Dynex Kft.
Registered Office: 1038 Budapest, Hosok Tere 37, Hungary
Company Registration Number: 01-09-439155
The purpose of this Privacy Policy is to provide detailed, transparent, and comprehensive information about the data processing and data handling activities carried out within the framework of the software platform and related services operated by Dynex Kft.
The Service Provider declares that its data processing practices fully comply with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (Info Act), as well as the relevant sectoral legislation.
The contracted Partner (Client) of Dynex Kft., who determines the purposes and means of processing personal data.
Dynex Kft., which performs technical data processing operations on behalf of the Data Controller and according to their instructions, based on the Software Service Agreement concluded with the Data Controller.
The Service Provider performs complex, integrated data processing activities during the operation of the Platform:
The Service Provider only processes data uploaded to the Platform by the Data Controller or generated during the use of the Platform:
Name, title, company name
Email, phone, physical address, social media identifiers
IP addresses, browser types, device information, cookie identifiers
Content of emails, chat messages, SMS, attachments
Transaction amount, currency, date, status (we do NOT store complete credit card data)
Interests, activity metrics
The Service Provider and its sub-processors (OpenAI) DO NOT use and DO NOT store personal data, business secrets, or knowledge bases entered by the Data Controller for the development, training, or fine-tuning of general-purpose artificial intelligence models.
"Bring Your Own Knowledge" Principle: The chatbot works exclusively from sources explicitly uploaded by the Data Controller. It does not use external, unverified internet sources.
For content generation features, the processing of personal data is limited to transient processing during the generation process only, for the execution of the specified instructions.
Certain features of the Service (Marketing Automation, Workflows) may involve data processing that qualifies as profiling under Article 22 of the GDPR.
The Service Provider only works with partners who provide adequate guarantees of compliance with GDPR requirements:
| Provider | Activity | Legal Basis |
|---|---|---|
| LeadConnector LLC | Platform infrastructure | EU-US DPF |
| Vercel Inc. | Cloud hosting | EU-US DPF |
| Google Cloud Services | Data storage, analytics | EU-US DPF |
| Amazon Web Services | Storage, CDN | EU-US DPF |
| Twilio Inc. | SMS, voice communication | BCR |
| Mailgun Technologies | Email delivery | EU-US DPF |
| Stripe, Inc. | Payment transactions | EU-US DPF |
| OpenAI, L.L.C. | AI models (GPT) | EU-US DPF |
The Platform is an "open architecture" system that allows the Data Controller to connect their account with external systems at their own discretion (e.g., Zapier, Make, Webhooks, Facebook Ads, Google Ads).
Important: The Data Controller is solely responsible for the lawfulness of such data transfers configured by them, as well as the data security compliance of the receiving party.
TLS 1.2+ protocol, AES-256 standard encryption
Role-Based Access Control (RBAC), mandatory 2FA
Geographically redundant backups (High Availability)
Immediate persistent storage, minimized data loss risk
Given that some sub-processors are headquartered in the United States, data transfers outside the European Economic Area (EEA) take place.
The legal basis for these data transfers is primarily provided by the adequacy decision of the EU-US Data Privacy Framework (DPF). Where the DPF is not applicable, we apply Standard Contractual Clauses (SCCs).
Following the termination of the contract with the Data Controller, the Service Provider is obligated - based on the Data Controller's decision - to:
The Data Controller is responsible for exercising data subject rights under the GDPR (access, rectification, erasure, restriction, data portability, objection).
If a data subject submits their request directly to the Data Processor (Service Provider), the Service Provider will forward it without substantive review to the Data Controller without delay and provide technical assistance in fulfilling the request.
Date: Budapest, November 1, 2024
Dynex Kft.
Data Processor
For data protection questions, write to us at: [email protected]