Bomas Kft
PRIVACY POLICY
-
Aim of the policy
-
The aim of this policy is to record the data protection and data protection principles and rules applied by the BOMAS Műszaki, Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság (hereinafter referred to as Service provider) and the Privacy Policy of the Service Provider.
-
During the operation of the website https://bomas.hu/ (hereinafter referred to as Website), the Service provider is processing the data of the parties ordering Products via the Website (hereinafter jointly referred to as Users).
-
Upon the establishment and the application hereof, the Service provider shall proceed in the spirit of and in compliance with the Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of (hereinafter referred to as: Info Act), the Act CVIII of 2001 on Electronic Commerce and on Information Society Services (hereinafter referred to as the E-commerce Act) and the Regulation 2016/679/EU of the European Parliament and the Council (hereinafter referred to as the GDPR).
-
In case of the change of the services provided by the Service provider or of the General Terms and Conditions, the notifications on such changes shall be sent in certain cases electronically, in e-mail by the Service provider to the Users. Such notifications shall not be used by the Service provider for advertising.
-
-
Data of the Controller:
-
Name: BOMAS Műszaki, Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság
Registered seat: H-4200 Hajdúszoboszló, Hamvas utca 11. A. ép.
Company registry number: Cg. 09-09-005120
VAT number: 11553980-2-09
Electronic contact: info@bomas.hu
Registration authority: Company Registry Court of the Tribunal of Debrecen
-
-
Data processing during the operation of the Website
-
Submission of purchase order
Purchase orders can be initiated by the Users upon the completion of the data sheets of the products.
aim of data processing: contact with the User via confirmation e-mail
processed set of data: name of the sole proprietor/company name, company e-mail address, other data given by the User in the text box
legal basis of the data processing: consent of the User, performance of the agreement
duration of data processing: 1 year after the submission of the purchase order
way of data storage: electronically
As during the completion of the purchase order form, the User may enter further personal data into the “Message” text box in addition to the data to be processed mandatorily, the consent of the User to data processing shall cover the processing of these data as well. The Service provider shall process the data given by the User exclusively with the aim of contact.
The User may give his/her/its consent by ticking the empty check box in the purchase order form. The User shall be entitled to withdraw his/her/its consent any time. The withdrawal of consent shall not affect the lawfulness of data processing based on consent before such withdrawal.
In compliance with the Article 13 of the GDPR, the Service provider hereby expressly notifies the User that the precondition of the conclusion of an agreement via the Website shall be the entry of the data defined hereunder.
-
Performance of the purchase order
aim of data processing: identification before the conclusion of the agreement, conclusion of the agreement, making legal statements in the agreement
processed set of data: name of the sole proprietor/company name, company e-mail address, other data given by the User in the text box
legal basis of the data processing: performance of the agreement
duration of data processing: until the achievement of the aim (performance)
way of data storage: electronically
-
Issuing an invoice
aim of data processing: issue of bill (electronic invoice)
processed set of data: name of the sole proprietor/company name, company e-mail address, other data given by the User in the text box
legal basis of the data processing: mandatory data processing based on law (paragraph (1) of the section 166 of the Act C of 2000 on Accounting).
duration of data processing: 1 year after the submission of the purchase order
way of data storage: electronically
As stipulated in the section 8 of the General Terms and Condition, the Service provider shall issue an electronic invoice to the User after the performance of the purchase order.
-
Storage of invoices
aim of data processing: storage of bill (electronic invoice)
processed set of data: name of the sole proprietor/company name, company e-mail address, other data given by the User in the text box, VAT number/tax identification number of the User
legal basis of the data processing: mandatory data processing based on law (paragraph (1) of the section 169 of the Act C of 2000 on Accounting).
duration of data processing: 8 years after the issue of the electronic invoice
way of data storage: electronically
-
-
Way of data processing by the Service provider
-
As a general rule, the Service Provider shall not verify the personal data it receives. The correctness of the provided data shall be within the scope of responsibility of the data provider. Upon the provision of the e-mail address of any User, he/she/it shall be liable for that it is exclusively him/her/it to use the services by using the given e-mail. Considering such liability, any responsibility regarding any login with a given e-mail address shall be borne exclusively by the User having registered such e-mail address. In case of doubt, the Service provider shall be entitled to verify the relationship of the User with the company or sole proprietor represented by him/her/it via the official e-mail address of the company, as published in the Company Register as a public information, according to the procedure described in the General Terms and Conditions.
-
-
Who are entitled to know the given data?
-
It shall be primarily the Service provider and its internal employees to be entitled to know the data, however, such data shall not be published or forwarded to any third person, unless the Service provider is obliged by a court or authority decision to forward the data.
-
-
Rights of the User
-
The User may request notification about the details of the processing of his/her/its personal data free of charge, and in cases defined by law, he/she/it can request the rectification, erasure, blocking and the restriction of processing of the data and he/she/it can object against the processing of these personal data.
-
Right of access: the User shall have the right to obtain from the Service provider confirmation about the processing of his/her/its personal data and he/she/it can have access to such personal data and the information about the processing thereof.
-
Right to rectification: the User shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him/her/it and he/she/it shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
-
Right to erasure: for the request of the User, the Service provider shall erase the personal data of the User, if it is not necessary for the Service provider to process these data, the User withdraws his/her/its consent, objects against data processing or the data processing is unlawful.
-
Right to be forgotten: if requested by the User, the Service provider shall attempt to notify every controller about the request of the User on erasure, which became aware or may have become aware of the incidentally published data of the User.
-
Right to restriction of processing: for the request of the User, the Service provider shall restrict data processing, if the accuracy of the personal data is challenged, data processing is unlawful, the User objects against processing or the Service provider does not need the received personal data anymore.
-
Right to data portability: The User shall have the right to receive the personal data concerning him/her/it, which he/she/it has provided, in a structured, commonly used and machine-readable format and have the right to transmit those data to another service provider.
-
Within the shortest time after the submission of the request, but within 30 (and in case of objection, within 15) days, the Service provider shall assess such request, bring a decision about the reasonability thereof, and shall notify the requesting party in writing about such decision. If the Service provider fails to fulfil the request of the User, it shall notify the User about the factual and legal reasons of such rejection.
-
The User may enforce his/her/its rights before the court on the basis of the Act V of 2013 on the Civil Code and may contact the Hungarian National Authority for Data Protection and Freedom of Information (H-1125 Budapest, Szilágyi Erzsébet fasor 22/C) https://www.naih.hu/panaszuegyintezes-rendje.html ) and may submit a complaint.
-
-
Cookies
-
During visiting the Website, after becoming aware thereof, the Service provider sends one or more cookies - i.e. a small file consisting of a character string - to the computer of the data subject, owing to which the fact of the visitation of the Website can be individually stated. These cookies are provided by the Google and they are used via the Google Analytics system.
-
The Service provider sends these cookies to the computer of the visitor only in case of the visitation of certain subpages, therefore, the Service provider stores the fact, the place and the time of the visitation of the given subpage.
-
On the Website, cookies used by the Google Analytics are operating. Regarding such cookies, the Privacy Policy of the Google shall apply.
-
-
Miscellaneous
-
The Service provider may collect data about the activity of the User, however, these data shall not be connected to other data given by the User upon registration or to data generated upon the use of other websites or services.
-
If the Service provider intends to use the provided data for an aim other than the original data recording, it shall notify the User thereabout, shall acquire the prior express consent of the User for it and shall make the User be able to forbid such use.
-
The Service provider undertakes to ensure the safety of the data and to take the technical measures to guarantee the protection of the recorded, stored and processed data and shall make every effort to prevent the destruction, unauthorised use and unauthorised modification of such data.
-
The Service provider shall maintain a record of processing activities under its responsibility (recording of data processing) according to the Article 30 of the GDPR.
-
Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to data transmitted, stored or otherwise processed. In case of a personal data breach, the Service provider shall proceed according to the Articles 33 and 34 of the GDPR. The Service provider shall register the incidental data breaches by recording the facts and effects related thereto and the measures taken for remedy.
-
The Service provider shall be entitled to unilaterally modify hereof any time. The Service provider shall notify the User via the Website. After the modification, the precondition of the use of the Website shall be the explicit consent of the User given on the Website in the appropriate way.
-
Effective: from 01/01/2019
BOMAS Kft.