1. Introduction
ContactPro is a multi-channel communication platform operated by Bithuszárok Bt. We process personal data in order to provide our service. This Privacy Policy explains what data we collect, why we collect it, how we use it, and what your rights are under Regulation (EU) 2016/679 ("GDPR").
This policy applies to all users of ContactPro and to the personal data of your subscribers that you instruct us to process on your behalf. Where you use ContactPro to manage and contact your own subscribers, you act as the Data Controller and we act as your Data Processor — this relationship is governed by the Data Processing Addendum in our Terms & Conditions.
2. Data Controller
The data controller for personal data collected directly by ContactPro (account data, server logs, etc.) is:
Registered address: 2051 Biatorbágy, Damjanich utca 8. tetőtér 4., Hungary
Tax number: 21158218-2-13
Registration number: 13-06-065996
Executive: Mizera Ferenc
Email: info@bithuszarok.hu
3. Data Protection Officer
Our designated Data Protection Officer (DPO) can be reached at:
You may contact our DPO for any questions regarding the processing of your personal data or the exercise of your GDPR rights.
4. Personal Data We Collect
4a. Account Registration
| Data | Purpose | Legal Basis | Retention |
|---|---|---|---|
| Name, email address, company name, password hash | Account creation and authentication | Contract (Art. 6(1)(b) GDPR) | Duration of account + 3 years |
4b. Message Sending
| Data | Purpose | Legal Basis | Retention |
|---|---|---|---|
| Recipient email addresses, contact attributes submitted by you | Service delivery (sending campaigns on your instructions) | Contract + your instructions as Data Controller | Per your account settings; deleted within 90 days of account termination |
4c. Facebook Messenger Channel
When you connect a Facebook Messenger channel to ContactPro, we store the following data to operate the integration:
| Data | Purpose | Legal Basis | Retention |
|---|---|---|---|
| Facebook Page ID, Page access token (encrypted) | Authenticating API calls to Meta's Messenger platform on your behalf | Contract (Art. 6(1)(b) GDPR) | Until you disconnect the channel |
| Message metadata: sender PSID, message ID, timestamp | Message delivery tracking and deduplication | Contract | 30 days |
We do not store the content of Messenger messages beyond 30 days. Message content is processed solely for the purpose of delivery. This integration is operated in accordance with Meta's Platform Terms and Messenger Platform Policies.
4d. SMS Channel
| Data | Purpose | Legal Basis | Retention |
|---|---|---|---|
| Recipient phone numbers, delivery status codes | SMS delivery and delivery reporting | Contract + your instructions | Per your account settings; max 90 days post-termination |
4e. Automation Workflows
| Data | Purpose | Legal Basis | Retention |
|---|---|---|---|
| Trigger event data and workflow execution logs | Automation execution, debugging, audit trail | Contract | 90 days |
4f. Analytics & Server Logs
| Data | Purpose | Legal Basis | Retention |
|---|---|---|---|
| IP addresses, browser user-agent, request timestamps, error logs | Security monitoring, debugging, abuse prevention | Legitimate interest (Art. 6(1)(f) GDPR) | 90 days |
4g. Payment Data
Payment transactions are handled by third-party payment processors. ContactPro stores only the transaction reference number and invoice data required by Hungarian accounting law. We do not store full card numbers or bank account details.
5. Data Processors
We engage the following third-party data processors, each bound by a written data processing agreement:
| Processor | Role | Country |
|---|---|---|
| Contabo GmbH | Cloud infrastructure hosting and data storage | Germany (EU) |
| K&H Bank Zrt. | Payment processing | Hungary (EU) |
| Billingo Zrt. | Invoice and accounting processing | Hungary (EU) |
We will notify you of any changes to our sub-processor list at least 14 days in advance.
6. International Transfers
All ContactPro infrastructure and data storage is located within the European Union (Contabo data centres in Germany). We do not transfer personal data outside the EU/EEA as a matter of course.
Facebook Messenger integration: When you use the Messenger channel, authentication tokens and message metadata are transmitted to Meta Platforms Ireland Ltd. (Ireland, EU) via the Graph API. Meta Platforms Ireland is subject to EU GDPR. Any onward transfer by Meta to the United States is covered by EU Standard Contractual Clauses (SCCs) under Meta's Data Processing Terms.
SMS delivery: SMS messages are routed via our SMS gateway provider. Phone numbers are transmitted to the gateway solely for delivery purposes and are governed by the gateway's own data processing terms.
7. Security
We implement appropriate technical and organisational security measures, including:
- Encryption in transit: TLS 1.2 and TLS 1.3 on all endpoints
- Encryption at rest: database-level and object storage encryption
- Access controls: role-based access, principle of least privilege
- Audit logging: all administrative and data-access actions are logged
- Regular automated backups with tested restore procedures
- OAuth2 tokens and API keys stored as encrypted hashes
In the event of a personal data breach, we will notify you as Data Controller without undue delay and in any event within 72 hours of becoming aware of the breach.
8. Your Rights (GDPR)
As a data subject, you have the following rights under GDPR, which you may exercise by contacting us at info@bithuszarok.hu or our DPO at info@merosus.hu:
- Right of access (Art. 15): obtain a copy of the personal data we hold about you
- Right to rectification (Art. 16): correct inaccurate or incomplete data
- Right to erasure (Art. 17): request deletion of your personal data ("right to be forgotten"), where no overriding legal basis for retention applies
- Right to restriction (Art. 18): limit how we process your data in certain circumstances
- Right to data portability (Art. 20): receive your data in a structured, machine-readable format
- Right to object (Art. 21): object to processing based on legitimate interest
- Right to lodge a complaint: you have the right to complain to the Hungarian supervisory authority — Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH), naih.hu, +36 1 391 1400
We will respond to all valid requests within 30 days. In complex cases we may extend this by a further 60 days, notifying you of the extension.
9. Cookies
ContactPro uses only essential session cookies required for authentication and secure session management. We do not use:
- Advertising or tracking cookies
- Google Analytics, Facebook Pixel, or any third-party analytics
- Any non-essential cookies that require consent under ePrivacy rules
Session cookies are automatically deleted when you close your browser or log out. No cookie consent banner is required as only strictly necessary cookies are used.
10. Data Retention Summary
| Data Category | Retention Period | Basis |
|---|---|---|
| Account data (name, email, company) | Duration of account + 3 years | Contract / Legal obligation |
| Contact / recipient data | Per your settings; deleted within 90 days of account termination | Your instructions as Data Controller |
| Server and access logs | 90 days | Legitimate interest (security) |
| Facebook Messenger access tokens | Until channel is disconnected | Contract |
| Messenger message metadata (PSID, msg ID, timestamp) | 30 days | Contract |
| Automation workflow execution logs | 90 days | Contract |
| Payment transaction references | 7 years | Legal obligation (Hungarian accounting law) |
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our data processing activities or applicable law. The current version is always published at contact-pro.eu/privacy.html.
For material changes, we will notify registered users by email at least 10 days before the change takes effect. Continued use of the Service after the effective date constitutes acceptance.
12. Contact
For privacy-related enquiries:
- General: info@bithuszarok.hu
- Data Protection Officer: info@merosus.hu
Postal address: Bithuszárok Bt., 2051 Biatorbágy, Damjanich utca 8. tetőtér 4., Hungary