Privacy Policy

Please read this policy carefully before using our website or the BugProve Platform.

This privacy policy (the "Policy") aims to give you information on how BugProve collects and processes your personal data through your use of this website under https://www.bugprove.com/ (the "Website"), including any data you may provide through this website or use or purchase a BugProve product or service.

This Policy will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you. It applies to those visiting our website or using the BugProve platform (together, the "Platform").

The Platform and BugProve Services are provided by BugProve Inc. ("us", "our" or "we") as it is also described in your Agreement. In this regard BugProve Inc. is the data controller in some cases where it is expressly stated, and a data processor according to its Terms of Use.

For the purpose of the relevant data protection legislation, the data of BugProve Inc. as data controller are as follows:
registered seat: 1111B S Governors Ave Ste 6494 Dover, DE 19904, USA;
company registration number: 6791744 registered by the Secretary of State of the State of Delaware;
E-mail address: info@bugprove.com
Contact person: Attila Szász, Chief Executive Officer

Please note that this Policy does not apply to, or limit, our use or disclosure of non-personal information (i.e. information which is not relevant to you or able to identify you) we may collect from you via your use of the Platform. We are entitled to analyze, examine and use without time limit your such data, which are anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that you are not or no longer identifiable. This Privacy Policy and GDPR itself does not therefore concern the processing of such anonymous information, including for statistical or research purposes.

Information we (as data processor) may collect from you

We may collect and process the following data about you:

Information you give us. You may give us information about you by filling in forms on our Platform, when you log in to the Platform, or by corresponding with us by phone, e-mail, chat, or otherwise. This includes (but is not limited to) information you provide when you use our service and when you report a problem with our Platform or the services available on it. The information you give us will depend on the circumstances but, as you are giving it to us, you will always know what information we are receiving. We may keep a record of that correspondence or information in accordance with Data Deletion and Retention Policy in case we need to contact you in relation to the issue for which you contacted us, for operational performance improvement and/or nuisance caller management, or otherwise as may be required by law.

Please note that we do not collect payment information from you. This will be collected directly from you by our third-party payment processor.

The categories of personal data processed; purpose and legal basis of data processing

Conclusion and performance of the Agreement

We may process your personal data when you conclude the Agreement with us as a customer for the performance of such Agreement (Article 6 (1) point (b) GDPR) for the purpose of concluding, performing or terminating the Agreement with the following data: name, address, tax identification number, tax number, telephone number, e-mail address, customer number. Such data are mandatory in order to conclude and perform the Agreement.

The scope of data subjects: any natural person who concludes an Agreement with us, by providing personal data.

Purpose of the processed data: concluding and performing the Agreement.

Duration of processing: 5 years after termination of the Agreement.

Legal basis: you have provided personal data for the conclusion and performance of a contract on the basis of point b) of Section 1 in Article 6 of GDPR.

Requests and Communication

You may provide some personal data in order to be informed on our Services or operation by direct communication on the Platform, as follows: name, email address, telephone number. You may make some other additional data available, at your sole discretion, such as comments you choose to publicly provide. In case you do not provide such data, we cannot provide you with the requested information.

The scope of data subjects: any natural person who contacts us and requests information from us, providing personal data.

Purpose of the processed data: communication and identification.

Duration of processing: until the purpose is achieved.

Legal basis: you have given consent to the processing of your personal data for one or more specific purposes on the basis of point a) of Section 1 in Article 6 of GDPR.

Notification on Services

In order to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information via e-mail on products and Services - on the following subjects: application, security and billing - we process your data: name, email address, position, telephone number. Such data are mandatory in order to perform the Agreement and our legal responsibilities.

If you want to review your notification settings, you can do so in your profile settings: https://public.eu.bugprove.com/scans?profile

The scope of data subjects: any natural person who concludes an Agreement with us, by providing personal data.

Purpose of the processed data: concluding and performing the Agreement.

Duration of processing: 5 years after termination of the Agreement.

Legal basis: you have provided personal data for the conclusion and performance of a contract, processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract on the basis of point b) of Section 1 in Article 6 of GDPR.

Product news

If you subscribe for our Products by providing some personal data you will automatically receive our Product news in order to be informed on our Products and their updates. Such personal data are as follows: name, email address, telephone number. In case you do not provide such data, we cannot provide you with the requested information.

You may unsubscribe from Product news communication at any time, using the link in the footer of the emails.

The scope of data subjects: any natural person who subscribes for our Products, providing personal data.

Purpose of the processed data: communication on Products updates.

Duration of processing: until the withdrawal of your consent.

Legal basis: processing is necessary for the purposes of our legitimate interests on the basis of point f) of Section 1 in Article 6 of GDPR.

Billing

In order to carry out our obligations in compliance with a legal obligation on invoices and accounting matters we process your data: name, address, tax number (if applicable). Such data are mandatory in order to perform our legal responsibilities.

The scope of data subjects: any natural person who has concluded an Agreement with us and who applies and uses our Services.

Purpose of the processed data: billing.

Duration of processing: in compliance with the applicable legal rules, approximately 8 years from the date of invoice.

Legal basis: processing is necessary for compliance with a legal obligation to which we are subject on the basis of point c) of Section 1 in Article 6 of GDPR.

Newsletter and other marketing materials

You may provide some personal data in order to be informed on the articles, news, promotions, services or operation of ours, as follows: name, email address, telephone number. In case you do not provide such data, we cannot provide you with the requested information.

You shall clearly agree to accept the data processing related to newsletters or any other marketing purposes (e.g. by ticking the appropriate checkbox).

You may unsubscribe from these marketing communications at any time, using the link in the footer of the emails.

The scope of data subjects: any natural person who requests marketing information from us, providing personal data.

Purpose of the processed data: marketing communication and identification.

Duration of processing: until the withdrawal of your consent.

Legal basis: you have given consent to the processing of your personal data for one or more specific purposes on the basis of point a) of Section 1 in Article 6 of GDPR.

Statistical purposes

We are entitled to analyze, examine and use without time limit your data, which are anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that you are not or no longer identifiable. This Privacy Policy does not therefore concern the processing of such anonymous information, including for statistical or research purposes.

Technical information (cookies)

Some parts of our website use so-called "cookies" - files that are stored on the hard drive of your hardware for the purpose of recording data and facilitating the identification and further visits of yours, which includes: the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our Platform (including date and time); webpage identifier; what you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouseovers), metadata information about the payload and page; analytical data; information about the DOM and mutation events; comments you choose to publicly provide; and methods used to browse away from the page and any phone number used to call our customer service number.

Duration of processing: until the withdrawal of your consent and except for strictly necessary (in the cookie banner: necessary) cookies, all cookies will expire within 400 days.

Legal basis:

• in case cookies are necessary for the technical operation of the website the processing is necessary for the purposes of our legitimate interests on the basis of point f) of Section 1 in Article 6 of GDPR;
• in case cookies are not necessary for the technical operation of the website you have given consent to the processing of your personal data for one or more specific purposes on the basis of point a) of Section 1 in Article 6 of GDPR.

For further information please see Section "Cookies" and in the cookie settings in the footer of our website.

Cookies

What are cookies?

Cookies are small text files that are used to store small pieces of information. They are stored on your device when the website is loaded on your browser. These cookies help us make the website function properly, make it more secure, provide better user experience, and understand how the website performs and to analyze what works and where it needs improvement.

Information about our use of Cookies

Our website and platform uses cookies to distinguish you from other users. This helps us to provide you with a good experience when you browse our website or platform and also allows us to improve our services.

What types of cookies do we use?

There are four main types of cookies:

• Strictly necessary cookies: these cookies are essential to enable you to login, navigate around and use the features of our website and services, or to provide a service requested by you (such as your username). We do not need to obtain your consent in order to use these cookies. These cookies can be used for security and integrity reasons.
• Functionality cookies: These cookies allow our services to remember choices you make (such as your language) and provide enhanced and personalized features.
• Analytics cookies: these cookies collect information about your online activity (for example the duration of your visit on our Services and websites), including behavioral data and content engagement metrics. These cookies are used for analytics, research and to perform statistics (based on aggregated information).
• Marketing or advertising cookies: these cookies are used to deliver tailored offers and advertisements to you, based on your derived interests, as well as to perform email marketing campaigns. They are usually placed by our advertisers (for example advertising networks) and provide them insights about the people who see and interact with their ads, visit their websites or use their app.

How can you manage your cookies?

You can access your cookie settings in the footer of our website, under cookie settings powered by CookieYes, and you can easily change your preferences, or opt out. We built facilities into the website that allow you to accept, refuse and withdraw consent for different types of cookies (see our website footer for further information on cookies).

Except for strictly necessary (in the cookie banner: necessary) cookies, all cookies will expire within 400 days.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies you may not be able to access all or parts of our website. Strictly necessary cookies cannot be turned off.

Listed below are the links to the support documents on how to manage and delete cookies from the major web browsers.

Chrome: https://support.google.com/accounts/answer/32050

Safari: https://support.apple.com/en-in/guide/safari/sfri11471/mac

Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox

Internet Explorer: https://support.microsoft.com/en-us/topic/how-to-delete-cookie-files-in-internet-explorer-bca9446f-d873-78de-77ba-d42645fa52fc

Storing period

We shall store the personal data for no longer than is necessary for the purposes for which the personal data are processed, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of a dispute in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Furthermore, we shall process the personal data until the expiry of the general limitation period of contracts, and until the mandatory period set forth by legal rules.

If the legal basis of the data processing is your consent, and legal provisions allow the withdrawal, we shall process the personal data until the date of withdrawal of consent. You shall have the right to withdraw his or her consent at any time, but the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Data processor and data transfer

We work with the following data processors and recipients:

• Hosting providers:

Company name: Amazon Web Services, Inc.
Registered seat: 410 Terry Avenue North, Seattle, WA 98109-5210 U.S.A.
Registration number: 206-266-7010
Website: https://aws.amazon.com/
Data transfer to USA/DPA: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf

Company name: Amazon Web Services EMEA SARL
Registered seat: 38 Avenue John F. Kennedy, 1855 Luxembourg, Luxembourg
Registration number: 352 2789 0057
Website: https://aws.amazon.com/
Data transfer to Luxembourg/DPA: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf

• Cloud Service Provider

Company name: Google Ireland Limited
Registered seat: Gordon House, Barrow Street, Dublin 4, Ireland
Registration number: IE368047
Website: https://policies.google.com/terms?hl=en
Data transfer to Ireland/DPA: https://policies.google.com/terms?hl=en

• Email Marketing, Support, Sales and CRM services:

Company name: HubSpot Ireland Limited
Registered seat: HubSpot House, One Sir John Rogerson's Quay, Dublin 2, Ireland,
Registration number: IE515723
Contact person: Nicholas Knoop
Website: https://preferences.hubspot.com/privacy
Data transfer to Ireland/DPA: https://legal.hubspot.com/dpa

• Product and website analytics services

Company name: PostHog Inc.
Registered seat: 2261 Market St., #4008, San Francisco, CA 94114, United States of America

Registration number: 35-2678319
Contact person: Charles Cook, VP of Operations (charles@posthog.com)
Website: https://posthog.com/terms
Data transfer to USA/DPA: /uploads/Post_Hog_Bug_Prove_GDPR_DPA_f740a78591.pdf

• Advertising Platform

Company name: LinkedIn Ireland Unlimited Company
Registered seat: Wilton Place, Dublin 2, Ireland
Registration Number: 477441
Website: https://www.linkedin.com/legal/impressum
data transfer to Ireland/DPA: https://www.linkedin.com/legal/l/dpa

• Advertising Platform and Website Analytics

Company name: Google Ireland Limited
Registered seat: Gordon House, Barrow Street, Dublin 4, Dublin D04 E5W5
Registration Number: 368047
Website: https://marketingplatform.google.com/about/
Data transfer to Ireland/DPA: https://business.safety.google/adsprocessorterms/

• Billing services:

Company name: Stripe, Inc.
Registered seat: 354 Oyster Point Boulevard, South San Francisco, California, 94080, USA
Contact: https://stripe.com/en-hu/legal/privacy-center#contact-us
Website: https://stripe.com/en-hu/legal/ssa
Data transfer to USA/DPA: https://stripe.com/en-hu/legal/dpa

• Technical background

Company name: BugProve Kft.
Registered seat: 1062 Budapest, Andrássy út 66., Hungary
Registration number: 01 09 397704
E-mail address: info@bugprove.com
Contact person: Gergo Hosszu, COO
Website: www.bugprove.com
DPA: BugProve Inc. and BugProve Kft. has entered a DPA to ensure that data transfers from the EU to a third country are compliant with GDPR and user data is protected at all times.

Data Processing Addendums (DPA) are made according to the standard contractual clauses (SCCs) between controllers and processors adopted by the European Commission, therefore they are qualified as appropriate safeguards for data transfers.

International transfers

BugProve is an international business. Your personal data may be shared with our affiliated companies and certain third parties who are based outside the European Economic Area ("EEA"), including in the United States of America. Any processing of your personal data by these parties will involve an export of your personal data outside the UK and the EEA. These other countries may have data protection rules that are different from your own country. We endeavour to ensure that people to whom we provide your personal data hold it subject to appropriate safeguards and controls.

Whenever we transfer your personal data out of the UK and EEA, we will ensure that a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission or the UK Government from time to time. For further details, see here.
• We may transfer your Personal Data to countries that have not been deemed to provide an adequate level of protection for personal data by the European Commission or the UK Government -- provided that, in these cases:
  • we may use specific appropriate safeguards approved by the European Commission and the UK Government, which are designed to give personal data the same protection it has in the EEA/UK (for example, requiring the recipient of personal data to enter into the relevant form of the so-called 'Standard Contractual Clauses' issued or approved from time to time); or
  • in very limited circumstances, we may rely on an exception, or 'derogation', which permits us to transfer your information to such country despite the absence of an 'adequacy decision' or 'appropriate safeguards' -- for example, reliance on your explicit consent to that transfer.

Where we store your personal data

All information you provide to us is stored on our secure servers at our service providers at:

Company name: Amazon Web Services, Inc.
Registered seat: 410 Terry Avenue North, Seattle, WA 98109-5210 U.S.A.
Registration number: 206-266-7010
Website: https://aws.amazon.com/
data transfer to USA/DPA: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf

Company name: Amazon Web Services EMEA SARL
Registered seat: 410 Terry Avenue North, Seattle, WA 98109-5210 U.S.A.
Registration number: 352 2789 0057
Website: https://aws.amazon.com/
data transfer to USA/DPA: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf

Unfortunately, the transmission of information via the Internet is not completely secure. Once we have received your information, we use strict procedures and security features to try to prevent unauthorised access.

Your Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data.

If you wish to exercise any of the rights set out below, please contact us at privacy@bugprove.com.

You have the right to:

Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

If you want us to establish the data's accuracy.

• Where our use of the data is unlawful but you do not want us to erase it.
• Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
• You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

Complaints

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance at privacy@bugprove.com.

On the basis of the General Data Protection Regulation (GDPR) we shall provide information to you on action taken on a request on your rights without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We shall inform you of any such extension within one month of receipt of the request, together with the reasons for the delay. Where you make the request by electronic means, the information shall be provided by electronic means where possible.

According to GDPR you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. You shall have the right to an effective judicial remedy against a legally binding decision of a supervisory authority concerning you. Proceedings against a supervisory authority shall be brought before the courts of the EU Member State where the supervisory authority is established.

You have the right to an effective judicial remedy where you consider that your rights under GDPR have been infringed as a result of the processing of your personal data in non-compliance with GDPR.

European Representative

Pursuant to Article 27 of GDPR, BugProve has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You may contact EDPO regarding matters pertaining to the GDPR:

• by using EDPO's online request form: https://edpo.com/gdpr-data-request/, or
• by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium

Stopping Use of the Platform

If you want to stop using the Platform and the BugProve services, you may do so. If you do, you may also want to remove any cookies that we have placed on any device used to access the Platform and the BugProve services.

Third Party Platforms

Our Platform may, from time to time, contain links to and from the websites operated by third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Changes to our Privacy Policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to privacy@bugprove.com.