Privacy policy

 

Smart Trade Applications Kft. (H-8200 - Veszprém, Óváros tér 25.) (hereinafter as: ‘Controller’ or ‘Service Provider’) pays particular attention to processing, storing and use of personal data in accordance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR) (‘Regulation’).

In relation to the processing of the data, Smart Trade Applications Kft. hereby informs the data subjects (hereinafter as ‘data subject’) of the personal data processed and stored in relation to visiting the https://convkit.com/en website and ordering and using the services provided thereon (hereinafter as ‘Website’), the principles and practices applied by it in relation to the processing of the personal data, and the methods and possibilities of data subjects to enforce their rights.

This data processing notice shall be in effect as of 01.05.2021 until revoked.

Service Provider may only collect personal data for specific, clear and lawful purposes, personal data may not be processed in a manner that is not incompatible with these purposes, and the personal data shall be stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

Service Provider shall ensure that no unauthorized persons may access the personal data and that the storing and keeping of the personal data shall be arranged in a manner that it may not be accessed by, revealed to, altered by or destroyed by unauthorized persons.

  1. DATA RELATING TO THE SERVICE PROVIDER:

Smart Trade Applications Korlátolt Felelősségű Társaság

Company registration number: Cg. 19-09-520717

Registering authority: Court of Registration of the Veszprém County Regional Court

Tax number: 27056169219

Registered office: Hungary, H-8200 - Veszprém, Óváros tér 25.

Represented by: GORDON Ákos managing director

Service Provider’s customer service is only available at the following contact details:

Telephone: +36 30 515 9413 (basic rate)

Available on working days from 09.00 until 16.00 hours.

Customer service is not available at weekends and on holidays.

E-mail: staff@convkit.hu

Service Provider does not operate a customer service center (brick and mortar customer service) open to customers.

  1. DEFINITIONS

The terms and definitions in this policy carry the same meaning as those included in Article 4 of the General Data Protection Regulation (hereinafter as ‘Regulation’), and in certain clauses they are supplemented with the terms and definitions of Section 3 of the Information Act effective as of 25 May 2018. In accordance with the above, therefore:

a., ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

b., ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

c., ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

d., ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

e., ‘processor’ means a natural or legal person, public authority, agency or other body which processes the personal data on behalf of the controller.

  1. THE LEGAL BASIS OF PROCESSING

The legal basis of certain types of processing under Article 4 has been determined in accordance with the cases specified in Article 6 paragraph (1) of the Regulation.

  1. SCOPE OF THE PROCESSED DATA, PURPOSE, DURATION AND LEGAL BASIS OF PROCESSING

    1. Registration on the website 

Purpose of data processing:

Allowing purchases to be made on the Website as a registered user, providing access to services subject to registration, convenience function - avoiding repeated submission of data by automatically submitting the data the registered user (data subject) has provided earlier.

Scope of processed data:

  • Surname, first name (for companies, the name of the company),
  • Email address
  • Contact person’s phone number
  • Name of company website
  • Availability of company website (URL)
  • Invoicing address
    • Zip code
    • City
    • Country
    • Address
    • Tax number

Duration of the processing:

The processing of the personal data mandatorily submitted during the registration commences with the registration and lasts until it is deleted upon request. If the data subject does not request the deletion of his/her registration, Service Provider shall delete the registration data from its system no later than 30 days after the Service terminated. Service Provider has the right to retain the aggregations of the data obtained for statistical and algorithm development purposes.

Legal basis for processing:

Legal basis of the processing is the voluntary consent of the data subject as customer.

Source of the data:

Obtained directly from the data subject.

Potential consequences of failed data provision:

The data subject may not use the convenience function provided with registration, will not be able to make purchases, having regard to the fact that purchases are subject to a registration.

    1. Data processed for the performance of contracts (Purchases on the Website - subscription to the Service)

Purpose of data processing:

Fulfilment of orders, issuing of invoices, keeping records of customer data subjects, documenting purchases and payments, fulfilling accounting obligations, communication in connection with orders. If the data subject submits an order on the Website, the data subject must register to allow performance of the contract so concluded, and the Service Provider must process the name, delivery and invoicing address and email address of the data subject.

Service Provider sends order-related information to the data subject’s email address, fulfils delivery to the delivery address provided and issues invoices based on the data provided.

Scope of processed data:

  • Surname, first name (for companies, the name of the company),
  • Email address
  • Contact person’s phone number
  • Name of company website
  • Availability of company website (URL)
  • Invoicing address
    • Zip code
    • City
    • Country
    • Address
    • Tax number

Legal basis for processing:

Submission of the data is a condition precedent to conclude the contract, it is indispensable for the performance of the purchase. Therefore the legal basis is:

  • performance of the contract, as processing is necessary for the performance of a contract to which the data subject is party or data processing is necessary in order to take steps at the request of the data subject prior to entering into a contract; as stipulated by Article 6(1) b) of the GDPR.
  • where the contract has been performed, following which the legal basis of processing is the fulfilment of legal obligations relating to the processor; as stipulated by Article 6(1) c) of the GDPR.

Duration of the processing:

After the performance of the contract, Service Provider will process your data until the termination of the limitation period (5 years) provided in civil law. Where a contract has been concluded, Service Provider has an obligation pursuant to Section 169(2) of Act C of 2000 on accounting to preserve the data displayed on the invoice for a term of 8 years.

Source of the data:

Obtained directly from the data subject.

Potential consequences of failed data provision:

The data subject is not able to make purchases (receive orders) on the Website.

    1. Customer correspondence, communication, complaints related to the Website

Purpose of data processing: If the data subject has a question in relation to the Website or a product, they may contact the Service Provider via the contact details displayed on the Website and in this information notice.

The duration of processing, the scope of processed data: Service Provider processes the emails, postal letters it received with the name, email address and any other personal data of the data subject provided in the communication from the time of the data submission until it is able to resolve the data subject’s question or observation.

Legal basis for processing: The legal basis of the processing, pursuant to Article 6 paragraph (1) point a) of the Regulation is the voluntary consent of the data subject as customer.

Source of the data: Obtained directly from the data subject.

Potential consequences of failed data provision: failure of communication via customer correspondence.

    1. Handling complaints, complaints related to warranty-related administration

Purpose of data processing:

If the data subject requests the fulfilment of a warranty request related to a product purchased or Service Provider handles a complaint by the data subject, administration includes the processing of personal data, too. The purpose of processing is the fulfilment of warranty requests and the handling of complaints in compliance with legal obligations.

Scope of processed data:

In relation to complaint administration,

  • the data subject’s name,
  • contact details (email address, telephone number, postal address)
  • requests, submissions or complaints

are processed by the Service Provider.

Legal basis for processing:

The legal basis of the processing, pursuant to Article 6 paragraph (1) point c) of the Regulation is the fulfilment of obligations undertaken in a contract.

Duration of the processing:

For a term of up to 5 years, or where the limitation period provided by civil law is shorter, for that shorter period.

Source of the data:

Obtained directly from the data subject.

Potential consequences of failed data provision:

failure of warranty requests, complaint administration, having regard to the fact that Service Provider, without personal data provided, is not able to contact or communicate with the data subject in relation to the particular case.

    1. Processing for other purposes

      1. Newsletters, DM activities

Purpose of data processing:

By subscribing, the data subject consents to receive newsletters containing direct marketing content sent by Service Provider with direct response methods. In the case of a subscription, the Service Provider - in the absence of a declaration, objection, complaint to the contrary - will use the personal data of the data subject and their name and email address as personal data so that Service Provider can send information material, promotions, offers, information notices.

Scope of processed data:

  • Surname, first name
  • email address

Duration of the processing:

The Service Provider processes these data until the data subject unsubscribes from the newsletter by clicking on the unsubscribe link in the newsletter or requests to be unsubscribed via email or postal letter.  Following unsubscribing, the Service Provider will not contact the data subject with further newsletters or offers.  The data subject may at all times, without limitation or explanation and at no charge, unsubscribe from the newsletter.

Legal basis for processing:

voluntary consent of the data subject.

Source of the data:

Obtained directly from the data subject.

Potential consequences of failed data provision:

The data subject will not receive newsletters and will not receive nor be informed of the information, offers, coupons, promotions included therein.

      1. Data collected in relation to the use of the Website

        1. Cookie management

To ensure the provision of customized services, Service Provider stores a small data package, a so-called cookie, on data subject’s computer which will be read upon subsequent visits. If the browser sends back a cookie that was stored earlier, the Service Provider managing the cookie may connect data subject’s current visit with previous visits but only in connection with its own content. Typical cookies on the websites are the so-called “cookies used for password protected sessions, secure cookies.

Possible consequences of failed data provision: the services of the Website are not fully available, inaccuracy of analytical measurements.

- Session cookie: Purpose of data processing: These cookies allow the Website to operate in a safer and more efficient manner and therefore are necessary for certain functions of the Website and for certain applications to operate properly.

Scope of processed data: no personal data are recorded. Duration of the processing: It operates during the visit to the Website, it is automatically deleted afterwards.

- Persistent cookie: Purpose of data processing: the Service Provider also uses persistent cookies to provide a better user experience (e.g. by providing optimized navigation) These cookies are stored for a longer duration in the browser’s cookie file. This duration depends on the settings applied in the data subject’s Internet browser. Scope of processed data: no personal data are recorded. Duration of the processing: These cookies are stored for a longer duration in the browser’s cookie file. This duration depends on the settings applied in the data subject’s Internet browser, it is typically 30-60-90-120-180-365 days.

- User cookie: Purpose of data processing: Language and currency settings, whether the data subject is logged in, Scope of processed data: no personal data are recorded. 5 years

- Cookie used for the shopping cart: Purpose of data processing: Identification of affected users, keeping record of the “shopping cart”, managing the shopping cart (virtuemart), allowing proper navigation. Scope of processed data: no personal data are recorded. Duration of the processing: 5 years

- Security cookies: Purpose of data processing: identification of data subject’s current session, preventing unauthorized login. Scope of processed data: no personal data are recorded. Duration of the processing: 5 years

- Cookies necessary for password-protected sessions. Purpose of data processing: this cookie serves to identify the data subject after logging in an information society service; identification of the data subject is necessary to maintain uninterrupted communication with the server on the telecommunications network). Scope of processed data: no personal data are recorded. Duration of the processing: 5 years

Deleting cookies

Data subjects have the right to delete the cookies from their own computers or ban the use of cookies in their browser. Cookies can usually be managed in the Tools/Settings menu of browsers under the Privacy/History/Personal settings menu under the name of cookies or tracking.

Possible consequences of failed data provision: the services of the Website are not fully available, inaccuracy of analytical measurements.

        1. Data processing by third party service providers

The HTML code of the websites contains links to and from independent, third party servers independent from Service Provider. Servers of third party service providers are directly connected to data subjects’ computer. We would like to inform our visitors that providers of such links have the ability to collect data on the data subjects because of the direct connection to their server and the direct communication with the data subject’s browser.

Pages on the Website may contain information, especially advertisements, that originate from third parties, advertisement providers who are not related to the Service Provider. There is a possibility that such third parties also store cookies, web beacons on the data subject’s computer or collect data using similar technologies for the purpose of sending targeted commercial messages to the data subjects in relation to their own services. In such cases, the data protection regulations determined by such third parties shall apply to the processing and Service Provider rejects any responsibility whatsoever in relation to such processing.

Any content customized for the data subject is provided by the server of the third party service provider.

Detailed information regarding the processing of data by the servers of third party service providers may be obtained from the data controllers listed below.

For the provision of customized services, a small data package, a so-called cookie, is stored on and read from data subject’s computer by third party service providers. If the browser sends back a cookie that was stored earlier, the service providers managing the cookie may connect data subject’s current visit with previous visits but only in connection with its own content.

Purpose of data processing:

Third party servers assist in the independent measurement and audit of the visitation and other web analytics data of the Website (Google Analytics). These cookies are not capable of identifying the data subject’ person (they store only a part of the IP address in use, too). They collect information such as where the data subject has clicked on the Website and how many pages they have visited. Service Provider intends to use such data for the development of the Website and also for improving the experience provided for the data subjects. These data controllers may provide detailed information on the processing of measurement data to the data subjects.

Google Analytics uses the following analytical cookies:

If the data subject does not wish Google Analytics to measure the data in the manner and for the purpose above, they should install a relevant blocker in their browser.

Scope of processed data: IP address, and any other technical data that are not personal data

Duration of the processing: 36 months

Legal basis for processing: voluntary consent of the data subject.

Further information on processing by www.google.com/analytics is available at https://policies.google.com/?hl=en . The document titled “How Google uses information when the data subject uses sites or apps of Service Provider’s partner" is available at the following URL: http://www.google.com/intl/hu/policies/privacy/partners/

Google Adwords

Purpose of data processing: The Website uses Google Adwords remarketing tracking codes. This aims for the Service Provider to be able to target the visitors of the Website with remarketing advertisements on Google Display network websites. The consent of the data subject is necessary for Service Provider to collect data on the data subject in this manner. Remarketing codes use cookies to tag visitors. Users of the Website may ben the use of such cookies if they visit Google’s advertisement settings manager and follow the instructions provided there. After this, personalized offers from the Service Provider will no longer be displayed to them. If the data subject no longer wishes to see remarketing advertisements, they may ban the use of the Google cookie in Google’s advertisement settings, too. https://adssettings.google.com/authenticated

Service Provider’s advertisements, therefore, may be displayed by third party service providers (Google) on Internet websites. These third party service providers (Google) use cookies to remember that a data subject has visited Service Provider’s Website before and display - personalized - advertisements to the data subjects based on this (i.e. they pursue remarketing activities).

Scope of processed data: information on what pages were viewed by the user and any purchase is used for remarketing advertisements as personal data

Duration of the processing: 90 days

Legal basis for processing: voluntary consent of the data subject.

  1. PERSONS WITH ACCESS TO DATA, DATA PROCESSING

Data may primarily be accessed by Service Provider and Service Provider’s employees, they are not disclosed and will not be revealed to third party (third parties) outside of the scope determined in this Privacy Notice.

The data obtained may only be accessed by the employees of the Service Provider and the appointed employees of the data processor(s).

Name of company

Address

Activity

What data are processed?

Amazon Web Services

EMEA SARL

38, Avenue John F. Kennedy, LU-1855 Luxembourg

Webhosting in the cloud

Personal data, data collected about the webstore, in accordance with this notice

  1. RIGHTS OF THE DATA SUBJECTS

Pursuant to the provisions of the Regulation, data subjects shall have the following rights for the duration of the data processing:

  • access to personal data and other information related to processing,
  • right to rectification
  • right to restriction of processing,
  • right to erasure,
  • right to data portability,
  • right to object,
  • right to withdraw consent.

If a data subject wishes to exercise their right, that entails the identification of the data subject therefore Service Provider will need to communicate with the data subject where applicable. For this reason, personal data allowing identification need to be provided (but identification may only be based on data that Service Provider otherwise processes in relation to the data subject), and the data subject’s complaint related to the processing will remain available in Service Provider’s mailing system for the duration specified in this notice in relation to complaints.

Service Provider responds to complaints related to data processing within 30 days at most.

    1. Information and access to personal data

The data subject shall have the right to access the personal data processed by Service Provider concerning them and the information related to such processing; to check the data Service Provider keeps concerning them, and shall also have the right to obtain access to the personal data. The data subject shall submit their request to obtain access to the data to Service Provider in writing (via email or post). The information shall be provided by Service Provider to the data subject in a commonly used electronic form except where the data subject requests it in a form other than in a written, paper form. Service Provider does not provide information in an oral form where the right to access is exercised.

Where the right to access is exercised, information shall cover the following:

Determining the scope of data, purpose, duration, legal basis of processing regarding the scope of the data processed.

Service Provider shall provide a copy of the personal data free of charge on the first occasion (personally at a customer service center). For any further copies requested by the data subject, the Service Provider may charge a reasonable fee based on administrative costs. Where the data subject requests to obtain the copy in an electronic form, Service Provider shall provide the information vial email, in a commonly used electronic form.

Following the information provided, data subject, should they not agree with the correctness of the data processed, may, in accordance with the provisions of clause 5, request the rectification, amendment, erasure, restriction of the processing of the personal data concerning them, object to the processing of such personal data and initiate proceedings specified in clause 6.

    1. Right to the rectification and amendment of the personal data processed

Upon a written request of data subject, Service Provider shall without undue delay rectify the personal data indicated as incorrect by data subject in writing, or amend incomplete data with the content indicated by data subject. Service Provider shall inform every recipient of the rectification, amendment to whom the personal data was transmitted, except where it is impossible or would require disproportionate effort. It shall inform the data subject of the data of such recipients if so requested by data subject.

    1. Right to restriction of processing

 The data subject, by way of a written request, may request Service Provider to restrict processing of their data with the exceptions specified by law.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

Service Provider shall inform the data subject in advance of the discontinuation of the restriction of processing (at least 5 working days prior to the end of the restriction).

    1. Right to erasure (the right to be forgotten)

Upon request by data subject, Service Provider, without undue delay, shall delete the personal data concerning the data subject if any of the following reasons apply:

1. the data subject withdraws his or her consent on which the processing is based and there is no other legal ground for the processing;

2. the data subject, on grounds relating to his or her particular situation, objects to the processing and there are no legitimate grounds for the processing,

3. the data subject objects to the processing of personal data concerning him or her for direct marketing purposes, including profiling to the extent that it is related to such direct marketing.

If Service Provider, on any legitimate grounds, has made the personal data concerning the data subject public and is obliged, for any of the reasons indicated above, to erase the personal data, Service Provider, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data. As a general rule, Service Provider shall not disclose data subject’s personal data.

The data subject may not exercise his or her right to erasure, his or her right to be forgotten, where data processing is required:

    1. Right to data portability

Where data processing is necessary for the performance of a contract or data processing is based on the voluntary consent of data subject, data subject shall have the right to request to obtain the data provided by data subject to Service Provider in a machine readable format. Where it is technically feasibly, data subject may request us to transmit data to another data controller. Authorization is in every case limited to the data provided by the data subject, data portability does not extend to other data (e.g. statistics, etc.)

The data subject, the personal data concerning him or her to be found in Data controller’s system (e.g. when subscribing to a newsletter):

Service Provider only fulfils data portability requests received in a written form via email or by post. To fulfil the request, Service Provider will need to ascertain that the person requesting to enforce this right is indeed the data subject. The data subject, under this right, may request the portability of such data that he or she has provided to the Service Provider. Enforcing this right does not automatically entail the erasure of the data from Data controller’s systems therefore the data subject will be registered in Service Provider’s systems even after the exercising of this right, except where he or she requests the deletion of such data, too.

    1. Objection to the processing of the personal data

The data subject, in a statement addressed to Service Provider, may object to the processing of his or her personal data where the legal grounds of processing is

- public interest pursuant to Article 6(1) e) of the GDPR or

- legitimate interest pursuant to Article 6(1) f) of the GDPR.

When the right to objection is exercised, the Service Provider shall no longer process the personal data unless the Service Provider demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. Service Provider shall make a decision whether data processing is based on compelling legitimate grounds.  It shall inform the data subject on its position relating to this in an opinion.

The data subject may file an objection to this in writing (via email or post).

    1. Right to withdraw consent

The data subject shall at any time have the right to withdraw his or her consent granted for processing, in which case we delete the data provided from our systems.

    1. Deadline for the fulfilment of requests, rules of procedure

Service Provider shall provide information on action taken on a request under clause 5.1 - 5.7. to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and the number of the requests, but in this case the Service Provider shall, within one month of receipt of the request, inform the data subject of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

Where requests from a data subject are manifestly unfounded or excessive (in particular because of their repetitive character), the Service Provider may either charge a reasonable fee or refuse to act in the request. The Service Provider shall bear the burden of proof in this case.

Where the data subject makes the request by electronic means, the information shall be provided by Data controller by electronic means, unless otherwise requested by the data subject.

Service Provider shall notify every recipient to whom the personal data have been revealed of every rectification, erasure or restriction of processing carried out by Service Provider, except where this proves impossible or would require disproportionate efforts. The Service Provider shall inform the data subject about those recipients if the data subject requests it.

  1. LEGAL REMEDIES

The data subject may exercise his or her rights against the Service Provider in a written request sent via email or post.

The data subject shall not be able to exercise his or her rights if Service Provider is able to demonstrate that it is not in the position to identify the data subject. Where the Service Provider has doubts concerning the identity of the natural person exercising the rights of the data subject, it may request the provision of additional information necessary to confirm the identity of the requestor.

The data subject, in the case of complaints related to the protection of his or her personal data, may lodge a complaint in the territory of Hungary with the National Authority for Data Protection and Freedom of Information or, upon its own discretion, turn to court. In judicial procedures the regional court shall have competence.

The data subject, based on the Privacy Act, the Regulation and the Civil Code (Act V of 2013), may turn to

National Authority for Data Protection and Freedom of Information (H-1055 Budapest, Falk Miksa u. 9-11; www.naih.hu; postal address: H-1363 Budapest, Pf.: 9.) or enforce his or her rights in front of the Court.

    1. Compensation and damages

Any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the Service Provider or processor for the damage suffered. A processor shall be liable for the damage caused by processing only where it has not complied with obligations of the legal provisions specifically directed to processors or where it has acted outside or contrary to lawful instructions of the Service Provider. The Service Provider or processor shall be exempt from liability if it proves that it is not in any way responsible for the event giving rise to the damage.

  1. MANAGING PERSONAL DATA BREACHES

Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. Service Provider shall, for the purpose of monitoring the measures related to the personal data breach, providing information to the supervisory authority, and providing information to the data subject, maintain records including the scope of personal data affected by the personal data breach, the scope and number of data subjects, the time, circumstances, effects of the data breach and the measures implemented to avert the breach.

Where a personal data breach has occurred, except where it will not result in a risk to the rights and freedoms of natural persons, Service Provider shall communicate the personal data breach to the data subject and the supervisory authority without undue delay, but not later than within 72 hours.

  1. MISCELLANEOUS PROVISIONS

Service Provider reserves the right to unilaterally modify this Data Processing Notice with a prior notification sent to data subjects. Amendments take effect in relation to the data subject on the date indicated in the notification except where the data subject objects to such amendments in writing.

If the data subject has provided the data of a third party to use the service and has caused damage, Service Provider shall have the right to enforce claims for damages against the person involved.

Service Provider shall not check the Personal data provided to it. Only the person providing the personal data shall be liable for the adequacy thereof. The data subject, when providing the data, accepts responsibility for guaranteeing that the personal data provided are his or hers and only he or she uses the services available with the data.