The service provider of Zurvey.io, Neticle Labs Llc. (seat: 1213 Budapest, Vető utca 10.; Company registration number: Cg.: 01-09-300520) as data controller (‘Service Provider' or ’Data Controller’) respects the personal rights of the data subjects (’Data subject’ or ‘User’), especially the data protection rights determined by the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (’GDPR’) and the Data Protection Act 112 of 2011. Data controller undertakes to apply these laws and expresses to be bound by these provisions.
Personal data shall be:
Neticle Labs LLC
Registered seat: 10 Vető street Budapest Hungary H-1213
Registration number: 01-09-300520
Email: [email protected]
Data Controller will use the personal data of the Data Subjects given on the registration form or otherwise exclusively for the following purposes:
a) Provide access to the services of Zurvey.io (‘Services’);
b) Customer services related services, relationship management;
c) Sending newsletters about the new releases and educational contents, including Onboarding Support, Renewal Support, Technical Support, Commercial Support (Billing, Invoicing, Upgrade / Downgrade, Quota extension, Feature extension / downgrade, training). Users can unsubscribe from newsletters anytime. Neticle may use a ticketing system in order to track and manage support requests;
d) collecting demo requests.
The Data Controller process the personal data of the Data subject on the basis of the consent of the Data subject (GDPR Article 6 (1) a)).
The scope of personal data processed:
(i) surname and first name
(ii) email address
(iii) IP address
(iv) telephone number
(v) business scope / industry
(vii) billing address
(viii) credit/debit card data
Data Controller receives the personal data directly from the Data subject.
When visiting the Data Controller’s website, the Data subject’s browser may store a cookie. Some of the cookies used by us are indispensable for the proper operation of the site, while others collect information related to its use, allowing to upgrade the site to offer more convenient services. Temporary or “session cookies” are erased when the browser is closed while “permanent cookies” stay in your browser for a longer time.
"Session cookies" facilitate browsing our site and using its functions. Among others, they store the actions taken on the site related to a function or service. Without the use of "session cookies" the site’s operation cannot be guaranteed. Their term of authorization is limited to the duration of the visit; "session cookies" expire whenever the Data subject ends the session or closes the browser.
Performance cookies gather information about how the Data subject uses the website in order to be able to improve the website, its functions and services to suit the needs of the visitors to offer them high quality, user-friendly experience.
Advertising cookies are used to select advertisements that the visitors are interested in and enable the data controller to display such advertisements on the websites of third parties to them. They also help measure the performance of the Service Provider’s campaigns based on the information gathered with them.
The website uses the following cookies:
|__cfduid||The cookie is set by CloudFare. The cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.||1 month|
|_ga||This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.||2 years|
|_gid||This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.||1 day|
|_gat_gtag***||Google uses this cookie to distinguish users.||1 minute|
|test_cookie||This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the users' browser supports cookies.||15 minutes|
|__hstc||This cookie is set by Hubspot and is used for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).||1 year|
|hubspotutk||This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.||1 year|
|__hssrc||This cookie is set by Hubspot. According to their documentation, whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.|
|__hssc||This cookie is set by HubSpot. The purpose of the cookie is to keep track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.||30 minutes|
|JSESSIONID||Preserves users states across page requests.||session|
|messagesUtk||Stores a unique ID string for each chat-box session. This allows the website-support to see previous issues and reconnect with the previous supporter.||1 year|
|collect||Used to send data to Google Analytics about the visitor's device and behaviour. Tracks the visitor across devices and marketing channels.||session|
|__hmpl||Collects information on user preferences and/or interaction with web-campaign content - This is used on CRM-campaign -platform used by website owners for promoting events or products.||persistent|
|ptq.gif||Sends data to the marketing platform Hubspot to the visitor's device and behaviour. Tracks the visitor across devices and marketing channels.||session|
|embed/v3/counters.gif||Collects information on user preferences and/or interaction with web-campaign content - This is used on CRM campaign -platform used by website owners for promoting events or products.||session|
|HUBLYTICS_EVENTS_53||Collects data on visitor behaviour from multiple websites, in order to present more relevant advertisement- This is also allows the website to limit the number of times that the visitor is shown the same advertisement.||persistent|
|i18n-cached-public-locale||Used by Google DoubleClick to register and report the website user's actions after view in Google or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.||1 year|
|pagead/1p-user-list/#||Google.com advertisement support||session|
|r/collect||This cookie is used to send data to Google Analytics about the visitor's device and behaviour. It tracks the visitor across devices and marketing channels.||session|
|mailerlite:webform:shown:1324576||Used to remember if somebody is already on the mailing list of Zurvey.io.||persistent|
The Service Provider uses the following platform related cookies in order to improve the Services:
|zurvey_session||Work session for the user, used for logins to the platform.|
|remember_web_****||A cookie used for the remember me function during logins.|
|survey_***||We track if a respondent has already started to fill in a survey or not|
|finished_***||We track if a respondent has finished a survey or not|
|isMenuCollapsed||We track if a user is using the platform’s left menu open or closed.|
Users can use their browser settings to manage how they receive, store, process or block cookies.
These links show you how Users can do it in the popular web browsers:
Users shall consider that blocking cookies completely might make the website or platform unusable.
Facebook Pixel Policy
Google Tag Policy
Zurvey.io portal will use Google Tags to retarget Users with ads, legal details can be found:
If the User doesn’t want Google to follow their clicks: https://support.google.com/accounts/answer/32050
Data controller will use and store the personal data until the purpose is satisfied. In certain, special cases, the Data Controller may control the personal data after the purpose has been satisfied.
Data controller uses the services as data processing, of the following companies:
Data controller may transfer the personal data of the Data subject to the competent authorities based on inquiries in accordance with the relevant statutes.
1. Transparent information, communication
The controller shall take appropriate measures to provide any information and any communication relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.
2. Information and access to personal data
The Data controller shall, at the time when personal data are obtained, provide the data subject with all of the following information:
3. Right of access by the data subject
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data.
4. Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
5. Right to erasure, right to be forgotten
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
6. Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
7. Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
8. Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
9. Automated individual decision-making, including profiling
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
Union or Member State law to which the data controller or processor is subject may restrict by way of a legislative measure the scope of the obligations and rights provided for in Articles 12 to 22 and Article 34, as well as Article 5 in so far as its provisions correspond to the rights and obligations provided for in Articles 12 to 22, when such a restriction respects the essence of the fundamental rights and freedoms and is a necessary and proportionate measure in a democratic society to safeguard:
a) national security;
c) public security;
d) the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security;
e) other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, including monetary, budgetary and taxation a matters, public health and social security;
f) the protection of judicial independence and judicial proceedings;
g) the prevention, investigation, detection and prosecution of breaches of ethics for regulated professions;
h) a monitoring, inspection or regulatory function connected, even occasionally, to the exercise of official authority in the cases referred to in points (a) to (e) and (g);
i) the protection of the data subject or the rights and freedoms of others;
j) the enforcement of civil law claims.
In the case of a personal data breach, the Data controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the Authority of the National Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság – NAIH) (1125 Budapest, Szilágyi Erzsébet fasor 22/c.; tel: +36-1-391-1400; e-mail: [email protected]; website: www.naih.hu, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.
When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Data controller shall communicate the personal data breach to the data subject without undue delay.
In the event of the breach of the data protection rights the Participant may bring the matter before a court.
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
16 July 2020
Neticle Labs Llc.
No. 14 41 Leonardo da Vinci street 2nd floor
Budapest Hungary H-1082
10 Vető street Budapest Hungary H-1213