Privacy Policy

Octagent ensures the confidentiality of personal data acquired by its employees through a non-disclosure agreement.

Adatkezelő: Data Controller: Ádám Suller - Sole Proprietor
Adószám: 69503393-1-35
Székhely: 4465 Rakamaz, Hunyadi út 5.
Elérhetőségek: Email: support@octagent.com, Tel: +36 70 453 8145

According to Article 37 of the GDPR, we are not obliged to appoint a data protection officer. For inquiries regarding data protection, please contact us at our central contact points.

We record the contact and billing data you provide in the following programs (working with the following data processors):

Billingo Technologies Zrt
Székhely: 1133 Budapest, Árbóc utca 6. I. emelet
Cégjegyzékszám: 01-10-140802
Adószám: 27926309-2-41
Weboldal: https://www.billingo.hu

The data subject has the right to request the correction of inaccurate personal data without undue delay. Considering the purposes of the processing, the data subject has the right to complete incomplete personal data, including by means of a supplementary statement. (Regulation Article 16)

The data subject has the right to obtain confirmation from the data controller as to whether or not personal data concerning them are being processed, and if so, access to the personal data and related information under the Regulation.

The data subject is entitled to receive information about the facts and details of data processing before such processing begins.

The data controller shall inform the data subject of measures taken based on requests from Articles 15-22 without undue delay and within one month of receiving the request. This period may be extended by an additional two months if necessary, taking into account the complexity and number of requests. The data controller shall inform the data subject of such an extension within one month of receiving the request, along with the reasons for the delay. If the data subject requests the information electronically, it should be provided electronically, unless otherwise requested by the data subject.

Right to Erasure („Right to be Forgotten”)

The data subject has the right to request the erasure of personal data concerning them without undue delay, and the data controller is obliged to erase the personal data without undue delay if one of the specified reasons applies.

The data subject has the right to request the restriction of processing from the data controller if one of the reasons specified in the regulation applies.

The data controller shall communicate the correction, deletion, or restriction of personal data in accordance with Regulation Articles 16, 17(1), and 18 to every recipient to whom the personal data have been disclosed unless this proves impossible or involves disproportionate effort. The data controller shall inform the data subject about these recipients if requested.

Subject to the conditions specified in the regulation, the data subject has the right to receive their personal data in a structured, commonly used, and machine-readable format, which they have provided to the data controller. The data subject also has the right to transmit this data to another data controller without hindrance from the initial data controller. (Regulation Article 20)

The data subject has the right to request the restriction of processing from the data controller if one of the reasons specified in the regulation applies.

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

Union or Member State law applicable to the data controller or processor may restrict the scope of obligations and rights provided in Articles 12-22, 34, and 5 by means of legislative measures, provided that such provisions respect the essence of fundamental rights and freedoms, are a necessary and proportionate measure in a democratic society.

If a personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the data controller shall promptly notify the data subject of the personal data breach.

Data Breach Reporting can be done online using the following platform:

If the data protection incident is likely to result in a high risk to the rights and freedoms of natural persons, the data controller shall inform the data subject of the data protection incident without undue delay.

The information provided to the data subject must clearly and understandably specify: the nature of the data protection incident; the name and contact details of the data protection officer/contact person must be disclosed; the likely consequences of the incident; the measures taken to remedy the incident.

The data subject does not need to be informed if any of the following conditions are met:

a) the data controller has implemented appropriate technical and organizational protective measures, and these measures have been applied to the data affected by the data protection incident, especially measures such as the application of encryption, which render the data unintelligible to unauthorized persons accessing personal data;

b) the data controller has taken further measures after the data protection incident to ensure that the high risk to the rights and freedoms of the data subject is unlikely to materialize in the future;

c) providing information would require disproportionate effort. In such cases, the data subjects must be informed through publicly available information or similar measures that ensure their equally effective notification.

The data subject has the right to lodge a complaint with a supervisory authority – in particular, in the Member State where they have their habitual residence, place of work, or the place of the alleged infringement – if the data subject considers that the processing of personal data relating to them infringes the regulation.

Every natural or legal person has the right to an effective judicial remedy against a legally binding decision of a supervisory authority, or if the supervisory authority does not deal with the complaint, or fails to inform the data subject within three months about the progress or outcome of the complaint. The data subject may seek judicial remedy by filing a complaint with the National Authority for Data Protection and Freedom of Information (Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/c Mailing address: 1530 Budapest, Pf.: 5. Phone: +36 (1) 391-1400)

Every data subject has the right to an effective judicial remedy if they believe that the processing of their personal data does not comply with this regulation and has resulted in a violation of their rights under this regulation.

If you wish to exercise any of the above rights, please notify us by email at "support@octagent.com".

1. Data Processing for Tax and Accounting Obligations

Based on the legal grounds of fulfilling legal obligations (GDPR Article 6(1)(c)), the Company may process the personal data of natural persons in a business relationship with the Company, whether as customers or suppliers, for the purpose of fulfilling statutory tax and accounting obligations. The processed data includes, among others, the name and address of the person or organization ordering the transaction, the signature of the person confirming the execution of the transaction, the signature of the auditor depending on the organization, the signature of the recipient on documents related to inventory movements and financial transactions, and the signature of the payer on invoices. Additionally, it may include the tax number, the personal identification number from the small business certificate, and the tax identification number.

The retention period for personal data is eight (8) years from the termination of the legal relationship that gave rise to the data processing.

Recipients of personal data: Financial employees of the data controller and the data controller's accountant

Billingo.hu – Invoicing program
Gmail email account – communication related to invoicing with customers

This department's employees are responsible for ensuring the technical operation and development of Octagent.

The staff investigates software errors (bugs) related to Octagent's operation and fixes them (bug fixing). During such activities, developers may have access to the personal data of clients using the services.

Employees in this department are responsible for operating and maintaining the servers and technical infrastructure of octagent.com. This work requires quick problem-solving, and during these activities, developers may have access to the personal data of clients using the services and other employees' data.

To ensure built-in and default data protection, we have implemented the following technical and organizational measures:

Any employee involved in server development and intending to perform a technical operation involving access to personal data submits their request to the DevOps manager.

Employees in this department are responsible for fulfilling technical requests submitted by octagent.com's served clients and resolving technical issues.

This task requires prompt issue resolution.

During these activities, developers may have access to clients' personal data.

Individuals registering on the website can give consent for data processing by checking the appropriate checkbox. The checkbox cannot be pre-checked. Processed data includes the individual's name (first and last), phone number, and email address.

Purpose of data processing:

Legal basis for data processing: Individual's consent (GDPR Article 6(1)(a)).

Recipients of personal data: Company's customer service and marketing employees as data processors.

Retention period of personal data: 5 years or until the individual withdraws consent (deletion request).

Individuals registering for promotional materials and newsletters give consent for personal data processing by checking the appropriate checkbox. The checkbox cannot be pre-checked. Individuals can unsubscribe from the newsletter through the "unsubscribe" option, in writing, or anytime via email, considered as withdrawal of consent.

Processed personal data includes:

Individual's name (first and last), Email address

Purpose of data processing:

Sending newsletters related to the Company's products and services
Sending promotional materials
Providing information about the Company's products, services, terms, and discounts

Legal basis for data processing: Individual's consent (GDPR Article 6(1)(a)).

Recipients of personal data: Company's customer service and marketing employees as data processors.

Customer service employees are responsible for assisting Octagent customers regarding the operation of Octagent campaigns through email to@octagent.com, private business email addresses of customer service representatives, phone calls, or scheduled consultations.

(1) Scope of processed data for contact purposes: Customer's contact details provided for communication (name, email address, phone number). Purpose of data processing: Communication, transmitting marketing messages. Legal basis for data processing: Individual's consent (GDPR Article 6(1)(a)). Data retention period: 2 years after the trial period.

(2) Scope of data processed for orders: Billing data (name, address, tax number). Legal basis for data processing: Contract performance (GDPR Article 6(1)(b)). Data retention period: Until the services are retained. Recipients of personal data: Company's customer service and marketing employees as data processors, Hubspot, Amazon.

Contact Information for Legal Entities' Clients, Customers, and Suppliers
(1) Scope of processed personal data: Name, address, phone number, and email address of the natural person representing the legal entity.

Data retention period: Until the client unsubscribes from the newsletter services or until the individual's consent is withdrawn (deletion request).

(2) Purpose of personal data processing: Fulfillment of the contract with the legal entity partner, business assignment.

Legal basis: Individual's consent (GDPR Article 6(1)(a)).

(3) Recipients of personal data: Company's marketing employees.

(4) Data retention period: 5 years from the termination of the business relationship, considering the individual's representative capacity.

(5) The legal entity partner and representative are responsible for the accuracy, credibility, and legality of the data provided to the Company.

(1) Cookies are small data files placed on the user's computer by the visited website. These files, containing small characters, are transferred to the user's device when visiting a website. The purpose of cookies is to facilitate and enhance specific information and communication internet services. When the user revisits such a website, the site can recognize the user's browser due to cookies. Cookies can store user settings (e.g., selected language) and other information. Among other things, cookies collect information about the visitor and their device, remember visitor preferences, and can be used, for example, when using online shopping carts. Generally, cookies make website usage easier, assist the website in providing a genuine online experience for users, and are used as an efficient source of information. They also enable the site operator to monitor the website's operation, prevent abuse, and provide uninterrupted and quality website services.

(2) Cookies come in various types but are generally classified into two categories. One is the category of temporary cookies, which the website places on the user's device only during a specific session (e.g., during the security authentication of an online banking transaction). The other type is persistent cookies (e.g., on a specific website), which remain on the computer unless the user deletes them. According to the guidelines of the European Commission, cookies can only be placed on the user's device if they agree (except when cookies are essential for using specific services).

(3) For cookies that do not require the user's consent, the information must be provided during the website's first visit. It is not necessary to display the full text of information about cookies on the website; it is sufficient for the website operators to briefly summarize the essence of the information and refer to the availability of the complete information via a URL.

(4) In the case of consent-based cookies, the information may be related to the website's first visit if data processing related to cookie usage begins when the website is visited. If cookie usage is specifically related to a function requested by the user, the information may appear in connection with using that function. In this case, it is not necessary to display the full text of information about cookies; a brief summary of the essential information is sufficient, along with a reference to the availability of complete information via a URL.

(5) Information contained in cookies is stored only for the strictly necessary period, which should not exceed 1 year. At the end of this period, Users and/or Subscribers must renew their consent for cookie installation.

(6) Users and/or Subscribers receive information that by changing their browser settings, they can prevent cookies from being saved on any hardware. Users and/or Subscribers can fully or partially accept or reject the cookies used by the website. However, rejecting cookies may hinder the normal operation of Octagent services.
Information on the Use of Cookies

(1) In line with general practice, our Company also uses cookies on its website. The Company's website records and processes the following data of the visitor and the device used during the website usage:

IP address used by the visitor
Browser type
Characteristics of the device's operating system used for browsing (language settings)
Time of visit
Visited (sub) location, function, or services

(2) The acceptance and approval of cookie use are not mandatory. Users can reset their browser settings to reject all cookies or be alerted when a cookie is sent. While most browsers accept cookies by default, these settings can be changed to prevent automatic acceptance, offering the choice on each occasion.