomplete.
If You inform the Operator that your Personal Data being processed is inaccurate or incomplete or the Operator itself becomes aware of the inaccuracy during the operation of the Website, the Personal Data will be corrected by the Operator.
The Operator will notify You of the correction or of the rejection of your request for rectification.
You have the right to request the deletion or removal of your Personal Data from our systems.
Personal data shall be blocked if, on the basis of our information, it is presumable that the deletion would harm your legitimate interests. The blocked Personal Data shall only be processed for as long as there is a particular purpose for the data processing which prevented the deletion of the Personal Data.
The Operator will notify You of the erasure or the blocking, or of any refusal of your related request.
The Operator shall mark the personal data it processes if you dispute its correctness or accuracy but the inaccuracy of the disputed personal data cannot be clearly established.
You have the right to ask us to stop using all or some of your Personal Data or to limit our use of it.
The Operator shall examine the objection or restriction request as soon as possible, but not more than 15 days from the submission of the request, and shall make a decision on its merits and inform you in writing of its decision.
If the request is well founded, the Operator shall restrict the data process accordingly or terminate the processing of the data, including further data collection and transfer, shall block the data, and inform all persons to whom the Personal Data subject to the objection have previously been transmitted, and who are required to take action to enforce the right of objection.
You have the right to receive Personal Data made available to you in a structured, widely used, machine-readable format, and to transfer such data to another data controller without any hindrance from us.
You have the right to refuse cooperation in relation to so-called direct marketing letters at any time without giving any reason. Within this framework, You have the right to refuse or prohibit the inclusion of your name on the contact or acquisition list, the use for direct marketing purposes.
You are entitled and obliged to report any changes in the data processed by the Operator within 15 days. You are solely responsible for the consequences of your failure to do so.
The legal basis of Operator’s data processing is your consent, You may withdraw your consent to the data processing at any time, without prejudice to the legal basis of the data processing prior to the withdrawal of the consent. We shall not process your Personal Data after your consent has been withdrawn and it shall be erased from our records of any kind.
You may seek the advice of the National Authority for Data Protection and Freedom of Information (address: H-1125 Budapest, Szilágyi Erzsébet fasor 22 / c.) in relation to complaints regarding the protection of Personal Data and data processing issues, and may seek legal remedy before a court. Should you wish to report a complaint or if you feel that Operator has not addressed your concern in a satisfactory manner, you may contact the authority via the below contact details:
Postal address: 1530 Budapest, Pf. 5. Email: [email protected]
In exceptional cases, the above rights may be restricted by statutory provision, in particular to protect the rights of the data subject or others.
The Operator shall provide data contrary to your data processing statement to any authorized entity, in cases determined by law exclusively.
The Provider reserves the right to occasionally ask You to make some changes in the usage of its system, Website or Services. Should you not comply with these requirements, the Operator may suspend its Services, and block your account on the Website.
Operator shall employ a data protection officer to comply with the applicable laws and fulfill the rights of the Data Subject.
Name of the data protection officer: Gergely Sinka
E-mail address: [email protected]onfigcat.com
Postal address: H-1032 Budapest, Bécsi út 219. 9. em. 47.
In order to prevent and manage data protection incidents and comply with applicable legal requirements, the Operator shall log and continuously analyse and monitor access and access attempts on its information systems.
If the employees of the Operator authorised for inspection in the course of performing their duties detect a data protection incident, they shall immediately inform the Operator's manager.
Employees of the Operator are required to report to their direct superior or to the person exercising the employer’s rights if they become aware of a privacy incident.
A privacy incident can be reported to the Operator's email address and telephone number specified in Section 2 above. If a privacy incident is reported, the Operator shall promptly investigate the incident, identifying the incident and deciding whether it is a genuine incident or a false alarm.
In the event of a data protection incident, the Operator shall demarcate, isolate the systems, persons and data concerned and ensure that the evidence supporting the occurrence of the incident are collected and retained, moreover it shall notify the competent authority immediately, but no later than 72 hours after becoming aware of the privacy incident. Thereafter, the Operator shall begin to repair the damage and restore legally compliant operation.
The Operator shall keep a record of privacy incidents, which shall include:
Records of incidents of data protection incidents shall be retained for 5 years.
If We make material changes, We will provide notice through our Website, or by other means, to provide you the opportunity to review the changes before they become effective.
Email us at: [email protected]
Effective Date: Sep 7, 2021