Privacy Policy
The minup.io service (the “Service”) is a cloud-based online appointment booking system that could be embedded in a website.
Minup Informatikai Kkt. (hereinafter referred to as the “Service Provider”) is the data controller and service provider, which is also the data processor for the user using the Service.
Company details:
Company name: Minup Informatikai Kkt.
Representative: Ádám Gyula Marjai
Postal address: 1074 Budapest Csengery utca 24. 3/28
Phone number: +36204205112
Email: [email protected]
Tax number: 27399664-1-42.
VAT: HU27399664.
Company registration number: 01-03-025979
Lead bank account: Revolut Bank UAB
Bankszámlaszám: LT303250094195311168
Contact person for data management: Áron Dudás
Email address: [email protected]
Phone number: +36704208270
Users of the minup.io online booking system:
Visitors: visitors who visit our Site and do not intend to use our services either as a User or as an Appointment Booker.
Users or Customers: a natural person, directly or indirectly identifiable as an individual, creates an instance of the appointment booking system through the registration of their representative and uses the service with the intention of managing their appointments. Users are considered as data controllers for the purposes of data management with respect to the Appointment Bookers.
Appointment bookers: those who book an appointment for a particular service on the Users’ system and, by booking an appointment on the User’s website, also submit their personal data to our company’s system as a data processor.
The minup.io online appointment booking system collects and processes personal data from its Users for the purposes and to the extent described in the following paragraphs:
I. All our users (Visitor, User, Appointment Booker)
By visiting our website, our visitors place technical data from their own devices on the web servers of http://www.minup.io.
A.) Management of cookies
1. The Service Provider’s website and the Appointment Booking System use cookies. Cookies are text files that are stored by your browser on your hard drive. Their content includes the Web pages and advertisements you visit and search for. However, cookies do not contain any personal data such as name, address, e-mail address, etc. The cookie is used by the visitor of the site, for example, to obtain access to information on a page.
2. You do not need to have any special settings on your browser to download cookies to your computer. By default, your browser will accept cookies and store them in a list (e.g. “Temporarily downloaded Internet files”), as there is no risk involved. If you do not want the operator to use cookies, you can deactivate the acceptance of cookies in your web browser. For more information on this, please refer to the help of your browser.
3. If you accept the cookies, they will be stored on your computer unless you delete them earlier. However, please note that not using cookies may result in limited functionality of our website.
4. Please be aware that when using this website, you may also receive 3rd party cookies on your device to help us share content on social networking sites, to provide traffic statistics or to support our marketing activities.
List of 3rd party cookies used in connection with the Service Provider’s website and the Appointment Booking System:
– Google Analytics
– WordPress.com
– CookieYes
– Hotjar
5. If you do not want to accept certain types of cookies, you can set your browser to not allow a unique identifier or to warn you if the website wishes to send you a cookie. Please refer to your internet browser instructions or help screen to learn more about these features and to fine-tune your cookie settings.
6. By using the Service, the User accepts that by restricting the operation of cookies, certain functions of the website may become inoperable.
B.) Our data processors
Hetzner
We use Hetzner servers to operate the Service. The servers are located within the European Union (Helsinki, Finland).
Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany
Retention period: see the block on the management of data recorded in the reservation system.
Hotjar (GDPR)
We collect technical data about visits to the website and use of the Service using Hotjar. The data collected by Hotjar (e.g. device type, browser type, language settings, referring website address, IP address of the browser device and other geographic data) is stored anonymously, independently of personal data, and is used as the basis for statistical analysis to optimize the usability and marketing of the system.
Hotjar Ltd
Dragonara Business Centre
5th Floor, Dragonara Road,
Paceville St Julian’s STJ 3141
Malta
Retention period: anonymous data collected by Google Analytics will be retained for up to 3 years.
Google Analytics
We use Google Analytics to collect information about visits to the website. From every visitor, the following types of data is collected: device type, browser type, language settings, referring website address, IP address of the browser device and other geographic data. From visitors who are signed in to their Google accounts and have consented to Ads Personalization, additional information is collected that may include end user location, search history, YouTube history, and data from sites that partner with Google—and is used to provide aggregated and anonymized insights into your users’ cross device behaviors. All data is stored anonymously, independently of personal data, and is used as the basis for statistical analysis to optimize the usability and marketing of the website.
Retention period: anonymous data collected by Google Analytics will be retained for up to 3 years.
Pendo
We collect information about visits to the website and use of the Service through Pendo. The data collected by Pendo (e.g.: user email address, device type, browser type, language settings, referring website address, browser device IP address, other geographic data, pages viewed, features used) is used as the basis for statistical analysis to optimize the usability and marketing of the system.
Pendo.io, Inc.
150 Fayetteville St
Raleigh, NC, 27601-1395
United States
Retention period: data collected by Pendo will be kept for a maximum of 3 years.
WordPress.com
We collect the email addresses of newsletter subscribers here.
WooCommerce Ireland Ltd.
Grand Canal Dock, 25 Herbert Pl
Dublin, D02 AY86
Ireland
Rentention period: data collected by WordPress.com will be kept until unsubscribed.
CookieYes
Under GDPR legislation, we use cookies to record and store consent to the processing of your data.
CookieYes Limited
3 Warren Yard Warren Park, Wolverton Mill
Milton Keynes, MK12 5NW
United Kingdom
https://www.cookieyes.com/privacy-policy/
Rentention period: according to legal obligations.
II. Users (Customers)
A.) Data processing related to registration, creation and maintenance of the booking system.
Legal basis: the processing is based on the performance of the contract established by the User or his/her natural person representative by registering for the Service, completing the registration form and ticking the checkbox indicating acceptance of this Privacy Policy (Article 6 (1) b GDPR).
Purpose: performance of the between the Customer and the service provider, including the creation of a new appointment booking system with default settings for the User, identification of the User, enabling contact, information about functions and services.
Data processed: full name, email address, password, telephone number, booking system ID, and data entered during the booking system setup (e.g. opening hours, services, language settings, etc.)
Duration of processing: the User’s data will be stored for as long as the system is used. In the event that their account is deleted, the data will be retained for a maximum of 1 year after deletion.
B.) Customer service related data processing (product support)
Legal basis: expressed consent of the User when filling in the registration form.
Purpose: to proactively support registered Users: offer help in setting up the system, assess customer satisfaction, specific needs; answer customer incoming calls, support Users in using the system, complaints handling and other general contact functions.
Data processed: name, telephone number, non-personal customer service records of requests, questions, technical problems and data provided during registration (see above).
Duration of data processing: see the chapters on data processing related to registration, creation of a reservation system.
C) Our data processors
Pendo
We collect information about visits to the website and use of the Service through Pendo. The data collected by Pendo (e.g.: user email address, device type, browser type, language settings, referring website address, browser device IP address, other geographic data, pages viewed, features used) is used as the basis for statistical analysis to optimize the usability and marketing of the system.
Pendo.io, Inc.
150 Fayetteville St
Raleigh, NC, 27601-1395
United States
Retention period: data collected by Pendo will be kept for a maximum of 3 years.
Auth0
We use Auth0 to provide users with access to the administrator interface. (Data Privacy Compliance).
Auth0 Inc.
10800 NE 8th Street, Suite 700,
Bellevue, WA 98004,
USA
Retention period: see the block on the management of data recorded in the reservation system.
Postmark
Electronic mail sent by the Service is sent via the Postmark service. (EU Data Protection) The data collected by Postmark (e.g. email opens, link opens, device type, type of mailing system, operating system, other geographic data) are used as a basis for statistical analysis to optimize the usability and marketing of the system.
Wildbit
1800 JFK Blvd, Suite 300
#96864
Philadelphia, PA 19103
Retention period: emails are retained for 45 days after delivery for debugging purposes, after which they are automatically deleted.
Mailerlite
Product update emails are sent out using Mailerlite (GDPR Compliance). Data processed: name, email address, language.
MailerLite, Inc., Delaware corporation
548 Market St., PMB 98174
San Francisco, CA 94104-5401
United States
Retention period: until the service is provided or until the data subject’s consent is withdrawn (request for deleting account). Withdrawal of consent is possible by using the link at the bottom of the email or by sending an email to [email protected]
Hubspot
Customer relationship management is done through Hubspot (GDPR Compliance). Data processed: name, email, phone number, booking page identifier, lead source, industry, title, system usage, communication with the customer.
25 First Street, 2nd Floor
Cambridge, MA 02141
United States
Retention period: until the service is provided or until the data subject’s consent is withdrawn (request for erasure). The withdrawal of consent is possible by sending an email to [email protected].
Sentry
We use the Sentry to report bugs in the application (GDPR compliance). The data collected by Sentry (e.g. bugs encountered while using the software, device type, browser type, referring website address, IP address of the browser device) is stored anonymously and independently of any personal data.
Functional Software, Inc. dba Sentry
45 Fremont Street, 8th Floor
San Francisco, CA 94105
United States
Retention period: data collected by Sentry will be retained for up to 90 days.
Számlázz.hu
Our invoices are issued, invoice details are stored and payment status is tracked in Számlázz.hu (Privacy Policy). Data collected: billing name, billing address, payment method and details, email, phone number, tax number.
KBOSS.hu Ltd.
1031 Budapest, Záhony utca 7.
Hungary
Retention period: invoices issued must be retained for 8 years from the date of issue of the invoice, pursuant to Section 169 (2) of the Public Procurement Act. Please be informed that if you withdraw your consent to the issuing of an invoice, the Data Controller is entitled to keep your personal data obtained during the issuing of the invoice for 8 years pursuant to Section 6 (5) a) of the Information Act.
Revolut
Credit card payments are processed using the Revolut Merchant API service (Data Protection). Data collected: credit card data provided during credit card payments (e.g. cardholder name, credit card number, expiry date)
REVOLUT BANK UAB
Konstitucijos ave. 21B,
Vilnius, LT-08130,
Lithuania.
Retention period: until the service is provided or until the data subject’s consent is withdrawn (request for deletion). Consent can be withdrawn by sending an email to [email protected].
OpenAI (Optional)
Write content for booking page using AI. Data processed: Please see section (E) on using Artificial Intelligence.
OpenAI, LLC
3180 18th Street
San Francisco, CA 94110
United States
Retention period: 30 days
D) Access your Google Calendar data (Optional feature)
One-way and two-way calendar synchronisation are optional features in Minup. In case the User wants to use these features, Minup will ask for permission to access certain data in Google Calendar.
One-way synchronization:
One-way sync enables you to automatically synchronise events to your Google Calendar every time a new event is created, modified or deleted in your Minup Calendar, so you can see everything in one place.
We ask for permission to process your existing Google Calendar name so you can see if you already have a calendar you’ve created, so you can reuse it to sync your events instead of creating a new one. This is useful if you switch from two-way sync to one-way sync, or vice versa.
We also ask permission to create a new calendar that we manage. This calendar will be called Minup Calendar and we will create all the events that we sync from Minup to your Google Calendar. So we will only need access to this calendar and will not be able to read, edit or delete any of your other events.
For one-way sync, we only store the ID and time zone of the calendar we created in your Google Calendar.
Two-way synchronisation:
Two-way sync includes everything from one-way sync, plus we’ll ask for permission to use your primary Google Calendar to keep your schedule up to date and prevent double-bookings with personal events and appointments.
We ask for permission to view all of your event information so that Google can notify us if anything changes on your Google Calendar, and we can update your contact information on your Minup Calendar.
For events from your primary Google calendar, we will only store the event ID, the date and time of the event, and a link pointing to the event in your calendar. We will not store the title, description, participants or location of your personal events in our database.
E) Using Artificial Intelligence (AI)
To help you create your booking page, Minup offers AI-supported features within the product.
If you choose to use these features, customer content (including user-generated prompts) will be processed by OpenAI in order to generate content. These models are provided by OpenAI. We will not use your data to train the models.
In order to provide AI, Minup uses the following types of personal data:
User-generated prompts submitted by Users, which the models will use to generate content. This is customer content, and we process it as a data processor on your instructions in order to provide the Services. Please be aware that any personal data you submit as a prompt will be processed by OpenAI.
Usage metadata about how Users engage with AI, which Minup processes as a data controller in order to prevent or address service errors, security or technical issues, and to analyze and monitor usage of AI. Usage metadata includes user generated prompts. OpenAI will store all prompts and responses for 30 days.
III. Appointment bookers
A.) Processing of data recorded in the Users’ reservation systems
Legal basis: a natural person booking an appointment on the User’s website without registering and providing personal data by ticking the checkbox indicating acceptance of the privacy policy, gives consent to the processing of data (Article 6 (1) a GDPR), the Service Provider is considered a data processor and the User is considered a data controller in relation to these data.
Purpose: the purpose of the data processing is to support the User in the management of appointments, the reception of their clients and the provision of the service, e.g.: preparation for the provision of the service, identification of the client appearing at the agreed appointments, information on possible changes or cancellations of appointments, information, follow-up address, management of technical information automatically received from the browser (e.g.: type of device, operating system, language setting, display size, type). The purpose of data processing is to manage the booking of appointments related to the User’s service, to receive customers and to carry out practical and organizational tasks related to the provision of the service.
Data processed: full name, email address, telephone number, booking system identifier, selected service provider, service chosen for the booking, time chosen, arrival time, any other data specified by the User in the form to be filled in when making the booking, IP address of the User collecting the booking, processing of technical information automatically received from the browser (e.g.: type of device, operating system, language setting, display size, type).
Duration of data processing: the data will be kept in the booking system database for a maximum of 1 year after the last booked date related to the User’s customer.
B.) Personal data of children
Minup does not intend to request personal data from any person under the age of 16. If Minup does obtain such data, Minup Informatikai Kkt. will immediately delete the data of the child or minor from the database.
C.) Our data processors
Postmark
Electronic mail sent by the Service is sent via the Postmark service. (Privacy Notice)
Wildbit
1800 JFK Blvd, Suite 300
#96864
Philadelphia, PA 19103
Retention period: emails are retained for 45 days after delivery for debugging purposes, after which they are automatically deleted.
Pendo
We collect data about visits to the website and use of the Service through Pendo (GDPR Notice)
Pendo.io, Inc.
150 Fayetteville St
Raleigh, NC, 27601-1395
United States
Retention period: see the block on the management of data recorded in the reservation system.
If the Customer – where the Appointment Booker booked the appointment – uses the Google Calendar Sync feature, the data entered during the booking will be synchronized with the Google Calendar selected by the Customer. The synchronized data is the email address, name, telephone number and other answers to the questions asked in the forms.
Google Ireland Limited (Registration Number: 368047 / VAT Number: IE6388047V)
Gordon House, Barrow Street
Dublin 4
Ireland
https://policies.google.com/terms
Auth0
We use Auth0 to provide users with access to the administrator interface. (Data Privacy Compliance).
Auth0 Inc.
10800 NE 8th Street, Suite 700,
Bellevue, WA 98004,
USA
Retention period: see the block on the management of data recorded in the reservation system.
The Service Provider reserves the right to change and expand the list of data processors as necessary, given that Users may request information from the Service Provider at any time about the identity and contact details of their data processors. The Service Provider undertakes to ensure that the data processors it engages fully comply with the applicable data protection rules in force at any given time.
V. Transmission of data
The Service Provider does not transfer the personal data of Users and Appointment Bookers to third parties.
VI. Data security
1.The Service Provider shall take all necessary security, organizational and technical measures to ensure the highest level of security of personal data and to prevent their unauthorized alteration, destruction and use.
2. The Service Provider shall take all necessary measures to ensure data integrity, i.e. the accuracy and completeness of the personal data it handles and/or processes.
3. The Service Provider shall take appropriate measures to protect the data, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction, damage and loss of access due to changes in the technology used.
4. The Service Provider shall do its utmost to preserve the authenticity and confidentiality of the data processed and to ensure that they are always accessible to the data subjects and the persons entitled to access them.
5. In order to fulfill the above obligations, the Service Provider reserves the right to inform its customers and partners if it detects a security vulnerability in its system, and at the same time to restrict access to the Service Provider’s system, services or certain of its functions until the vulnerability is resolved.
VII. Rights of the data subject
1. Under applicable Hungarian and EU data protection rules, data subjects have the right to.
– receive confirmation/feedback as to whether their personal data are being processed and, if such processing is ongoing, have the right to request access to their personal data. This includes access to the following information: the purposes of the processing, the categories of personal data processed, and the recipients or categories of recipients to whom or which your personal data have been or will be disclosed (Article 15 GDPR);
– the controller to provide users with a copy of their personal data;
– request the rectification of inaccurate personal data or the completion of incomplete personal data (Article 16 GDPR);
– request the erasure of their personal data (Article 17 GDPR);
– restrict the processing of their personal data at their request. In this case, the processing of these data can only be limited to certain purposes (Article 18 GDPR);
2. The Customer and the Service Provider shall use their best endeavors to comply with requests concerning data management. The Customer and the Service Provider may, however, refuse to delete data that is absolutely necessary for the fulfillment of legal obligations incumbent on the Customer and the Service Provider or for the enforcement of the Customer’s and the Service Provider’s legitimate interests. The Customer and the Service Provider shall endeavor to comply with any request for rectification of the data provided or for information on data protection activities as soon as possible and, if possible, within one week of receipt of the relevant request.
3. In addition to the rights set out in the previous point, under Article 21 of the GDPR, Users also have the right to object to the processing of their personal data in the cases set out in the GDPR (for example, where the processing is for direct marketing purposes or where the legal basis for the processing is the legitimate interest of third parties). In case of objection by Users, the Customer or the Service Provider may no longer process their personal data unless they can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Users or for the establishment, exercise or defense of legal claims.
VIII. Right to lodge a complaint and to apply to the courts
Please be informed that if you become aware of a breach of your rights during the processing of your data, you have the following options:
– directly to the Customer or the Service Provider;
– may lodge a complaint with the competent supervisory authority or the National Authority for Data Protection and Freedom of Information (hereinafter referred to as “the NAIH”). The contact details of the NAIH are: headquarters: H-1055 Budapest, Falk Miksa utca 9-11; postal address: 1363 Budapest, PO Box 9; telephone: + 36-1-391-1400; e-mail: [email protected]
– may take legal action against unlawful processing of your personal data and breaches of data security. You may be entitled to compensation and damages as provided by law. For information on the jurisdiction and contact details of the court, please visit the following website: www.birosag.hu
IX Declaration
1. The Service Provider, as Data Controller and Data Processor, acknowledges the contents of this Privacy Policy as binding.
2. The Service Provider undertakes to ensure that its processing of data related to the Service and its operation complies at all times with the provisions set out in this document and in the applicable legislation, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).
3. The Service Provider declares that it acts as a data processor of the Customers with respect to the Users who book an Appointment, in which capacity it is not responsible for the instructions of the Customers. The Service Provider confirms that the processing of personal data in respect of the Appointment Users is carried out in the interest of the Customers and in the manner specified by them.
4. The Service Provider shall make this information available on its website https://minup.io (hereinafter referred to as the “Website”). Amendments to this Privacy Notice shall enter into force upon publication on this Website.
Budapest, 09.05.2023
