Privacy Policy

The minup.io service (the “Service”) is a cloud-based online appointment booking system that could be embedded in a website.

Minup Informatikai Kkt. (hereinafter referred to as the “Service Provider”) is the data controller and service provider, which is also the data processor for the user using the Service.

Company details:
Company name: Minup Informatikai Kkt.
Representative: Ádám Gyula Marjai
Postal address: 1074 Budapest Csengery utca 24. 3/28
Phone number: +36204205112
Email: [email protected]
Tax number: 27399664-1-42.
VAT: HU27399664.
Company registration number: 01-03-025979
Lead bank account: Revolut Bank UAB
Bankszámlaszám: LT303250094195311168

Contact person for data management: Áron Dudás
Email address: [email protected]
Phone number: +36704208270

Users of the minup.io online booking system:

Visitors: visitors who visit our Site and do not intend to use our services either as a User or as an Appointment Booker.

Users or Customers: a natural person, directly or indirectly identifiable as an individual, creates an instance of the appointment booking system through the registration of their representative and uses the service with the intention of managing their appointments. Users are considered as data controllers for the purposes of data management with respect to the Appointment Bookers.

Appointment bookers: those who book an appointment for a particular service on the Users’ system and, by booking an appointment on the User’s website, also submit their personal data to our company’s system as a data processor.

The minup.io online appointment booking system collects and processes personal data from its Users for the purposes and to the extent described in the following paragraphs:

I. All our users (Visitor, User, Appointment Booker)

By visiting our website, our visitors place technical data from their own devices on the web servers of www.minup.io.

A.) Management of cookies

1. The Service Provider’s website and the Appointment Booking System use cookies. Cookies are text files that are stored by your browser on your hard drive. Their content includes the Web pages and advertisements you visit and search for. However, cookies do not contain any personal data such as name, address, e-mail address, etc. The cookie is used by the visitor of the site, for example, to obtain access to information on a page.

2. You do not need to have any special settings on your browser to download cookies to your computer. By default, your browser will accept cookies and store them in a list (e.g. “Temporarily downloaded Internet files”), as there is no risk involved. If you do not want the operator to use cookies, you can deactivate the acceptance of cookies in your web browser. For more information on this, please refer to the help of your browser.

3. If you accept the cookies, they will be stored on your computer unless you delete them earlier. However, please note that not using cookies may result in limited functionality of our website.

4. Please be aware that when using this website, you may also receive 3rd party cookies on your device to help us share content on social networking sites, to provide traffic statistics or to support our marketing activities.

List of 3rd party cookies used in connection with the Service Provider’s website and the Appointment Booking System:

– Google Analytics

– Hotjar

5. If you do not want to accept certain types of cookies, you can set your browser to not allow a unique identifier or to warn you if the website wishes to send you a cookie. Please refer to your internet browser instructions or help screen to learn more about these features and to fine-tune your cookie settings.

6. By using the Service, the User accepts that by restricting the operation of cookies, certain functions of the website may become inoperable.

B.) Our data processors
– Hetzner
We use Hetzner servers to operate the Service. The servers are located within the European Union (Helsinki, Finland).
Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany
Retention period: see the block on the management of data recorded in the reservation system.

– Hotjar (GDPR)
We collect technical data about visits to the website and use of the Service using Hotjar. The data collected by Hotjar (e.g. device type, browser type, language settings, referring website address, IP address of the browser device and other geographic data) is stored anonymously, independently of personal data, and is used as the basis for statistical analysis to optimize the usability and marketing of the system.

Hotjar Ltd

Dragonara Business Centre

5th Floor, Dragonara Road,

Paceville St Julian’s STJ 3141

Malta

Retention period: anonymous data collected by Google Analytics will be retained for up to 3 years.

 

– Google Analytics

We collect technical data about visits to the website and use of the Service using Google Analytics. The data collected by Analytics (e.g. device type, browser type, language settings, referring website address, IP address of the browser device and other geographic data) is stored anonymously, independently of personal data, and is used as the basis for statistical analysis to optimize the usability and marketing of the system.

Retention period: anonymous data collected by Google Analytics will be retained for up to 3 years.

II. Users (Customers)

A.) Data processing related to registration, creation and maintenance of the booking system.

Legal basis: the processing is based on the performance of the contract established by the User or his/her natural person representative by registering for the Service, completing the registration form and ticking the checkbox indicating acceptance of this Privacy Policy (Article 6 (1) b GDPR).

Purpose: performance of the between the Customer and the service provider, including the creation of a new appointment booking system with default settings for the User, identification of the User, enabling contact, information about functions and services.

Data processed: full name, email address, password, telephone number, booking system ID, and data entered during the booking system setup (e.g. opening hours, services, language settings, etc.)

Duration of processing: the User’s data will be stored for as long as the system is used. In the event that their account is deleted, the data will be retained for a maximum of 1 year after deletion.

B.) Customer service related data processing (product support)

Legal basis: expressed consent of the User when filling in the registration form.

Purpose: to proactively support registered Users: offer help in setting up the system, assess customer satisfaction, specific needs; answer customer incoming calls, support Users in using the system, complaints handling and other general contact functions.

Data processed: name, telephone number, non-personal customer service records of requests, questions, technical problems and data provided during registration (see above).

Duration of data processing: see the chapters on data processing related to registration, creation of a reservation system.

C) Our data processors
– Pendo
We collect information about visits to the website and use of the Service through Pendo. The data collected by Pendo (e.g.: user email address, device type, browser type, language settings, referring website address, browser device IP address, other geographic data, pages viewed, features used) is used as the basis for statistical analysis to optimize the usability and marketing of the system.
Pendo.io, Inc.
150 Fayetteville St
Raleigh, NC, 27601-1395
United States
Retention period: data collected by Pendo will be kept for a maximum of 3 years.

– Auth0
We use Auth0 to provide users with access to the administrator interface. (Data Privacy Compliance).
Auth0 Inc.
10800 NE 8th Street, Suite 700,
Bellevue, WA 98004,
USA
Retention period: see the block on the management of data recorded in the reservation system.

– Postmark
Electronic mail sent by the Service is sent via the Postmark service. (EU Data Protection) The data collected by Postmark (e.g. email opens, link opens, device type, type of mailing system, operating system, other geographic data) are used as a basis for statistical analysis to optimize the usability and marketing of the system.
Wildbit
1800 JFK Blvd, Suite 300
#96864
Philadelphia, PA 19103
Retention period: emails are retained for 45 days after delivery for debugging purposes, after which they are automatically deleted.

– Mailerlite
Product update emails are sent out using Mailerlite (GDPR Compliance). Data processed: name, email address, language.
MailerLite, Inc., Delaware corporation
548 Market St., PMB 98174
San Francisco, CA 94104-5401
United States
Retention period: until the service is provided or until the data subject’s consent is withdrawn (request for deleting account). Withdrawal of consent is possible by using the link at the bottom of the email or by sending an email to [email protected].

– Hubspot
Customer relationship management is done through Hubspot (GDPR Compliance). Data processed: name, email, phone number, booking page identifier, lead source, industry, title, system usage, communication with the customer.
25 First Street, 2nd Floor
Cambridge, MA 02141
United States
Retention period: until the service is provided or until the data subject’s consent is withdrawn (request for erasure). The withdrawal of consent is possible by sending an email to [email protected].

– Sentry
We use the Sentry to report bugs in the application (GDPR compliance). The data collected by Sentry (e.g. bugs encountered while using the software, device type, browser type, referring website address, IP address of the browser device) is stored anonymously and independently of any personal data.
Functional Software, Inc. dba Sentry
45 Fremont Street, 8th Floor
San Francisco, CA 94105
United States
Retention period: data collected by Sentry will be retained for up to 90 days.

– Számlázz.hu
Our invoices are issued, invoice details are stored and payment status is tracked in Számlázz.hu (Privacy Policy). Data collected: billing name, billing address, payment method and details, email, phone number, tax number.
KBOSS.hu Ltd.
1031 Budapest, Záhony utca 7.
Hungary
Retention period: invoices issued must be retained for 8 years from the date of issue of the invoice, pursuant to Section 169 (2) of the Public Procurement Act. Please be informed that if you withdraw your consent to the issuing of an invoice, the Data Controller is entitled to keep your personal data obtained during the issuing of the invoice for 8 years pursuant to Section 6 (5) a) of the Information Act.

Revolut
Credit card payments are processed using the Revolut Merchant API service (Data Protection). Data collected: credit card data provided during credit card payments (e.g. cardholder name, credit card number, expiry date)
REVOLUT BANK UAB
Konstitucijos ave. 21B,
Vilnius, LT-08130,
Lithuania.
Retention period: until the service is provided or until the data subject’s consent is withdrawn (request for deletion). Consent can be withdrawn by sending an email to [email protected]

D) Access your Google Calendar data (Optional feature)

One-way and two-way calendar synchronisation are optional features in Minup. In case the User wants to use these features, Minup will ask for permission to access certain data in Google Calendar.

One-way synchronization:
One-way sync enables you to automatically synchronise events to your Google Calendar every time a new event is created, modified or deleted in your Minup Calendar, so you can see everything in one place.

We’ll ask for permission to process your existing Google Calendar name so you can see if you already have a calendar you’ve created, so you can reuse it to sync your events instead of creating a new one. This is useful if you switch from two-way sync to one-way sync, or vice versa.

We also ask permission to create a new calendar that we manage. This calendar will be called Minup Calendar and we will create all the events that we sync from Minup to your Google Calendar. So we will only need access to this calendar and will not be able to read, edit or delete any of your other events.

For one-way sync, we only store the ID and time zone of the calendar we created in your Google Calendar.

Two-way synchronisation:
Two-way sync includes everything from one-way sync, plus we’ll ask for permission to use your primary Google Calendar to keep your schedule up to date and prevent double-bookings with personal events and appointments.

We request permission to view all of your event information so that Google can notify us if anything changes on your Google Calendar, and we can update your contact information on your Minup Calendar.

For events from your primary Google calendar, we will only store the event ID, the date and time of the event, and a link pointing to the event in your calendar. We will not store the title, description, participants or location of your personal events in our database.

III. Appointment bookers

A.) Processing of data recorded in the Users’ reservation systems

Legal basis: a natural person booking an appointment on the User’s website without registering and providing personal data by ticking the checkbox indicating acceptance of the privacy policy, gives consent to the processing of data (Article 6 (1) a GDPR), the Service Provider is considered a data processor and the User is considered a data controller in relation to these data.

Purpose: the purpose of the data processing is to support the User in the management of appointments, the reception of their clients and the provision of the service, e.g.: preparation for the provision of the service, identification of the client appearing at the agreed appointments, information on possible changes or cancellations of appointments, information, follow-up address, management of technical information automatically received from the browser (e.g.: type of device, operating system, language setting, display size, type). The purpose of data processing is to manage the booking of appointments related to the User’s service, to receive customers and to carry out practical and organizational tasks related to the provision of the service.

Data processed: full name, email address, telephone number, booking system identifier, selected service provider, service chosen for the booking, time chosen, arrival time, any other data specified by the User in the form to be filled in when making the booking, IP address of the User collecting the booking, processing of technical information automatically received from the browser (e.g.: type of device, operating system, language setting, display size, type).

Duration of data processing: the data will be kept in the booking system database for a maximum of 1 year after the last booked date related to the User’s customer.

B.) Personal data of children
Minup does not intend to request personal data from any person under the age of 16. If Minup does obtain such data, Minup Informatikai Kkt. will immediately delete the data of the child or minor from the database.
C.) Our data processors

– Postmark
Electronic mail sent by the Service is sent via the Postmark service. (Privacy Notice)
Wildbit
1800 JFK Blvd, Suite 300
#96864
Philadelphia, PA 19103
Retention period: emails are retained for 45 days after delivery for debugging purposes, after which they are automatically deleted.

– Pendo
We collect data about visits to the website and use of the Service through Pendo (GDPR Notice)
Pendo.io, Inc.
150 Fayetteville St
Raleigh, NC, 27601-1395
United States
Retention period: see the block on the management of data recorded in the reservation system.

The Service Provider reserves the right to change and expand the list of data processors as necessary, given that Users may request information from the Service Provider at any time about the identity and contact details of their data processors. The Service Provider undertakes to ensure that the data processors it engages fully comply with the applicable data protection rules in force at any given time.

V. Transmission of data

The Service Provider does not transfer the personal data of Users and Appointment Bookers to third parties.

VI. Data security

1.The Service Provider shall take all necessary security, organizational and technical measures to ensure the highest level of security of personal data and to prevent their unauthorized alteration, destruction and use.

2. The Service Provider shall take all necessary measures to ensure data integrity, i.e. the accuracy and completeness of the personal data it handles and/or processes.

3. The Service Provider shall take appropriate measures to protect the data, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction, damage and loss of access due to changes in the technology used.

4. The Service Provider shall do its utmost to preserve the authenticity and confidentiality of the data processed and to ensure that they are always accessible to the data subjects and the persons entitled to access them.

5. In order to fulfill the above obligations, the Service Provider reserves the right to inform its customers and partners if it detects a security vulnerability in its system, and at the same time to restrict access to the Service Provider’s system, services or certain of its functions until the vulnerability is resolved.

VII. Rights of the data subject

1. Under applicable Hungarian and EU data protection rules, data subjects have the right to.

– receive confirmation/feedback as to whether their personal data are being processed and, if such processing is ongoing, have the right to request access to their personal data. This includes access to the following information: the purposes of the processing, the categories of personal data processed, and the recipients or categories of recipients to whom or which your personal data have been or will be disclosed (Article 15 GDPR);
– the controller to provide users with a copy of their personal data;
– request the rectification of inaccurate personal data or the completion of incomplete personal data (Article 16 GDPR);
– request the erasure of their personal data (Article 17 GDPR);
– restrict the processing of their personal data at their request. In this case, the processing of these data can only be limited to certain purposes (Article 18 GDPR);

2. The Customer and the Service Provider shall use their best endeavors to comply with requests concerning data management. The Customer and the Service Provider may, however, refuse to delete data that is absolutely necessary for the fulfillment of legal obligations incumbent on the Customer and the Service Provider or for the enforcement of the Customer’s and the Service Provider’s legitimate interests. The Customer and the Service Provider shall endeavor to comply with any request for rectification of the data provided or for information on data protection activities as soon as possible and, if possible, within one week of receipt of the relevant request.

3. In addition to the rights set out in the previous point, under Article 21 of the GDPR, Users also have the right to object to the processing of their personal data in the cases set out in the GDPR (for example, where the processing is for direct marketing purposes or where the legal basis for the processing is the legitimate interest of third parties). In case of objection by Users, the Customer or the Service Provider may no longer process their personal data unless they can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Users or for the establishment, exercise or defense of legal claims.

VIII. Right to lodge a complaint and to apply to the courts

Please be informed that if you become aware of a breach of your rights during the processing of your data, you have the following options:

– directly to the Customer or the Service Provider;
– may lodge a complaint with the competent supervisory authority or the National Authority for Data Protection and Freedom of Information (hereinafter referred to as “the NAIH”). The contact details of the NAIH are: headquarters: H-1055 Budapest, Falk Miksa utca 9-11; postal address: 1363 Budapest, PO Box 9; telephone: + 36-1-391-1400; e-mail: [email protected]
– may take legal action against unlawful processing of your personal data and breaches of data security. You may be entitled to compensation and damages as provided by law. For information on the jurisdiction and contact details of the court, please visit the following website: www.birosag.hu

IX Declaration

1. The Service Provider, as Data Controller and Data Processor, acknowledges the contents of this Privacy Policy as binding.

2. The Service Provider undertakes to ensure that its processing of data related to the Service and its operation complies at all times with the provisions set out in this document and in the applicable legislation, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).

3. The Service Provider declares that it acts as a data processor of the Customers with respect to the Users who book an Appointment, in which capacity it is not responsible for the instructions of the Customers. The Service Provider confirms that the processing of personal data in respect of the Appointment Users is carried out in the interest of the Customers and in the manner specified by them.

3. The Service Provider shall make this information available on its website https://minup.io (hereinafter referred to as the “Website”). Amendments to this Privacy Notice shall enter into force upon publication on this Website.

Budapest, 2022.11.28