Be-novative Zrt.
Privacy Policy
Effective on May 25th, 2018.
1. Overview
1.1. Who processes my data?
Be-novative Zrt. and its subsidiary, Be-novative Inc., processes data collected through its website and its application.
Be-novative Zrt.
9700 Szombathely, Belsikátor street 3. ½.
+36 20 281 6953
info@be-novative.com
Be-novative Inc.
54l Jefferson Avenue, Suite l00, Redwood City, CA 94063
+36 20 281 6953
info@be-novative.com
1.2. Where does the Privacy Policy take place?
The Privacy Policy applies to the Be-novative website, application and all other direct services. The Be-novative application is the online platform on which users are registered, including both the Community Platform (cloud.be-novative.com) and Closed Platforms.
1.3. Who collects the data, and what does it consist of?
A data administrator is the one who determines what data is collected, with which tools, and for what purposes.
Data can be any information you give to Be-novative while using its services. Personal data includes information which can directly or indirectly identify the owner-typically being name and email.
Learn more about this at https://www.eugdpr.org/glossary-of-terms.html.
1.4. What does this notice do for me?
Our primary goal is to make sure we offer protection for our visitors and users. We pay particular attention to making sure we guarantee the rights of the services we provide to everyone without discrimination of any kind. We want to make sure that we give you your right to privacy when handling personal data in any way.
The previously applicable Info. (Act CXII. of informational self-determination and freedom of information law in 2011) and the European General Data Protection Regulation (2016/679 The EU Regulation on the protection of natural persons with regard to the processing of personal data and such free flow of data, hereinafter referred to as "GDPR"), which came into force on May 25th, 2018, also necessitates adequate information for stakeholders.
1.5. What are the basic principles of data management?
Legality : The legal basis for handling data is explicit and well-founded
Fairness and Transparency : There is sufficient amount of information that can be easily understood and accessible regarding data management
Purpose limitation: Data management is exclusively for the purposes defined and communicated in advance
Saved data : Only the data required and relevant are requested during data processing
Accuracy : Managed data is up to date
Limited storage : Data management is only done for the duration of its purpose
Integrity and confidentiality : The technical and organizational measures used in data management provide a high level of security
Accountability : The Be-novative procedure is aligned with the national and international standards
1.6. What else should I read?
General terms and conditions of Be-novative
2. Data Types and Purposes
2.1. How do I find out what my data is used for?
Each time we collect data it is done with a predefined purpose. We ensure that the information requested is done in a transparent manner. When signing up in our application, we highlight what we will use the requested information for. After registration, you can find the details of what your data is being used for in your profile settings at any time.
If you have further questions, please contact us at info@be-novative.com.
2.2. Exactly what type of data do you ask me for and where?
It depends on which of our services you'd like to use. We make sure that we have your understanding and consent for every different case by providing you with the information you need, then asking for your agreement by ticking checkboxes which express that you have read, understood, and give us permission to handle your data.
The following table shows all the possible cases where we may ask for your data:
Your role
Where you enter your data
Data types
Purpose(s) of data use
How long your data will be stored
How to take back your consent
User of the application
Community Platform or Closed Platform
Name, email address, password, photo
(optional)
1.Enabling application use
2. To send you an email if you request to retrieve your password or account
2.We will send you email notifications about your app activity
As long as you have a live (not deleted) user account
You can revoke your consent at your account settings
User of the application and/or if interested in Be-novative news
You have subscribed to our newsletter from our website or during registration
Name, email address
We will send you our newsletter through email
As long as you are a subscriber
You will find the option to unsubscribe at the footer of every newsletter
Requesting for a time to chat with us
The 'Contact us' subpage of our website
Name, email address
We will send you an email to answer your question
Half a year
You can reply to our email and indicate that you want to be removed from our list
Requesting to download one of our innovation resources
Website within the blog subpage
Name, email address
We will send you the requested content upon your request
Half a year
You can reply to our email and indicate that you want to be removed from our list
You want your own closed platform so subscribe to the free trailer on our online sales page
'Create a team' registration page
Name, email address, password. Bank details (only after the free trial, after prior inquiry, based on your own will)
1. Operation of a platform
2.We will send you emails for the initial steps.
3. After the free trial period, if you want to continue using our service, we will send you invoices via Chargebee
As long as you have a live (not deleted) user account
You either deleted your account or your closed platform you can undo your profile settings.
In any case we wish to use your personal data for any other purpose than the original request, we will talk to you first.
3. Data management mode
3.1. What happens to my data when I register to the application?
In all cases, your data will be processed according to our principles.
Registration
When you sign up in Be-novative, you will have to indicate your country of residence-the application will automatically determine which server will geographically store your personal information. This happens because the personal data of EU citizens can not leave the European Union. It is important that the location you entered is correct, because there is no other way that we can double check the accuracy. If you accidentally provided a bad location, please let us know and we will fix it as soon as possible.
Servers and data storage are provided by Amazon Web Services. Our servers are located in the European Union and the United States. If your location is not from these two areas, you agree to store your data on a server nearest your location. Personal data is stored on a single server only, but able to be transferred anonymously to other servers. This means we protect the identity of our users and their personal data on other servers. For example, if you give your country as your residence, your personal information will be stored in a server located in the European Union. If your location is Ecuador, your personal information will go to our US server.
If you wish to know more, check out the chart below or write to us at info@be-novative.com.
System log
Your data is used primarily for identification purposes. Identification is needed, on the one hand, for the secure provision of the service, and on the other hand, for you to fully enjoy our services. Therefore, based on your data, our system stores a so-called system log of when you were last active in the Application.
IP address
To use our app it is necessary for us to record your IP address. The IP address that we automatically get will be accessed automatically when you log in, exit, and use our web pages and application. This data is not linked to personal data, except in cases that are legally binding. Only Be-novative has access to this data.
Data used for the app will only be used for the above purposes and will not be disclosed, nor to third parties in addition to AWS, and any business or economic gain. At the same time, it is very important to understand that because of the nature of the app, we use the names of the users displayed on the platform, but do not disclose any other personal information. If you do not want to show your name, you can let us know by contacting us.
3.2. What happens to my data in other cases?
Be-novative news
Our newsletter is sent to subscribers. The content contains mostly announcements of global innovation challenges, content in the innovation tech field, or other marketing invitations. Subscribers' personal information (name, email address) is stored in a database until they sign up for our newsletter. Personal information will not be transmitted or sold to third parties in any case and will not be published anywhere.
Contact us and blog sites
If you have a question about us or want to download content from our blog, then we will ask for your name and email address so that we can contact you with the resources or support your request. Your name and email address will be stored for about half a year, which means the operation of an online database that is only accessible to us. In any case, we will not forward or sell your personal data to third parties and it will not be published anywhere. Also, it's important to know that we do not automatically subscribe you to our newsletter. To unsubscribe you can email us that you do not want to receive more messages from us.
Online sales
In our application, you have the opportunity to create your own closed platform. This means that you do not only want to be a user of the Community or any of our existing Closed Platforms, but want to start one where you can invite your colleagues, friends and anyone else. The online contracted Closed Platform is free for 14 + 14 days until the expiration of the trial period, however, if you want to continue using our service you will have to pay a fee. To do so, we will ask you for your bank information for payment, which we do not store anywhere, but will be sent automatically to Chargebee (billing service provider). You expect receiving emails from Chargebee about the first steps you need to use the system and also your invoices. Whoever you invite to your Closed Platform, it will be your own responsibility.
4. Rights of the data subject
4.1. What are the rights to access my personal information?
Right of prior information
Before requesting data, we ensure to communicate accurate information to you on what the purpose of the data collection is and how it is processed, such as who can access it.
When registering on the Be-novative application or when requesting any information, we visibly display an outline that highlight what we will use personal information for.
Right of withdrawal of consent
You are entitled to withdraw your consent for us to manage your data at any time.
Within the Be-novative Application, you can revise your consent for different categories found in the account settings. If you do not wish to receive news from us, you can unsubscribe at any time by clicking the 'Unsubscribe' button at the bottom of the newsletter. If you do not want to receive any more emails from us, you can easily reply to us by email.
Right of access
Users have the right to know about the personal information of their given organization and information about the management of the organization, and to inquire about what information is kept by an organization at any time.
In the Be-novative app, you can export your personal information stored in your account settings.
Right to data portability
The data subject shall have the right to receive the personal data that the data controllers have, and if technically possible, able to request the data to be forwarded to another data controller.
Through these contacts you can send this request to Be-novative.
Right to rectification
The data subject may request to correct inaccurate information from data controller without undue delay.
Through these contacts you can send this request to Be-novative.
The right to restriction of processing
The user has the right to request that the data controller stops processing his/her data if:
- the user disputes the accuracy of the personal data
- the data handling is illegal and the user is opposed to the deletion of the data
- the data controller no longer needs personal data, but the user requires them to enforce legal claims
Through these contacts you can send this request to Be-novative.
Right to object
The user has the right to object to the processing of his or her personal data for any reason relating to personal reasons if they are processed in the interest of the data controller or his public authority.
Through these contacts you can send this request to Be-novative.
Right to erasure
The user has the right to request that data controller without delays, delete personal data if:
- personal data is no longer needed for the purpose from which they were
collected
- the user withdraws the consent of the data controller and does not have any other legal grounds for data processing
- the user objects to the processing of his/her data because there was no prior legitimate reason for data handling
- the personal data was unlawfully processed
There are several ways to delete your personal information from our system. If you are a user on any platform, you can withdraw your consent to manage your personal information, which also means that you delete your account. Also, you can delete your personal information and account through your account settings. After deleting your account, for technical and security reasons, you can no longer register with the deleted email address. Deletion means hard delete.
If you receive an email from us through either the newsletter or any of the other ways detailed above and unsubscribe or do not request for more emails, your name and email address will be deleted immediately from our database. (hard delete)
Right to be forgotten
If the data controller has disclosed personal data and is obliged to delete it for some reason, he takes technical measures to take into account the available technology and the costs of implementation to inform other data controllers that the person concerned has made such a request. The other data controller is typically a search engine operator who has access to handle the personal data if requested.
Be-novative does not disclose any personal data or practices related to the app or other processes affecting it. Because of the nature of the application, you can see the name and profile picture of the users, but they are not published in any other form. Only user activity (copy, screen photo, etc.) may display the name and/or profiles of other users for which Be-novative is not responsible. However, if requested, we will take needed steps to ensure that a third party data handler can delete your personal information from its location. The expected steps are the three consecutive written inquiries, the documentation of the case, and the third data handler's call for data, image, or any other document from the Be-novative app.
4.2. Where can I enforce my rights?
Be-novative seeks to maximize your rights and prioritize any questions or requests about our data management practices.
Data protection issues are dealt by the Hungarian National Data Protection and Information Freedom Authority, based on paragraph 22 of the GDPR definition.
5. Data transfer
5.1. To whom are my personal information transmitted?
Amazon Web Services Inc.
headquarters:
1200 12th Avenue South Suite 1200
Seattle, WA 98144, United States
Be-novative is a cloud-based software, which means that the company does not maintain its own physical servers, but operated and maintained by third parties, in our case, AWS Inc. The personal information of users is stored on European and US servers.
During our preparation for GDPR, we ensured that AWS Inc. has met at least the European level of protection for personal data in accordance with the Regulation and has prepared all its products accordingly. You can read more about AWS's relevant service and the GDPR guarantee with the links below:
https://aws.amazon.com/blogs/security/all-aws-services-gdpr-ready/
https://aws.a.com/compliance/data-center/controls/
https://aws.amazon.com/compliance/shared-responsibility-model/
Chargebee Inc.
headquarters:
340 S Lemon Ave # 1537
Walnut, CA, 91789, USA
If you have an online contract with us on our website to operate a Closed Platform, we will ask you for your bank card information for payment. However, we do not store the bankcard data, but send it through an API immediately to the Chargebee system, so that they can send invoices for you on a monthly basis.
During our preparation for GDPR, we secured that Chargebee has provided personal data at least at the European level in accordance with the Regulation and has prepared all its products accordingly. You can read more about Chargebee's relevant service and the GDPR guarantee by clicking the links below:
https://www.chargebee.com/security/gdpr/
Hubspot Inc.
headquarters:
25 First Street, 2nd Floor, Cambridge, MA 02141 USA
Hubspot stores the names and email addresses of subscribers who are signing up to the newsletter as well as any other person seeking us. The Hubspot helps us generate our websites.
During our preparation for GDPR, we secured that Hubspot has provided personal data at least at the European level in accordance with the Regulation and has prepared all its products accordingly. You can read more about Hubspot's relevant service and the GDPR guarantee by clicking the links below:
https://www.hubspot.com/data-privacy/gdpr/product-readiness
5.2. Will you also send my data within the business group?
Be-novative Zrt. Is the sole owner of Be-novative Inc., a subsidiary of USA, so all data management practices and warranties apply to Inc. and must comply with. No personal data is transmitted between the two parties.
6. Cookies
6.1. Do you use cookies on your website or app?
Website
During visits to our website, we send one or more cookies (a small file containing a string of characters) to the visitor's computer, which will allow its browser to be uniquely identified. These cookies are provided by Google through Be-novative and Google Analytics. Google Analytics generates cookies through Google Adwords. These cookies will only be sent to the visitor's computer by visiting certain subpages-only the actual time to visit that subpage will be stored.
The use of cookies that are sent here is as follows. Cookies generated by Be-novative are used to store certain setting information for current use. Google uses these cookies for statistical purposes when a user has previously visited the advertiser's websites.
The cookies used are:
● Analytics, tracking cookie (Google)
● Site tracking (Google)
● Login, user ID session cookie, other settings (Be-novative)
6.2. How do I set up cookies?
The "Help" feature in most of the browser's menu bar provides you with instructions:
● how to disable cookies,
● how to accept new cookies,
● how to instruct your browser to set a new cookie or
● how to turn off other cookies.
7. Children
7.1. Are there any provisions related to age restrictions?
The use of the app is only allowed to persons who are 16 years of age. By registering with the application you acknowledge that you have reached the age of 16, but we are not obliged to confirm this by requesting any official document.
However, in order to protect the rights of children, if Be-novative becomes aware that a user fails to comply with the above requirement, he/she shall be entitled to immediately delete the user's rights and accounts and the content he/she shares. Users who have reached the age of 16, but not 18 years of age, may only use the application with parental or guardian consent. By giving the consent, the parent or guardian fully accepts the provisions. In addition, the parent or guardian expressly acknowledges that he or she is solely responsible for the use and content of the user aged 16 to 18 whether or not he or she has prior knowledge of the use.
8. Security management and measures
8.1. What privacy policies are in force in the operation of Be-novative?
In order to ensure that personal data is processed in accordance with the rights, Be-novative has ensured the following measures:
- Creation of data register, in standard with the regulations
- More detailed internal data protection and data management rules, with a clear definition about accessibility
- Perform a Data Privacy Impact Assessment and Define Data Metrics
- Based on a data protection impact assessment, elaborate a process to define the steps to be taken whenever security or data protection incident occur
- Creating rules on practices and tools for the safe deletion of unnecessary data
8.2. What steps are being taken to ensure security?
Encryption
All data is transmitted via a https (TLS cryptographic protocol) channel between the user's browser and the cloud service.
Encrypting end-of-life databases is encrypted using security keys ('Industry standard AES-256 encryption algorithm').
Physical protection
Be-novative does not maintain its own physical servers run by third parties. The app server is currently run by Amazon AWS. You can read more about Amazon's servers here:
https://aws.a.com/compliance/data-center/controls/
https://aws.amazon.com/compliance/shared-responsibility-model/
Assets management
Be-novative maintains a management policy that includes identifying, classifying, preserving and disposing of information and assets. Assets released by Be-novative sare equipped with full HDD encryption and up-to-date anti-virus software.
Vulnerability test
We apply internal tests regularly for the app, and the results are used to correct any errors.
Access control
Access to the technology resources of Be-novative is only possible through Secure Connection (SSH) and requires multi-factor authentication. Our requirements are that passwords must be complex with a certain number of characters. Be-novative reviews entitlements quarterly, and immediately deletes employees' access to systems. Once the employment terminates.
Security incidents
Be-novative maintains a policy and procedure for information security and privacy incidents that include initial response, investigation, notification and/or public disclosure. These guidelines are regularly reviewed and tested annually.
In the event of information security and/or privacy incidents, we will immediately notify the affected users with appropriate security measures and without delay and, if possible, 72 hours after the privacy incident has come to our attention, to the competent authority. Our procedure is in line with our GDPR obligations and industry standards. We are committed to constantly informing you about issues that are relevant to the security of your account and provide you with all the information you need.
9. Changes to the Privacy Policy
The Privacy Policy may be amended unilaterally by Be-novative but will notify the users. Any modification is valid only if it complies with applicable legislation.