I. Purpose of the data protection policy
BM SystemKft (hereinafter as “Controller”) shall exercise special care with regard to personal data protection when carrying out its activities. It shall pay attention to act in compliance with the provisions of Act CXII of 2011 on Informational Self-determination and Freedom of Information (hereinafter as “Privacy Act”) and of any other legislation applicable to personal data protection, and it shall act in accordance with the regulations of the National Authority for Data Protection and Freedom of Information (NAIH).
BM SystemKft as controller shall accept the content of this policy as legally binding and shall guarantee that the data processing it carries out in relation to its services complies with the requirements laid down in this document.
BM SystemKft maintains the right to amend this policy at any time. It shall inform the interested parties of any change in due time.
II. Data of the Controller:
Company name: BM System Kft.
Registration number: 03-09-119209
Registered seat: H-6000 Kecskemét, Felsőcsalános tanya 9. B. ép.
Tax number: HU14993141
Phone number: +36 30 349 0804
Email address: email@example.com
The following words, phrases and terms in this declaration shall have the meaning as defined below, and these definitions are to be applied for the whole text of the declaration:
sets of personal data: the amount of personal data processed in one account;
processing: carrying out technical tasks in relation to data processing operations, irrespective of the method or instrument used in performing those operations, and of its application, provided that the technical tasks are performed on data;
processor: a natural or legal person, or an entity without a legal personality which or who performs data processing operations based on a contract, including contracts executed on the basis of legal obligations, too;
data processing: irrespective of the process applied, it is any operation or set of operations performed on data, especially collecting, recording, organizing, storing, altering, using, retrieving, transmitting, disclosing, harmonizing or associating, restricting, erasing or destroying of such data, and also preventing further use of such data, making photographs, audio or image recordings, or recording the physical characteristics suitable for the identification of a person (e.g. fingerprint or palm print, DNA sample, iris scan);
controller: the natural or legal person, or an entity without a legal personality who, independently, or jointly with others, determines the purposes for which the personal data is processed, makes and implements the decisions regarding the processing of the data (including the means applied) or ensures that they are implemented by processor;
data marking: marking the data with an identifying mark with the purpose of distinguishing it;
data destruction: total physical destruction of the data medium that contains the data;
data transmission: disclosure of the data to a specific third party;
erasure of data: making the data unrecognizable in a manner that they no longer can be restored;
data blocking: marking the data with an identifying mark to prevent its further processing either permanently or for a specific time;
personal data breach: unlawful handling or processing of personal data, especially unlawful access, alteration, transmission, disclosure, erasure or destruction, and accidental destruction and damage;
EEC state: a member of the European Union, or a signatory state to the agreement on the European Economic Area, the citizens of which, based on the agreement between the European Union and its member states and the states that are not parties to the agreement on the European Economic Area, have a legal standing that is equivalent to the legal standing of the citizens of the states that are parties to the agreement on the European Economic Area;
data subject: natural person that is or that can be directly or indirectly identified based on any specific personal data or;
third country: any country that is not an EEC state.
third party: any natural or legal person or an entity without a legal personality that is different from the data subject, controller or processor;
consent: freely given, voluntary, specific, informed and unambiguous indication of the will of data subject by which he or she agrees to the processing of the personal data concerning him or her, either fully or for specific operations;
a) any personal data related to racial or ethnic origin, political opinions or party preference, religious or philosophical beliefs, or interest group membership, and sexual life,
b) any personal data related to health status, harmful addiction, or personal data related to criminal records;
BM SystemKft does not process special data, such data belonging to this category must not be given when using the services of the portal.
disclosure: revealing the data to anyone;
portal: online interfaces available at the getoolbox.com URL that allow the introduction of and access to the products and services of BM SystemKft, and the communication with the clients of the Kft.;
personal data: information relating to the data subject—especially the name, identifier, and one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of the data subject, and the consequences that can be drawn from the information related to the data subject;
objection: a declaration of the data subject by which he or she objects to the processing of his or her personal data and requests the processing to be discontinued or the personal data to be erased.
IV. Legal basis, purpose and means of processing
The legal basis of the processing, pursuant to 5 (1) a) of the Privacy Act is the voluntary consent of the data subject. By using the portal or the services available thereon, by registering, or by providing the data out of his or her free will, data subject gives his or her consent to specific processing.
The purpose of the processing is to enable access to and the lawful usage of the information and services available on the portal. BM System Kft processes the data provided by data subject, necessary and suitable for realizing the purpose of the processing, only for a specific purpose, to allow access to and the ordering of the products and services, and to ensure awareness of the related information, to fulfill the contractual obligations and to pursue the rights arising from the agreements executed with the data subject, and furthermore, to ensure the lawful and safe operation of the portal and the service, in protection of the legitimate interests of third parties.
When you visit the www.getoolbox.com website, small files, so-called cookies (hereinafter as “cookies”) are saved on your computer that can serve a number of purposes. Modern browsers allow the cookie settings to be changed. Some of the browsers automatically accept cookies by default, but this setting can also be changed to prevent cookies from being automatically accepted in the future. When the settings are changed, the browser will subsequently keep offering the possibility for cookie settings on every occasion.
Processor may not use the personal data for purposes other than which is determined in this policy. Personal data can only be transmitted to third parties when data subject has given his or her informed consent in advance. The above requirement is not to be applied when data transmission is compulsory based on legislation, court order or other order of an authority, or a legally binding request.
The portal, the supporting informatics system and the network of the BM System Kft getoolbox.com portal are equally protected against computer aided fraud, espionage, sabotage, vandalism, fire and flooding, and furthermore, against computer viruses, computer hacking and denial of service attacks. Operator ensures security with server level and application level protective measures.
V. Scope of the processed personal data
The following personal data may be processed through Controller’s website:
- Email address
- Phone number
During processing, BM System Kft will maintain:
- secrecy: it shall protect the information so that only authorized persons can access it;
- integrity: it shall protect the accuracy and integrity of the information and the method of processing;
- availability: it shall ensure that authorized users are able to access the requested information and that the tools which are necessary for this are readily available when they need it.
Controller processes personal data during its operations in every case on the basis of legislation or voluntary consent. In certain cases, procession is based on other legal basis or on Article 6 of the Regulation.
VI. Basics of processing:
Data of the visitors of the website and the customers of the webshop
Controller records neither the IP address nor any other personal data of the user when the websites that it operates are visited. The HTML code of the websites operated by Controller may contain links to and from independent, external servers, with the purpose of performing web analytics measurements. Conversions are measured, too. The web analytics service provider does not process personal data, it only processes browsing-related data that are not suitable for identifying individuals. Currently, web analytics services are provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043) as part of the Google Analytics service.
Controller uses the networking functions of LinkedIn; however, it does not process the personal data of users registered there, it only uses such data within the LinkedIn system and does not accept any responsibility with regard to them.
Controller runs so-called remarketing advertisements in the advertising systems of Facebook and Google AdWords. These services may collect and obtain data from Controller’s website and from other Internet locations by means of cookies, web markers and similar technologies.
By using such data, they provide measuring services and they personalize advertisements. Advertisements personalized this way may appear on further websites in the Facebook and Google network of partners. Remarketing lists do not contain personal data of visitors, they are not suitable for identification.
You can find more information on Google and Facebook data protection guidelines here: http://www.google.com/privacy.html and https://www.facebook.com/about/privacy/
Ordering a sample package on the website
Controller provides the possibility of ordering sample packages on the websites that it operates and for this, it requests the personal data of the users.
To order a sample package, your name, e-mail address and postal address (country, city, street, house) must be provided, these are necessary for delivery. Data is processed until the data subject requests its erasure.
Users are responsible for the truthfulness of the personal data they provided.
VII. Duration of processing
The processing of the personal data which is provided when the order is placed begins with the order (when consent to processing is granted) and lasts until the consent is withdrawn. Withdrawal of consent to processing results in deleting the registration at the same time.
In case of optionally provided data, processing lasts from when the data was provided until it is erased (until consent to processing is withdrawn). Erasure of optionally provided data does not result in the registration being automatically deleted.
VIII. Persons with access to data, transmission and the engagement of processors
Primarily it is the internal employees of Controller who are authorized to access the data, but they do not reveal them nor disclose them to third parties.
Controller may transmit the data concerning the data subject to processors in order to achieve the purposes determined in the Policy. Processors are not entitled to transmit the data. Processors may only use the data concerning the data subject as long as it is related to the operation of the webshop.
By registering on the webshop, and by placing an order, data subject accepts such transmission hereunder.
- Profitárhely Kft, hosting service provider of getoolbox.com
- Bíbor 2009 Kft, managing the marketing newsletters of the company in part, therefore it has access to the personal data of clients
- Dpd Hungária Kft, providing courier services
- TNT Express Hungary Kft, providing courier services.
Persons acting on behalf or in the interest of controller may not disclose the data or reveal it to third parties. Controlling and processing employees are aware of this data protection declaration and accept it as binding for themselves.
With regard to the operation of the underlying informatics system, the delivery of the orders, or for settlement purposes, controller may engage the services of a processor (e.g. system operator, carrier, accountant). Controller is not responsible for the data protection practices of such external players.
IX. Rights of the data subjects
Data subject has the right to obtain information from the controller on the processing of personal data concerning him or her and has the right to request such data to be rectified or erased through a link in the footer section of the newsletters or at any contact detail of controller, except in cases where processing is compulsory because of a legislation. Controller, on data subject’s request, shall provide information on the data it processes, on the purpose, legal basis, duration of the processing, the name, address (registered seat) of the processor and its operations related to the processing, and also on who and for what purpose have received or will receive such data. Controller shall provide the information in writing within the shortest possible time after the request has been submitted, but not later than 25 days afterwards, in a commonly understandable form, free of charge. Controller has the obligation to rectify personal data that is not accurate. Controller shall erase the personal data if processing it is unlawful, if it is requested to do so by data subject, if it is deficient or erroneous—and it cannot be rectified lawfully—provided that erasure is not prohibited by law, if the purpose of the processing no longer exists, if the deadline for storing the data set forth in the law has expired, if it is ordered by court or the data protection officer.
It shall notify data subject, and any party to whom the data was transmitted for processing, of the rectification or the erasure. Notification is not necessary if, with regard to the purpose of the processing, it does not harm the legitimate interests of the data subject. Data subject can object to the processing of his or her personal data if the processing (transmission) of the personal data is only necessary for controller or processor to exercise their rights or to pursue their legitimate interests, except if processing is a legal obligation, if the use and transmission of the personal data occurs for direct marketing, polling surveys or scientific research, in any other case, the law permits to exercise the right to object.
Data subject may turn to the court or to the data protection authority if his or her rights are infringed.
Remedies may be obtained from and complaints can be lodged with: Name: National Authority for Data Protection and Freedom of Information Address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/c. Phone: +36- 1-391-1400 Fax: +36-1-391-1410 Email: firstname.lastname@example.org Website: naih.hu