t-systems danone deloitte deutsche-telekom aon clear raiffeisen network menu human scroll-down laurel-left laurel-right telenor cisco general-electric generali greenpeace hewitt ing microsoft wwf colibri facebook twitter linkedin tick
Privacy

Privacy Policy

Be-novative Zrt.

Privacy Policy

Effective on May 25th, 2018.

1. Overview
1.1. Who processes my data?

Be-novative Zrt. and its subsidiary, Be-novative Inc., processes data collected through its website and its application.

Be-novative Zrt.

9700 Szombathely, Belsikátor street 3. ½.

+36 20 281 6953

info@be-novative.com

Be-novative Inc.

54l Jefferson Avenue, Suite l00, Redwood City, CA 94063

+36 20 281 6953

info@be-novative.com

1.2. Where does the Privacy Policy take place?

The Privacy Policy applies to the Be-novative website, application and all other direct services. The Be-novative application is the online platform on which users are registered, including both the Community Platform (cloud.be-novative.com) and Closed Platforms.

1.3. Who collects the data, and what does it consist of?

A data administrator is the one who determines what data is collected, with which tools, and for what purposes.

Data can be any information you give to Be-novative while using its services. Personal data includes information which can directly or indirectly identify the owner-typically being name and email.

Learn more about this at https://www.eugdpr.org/glossary-of-terms.html.

1.4. What does this notice do for me?

Our primary goal is to make sure we offer protection for our visitors and users. We pay particular attention to making sure we guarantee the rights of the services we provide to everyone without discrimination of any kind. We want to make sure that we give you your right to privacy when handling personal data in any way.

The previously applicable Info. (Act CXII. of informational self-determination and freedom of information law in 2011) and the European General Data Protection Regulation (2016/679 The EU Regulation on the protection of natural persons with regard to the processing of personal data and such free flow of data, hereinafter referred to as "GDPR"), which came into force on May 25th, 2018, also necessitates adequate information for stakeholders.

1.5. What are the basic principles of data management?

Legality : The legal basis for handling data is explicit and well-founded

Fairness and Transparency : There is sufficient amount of information that can be easily understood and accessible regarding data management

Purpose limitation: Data management is exclusively for the purposes defined and communicated in advance

Saved data : Only the data required and relevant are requested during data processing

Accuracy : Managed data is up to date

Limited storage : Data management is only done for the duration of its purpose

Integrity and confidentiality : The technical and organizational measures used in data management provide a high level of security

Accountability : The Be-novative procedure is aligned with the national and international standards

1.6. What else should I read?

General terms and conditions of Be-novative

2. Data Types and Purposes
2.1. How do I find out what my data is used for?

Each time we collect data it is done with a predefined purpose. We ensure that the information requested is done in a transparent manner. When signing up in our application, we highlight what we will use the requested information for. After registration, you can find the details of what your data is being used for in your profile settings at any time.

If you have further questions, please contact us at info@be-novative.com.

2.2. Exactly what type of data do you ask me for and where?

It depends on which of our services you'd like to use. We make sure that we have your understanding and consent for every different case by providing you with the information you need, then asking for your agreement by ticking checkboxes which express that you have read, understood, and give us permission to handle your data.

The following table shows all the possible cases where we may ask for your data:

Your role

Where you enter your data

Data types

Purpose(s) of data use

How long your data will be stored

How to take back your consent

User of the application

Community Platform or Closed Platform

Name, email address, password, photo

(optional)

1.Enabling application use

2. To send you an email if you request to retrieve your password or account

2.We will send you email notifications about your app activity

As long as you have a live (not deleted) user account

You can revoke your consent at your account settings

User of the application and/or if interested in Be-novative news

You have subscribed to our newsletter from our website or during registration

Name, email address

We will send you our newsletter through email

As long as you are a subscriber

You will find the option to unsubscribe at the footer of every newsletter

Requesting for a time to chat with us

The 'Contact us' subpage of our website

Name, email address

We will send you an email to answer your question

Half a year

You can reply to our email and indicate that you want to be removed from our list

Requesting to download one of our innovation resources

Website within the blog subpage

Name, email address

We will send you the requested content upon your request

Half a year

You can reply to our email and indicate that you want to be removed from our list

You want your own closed platform so subscribe to the free trailer on our online sales page

'Create a team' registration page

Name, email address, password. Bank details (only after the free trial, after prior inquiry, based on your own will)

1. Operation of a platform

2.We will send you emails for the initial steps.

3. After the free trial period, if you want to continue using our service, we will send you invoices via Chargebee

As long as you have a live (not deleted) user account

You either deleted your account or your closed platform you can undo your profile settings.

In any case we wish to use your personal data for any other purpose than the original request, we will talk to you first.

3. Data management mode
3.1. What happens to my data when I register to the application?

In all cases, your data will be processed according to our principles.

Registration

When you sign up in Be-novative, you will have to indicate your country of residence-the application will automatically determine which server will geographically store your personal information. This happens because the personal data of EU citizens can not leave the European Union. It is important that the location you entered is correct, because there is no other way that we can double check the accuracy. If you accidentally provided a bad location, please let us know and we will fix it as soon as possible.

Servers and data storage are provided by Amazon Web Services. Our servers are located in the European Union and the United States. If your location is not from these two areas, you agree to store your data on a server nearest your location. Personal data is stored on a single server only, but able to be transferred anonymously to other servers. This means we protect the identity of our users and their personal data on other servers. For example, if you give your country as your residence, your personal information will be stored in a server located in the European Union. If your location is Ecuador, your personal information will go to our US server.

If you want to know more, check out the chart below or write to us at info@be-novative.com.

privacy_simplified_dataflow_diagram.png

System log

Your data is used primarily for identification purposes. Identification is needed, on the one hand, for the secure provision of the service, and on the other hand, for you to fully enjoy our services. Therefore, based on your data, our system stores a so-called system log of when you were last active in the Application.

IP address

To use our app it is necessary for us to record your IP address. The IP address that we automatically get will be accessed automatically when you log in, exit, and use our web pages and application. This data is not linked to personal data, except in cases that are legally binding. Only Be-novative has access to this data.

Data used for the app will only be used for the above purposes and will not be disclosed, nor to third parties in addition to AWS, and any business or economic gain. At the same time, it is very important to understand that because of the nature of the app, we use the names of the users displayed on the platform, but do not disclose any other personal information. If you do not want to show your name, you can let us know by contacting us.

3.2. What happens to my data in other cases?

Be-novative news

Our newsletter is sent to subscribers. The content contains mostly announcements of global innovation challenges, content in the innovation tech field, or other marketing invitations. Subscribers' personal information (name, email address) is stored in a database until they sign up for our newsletter. Personal information will not be transmitted or sold to third parties in any case and will not be published anywhere.

Contact us and blog sites

If you have a question about us or want to download content from our blog, then we will ask for your name and email address so that we can contact you with the resources or support your request. Your name and email address will be stored for about half a year, which means the operation of an online database that is only accessible to us. In any case, we will not forward or sell your personal data to third parties and it will not be published anywhere. Also, it's important to know that we do not automatically subscribe you to our newsletter. To unsubscribe you can email us that you do not want to receive more messages from us.

Online sales

In our application, you have the opportunity to create your own closed platform. This means that you do not only want to be a user of the Community or any of our existing Closed Platforms, but want to start one where you can invite your colleagues, friends and anyone else. The online contracted Closed Platform is free for 14 + 14 days until the expiration of the trial period, however, if you want to continue using our service you will have to pay a fee. To do so, we will ask you for your bank information for payment, which we do not store anywhere, but will be sent automatically to Chargebee (billing service provider). You expect receiving emails from Chargebee about the first steps you need to use the system and also your invoices. Whoever you invite to your Closed Platform, it will be your own responsibility.

4. Rights of the data subject
4.1. What are the rights to access my personal information?

Right of prior information

Before requesting data, we ensure to communicate accurate information to you on what the purpose of the data collection is and how it is processed, such as who can access it.

When registering on the Be-novative application or when requesting any information, we visibly display an outline that highlight what we will use personal information for.

Right of withdrawal of consent

You are entitled to withdraw your consent for us to manage your data at any time.

Within the Be-novative Application, you can revise your consent for different categories found in the account settings. If you do not wish to receive news from us, you can unsubscribe at any time by clicking the 'Unsubscribe' button at the bottom of the newsletter. If you do not want to receive any more emails from us, you can easily reply to us by email.

Right of access

Users have the right to know about the personal information of their given organization and information about the management of the organization, and to inquire about what information is kept by an organization at any time.

In the Be-novative app, you can export your personal information stored in your account settings.

Right to data portability

The data subject shall have the right to receive the personal data that the data controllers have, and if technically possible, able to request the data to be forwarded to another data controller.

Through these contacts you can send this request to Be-novative.

Right to rectification

The data subject may request to correct inaccurate information from data controller without undue delay.

Through these contacts you can send this request to Be-novative.

The right to restriction of processing

The user has the right to request that the data controller stops processing his/her data if:

- the user disputes the accuracy of the personal data

- the data handling is illegal and the user is opposed to the deletion of the data

- the data controller no longer needs personal data, but the user requires them to enforce legal claims

Through these contacts you can send this request to Be-novative.

Right to object

The user has the right to object to the processing of his or her personal data for any reason relating to personal reasons if they are processed in the interest of the data controller or his public authority.

Through these contacts you can send this request to Be-novative.

Right to erasure

The user has the right to request that data controller without delays, delete personal data if:

  • personal data is no longer needed for the purpose from which they were

collected

  • the user withdraws the consent of the data controller and does not have any other legal grounds for data processing
  • the user objects to the processing of his/her data because there was no prior legitimate reason for data handling
  • the personal data was unlawfully processed

There are several ways to delete your personal information from our system. If you are a user on any platform, you can withdraw your consent to manage your personal information, which also means that you delete your account. Also, you can delete your personal information and account through your account settings. After deleting your account, for technical and security reasons, you can no longer register with the deleted email address. Deletion means hard delete.

If you receive an email from us through either the newsletter or any of the other ways detailed above and unsubscribe or do not request for more emails, your name and email address will be deleted immediately from our database. (hard delete)

Right to be forgotten

If the data controller has disclosed personal data and is obliged to delete it for some reason, he takes technical measures to take into account the available technology and the costs of implementation to inform other data controllers that the person concerned has made such a request. The other data controller is typically a search engine operator who has access to handle the personal data if requested.

Be-novative does not disclose any personal data or practices related to the app or other processes affecting it. Because of the nature of the application, you can see the name and profile picture of the users, but they are not published in any other form. Only user activity (copy, screen photo, etc.) may display the name and/or profiles of other users for which Be-novative is not responsible. However, if requested, we will take needed steps to ensure that a third party data handler can delete your personal information from its location. The expected steps are the three consecutive written inquiries, the documentation of the case, and the third data handler's call for data, image, or any other document from the Be-novative app.

4.2. Where can I enforce my rights?

Be-novative seeks to maximize your rights and prioritize any questions or requests about our data management practices.

Data protection issues are dealt by the Hungarian National Data Protection and Information Freedom Authority, based on paragraph 22 of the GDPR definition.

5. Data transfer
5.1. To whom are my personal information transmitted?

Amazon Web Services Inc.

headquarters:

1200 12th Avenue South Suite 1200

Seattle, WA 98144, United States

Be-novative is a cloud-based software, which means that the company does not maintain its own physical servers, but operated and maintained by third parties, in our case, AWS Inc. The personal information of users is stored on European and US servers.

During our preparation for GDPR, we ensured that AWS Inc. has met at least the European level of protection for personal data in accordance with the Regulation and has prepared all its products accordingly. You can read more about AWS's relevant service and the GDPR guarantee with the links below:

https://aws.amazon.com/blogs/security/all-aws-services-gdpr-ready/

https://aws.a.com/compliance/data-center/controls/

https://aws.amazon.com/compliance/shared-responsibility-model/

Chargebee Inc.

headquarters:

340 S Lemon Ave # 1537

Walnut, CA, 91789, USA

If you have an online contract with us on our website to operate a Closed Platform, we will ask you for your bank card information for payment. However, we do not store the bankcard data, but send it through an API immediately to the Chargebee system, so that they can send invoices for you on a monthly basis.

During our preparation for GDPR, we secured that Chargebee has provided personal data at least at the European level in accordance with the Regulation and has prepared all its products accordingly. You can read more about Chargebee's relevant service and the GDPR guarantee by clicking the links below:

https://www.chargebee.com/security/gdpr/

Hubspot Inc.

headquarters:

25 First Street, 2nd Floor, Cambridge, MA 02141 USA

Hubspot stores the names and email addresses of subscribers who are signing up to the newsletter as well as any other person seeking us. The Hubspot helps us generate our websites.

During our preparation for GDPR, we secured that Hubspot has provided personal data at least at the European level in accordance with the Regulation and has prepared all its products accordingly. You can read more about Hubspot's relevant service and the GDPR guarantee by clicking the links below:

https://www.hubspot.com/data-privacy/gdpr/product-readiness

5.2. Will you also send my data within the business group?

Be-novative Zrt. Is the sole owner of Be-novative Inc., a subsidiary of USA, so all data management practices and warranties apply to Inc. and must comply with. No personal data is transmitted between the two parties.

6. Cookies
6.1. Do you use cookies on your website or app?

Website

During visits to our website, we send one or more cookies (a small file containing a string of characters) to the visitor's computer, which will allow its browser to be uniquely identified. These cookies are provided by Google through Be-novative and Google Analytics. Google Analytics generates cookies through Google Adwords. These cookies will only be sent to the visitor's computer by visiting certain subpages-only the actual time to visit that subpage will be stored.

The use of cookies that are sent here is as follows. Cookies generated by Be-novative are used to store certain setting information for current use. Google uses these cookies for statistical purposes when a user has previously visited the advertiser's websites.

The cookies used are:

● Analytics, tracking cookie (Google)

● Site tracking (Google)

● Login, user ID session cookie, other settings (Be-novative)

6.2. How do I set up cookies?

The "Help" feature in most of the browser's menu bar provides you with instructions:

● how to disable cookies,

● how to accept new cookies,

● how to instruct your browser to set a new cookie or

● how to turn off other cookies.

7. Children
7.1. Are there any provisions related to age restrictions?

The use of the app is only allowed to persons who are 16 years of age. By registering with the application you acknowledge that you have reached the age of 16, but we are not obliged to confirm this by requesting any official document.

However, in order to protect the rights of children, if Be-novative becomes aware that a user fails to comply with the above requirement, he/she shall be entitled to immediately delete the user's rights and accounts and the content he/she shares. Users who have reached the age of 16, but not 18 years of age, may only use the application with parental or guardian consent. By giving the consent, the parent or guardian fully accepts the provisions. In addition, the parent or guardian expressly acknowledges that he or she is solely responsible for the use and content of the user aged 16 to 18 whether or not he or she has prior knowledge of the use.

8. Security management and measures
8.1. What privacy policies are in force in the operation of Be-novative?

In order to ensure that personal data is processed in accordance with the rights, Be-novative has ensured the following measures:

  • Creation of data register, in standard with the regulations
  • More detailed internal data protection and data management rules, with a clear definition about accessibility
  • Perform a Data Privacy Impact Assessment and Define Data Metrics
  • Based on a data protection impact assessment, elaborate a process to define the steps to be taken whenever security or data protection incident occur
  • Creating rules on practices and tools for the safe deletion of unnecessary data
8.2. What steps are being taken to ensure security?

Encryption

All data is transmitted via a https (TLS cryptographic protocol) channel between the user's browser and the cloud service.

Encrypting end-of-life databases is encrypted using security keys ('Industry standard AES-256 encryption algorithm').

Physical protection

Be-novative does not maintain its own physical servers run by third parties. The app server is currently run by Amazon AWS. You can read more about Amazon's servers here:

https://aws.a.com/compliance/data-center/controls/

https://aws.amazon.com/compliance/shared-responsibility-model/

Assets management

Be-novative maintains a management policy that includes identifying, classifying, preserving and disposing of information and assets. Assets released by Be-novative sare equipped with full HDD encryption and up-to-date anti-virus software.

Vulnerability test

We apply internal tests regularly for the app, and the results are used to correct any errors.

Access control

Access to the technology resources of Be-novative is only possible through Secure Connection (SSH) and requires multi-factor authentication. Our requirements are that passwords must be complex with a certain number of characters. Be-novative reviews entitlements quarterly, and immediately deletes employees' access to systems. Once the employment terminates.

Security incidents

Be-novative maintains a policy and procedure for information security and privacy incidents that include initial response, investigation, notification and/or public disclosure. These guidelines are regularly reviewed and tested annually.

In the event of information security and/or privacy incidents, we will immediately notify the affected users with appropriate security measures and without delay and, if possible, 72 hours after the privacy incident has come to our attention, to the competent authority. Our procedure is in line with our GDPR obligations and industry standards. We are committed to constantly informing you about issues that are relevant to the security of your account and provide you with all the information you need.

9. Changes to the Privacy Policy

The Privacy Policy may be amended unilaterally by Be-novative but will notify the users. Any modification is valid only if it complies with applicable legislation.

HUNGARIAN VERSION