1. Introduction and relevant governing laws
This Privacy Policy is related to this WEB site and is intended for all users who access it: both those who use the site without logging in and to those who login, as a result of any registration process, using any possible service dedicated to registered users, e-commerce. In the course of its activities, Barcsik Alexandra EV (Hereinafter: Owner or Data Controller) takes great care of the protection of personal data, compliance with mandatory legal provisions, and safe and fair data management. This document replaces any previous version advertised on this WEB site.
Other Internet sites – that does not belong to the Data Controller— to which you may access through links/hyperlinks are excluded from this statement. The respective policies for privacy and cookies apply for such sites.
The Data Controller will always handle the personal data provided to it in compliance with the applicable Hungarian and European laws and ethical requirements and will at all times take the necessary technical and organizational measures to ensure proper data management. The present policy is the unilateral obligation of the Data Controller as per the Regulation No. 2016/679 of the European Parliament and of the Council (EU) (27th April 2016) and the relevant legal rules of the Member States.
- Regulation 2016/679 / EU of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation 95/46 / EC (hereinafter referred to as “GDPR”).
- Act CXIX of 1995 handling of name and address for research and direct marketing purposes,
- Act CVIII of 2001. on some aspects of electronic commerce services and information society services,
- Act C of 2003 on Electronic Communications (specifically §155)
- Act C of 2000 on Accounting
- Act XLVIII. of 2008 on the basic conditions and limits for economic advertising,
- Act CXII. of 2011 the Right on information self-determination and freedom of information,
- Act V of 2013 on the Civil Code (“Ptk)
- Act CLV of 1997 on Consumer Protection
- 16/2011, p. s. Opinion on EASA / IAB Recommendation on Good Practice for Online Behavioral Advertising
The Present Policy may be unilaterally amended and/or withdrawn by the Data Controller, with the simultaneous notification of the Data Subjects. The provision of information is implemented by publishing it on the website or by direct notification of the Data Subjects, depending on the nature of the change.
2. Details of the Data Controller
The entity which manages the user personal data is Alexandra Barcsik EV – seat address: H-1136 Pannonia str. 17/b, 7th floor apt Nr.3, Budapest, Hungary – e-mail: info@bdscontract.com – EU VAT nr: HU66795384
3. Denominations
3.1 Website: bdscontract.com
3.2 User: Person accessing the site, interested in the provision of data.
3.3 Owner or Data Controller: any natural or legal person, or any entity without legal personality, who alone or jointly with others determines the purpose, means (alone or with others) of the processing of data, make and execute data management decisions (including the device used) or execute with the Data Processor.
3.4 Data file: The sum of the data maintained in a given register.
3.5 Data Management: Any operation or aggregation of Personal Data, irrespective of the procedure used, in particular the collection, recording, filing, filing, storage, alteration, alteration, use, retrieval, access, use, communication, transmission, distribution of Personal Data or otherwise make available, publish, coordinate or link, block, limit, delete or destroy.
3.6 Personal Data or Data: any part / unit of the Data that identifies an individual.
3.7 Data Processor: any natural or legal person, or any entity without legal personality, who, pursuant to a contract, including a contract entered into under a statutory provision, processes data or processes personal data on behalf of the Data Controller.
3.8 Information: This Privacy Policy
3.9 User: the natural person who registers for the Services or personally submits to the Data Controller.
3.10 Service (s): Services operated by the Data Controller or contracted service provider (s) that perform data management activities on the Data Controller’s Website.
3.11 Data transfer: making data available to a specific third party.
3.12 Delete Data: Make data unrecognizable in such a way that it is no longer possible to restore / restore it.
3.13 External Service Provider: a third party appointed by the Data Controller to provide Services to the Data Controller.
4. Purpose of Data Processing
The processing of personal data is performed for the following service purposes:
- provide price offers for requests arrived directly or from the website ;
- close agreements in order to provide service;
- issue Pro Forma Invoice/Invoice/Shipping documents and other mandatory documentation related to the fulfilment of the service;
- guarantee and complaint handling;
- contacting business partners, specially but not exclusively suppliers and customers;
- management of employee and candidate data;
- fulfill requirements of laws, regulations, EU rules or other legal authority;
- exercise the rights of the Owner, for example business building or defense in a court.
- only upon your approval (art. 23 Privacy Code and art. 7 GDPR), for the following marketing purposes: advertising of products and service(s), provision of information;
Personal data can be used to send emails with commercial contents, but only with explicit consent. In any case, data can never be tendered to third parties for such use.
5. Processed data
5.1 Implicit navigation data
Although you can view the website without providing any personal information, software and servers that make the Site functional acquire some personal data whose transmission is implicit in the communication protocols of the Internet. This information is not collected for identification purposes or association to specific persons; despite that, by their nature and composition they may allow the identification of the user in certain cases.
This category includes the IP addresses of computers used by users who connect to the website, the address (URL) of the requested resources, date and time of the request, response data, etc.
The purpose of collecting this data is to obtain anonymous statistical information on the use of the Site (such as, the number of hits to the pages) and to check the proper functioning. They are deleted immediately after processing.
This process is not targeted to receive information which directly identify users.
Inclusions of third-party code on this site may collect other data about the user, in particular this can be done by monitoring services and visitor statistics (such as Google Analytics and Google Adwords) and social networking plugins (Facebook, Twitter, Google+, Pinterest, etc).
5.2 Data explicitly provided by the user
The user can explicitly provide data for access to certain features of the site, such as restricted area, contact form and e-commerce. These data (such as shipping address) are communicated with the exclusive purpose of allowing the owner the supply of the services requested. The Web site may allow the newsletter subscription (mailing list). The e-mail address is provided voluntarily by the user will be used to provide communications by the Owner. The registration can be canceled at any time.
5.2.1. Registered customer information:
Private customer data:
- prefix
- name (surname, first and middle name)
- billing address (street, nr, ZIP code, city, country)
- shipping address (street, nr, ZIP code, city, country)
- e-mail address
- signature
- IP address
Company Information
- name of the company
- seat address(street, nr, ZIP code, city, country)
- shipping address (street, nr, ZIP code, city, country)
- phone number
- e-mail address
- VAT / EU VAT number
- contact person/s details (name, phone/ fax number, e-mail address)
- signature
- IP address
5.2.2. Scope of activities and data involved in data management
- Registration
- contact details request
- name (company name, name)
- e-mail address
- password
- billing name (company name, name)
- billing Address
- shipping name (company name, name)
- shipping address.
Login Information – Scope of data processed:
- Registration date
- last modified date
- last login date
- User name
- password
Product information:
- Product name
- product system code number
- net gross price of product order
- order number of product.
Order data:
- Order date
- shipping cost
- payment method
- shipping mode
- language used when ordering
- Customer Comment
- personal information provided by the customer.
Marketing:
- name (company name, name)
- e-mail address
5.3. Cookies
Cookies are small bits of text that a website sends to the client (user’s navigation software/browser). The client stores the information locally and transmits it back to the server (Web site) in a subsequent access, be it immediate or referred to a future visit. A cookie contains some service data (date and time, duration, the site from which it comes) and a textual content which is usually a numerical code. This code is used to make the user experience more comfortable allowing, for example, the Web site to remember viewing preferences, contents of the cart in the case of e-commerce.
In no event, our cookies will be used for the purpose of tracking specific behaviors of the user.
The Web site uses both temporary cookies (session, lasting only the time of a visit) and permanent (lasting more visits agreement time).
Third Party Cookies
Inclusions of third-party code on this site may send other cookies to the user, in particular this can be done by visitor statistics services (such as Google Analytics and Google Adwords) and social networking plug-ins (Facebook, Twitter, Google+ , options, etc.). Regarding the privacy related to this cookies, please refer to the policy of the respective suppliers.
Information collected with cookies
We use both session cookies and permanent for:
- allow the Web site to remember user data such as browsing preferences and login details, so you do not have to re-enter all your information moving from one page to another.
- statistics (anonymous) aimed at improving the site.
In no case cookies will be used to specifically profile single users.
Optional nature of data provisioning
Excluding implicit navigation data, the user is free to decide to provide personal data for newsletter, registration, e-commerce, contacts and other services. The absence of data provisioning can make use of these services impossible.
Voluntary provisioning of cookies and elimination of them
Acceptance of cookies is optional for the user, who can configure his/here client (browser) to refuse them. In this case, however, it may not be possible to use all of the site services, or this may cause defects in the enjoyment.
The user can easily delete any cookies received following the procedures provided by the specific browser. For example, the user can delete the use of cookies from his / her own computer or disable their application in his / her browser. These options can be done depending on your browser, but typically in Settings / Privacy. More information about Google and Facebok’s Privacy Policy can be found at http://www.google.com/privacy.html and https://www.facebook.com/about/privacy/.
Processing methods
Personal data are processed by automated tools for the time necessary to achieve the purposes for which they were collected. Specific security measures are taken to prevent data loss, illicit or incorrect use and unauthorized access. The personal information the User provides will not be disclosed to third parties or disseminated.
The User personal information will be retained only for the time necessary to ensure the proper performance of the services required, except any specific legal obligations on the retention of accounting documentation or for purposes of public security. Some data may be stored for an indefinite time in order to provide specific services to the user. For example, for e-commerce functionality shipment data can be remembered in order to avoid the user to insert for each new order.
6. Children
Our services are not offered for persons below 16 year. We process the personal data of minors – due to the legal stipulations – solely with the consent of the concerned parent/ legal guardian. If we become aware that we have collected personal data from children below 16 years with different purposes from the above, then we will take the necessary steps to delete the data within the possible shortest period of time.
7. Data conservation
All your given personal data will be processed respecting the lawfulness, correctness, relevance and proportionality, for the necessary time to fulfill their purpose.
- In the case of compliance with the law, it is the storage time determined by the Act on Accounting
- In case of a contract: until the deadline specified in the contract or 8 years after expiry of the contract at the latest
- In case of consent: until the withdrawal of the consent by the Data Subject
- In case of legitimate interest: until the objection of the Data Subject.
8. Information on the use of a processor and data transfer to 3rd party
The controller transfers the data for the fulfilment of the contract to the contracted processor(s) during processing. Categories of the recipients: courier services, forwarding companies, IT operators. The scope of those authorized to learn data
The controller shall not transfer the learned data for third parties, except for the processor(s) specified in GDPR section 6. The recorded data may only be known by the employees of the controller and the appointed employees of the processor(s).
Your data are not object of transfer outside the EU. The Owner, in case it is necessary, can transfer your data in EU and/or to NOT EU countries. In such case, the Owner assures that the transfer of data will happen in accordance with the dispositions of applicable laws, stipulating agreements, if necessary, which guarantee an adequate level of protection and/or adopting the standard contract clause expected by the European Commission. This transfer will happen only with the expressed, written consent of the data subject.
9. The rights of the data subjects
The Data Subject may request the Controller:
- confirm the existence or non-existence of personal data,
- information about the processing of their personal data,
- the rectification of their data,
- cancellation or of the limitation of processing.
The Data Subject may exercise the above rights at any time.
Furthermore, if the processing is based on explicit consent, the data subject have the right to:
- to give data to another controller if the processing is based on a contract or consent and the Organization processes it in the framework of an automated procedure,
- withdraw their previous consent to the processing.
Requests must be addressed to the Data Controller, at the email address info@bdscontract.com
The Controller settles or rejects (with reasons) the notification within 1 month from the submission of the applications – in exceptional cases in a longer term, as permitted by the legal rule. The results of the investigation will be given for the Data Subject in writing.
10. The right for objection
The data subject is authorised to object to the processing of his/her personal data based on the legitimate interest or a power of attorney at any time.
In this case, the Data Controller shall not process the personal data anymore, unless it can be proved that the processing is justified by such enforcing and legitimate reasons, which take priority against the interests, rights and freedom of the data subject, or which are related to the submission, enforcement or protection of legal claims.
If the soundness of the legal ground for the objection is established, then the processing shall be terminated within the possible shortest period of time – including the data transfer and data collection. Everybody to whom the Organization previously transferred the data of the Data Subject shall be informed about the objection.
The settlement of the application is free of charge, except for the unfounded and exaggerated requests, whose arrangement may be charged by the Controller with the appropriate and reasonable rate of the fee. In case the Data Subject does not agree with the decision of the Controller, then he/she may refer to the court.
11. Access to data and security measures
The Controller processes the data according to the expectations of the Security Regulation of Information in a closed system, to ensure proper Data protection.
For this reason, the Data Controller takes measures to regulate access and
permit access only for persons who need it for fulfilling their tasks and only to data which are absolutely needed for the fulfilment of the task.
Also, will select the appointed processor carefully and provide for appropriate processing contracts, whereas to provide for the uniformity (data integrity), authenticity and protection of the processed data.
The Controller applies a reasonable number of physical, technical and organizational security measures to protect the data of the Data Subject against accidental, incompetent or unlawful destruction, loss, change, transfer, use, access to or processing of them.
The Controller ensures the protection of the data of the Data Subject against destruction or loss with appropriate and regular back-ups.
12. Data protection regulator
In case of any alleged violation of rights in respect of the processing of the personal data, any Data Subject may refer to the Budapest-Capital Regional Court or initiate an investigation at the Hungarian National Authority for Data Protection and Freedom of Information.
Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)
H-1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Tel: +36 -1-391-1400
Fax: +36-1-391-1410
E-mail: privacy@naih.hu
Dated: 1st of September 2019.