Privacy Notice

Effective from: March 7, 2024

This privacy notice (“Privacy Notice”) describes how we process the personal data of the users of our services, the visitors of www.seon.io (“Website”), our social media sites, webinar participants and any other persons that interact with us directly (“you”).

In case you are a user of an online service provider that uses SEON as a fraud prevention service provider (“End-user”), please refer to Annex I to this Privacy Notice that specifies the information that applies to you.

At SEON we are committed to protecting your personal data and respecting your right to privacy.

When we process your personal data on the basis of our legitimate interest (see below under Section 3), you have the right to object to that processing (for further explanation, see Section 5.5). If you wish to exercise this right, please contact us or our Data Protection Officer at the email contact details specified below.

SEON is a data processor, with regard to the processing of non-direct “End-user personal data”.

The data controller of your personal data (“End-user personal data”) is the customer on whose behalf you use our services. For more detailed information, please see ANNEX I – SEON information notice to END-USERS. 

If you are a user of our services, who subscribed directly to the Website, and not using our services on behalf of a SEON customer, the data controller of your personal data (“Direct user personal data”) is SEON.

If you use our services on behalf of a SEON customer, the data processor of your personal data is SEON.

SEON (hereinafter referred to as “SEON”, “we”, “us” or “our” in this Privacy Notice) means SEON Technologies Kft. Registered seat: Europe, Hungary, H-1072 Budapest, Rákóczi út 42. 7. em, Company registration number: 01-09-292732

For any inquiries about this Privacy Notice, please contact any SEON entity at the following email address: legal@seon.io.

SEON appointed a DPO. For any inquiries about this Privacy Notice, you may contact our DPO at dpo@seon.io.

General

1. We process your personal data for the following purposes: (i) providing the services, including registration on the Website, providing demos, establishing contractual relationships, and concluding contracts; (ii) processing payments from our customers; (iii) enhancing our services; (iv) ensuring information security of the services and preventing frauds; (v) lead generation, sending newsletters and other direct marketing communications; (vi) providing customer support, providing information on service updates; (vii) organizing webinars, events; and(viii) analysis of business performance and managerial decision making. Please find detailed information on the purposes and other relevant circumstances of the processing categorized by the purposes below.
2. We do not carry out automated decision-making or profiling based solely on automated processing of your personal data as described by Article 22 GDPR.
3. We use cookies and similar technologies to collect and process data on our website. These technologies may include, but are not limited to, cookies, web beacons, pixels, and tags. We ask for your consent and to confirm your preferred setting to use these technologies when you first access our website. We will reconfirm your consent on a yearly basis or in case of any changes to this Privacy Notice. You have the right to withdraw your consent or delete cookies at any time by following the instructions provided in your browser settings. For example, you can delete cookies that have already been placed on your device by following these instructions:
   
   • Deleting cookies in Internet Explorer
   • Deleting cookies in Firefox
   • Deleting cookies in Chrome
   • Deleting cookies in Opera
   • Deleting cookies in Safari
     
     Please note that deleting cookies may affect your browsing experience and preferences on our website.

3.2 Providing the services, including registration on the Website, providing demos, establishing contractual relationships, concluding contracts

3.3. Processing payments from customers

3.4. Enhancing the services

3.5. Ensuring information security of the services and preventing fraud

3.6. Lead generation, sending newsletters and other direct marketing communications

3.7.   Providing customer support, providing information on service updates

3.8. Organizing webinars, events

3.9. Analysis of business performance and managerial decision making

HOW DO WE SHARE YOUR PERSONAL DATA?

4.1. Your personal data will be primarily processed by the employees at SEON for the above listed purposes. This includes sharing your personal data between SEON group entities. Please note that we may share your personal data with SEON entities outside the EEA, in particular, we may transfer your personal data to the UK. We rely on the adequacy decision adopted by the European Commission for transfers of personal data to the UK.

4.2. We may share your personal data with the following categories of business partners for the above listed purposes:cloud providers, customer relationship management (CRM) providers, e-signature providers, integration tool providers, meeting organizer tool providers, banks, payment processors, invoicing tool providers, instant messaging providers, video conferencing tool providers, UI/UX tool providers, public database providers, social media providers, gift card tool providers, data cleansing providers, online form providers, reporting tool providers, online advertising platforms and agencies, analytics tools providers, webinar partners, marketing lead contact search engines, business listing pages, project management tool providers, legal consultants, financial consultants, and public authorities. Please note that we may share your personal data with some business partners outside the EEA, in particular, we may transfer your personal data to the US and various third countries. We enter into standard contractual clauses adopted by the European Commission with these business partners to ensure the adequate protection of your personal data.

4.3. A copy of the safeguards for international data transfers can be obtained for your review on request by using the contact details specified in this Privacy Notice.

YOUR RIGHTS

You have the following rights regarding the processing of your personal data carried out by us:

5.1. Right to access

You have the right to request access to your personal data and obtain information from us regarding (among others): the purpose of processing; what categories of personal data are processed; to whom we transfer or disclose your personal data; for what period we process your personal data; your rights in connection with data processing carried out by us regarding your personal data; your right to lodge a complaint with a supervisory authority regarding the processing; in case we collect your personal data from other sources than from you, any available information as to the source; the existence of automated decision-making and related information, including the logic involved, as well as the significance and the envisaged consequences of such processing for you; whether your personal data is transferred outside the EEA and regarding the conditions of these transfers.We will provide you with a copy of your personal data in case you require us to do so.

5.2. Right to rectification

You have the right to request us to rectify your inaccurate personal data and to request us to complete your incomplete personal data by means of providing us with a supplementary statement.

5.3. Right to erasure

5.3.1. We erase any of your personal data if you request us to do so in the event of the following:

• your personal data is no longer necessary for the purpose concerned;
• you withdraw your consent and there is no other legal basis for the processing;
• you object to the processing and there are no overriding legitimate grounds for the processing (or, in case of direct marketing, you simply object to the processing);
• your personal data has been processed unlawfully;
• your personal data has to be erased according to relevant laws.

5.3.2. Please note that we are entitled to not erase your personal data if it is necessary - inter alia - for exercising the right of freedom of expression and information, for compliance with legal obligations, and for the establishment, exercise or defense of legal claims.

5.4. Right to restriction of processing

5.4.1. You have the right to obtain a restriction of processing from us where one of the following applies:

• you have contested the accuracy of your personal data, in which case you will obtain restriction for a period enabling us to verify the accuracy of your personal data;
• the processing is unlawful, and you oppose the erasure of your personal data and request the restriction of their use instead;
• we no longer need your personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; or
• you objected to the processing and the verification is pending whether our legitimate grounds override yours.

5.4.2. Where processing has been restricted, personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or of an EU member state.

5.5.   Right to object to processing

5.5.1. You have the right to object to the processing of personal data on grounds relating to your particular situation, where the legal basis of the processing activity is our legitimate interest (or the legitimate interest of a third party). We will no longer process the personal data unless we demonstrate compelling legitimate grounds, which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

5.5.2. You do not need to ascertain grounds relating to your particular situation if your personal data is processed for direct marketing purposes, and we will no longer process personal data if you objected to the processing.

5.6. Right to data portability

5.6.1. If certain conditions apply, you have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without hindrance from us. You also have the right to have your personal data transmitted directly from us to another controller, where technically feasible.

5.7. Right to withdraw your consent

5.7.1. You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on your consent before its withdrawal.

5.8. Our actions

5.8.1. If you wish to exercise any of your rights, please contact us at the email contact details indicated in this Privacy Notice.We will provide information on the actions taken on your requestwithout undue delay and in any event within one month of the receipt of your request. This period may be extended with a reasoned notification to you by two months where necessary, taking into account the complexity and number of requests. We will take the necessary actions free of charge except when your request is manifestly unfounded or excessive. In case we have reasonable doubts as to the identity of the natural person making the request, we may request additional information necessary to confirm your identity. We will inform all recipients of all rectification, erasure, or restriction of processing to whom personal data was disclosed except if it is impossible or requires disproportionate effort.

5.8.2. In case we do not take any action regarding your request, we will inform you within one month of the receipt of your request as to the reasons and the possibility of lodging a complaint with a data protection supervisory authority and seeking a judicial remedy.

6.   REMEDIES

6.1. In case you do not agree with our response or action, or if you consider that your rights have been infringed, you may lodge a complaint with the data protection supervisory authority in the UK or the EU Member State of your habitual residence, place of work or place of the alleged infringement, in particular, with the following data protection supervisory authorities:

6.1.1. Hungarian National Authority for Data Protection and Freedom of Information (address: HU-1055 Budapest, Falk Miksa utca 9-11, mailing address: 1363 Budapest, Pf.: 9.; tel.: +36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu);website: naih.hu);

6.1.2. Information Commissioners Office (address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, online contact form: https://ico.org.uk/global/contact-us/).

7. UPDATES

7.1. Please note that we review this Privacy Notice on occasion and amend it as necessary. When we amend this Privacy Notice, we will announce and publish it by the usual means (e.g., via e-mail or on the Website). We encourage you to review this Privacy Notice regularly.

ANNEX I – SEON information notice to END-USERS (INDIRECT DATA SUBJECTS)

WHY DID YOU RECEIVE THIS INFORMATION NOTICE? You received this information notice because an online service provider (where you registered an account or with whom you interacted, such as a financial institution or a webshop) uses certain functionalities of SEON’s services, and, as a result, SEON became the processor of your personal data.

WHO IS SEON? SEON provides state-of-the-art fraud prevention to online service providers.

WHICH SEON FUNCTIONALITIES CONCERN YOUR PERSONAL DATA? There are two functionalities we would like to inform you about in this notice. We provide your online service provider with information (i) on how many times your email address, IP address or phone number was checked in our system, and when it was checked last time, etc. (history data); and (ii) on whether your email address, phone number, IP address, or browser has been flagged as fraudulent in our system, etc. (flag data). We collect these personal data from other online service providers that use these functionalities. We may maintain a database of this data. We do not carry out automated decision-making or profiling based solely on automated processing of your personal data as described by Article 22 of GDPR when providing these functionalities.

HOW DO WE USE YOUR PERSONAL DATA? We use your personal data on behalf of online service providers (where you registered an account or with whom you interacted, such as a financial institution or a webshop) according to and strictly in the scope of their instructions. The online service provider (data controller) determines the purposes and means of processing your personal data. In other words, the data controller decides the how and why of SEON’s data processing operation. The most typical usage of your personal data by a service provider is conducting a fraud check, but sometimes, it may also include data analysis for credit purposes.

HOW DO WE SHARE YOUR PERSONAL DATA? We share your personal data with SEON group companies, and we may transfer your personal data to the UK. We rely on the adequacy decision adopted by the European Commission for transfers of personal data to the UK. We share your personal data with our cloud provider and other online service providers that use these functionalities. We transfer your personal data to the US and various third countries. We enter into standard contractual clauses adopted by the European Commission with these business partners to ensure the adequate protection of your personal data. You can request a copy of the safeguards for international data transfers can by contacting us.

FOR HOW LONG DO WE KEEP YOUR PERSONAL DATA? According to the applicable limitation period for enforcing legal claims.

WHAT ARE YOUR RIGHTS?

Please note that SEON acts only as a "Data Processor" of any of your personal information that may have been collected by SEON in our role as a provider of fraud detection services for our customers. Our customer(s) are considered the "Data Controller" of your personal information under the GDPR and they are the only one(s) that can respond to your request.  In such cases, we notify our customer(s) of your request without undue delay. Our customer(s) (your Data Controller) must respond to your request. Again, we notify them on your behalf, and they should execute your request, however for further information about your request, you may want to contact them directly.

Among other data protection rights, you have the right to object that we include your personal data in these functionalities. You can exercise your rights by contacting our customer(s) (the Data Controller) or us. For further information on your rights, remedies and updates to this document please refer to the corresponding sections of our Privacy Notice available on the following link: [Link to Section 5 - Your Rights*]

WHO CAN YOU CONTACT? If a SEON group company (either SEON Technologies Kft., registered seat: H-1072 Budapest, Rákóczi út 42. 7. em; company registration number: 01-09-292732) provides the functionalities to the online service provider you use, you can contact any SEON entity at the following email address: legal@seon.io.

WHERE CAN YOU FIND INFORMATION ON OTHER SEON FUNCTIONALITIES? With regards to other SEON functionalities not detailed above, the online service providers who you interact with will qualify as the controller of your data. These online service providers will provide you further information in their own privacy notices on how their fraud prevention practices affect your personal data.