Privacy Policy
INTRODUCTION
The purpose of this Prospectus is to record the privacy and management principles applied by Bofami 2000 Ltd. (hereinafter referred to as "Publisher") and recognize it with binding force.
REGULATION (EEC) No 2016/67 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (April 2016) on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 (General Data Protection Regulation) 27.), the following information is provided.
This Privacy Policy is governed by the Privacy Policy of the following pages: www.bofamibogracs.hu, www.facebook.com/Bofami-Bogr%C3%A1cs-192720191282271/ and related services provided by you in connection with all the Customer's processing of data under this Privacy Policy a.
The data management information is available at www.bofamibogracs.hu
Amendments to the prospectus will be published by publication at the above address.
THE DATA MANAGER AND AVAILABILITY:
Name: Bofami 2000 Kft.
Headquarters: 6445 Borota, Szent István utca 36.
E-mail:
Phone: + 36-30 / 310-1498
DEFINITION OF DEFINITIONS
1. "personal data" means any information relating to an identified or identifiable natural person ("concerned"); a natural person may be identified, directly or indirectly, based on one or more factors relating to the physical, physiological, genetic, intellectual, economic, cultural or social identity of an identifier such as name, number, positioning data, online identifier or natural person identified;
2. "data management" means any operation or operation of automated or non-automated personal data or data files, such as collecting, capturing, rendering, rendering, storing, modifying or modifying, querying, inspecting, using, communicating, disseminating or making available by other means, alignment or interconnection, restriction, deletion or destruction;
3. "data controller" means any natural or legal person, public authority, agency or any other body that determines the purposes and means of handling personal data individually or with others; where the purposes and means of data management are defined by Union or national law, the data controller or the particular aspects of the designation of the data controller may also be defined by Union or national law;
4. "data processor" means any natural or legal person, public authority, agency or any other body which processes personal data on behalf of the data controller;
5. "consignee" means a natural or legal person, a public authority, agency or any other body with whom or with which personal data is communicated, whether or not it is a third party. Public authorities which have access to personal data in an individual investigation in accordance with Union or national law shall not be considered recipients; the management of such data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of data management;
6. "consent of the party concerned" means a voluntary, concrete and appropriate and informed and explicit statement of the will of the person concerned by which he or she indicates the statement in question or a statement that expresses his / her affirmation by means of an unambiguous expression of his consent to the processing of his personal data;
7. "privacy incident" means any breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise treated.
PRINCIPLES FOR MANAGING PERSONAL DATA
Personal information:
(a) be handled legally and fairly and in a transparent way for the person concerned. ("Lawfulness, fairness and transparency");
(b) they are collected for specified, unambiguous and legitimate purposes and are not treated in a manner incompatible with these purposes; in accordance with Article 89 (1), no further data handling ("end-use") for purposes of public interest archiving for scientific and historical research purposes or for statistical purposes shall not be considered incompatible with the original purpose;
(c) are appropriate and relevant to the purposes of data management and are limited to what is necessary ("data saving");
(d) accurate and, where necessary, up-to-date; we take all reasonable steps to clear or correct inaccurate personal data for the purposes of data management ("accuracy");
(e) is stored in a form that permits the identification of the data subjects only for the time needed to manage the personal data; the storage of personal data for a longer period of time may only take place if the personal data is handled
(f) is handled in such a way as to ensure adequate security of personal data, including the protection of unauthorized, unlawful, accidental loss, destruction or damage of data ("integrity and confidentiality") by means of appropriate technical or organizational measures.
Bofami 2000 Ltd. is responsible for the above and is able to verify this compliance ("accountability").
Use of the website operated by Bofami 2000 Kft. Www.bofamibogracs.hu
The www.bofamibogracs.hu web site operated by the Service Provider can be freely visited without registration.
During the viewing of the Website, the Service Provider's servers automatically record the following data generated by the User's computer in connection with the operation of the Service without the User's own consent: User's IP address, user's computer operating system and browser program information, the start and end times of the visit, the URL of the entry and exit page.
The data thus recorded may not be linked to the User's personal data, except as required by law. The Recorded Data is processed by the Service Provider into statistical data and is used solely for statistical purposes for visitors, general analysis of user habits, enhancement of the Service Provider's services, technical development of the IT system, and control of the functioning of the website.
Data that are automatically recorded in the system's operation and which are technically captured will be stored for a reasonable period of time from the time they are generated to ensure the system's operation.
COOKIES TREATMENT
1. Websites are cookies that are known as "password-protected session cookies", "shopping cart cookies" and "security cookies", for which you do not require prior consent from the affected users.
2. The fact of data handling, the range of data processed: Unique identification number, dates, dates
3. Stakeholders: All the people visiting the web site.
4. Purpose of data management: Identifying users, keeping track of "shopping cart", and tracking visitors.
5. Duration of data handling, deadline for deletion:
| Cake Type | Legal Privacy | Data Management | Duration of treated data range |
| Session | In accordance with the CVIII Act of 2001 on certain aspects of electronic commerce services and information society services, Law 13 / A. Section (3) |
Of the relevant session until the end of a visitor's session | connect.sid |
6. Personal data manager authorized to know the data: Using the cookies, the data controller does not handle personal data.
7. Understanding Data Management Rights: The affected person has the option to delete the cookies in the Tools / Preferences menu of browsers, usually under the Privacy menu item.
8. Legal Basis for Data Processing: No consent is required for the subject if the exclusive purpose of using the cookies is to provide the provider with the information that is required by the electronic communication network or by the subscriber or user to provide the information society service.
USING GOOGLE ADWORDS CONVERSION CUTTING
1. The online advertising program called "Google AdWords" is used by the data handler and uses the Google conversion tracking feature within its framework. Google conversion tracking is Google Inc.'s analytics service (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; "Google").
2. When a User accesses a web site through a Google Ad, a conversion tracking cookie is placed on your computer. These cookies have limited validity and do not contain any personal information, so the User can not be identified by them.
3. When the User browses on certain pages of the website and the cookie has not expired, Google and the Data Manager will also see that the User clicked on the ad.
4. Each Google AdWords customer receives a different cookie so that they can not be tracked through AdWords clients' websites.
5. The information you receive through conversion tracking cookies is intended to make conversion statistics for your AdWords conversion tracking customers. Customers will then be informed about the number of users who have been passed on their ad-click and conversion-tagged page. However, they do not have access to information that could identify any user.
6. If you do not want to participate in conversion tracking, you can disable this by blocking cookies from being installed on your browser. Then you will not be included in conversion tracking statistics.
7. For more information and Google Privacy Statement, visit www.google.de/policies/privacy/
USING GOOGLE ANALYTICS
1. This site uses the Google Analytics application, a Google Inc. ("Google") web analytics service. Google Analytics uses "cookies" to use text files that are saved to your computer to help you analyze a user-visited web page.
2. Information generated by cookies associated with a web site used by the User is usually stored and stored on a US server in Google. By activating IP anonymization on a web site, Google has previously abbreviated the IP address of the User within the Member States of the European Union or in other States party to the Agreement on the European Economic Area.
3. The transfer and shortening of the full IP address to Google's US server will only take place in exceptional cases. On behalf of this operator of this site, Google will use this information to evaluate how the User has used the Website and to report to the website operator about reports related to the activity of the website and to perform additional services related to website and Internet usage.
4. In Google Analytics, you do not associate the IP address that is transmitted by the user's browser with other Google data. The storage of cookies can be prevented by setting the Browser's settings correctly, but please note that in this case, you may not be able to fully use all of this feature on this site. You can also prevent Google from collecting and processing cookie information (including your IP address) on the User's website usage by downloading and installing the browser plug-in available on the link below. https://tools.google.com/dlpage/gaoptout?hl=hu
COMMUNITY SITES
1. The fact of the data collection, the data being processed: Facebook / Google + / Twitter / Pinterest / Youtube / Instagram, etc. registered on social network pages or the user's profile profile.
2. The circle of stakeholders: All those who are registered on Facebook / Google+, Twitter, Pinterest, Youtube, Instagram etc. social networking sites, and "copied" the web site.
3. Purpose of the data collection: To share, or "file", the promotion of certain content elements, products, actions of the web site or the website itself on social networking sites.
4. Duration of data processing, deadline for deletion of data, person of possible data controllers who are able to know the data and details of the data management rights of the data subjects: Information about the source, their handling, the method of transfer and the legal basis of the data can be consulted on the given social networking site. Data management takes place on social networking sites, so the duration of the data handling, the ways of deleting and modifying the data are governed by the rules of the respective community site.
5. The legal basis for data handling: the volunteer's consent to managing your personal information on social networking sites.
DATA TREATMENTS
DATA PROCESSORS
Hosting provider
1. Activity performed by Bofami 2000 Ltd.: Hosting service
2. Name and contact information of the data processor: Media Center Hungary Kft. 6000 Kecskemét, Sosztakovics u. 3. II / 6
3. The fact of data handling, the scope of the data processed: All personal data provided by the data subject.
4. The circle of stakeholders: All stakeholders using the website.
5. Purpose of data management: To make the web site available and to operate properly.
6. Duration of data processing and deadline for data deletion: Data management is maintained until the agreement between the data controller and the hosting service provider terminates or the request for cancellation of the data subject to the hosting service provider.
7. Legal basis for data processing: User's consent, Infotv. 5 (1), 6 (1) (a) of the EC Treaty and the CVIII Convention 2001 on certain aspects of electronic commerce and information society services. Law 13 / A. § (3).
Contact the Service Provider
If the User contacts the Service Provider with the Service Provider's publicly available contact information, the Service Provider shall record the User's name, and
- by postal contact, the User's mailing address,
- in the case of telephone contact, the User's telephone number, voice recording of the telephone conversation,
- contacting the user's mailing address in case of contacting by e-mail.
The purpose of the data management is to identify the User and to manage the transaction that is being contacted by the Service Provider.
The employees who are employed by the Service Provider and the persons employed by the Service Provider on the basis of a legal relationship with the Employee are treated in the management of the personal data of the Users.
The Service Provider may use the outside of the transaction subject to the transaction service providers to whom the User's personal information may be transmitted as required.
The Service Provider manages the User's recorded personal data for 90 days after the completion of the settlement of the transaction being contacted, and within that period until the User otherwise requests the deletion of his / her personal data. If the Service Provider has a legitimate interest in further processing of the User's personal data, the personal data will be treated until the Service Provider has a legitimate interest.
Data processing and data transmission
Personal data handled by the Service Provider may be accessed by employees of the Service Provider and employees on the basis of a legal relationship with the Service Provider who are required to fulfill their obligations arising from this employment contract or other contract.
The Service Provider shall take the appropriate measures to ensure that natural persons acting under its authority and accessing personal data will handle personal data in accordance with the instructions of the Service Provider.
In the course of data processing, on behalf of the Service Provider, by means of a contract concluded in writing with the Service Provider, the data processors named in the Prospectus are also contributing to whom the Service Provider is entitled to transfer the personal data it manages for processing.
The Service Provider only uses data processors that provide adequate safeguards to comply with data management requirements and to implement appropriate technical and organizational measures to protect the rights of Users.
In the course of their activities, data processors will only be treated by the Service Provider in order to implement its decisions, according to the written instructions of the Service Provider.
The Service Provider is entitled and obliged to provide legally available personal data to a third party or to the competent authorities by law or by a final authority decision.
In addition to the above, the Service Provider transfers personal data to third parties only in the case of prior and informed consent of the User.
Data security measures
The Service Provider performs the appropriate technical and organizational measures taking into account the state of science and technology, the costs of implementation, the nature of the data management, the circumstances and the aims and the risks to the rights of the Users, in order to prevent the handling of personal data loss, alteration, disclosure or unauthorized access to them.
The Service Provider is required to retain these obligations to any third party who transfers personal data in the context of data transmission.
The Service Provider keeps records of the data management activities it performs.
The Service Provider shall notify the National Data Protection and Disposal Authority (hereinafter referred to as NAIH or the supervisory authority) within 72 hours of its knowledge of data protection incidents, unless the data protection incident is unlikely to pose a risk to the data protection incident About the rights of users.
If the privacy incident is likely to have a high level of risk for the rights of Users, the Provider informs the User of the privacy incident without delay, clearly and easily.
If a method and type of data management by the Service Provider, especially those using new technologies, are likely to pose a high risk to the rights of users, the Service Provider will perform a data protection impact assessment before the data is processed to see how the planned data processing operations affect the protection of personal data.
If the Data Protection Impact Assessment establishes that data processing is likely to be highly risky by the Service Provider in the absence of measures to mitigate the risk, the Service Provider shall consult the supervisory authority prior to the handling of personal data.
User Rights
The rights of the User related to the data management of the Service Provider
The User is entitled to receive information about the Service Provider and his representative from the Service Provider at the time of the personal data acquisition, the purpose, legal basis, the Service Provider's legitimate interest in data handling, the Service Provider's legitimate interest, the duration of the data management or the determination of the duration, the right to withdraw the consent to data management at any time, the right to file a complaint addressed to the supervisory authority, whether the provision of personal data is based on a legal or contractual obligation or a precondition for the conclusion of a contract and the consequences of the non-disclosure of data (right of information).
The User is entitled to provide the Service Provider with feedback on whether its personal data is being processed and, if so, it has the right to access personal data and data management information (the right to access personal data).
The User is entitled to correct, at his request, any inaccurate personal data (right of rectification) to the Service Provider without undue delay.
The User is entitled to cancel the Personal Data (right to delete) at the request of the Service Provider without undue delay. The Service Provider is not obliged to delete personal data if data processing is necessary for the purpose of exercising the right to freedom of expression and information, for statistical purposes, to fulfill the obligation of the Service Provider or to enforce legal requirements.
The User is entitled to request that the Service Provider restricts the processing of data if,
- disputes the accuracy of the personal data, the duration of the verification of the accuracy of personal data by the Service Provider,
- Data handling is illegal and the User requests a restriction of their use instead of deleting the data
- the Service Provider no longer needs personal data for data processing, but the User requests them to validate their legal requirements
- the User has objected to the processing of data for the period until it is established that the Service Provider's legitimate interests have priority over the legitimate interests of the User (the right to restrict the processing of data).
During the restriction period, the User's personal data may be handled only with the consent of the User or the enforcement of legal claims or the protection of the rights of another person or important public interests except for storage.
The User is entitled to receive personal data made available to him by the Machine in a machine-readable, widely used, machine-readable format and shall be entitled to transfer such data to another Data Controller. The User may, if technically feasible, request the direct transfer of personal data between data controllers (data transferability).
The User is entitled, at any time, to object to his or her personal data to the Service Provider's or third party's legitimate interests, including profiling, for any reason relating to his / her own situation. In the event of a User's objection, the Service Provider may only treat the personal data if it proves that the legitimate reasons for enforcing the data are the priority of the User's interest or are related to legal claims (right to protest).
The User is entitled to exclude the scope of a decision based solely on automated data management, including profiling, which would have a legitimate effect on it or affect it significantly (automated decision making).
The Service Provider's procedure for enforcing the User's rights
The Service Provider shall provide the User with information and information on the handling of personal data in an easily accessible form, in a clear and unambiguous way in writing, including electronic means, or verbally or at User's request.
The Service Provider may not refuse to execute its application for the exercise of the User's Rights unless it proves that the User is unable to identify it. If the Service Provider has reasonable doubts about the identity of the person submitting the request, he may request the information required to confirm the identity.
The Service Provider is required to delete personal data relating to the User without undue delay if
- personal data is no longer needed for the purpose from which it was handled,
- the User withdraws the consent of the data controller and does not have any other legal grounds for data handling,
- the User objects to data handling and no prior legitimate reason for data handling,
- the handling of personal data is illegal,
- the personal data should be deleted for the legal obligation of the Service Provider.
The Service Provider informs any third party of any correction, deletion or limitation of data that the user has disclosed to the user, unless it proves impossible or requires disproportionate effort.
The Service Provider informs the User of the measures taken upon his request without undue delay, but no later than one month after the receipt of the request.
On the basis of the complexity of the application and the number of applications, the deadline may be extended by two additional months if necessary. The Service Provider shall inform the User of the extension of the deadline by indicating the reasons for the extension of the deadline within one month from the receipt of the request. In the case of an electronic application, the information shall be provided electronically unless the User so requests.
If the Service Provider fails to take action in response to the User's request, it informs the User without delay and within one month of the receipt of the request for reasons of non-action and that the User may submit a complaint to the Supervisory Authority and exercise its right of appeal.
The information to be provided to the User and the measures required at User's request shall be provided free of charge. You are clearly unfounded -
in the event of an exaggerated request, the Service Provider may charge a reasonable fee or deny the action based on the request, in view of the provision of the requested information or information or of the administrative costs of the requested action. Evidence of a manifestly unfounded or excessive nature of the claim is borne by the Supplier.
COMPLEMENTARY OPPORTUNITY
Complaint against the potential violation of Bofami 2000 Kft. Can be used by the National Data Protection and Information Authority:
National Privacy and Freedom Authority
1125 Budapest, Szilágyi Erzsébet fasor 22 / C.
Postal address: 1530 Budapest, Mailbox: 5.
Phone: +36 -1-391-1400
Fax: + 36-1-391-1410
E-mail:
CONCLUSION
During the preparation of the prospectus we have been following the following legislation:
- Regulation (EC) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 2016/67 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 (General Data Protection Regulation) April 27)
- 2011 CXII. Law on information self-determination and freedom of information (hereinafter: Infotv.)
- CVIII of 2001. Act on Electronic Commerce Services and Information Society Services (in particular Section 13 / A)
- XLVII of 2008. Act on the Prohibition of Unfair Commercial Practices against Consumers;
- Act XLVIII of 2008. of the Act on the Basic Conditions and Limitations of Commercial Advertising Activity (in particular Article 6)
- 2005 XC. Law on Electronic Freedom of Information
- Act C of 2003 on Electronic Communications (specifically Article 155)
- 16/2011. s. an opinion on the EASA / IAB Recommendation on Best Practice in Behavioral Online Advertising
- Recommendation of the National Data Protection and Information Authority on the data protection requirements for prior information
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46