Ingyenes szállítás 20.000 Ft felett.

DATA MANAGEMENT INFORMATION
Effective: from 25 May 2018
Updated: 05 January 2021.

 

DATE OF IMPLEMENTATION: 2021/2006

Name of data controller: BFour Innovative Tools Kft.
Registered office: 8900 Zalaegerszeg, Zala u. 2/D..
Representative: Balázs Gerencsér Managing Director
Tax number: 25801918-2-20
Company registration number: 20-09-075338
Registration authority: Zala County Court of Registration
Website: radroller.hu
E-mail and Customer Service: info@radroller.hu
Registration number: NAIH-119595/2017
Data of the service provider:
Tárhely.Eu Szolgáltató Kft. 1097 Budapest, Könyves Kálmán körút 12-14.

 

INTRODUCTION

BFour Innovative Tools Kft. (hereinafter referred to as the “service provider” or “data controller”) attaches great importance to the protection of personal data provided by radroller.hu visitors and to ensuring the right of visitors and customers to information self-determination.

BFour Innovative Tools Ltd. is committed to processing the personal data of visitors and customers in a manner that fully complies with applicable laws and regulations in order to provide visitors with a safe and secure online experience. BFour Innovative Tools Ltd. will treat the personal data of visitors and customers confidentially, for the purpose of its effective business activities, and will use it to exercise its rights and fulfil its obligations in this regard. BFour Innovative Tools Ltd. will only process personal data that is strictly necessary for the fulfilment of the aforementioned purpose. BFour Innovative Tools Ltd. ensures the accuracy, completeness and up-to-dateness of the data processed.
It shall also ensure the security of the data, in particular the prevention of accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or any other unauthorised access to personal data stored or otherwise processed, and shall take the technical and organisational measures and establish the procedural rules necessary to implement the relevant legal provisions and other recommendations.
At the same time, BFour Innovative Tools Ltd. will establish the internal procedures and rules required by the supervisory bodies and the relevant legislation and other sectoral recommendations.
BFour Innovative Tools Ltd. provides its services through the use of the website. In order to provide its services, it processes personal data provided by customers and other data subjects.
The data controller reserves the right to unilaterally change this information at any time. Any changes will be notified in due time to its customers, users of the published data through the website.
In this Privacy Policy, we declare the principles that define our policy and daily practice regarding the protection of personal data, in which we request personal data from our visitors and customers.
We also state the purposes for which and how we use such information and how we will ensure that personal information is safeguarded and protected.
When requested by our visitors and customers, we will always provide detailed information about the personal data processed, the purposes, legal basis, duration and activities related to the processing, as set out in their request.
BFour Innovative Tools Ltd. undertakes to inform visitors to radroller.hu in advance of any changes to its principles and practices regarding the processing of personal data, so that they are always aware of the data processing principles and practices applicable to the entire radroller.hu portal.
BFour Innovative Tools Ltd. hereby undertakes that the present Privacy Policy will always reflect the principles and practices actually applied.
In drafting this Notice, we have taken into account the applicable legislation in force and the main international recommendations, in particular the following:

REGULATION (EU) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation)
Act CXII of 2011 – on the Right to Informational Self-Determination and Freedom of Information (Infotv.);
Act V of 2013 – on the Civil Code (Civil Code); Act CLV of 1997 – on Consumer Protection (Consumer Protection Act); Act C of 2000 – on Accounting (Accounting Act);
Act CVIII of 2001 – on certain aspects of electronic commerce services and information society services (Eker. tv.); Act C of 2003 – on electronic communications (Eht.);
Act XLVIII of 2008 – on the Basic Conditions and Certain Restrictions of Economic Advertising Activities (Act XLVIII of 2008)
Upon request of our visitors and customers, we will always provide them with detailed information about the personal data processed, the purposes, legal basis, duration and activities related to the processing, as specified in their request.
BFour Innovative Tools Ltd. undertakes to notify radroller.hu visitors of any changes to its personal data processing principles and practices in advance so that they are always aware of the data processing principles and practices applicable throughout the radroller.hu portal.
BFour Innovative Tools Ltd. hereby undertakes that the present Privacy Policy will always reflect the principles and practices actually applied.

Concepts and interpretations relating to personal data

controller: the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data which are intended to result in the accidental or unlawful alteration, unauthorised disclosure or access to personal data; where the purposes and means of the processing are determined by Union or Member State law, Union or Member State law may also determine the controller or the specific criteria for the designation of the controller;
‘processing’ means any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
transfer: making data available to a specified third party;
cross-border processing of personal data:
the processing of personal data within the Union in the context of activities carried out by a controller or processor established in more than one Member State in several Member States; or
processing of personal data within the Union which takes place in the context of activities carried out by a controller or processor at a single establishment and which significantly affects or is likely to significantly affect data subjects in more than one Member State;
erasure: rendering data unrecognisable in such a way that it is no longer possible to retrieve them;
data marking: the marking of data with an identification mark to distinguish it;
restriction of processing: marking of stored personal data to limit their future processing;
data destruction: the total physical destruction of a data carrier containing data;
‘processing’ means the performance of technical tasks related to processing operations, irrespective of the method and means used to carry out the operations and the place of application, provided that the technical task is performed on the data;
‘processor’ means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
data protection incident: a breach of security leading to the destruction, loss, unauthorised access, loss or alteration of data transmitted, stored or otherwise
pseudonymisation: the processing of personal data in such a way that it is no longer possible to identify the natural person to whom the personal data relate without further information, provided that such further information is kept separately and technical and organisational measures are taken to ensure that no natural person who is identified or identifiable can be linked to that personal data;
anonymisation: a technical procedure which ensures that the possibility of establishing a link between the data subject and the data is permanently excluded;

Biometric data: any personal data relating to the physical, physiological or behavioural characteristics of a natural person obtained by means of specific technical procedures which allow or confirm the unique identification of a natural person, such as facial image or dactyloscopic data;
cookie: a file of information (usually plain text) placed on the user’s computer via his/her browser, which uniquely identifies the user on his/her next visit;
recipient: the natural or legal person, public authority, agency or any other body to whom or with whom the personal data is disclosed, whether or not a third party.
direct marketing activity: the set of information activities and ancillary services carried out by means of direct marketing, the purpose of which is to recommend products or services to the data subject, to send advertisements, to inform consumers or commercial partners, to promote a transaction (purchase);
health data: personal data relating to the physical or mental health of a natural person, including data relating to the provision of health services to a natural person which contain information about the health of the natural person;
data subject/consumer/consumer: any specified natural person who is identified or can be identified, directly or indirectly, on the basis of personal data;
genetic data: any personal data relating to the inherited or acquired genetic characteristics of a natural person which contain specific information about the physiology or state of health of that person and which result primarily from the analysis of a biological sample taken from that natural person;
third party: a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data;
third country: any State which is not an EEA State.
data subject’s consent: a freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she signifies, by a statement or by an act expressing his or her unambiguous consent, that he or she signifies his or her agreement to the processing of personal data concerning him or her;
disclosure: making the data available to any person;
IP address: in all networks in which communication takes place according to the TCP/IP protocol, server machines are assigned an IP address, i.e. an identification number, which allows the identification of those machines over the network. It is well known that every computer connected to a network has an IP address, through which it can be identified.
Special data:
personal data revealing racial or ethnic origin, nationality, political opinions or political party affiliations, religious or other beliefs, membership of an interest group or membership of a representative organisation, sex life,
personal data concerning health, pathological addiction and personal data concerning criminal offences;

National Authority for Data Protection and Freedom of Information: the NAIH , whose legal status and duties are defined in Article 38 of the Info Act (hereinafter referred to as the Authority);
register system: a set of personal data, structured in any way, whether centralised, decentralised or structured according to functional or geographical criteria, which is accessible on the basis of specific criteria;
profiling: any form of automated processing of personal data whereby personal data are used to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict characteristics associated with the performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements of that person;
personal data: data which can be associated with a data subject, in particular the name, the identification mark and one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of the data subject, and the inference which can be drawn from the data concerning the data subject;
natural identity data: surname, given name, name at birth, mother’s name, place and date of birth of the data subject;
objection: a declaration by the data subject objecting to the processing of his or her personal data and requesting the cessation of the processing or the erasure of the data processed;
‘opt-out list’ means a register of the names and addresses of data subjects who have refused, or have not consented, despite a prior request to the direct marketing organisation, to the use of their personal data for the purposes of contacting or marketing or to their further processing for such purposes;
marketing list: a list containing only the name, address, sex, date and place of birth, information on the customer’s interests and marital status for the purpose of contacting and maintaining contact for the purpose of advertising.
undertaking: any natural or legal person, irrespective of its legal form, engaged in an economic activity, including partnerships or associations carrying on a regular economic activity.

THE RULES ON DATA PROCESSING

This Privacy Policy is valid from 25 May 2018 until its withdrawal.
The Regulation states that personal data must be processed lawfully and fairly, in a transparent and traceable manner for the data subject.Therefore, BFour Innovative Tools Ltd. requests personal data of data subjects for its personal data processing only for the fulfilment of legally justified and clearly stated purposes, and through this notice it also aims to provide its users with clear information. (Principle of lawful, fair and transparent processing)
Personal data should only be collected for a predefined, explicit and legitimate purpose, and should be adequate, accurate and relevant for the purpose for which it is collected, and only process the amount of data necessary to achieve that purpose. The personal data to be provided will only be used for the purposes set out therein – participation and reimbursement. (Purpose limitation principle)
The personal data must be necessary for the purposes for which they are processed, i.e. BFour Innovative Tools Ltd. processes as much personal data as is strictly necessary for the purposes of its activities. BFour Innovative Tools Ltd. endeavours to obtain the personal data that are genuinely necessary for the purposes for which they are collected and reviews them annually in accordance with the principle of data protection by design. (Data Economy)
BFour Innovative Tools Ltd. keeps personal data accurate and up-to-date and makes every effort to correct and delete inaccurate data. BFour Innovative Tools Ltd. endeavours to inform data subjects through all channels that, in the event of a change to their data, they should request that it be corrected or rectified, and has also included this in the general terms and conditions. (Accurate data management principle)
When storing data, BFour Innovative Tools Ltd. strives to keep data for an appropriate period of time, because up-to-date and accurate data facilitates the exercise of its activities and compliance with the law.When storing personal data, BFour Innovative Tools Ltd. pays particular attention to the appropriate establishment of retention periods and, if necessary, their revision, and strives to delete data that have been collected for no purpose.(Limited data processing principle)
The processing of personal data is carried out in a manner that ensures adequate data security. (Integrity and Confidentiality Principle)
And BFour Innovative Tools Ltd. strives to demonstrate compliance with data management requirements (e.g., Data Management Information Notice, Interest Screening Test, Data Security and Data Management Policy, by implementing periodic employee training)
In the case of mandatory data processing (e.g. identification for the purpose of preventing money laundering), the types of data to be processed, the purposes and conditions of the processing, the availability of the data, the duration of the processing and the identity of the controller are determined by the law or municipal regulation imposing the processing.

Explanatory notes on the processing of personal data

When visiting radroller.hu, visitors may use the site without having to reveal their identity or provide any personal information.
However, there are cases where the full use of the service offered by radroller.hu requires visitors to provide or send certain personal data.
By personally identifiable data and information we mean personal data relating to natural persons that can be used to identify someone personally, to contact someone for communication or to determine physical contact details of someone, including but not limited to: name, home address, postal address, telephone number, fax number, e-mail address.
Anonymous information that is collected in a way that excludes personal identification and that cannot be linked to a natural person and therefore cannot be associated with a natural person is not personal data.
By personal data provided by third parties – with the necessary consent – we mean data and information suitable for personal identification, which relate to the person using the service, i.e. the visitor, but which are collected and provided by the service provider with the assistance of third parties, in compliance with the legal requirements.
As a general principle, in all cases where we request personal data from our visitors, they are free to decide whether or not to provide the requested information after reading and understanding the required information text.
However, it should be noted that if a person does not provide personal information, he or she may sometimes not be able to use the service that requires the provision of personal information.
Under no circumstances will BFour Innovative Tools Ltd. collect sensitive data relating to racial or ethnic origin, nationality, ethnic or national origins, political opinions or political party affiliations, religious or other beliefs, health, medical conditions, pathological addictions, sexual life or criminal history.
This Policy is about the protection of visitors’ personal data that is not intended for public disclosure but is provided to BFour Innovative Tools Ltd. If a person voluntarily discloses all or part of his or her personal information, such information is not covered by this Notice.
Personal or other information provided by our visitors is not supplemented or combined with data or information from other sources.
Under no circumstances will the personal information provided by our visitors be disclosed to third parties without proper attribution. If the authorized authorities request the provider of personal data in the manner provided for by law (suspicion of a criminal offence, official data seizure order), BFour Innovative Tools Ltd. will provide the requested and available information in compliance with its legal obligation.
Where our visitors provide us with personal data, we will take all necessary steps to ensure the security of such data – both during network communication (i.e. online processing) and during storage and retention (i.e. offline processing).
Once the personal data has been transferred within the IT infrastructure of BFour Innovative Tools Ltd., the actions related to the retention and protection of the data are governed by the principles, procedures and security controls set out in the Data Security and Privacy Policy of BFour Innovative Tools Ltd. Personal data may only be accessed by persons holding the relevant job titles – subject to high levels of access controls.
If our visitors have any questions about security, please send an e-mail to the company’s Data Protection Contact at info@radroller.hu.

Scope of personal data, purpose, legal basis and duration of processing

The data processing activities of BFour Innovative Tools Ltd. in connection with the provision of its services are based on the prior, informed and voluntary consent of the data subject, the conclusion of a contract or the legitimate interest of the controller.However, in certain cases, the processing, storage and transmission of some of the data provided is required by law. In certain cases, BFour Innovative Tools Ltd. may also process data of third parties whose direct consent is only available to BFour Innovative Tools Ltd.’s customers (e.g. death beneficiaries, relatives, etc.), in which case it is the duty and responsibility of the data controller to obtain the prior, informed and voluntary consent of the data subject who is such a third party.

Website visitor data

Name of the processing:
Website Visitor Data

Purpose:
During the visit of the website, the service provider records the visitor data in order to monitor the functioning of the services,to facilitate and enhance the functions of the website, to provide a personalized service and to prevent abuse.

Legal basis:
Article 6(1)(a) of the GDPR, the consent of the data subject, and Section 13/A(3) of the Eker. The consent is given by the data subject in respect of the use of the website for the individual data processing.

The data subjects are:
Website user concerned

Description of data
Identification number, date, time, address of the page visited, address of the page previously visited, data relating to the user’s operating system and browser, operating system used, IP address of the user’s computer, except for the last section.

Data source:
Website

Duration of data processing:
The part of the IP address of the user’s computer will be deleted at the end of the visit.

Type of data transmitted, recipient and legal basis for transmission:

Name and address of the data controller:
BFour Innovative Tools Kft. 8900 Zalaegerszeg, Zala u. 2/D.

Name and address of the data processor:

Place of actual processing:
radroller.hu

Place of actual processing:
FastComet Inc
Suite 300 – #846
350 Townsend Street
San Francisco, CA 94107
USA

Data processor activities related to data management:
Storage service provider

Nature of the data processing technology used:
Information Technology System

Cookie management

Name of data processing:
Website cookie management

Purpose:
To identify users, to distinguish users, to identify the session users are currently using, to store the data entered there, to prevent data loss, to track users by identifying them, to display personalised offers using the data recorded during the visit to the website.

Legal basis:
Article 6(1)(a) GDPR, consent of the data subject, and Article 13/A(3) of the Eker. tv., voluntary consent of the data subject.

Data Subjects:
Customers, visitors.

Description of data:
Identifier, time, date.

Source of data:
Website usage.

Duration of data processing:
Duration of use of website, 6 months, 2 years.

Name and address of the controller:
BFour Innovative Tools Kft. 8900 Zalaegerszeg, Zala u. 2/D.

Name and address of the data processor:

Place of actual processing:
radroller.hu

Place of actual processing:
FastComet Inc
Suite 300 – #846
350 Townsend Street
San Francisco, CA 94107
USA

Data processor activities related to data management:
Storage service provider

Nature of the data processing technology used:
Information Technology System

 

Customer database, customer data management, registration, personal profile management

BFour Innovative Tools Ltd. goods can be ordered on its website. When placing an order, the data subject, the customer, provides his/her personal data and by providing the data, the data subject gives his/her consent to the company to use them for customer management.
BFour Innovative Tools Ltd. does not control the personal data provided to it. The person providing the data is solely responsible for the correctness of the data provided. Any customer who provides an e-mail address is also responsible for the fact that he/she is the only one who will receive services from the e-mail address provided.
With regard to this assumption of responsibility, any liability in connection with accessing the service from a given e-mail address shall be borne solely by the customer who registered the e-mail address. If the customer does not provide his/her own personal data, he/she is obliged to obtain the consent of the person concerned. BFour Innovative Tools Ltd. defines customer management as the enforcement of warranty rights in relation to the products sold, accounting, the use of the products purchased, the handling of complaints about the service and the realisation of marketing objectives.
In particular, customer management thus includes the consent to the use of all the data provided by the data subject for the purposes of customer management, in particular for the purpose of notifying (by telephone and/or e-mail) the data subject of new products, new services of interest to him/her, within the scope of his/her interests as defined by the products previously purchased by the data subject.

Name of the processing:
Customer data management, registration, management of personal profile, database building

Target
Purchase on the radroller.hu website, issuing invoices, registering and distinguishing customers, fulfilling orders, documenting purchases and payments, fulfilling accounting obligations, customer relations, analysing customer habits, more targeted service, customer follow-up, direct marketing

Legal basis
Article 6(1)(b) GDPR, Section 13/A of the Eker. tv., Section 169(1)-(2) of the Számv. tv. and Section 169(1)-(2) of the Grt. § 6 (5), § 21 of Act CXIX of 1995.

Scope of persons concerned
Website customers, registrants

Description of data
Customer identification number, first and last name, delivery address, home address, e-mail address, telephone number (mobile, landline), e-mail address and password for logging in, details of each order (date, time, product chosen, value of the purchase), billing address, delivery address, consent to be contacted for direct marketing purposes.

Source of data
Customer, user.

Duration of data processing
For direct marketing contributions, until the user’s consent is withdrawn.
For inclusion in the customer database: 1 year,
In case of deletion from the opt-out list: 1 year,
In the case of customers without registration and for those with registration, eight years in respect of the data of purchases pursuant to Section 169 (2) of the Act on the Payment of Bills of Sale.
Type of data transferred, recipient and legal basis for the transfer:
In the case of choosing a payment method by bank card, the payer’s identifier, the amount, date and time of the transaction to the Bank or financial service provider.

Name and address of the controller:
BFour Innovative Tools Kft. 8900 Zalaegerszeg, Zala u. 2/D.

Name and address of the data processor:
FastComet Inc.
Suite 300 – #846
350 Townsend Street
San Francisco, CA 94107
USA

Place of actual processing
radroller.hu

Data processor’s activities related to data management:
Hosting provider.

Type of data processing technology used:
IT system.

Quality complaints handling, complaint handling

Name of the processing
Quality complaints handling.

Purpose
Handling quality complaints, questions and problems related to the products ordered from radroller.hu

Legal basis:
Fulfillment of legal obligation, GDPR Article 6 (1) para. Article 6(1)(C) Legal basis

Data subjects concerned
Website customers, registrants.

Description of data:
name, address, telephone number, e-mail address, account number, description of the complaint, name of the supplier, flight number, date of order delivery, name of the product concerned by the complaint, description of the request

Source of data:
Based on orders placed on the website

Duration of data processing:
Copies of the record, transcript and reply to the recorded complaint pursuant to Section 17/A (7) of the Consumer Protection Act for 5 years.

Name and address of the data controller:
BFour Innovative Tools Kft. 8900 Zalaegerszeg, Zala u. 2/D.

Name and address of the data processor:
FastComet Inc.
Suite 300 – #846
350 Townsend Street
San Francisco, CA 94107
USA

Place of actual processing:
radroller.com

Data processor’s activities related to data management:
Hosting provider

Nature of the data processing technology used:
Computerised and manual, paper-based

Contact, information

Name of data processing
Contact, information

Purpose
In connection with business sales and marketing activities, BFour Innovative Tools Ltd. uses the data available to it to make offers to customers, to carry out marketing enquiries, to make ad hoc offers for services that meet customer needs, to provide information

Legal basis
Article 6(1)(a) of the GDPR – written consent of the mark made in the web environment

Scope of data subjects
Customers

Description of data
Company name, address, contact name, email address, telephone number, contact details

Source of data
Declaration by the data subject

Time of data processing:
Until revoked

Name and address of the controller:
BFour Innovative Tools Kft. 8900 Zalaegerszeg, Zala u. 2/D.

Name and address of the data processor:
FastComet Inc.
Suite 300 – #846
350 Townsend Street
San Francisco, CA 94107
USA

Place of actual processing:
radroller.com

Data processor’s activities related to data management:
Hosting provider

Nature of the data processing technology used:
IT system

 

Newsletter database construction

BFour Innovative Tools Ltd. sends newsletters to subscribers about its activities.
You can subscribe to the newsletter on the radroller.hu website – or you can request it verbally by calling the customer service. Unsubscribing from the newsletter does not constitute inclusion on the prohibited list as defined in Article 21 of Act CXIX of 1995 on the processing of name and address data for the purposes of research and direct marketing.

Name of processing
Building newsletter databases

Purpose
Building and maintaining the newsletter database, registering and distinguishing members, maintaining contacts, managing promotional offers and other mailings, informing about current promotions, offers, direct marketing messages, managing personalised offers

Legal basis
Article 6 (1) (a) GDPR, voluntary consent of the data subject, § 13/A of the Eker. tv. and § 13/A of the Grt. § 6 (5)

Scope of data subjects
Newsletter subscribers

Description of data
Customer number, name, address, telephone number, e-mail address, delivery address, billing address, newsletter authorisation, products purchased, method of payment, amounts

Data source
Customer concerned

Time of data processing:
In case of direct marketing, newsletter enquiries, until consent is withdrawn.

Name and address of the data controller:
BFour Innovative Tools Kft. 8900 Zalaegerszeg, Zala u. 2/D.

Name and address of the data processor:
The Rocket Science Group LLC (Mailchimp)
675 Ponce de Leon Ave NE
Suite 5000
Atlanta, GA 30308 USA

Place of actual processing
radroller.com

Processor’s activities in relation to data management
Mailing list provider.

Nature of the data processing technology used
Computerised system

Interconnection of databases:
Newsletter profile data and related purchase data

The data subject may unsubscribe from the newsletter at any time, free of charge.
To withdraw consent to the sending of direct marketing messages and to request the deletion or modification of personal data, please contact the following contact details:
-by e-mail to info@radroller.hu, and
by e-mail at the above contact details.

Telephone conversations

Name of data processing
Telephone conversations, customer service

Purpose
Enforcement of the rights of the customer and the data controller, ex post verifiability.

Legal basis
Act CLV of 1997, No. A1997, § 17/B – on the basis of a statutory provision – performance of a legal obligation – Article 6(1)(c) GDPR

Persons concerned
Website customers, registrants

Description of data
Customer’s identification number, name, conversation between the customer and the administrator, other personal data provided during the conversation (name, address, telephone number), date and time of the call.

Source of data
concerned

Duration of the processing of the data
For the duration of the telephone call

Name and address of the data controller:
BFour Innovative Tools Kft. 8900 Zalaegerszeg, Zala u. 2/D.

Name and address of the data processor:
FastComet Inc.
Suite 300 – #846
350 Townsend Street
San Francisco, CA 94107
USA

Place of actual processing:
radroller.com

Data processor’s activities related to data management:
Hosting provider

Nature of the data processing technology used:
IT system

 

Order assembly, delivery

The preparation, sorting, sorting and delivery of the ordered goods takes place at the designated premises of BFour Innovative Tools Ltd.

Name of data processing
Order assembly, delivery

Destination
To register and distinguish between customers, to deliver, fulfil, document and pay for the goods ordered, to fulfil accounting obligations, to maintain contact with customers and to provide a more targeted service

Description of data
Customer number, name, other delivery address, address, e-mail address, telephone number, details of each order (date, time, product chosen, value of purchase), billing address, delivery address, method of payment, amount to be paid, details of invoice confirming the order, contact details – name, address, telephone number.

Legal basis
Voluntary consent of the data subject.

Data subjects concerned
Persons placing orders on the website.

Name and address of the data controller:
BFour Innovative Tools Kft. 8900 Zalaegerszeg, Zala u. 2/D.

Type of data transferred, recipient and legal basis for the transfer
Data: name, delivery address, telephone number
Legal basis: consent of the data subject

Name and address of the data processor:
Express One Hungary Kft. 1239 Budapest, Európa u. 12, https://expressone.hu/
E-mail: ugyfelszolgalat@expressone.hu

1212 One, Hungary, e-mail address: 1212 One One, e-mail address: 1212 One, Hungary:
radroller.hu

The data processor’s activity in relation to data processing:
Courier service

Nature of the data processing technology used:
IT system and paper-based

Building market research databases

Name of data processing
Building market research databases

Purpose
To build and maintain a customer database at BFour Innovative Tools Ltd., to register and distinguish its members, to maintain contacts, to manage promotional offers and other mailings, to inform about current promotions, offers, direct marketing messages, to manage personalised offers.

Stakeholders
Website customers, registrants

Description of data
Customer number, name, address, e-mail address, telephone number, billing address, newsletter authorisation, products ordered, payment method, amounts.

Data source
Based on orders placed on the website.

Duration of data processing
Pursuant to Article 169 (2) paragraph 2 of the Act on Accounting, the data is stored for 8 years.

Duration of data processing
In the case of direct marketing, newsletter enquiries, until consent is withdrawn,
5 years from the last login for profile data,
8 years in the case of purchase data.

Legal basis
Voluntary consent of the data subject (Article 6(1)(a) GDPR, § 13/A of the Eker. tv. and § 13/A of the Grt. § 6 (5)

Name and address of the controller:
BFour Innovative Tools Kft. 8900 Zalaegerszeg, Zala u. 2/D.

Name and address of the data processor:
FastComet Inc.
Suite 300 – #846
350 Townsend Street
San Francisco, CA 94107
USA

Place of actual processing:
radroller.com

Data processor’s activities related to data management:
Hosting provider

Nature of the data processing technology used:
IT system

 

Facebook and Instagram

Name of the data processing
Facebook and Instagram

Purpose
To share or like certain content, products, promotions or the website itself on Facebook.com and Instagram

Legal basis
Voluntary consent of the data subject to the processing of personal data on Facebook.com and Instagram.com

Data subjects concerned
All data subjects who have registered on the Facebook.com community page and have liked the website.

Description of data
The name of the person registered on the Facebook.com community page and the public profile picture of the user.

Source of data
Data subject

The time of processing of the data:
Data processing takes place on Facebook.com and Instagram.com, so the duration of data processing, the way it is carried out and the possibility to delete and modify the data are governed by the rules of the respective social networking sites.

How your data is shared with other responsible organisations

We may share your personal information with third parties.
The third party with whom we share your personal data may determine the purposes and means of processing your personal data and will be legally responsible for ensuring that the processing is carried out in accordance with the data protection principles and the provisions of this Privacy Notice and applicable law.

For example, we may share your personal data with the following third parties:
Processors who process your data on our behalf;
Law enforcement agencies, where we are under a duty to cooperate for law enforcement purposes.

 

We may share your information with data and content analysts if we are required to do so by law enforcement agencies or other third parties

Google Analytics cookies (cookies)
Google Analytics is an analytics service provided by Google Inc (“Google”). Google Analytics uses cookies stored on users’ computers to analyse user interactions on the Website. The legal basis for the processing of data for web analytics purposes is the voluntary consent of the website user. Cookies for analytics purposes are anonymised and aggregated data which make it difficult to identify the computer, but which cannot be excluded. The analytical information collected by the Google Analytics cookies is transmitted to and stored by Google on its servers. This information is processed by Google on behalf of the operator of the website in order to evaluate users’ browsing habits, compile reports on the frequency of use of the website and provide other services related to the use of the website for the website operator. More information about the cookies used by Google can be found at the following link: https://www.google.com/policies/technologies/ads/
Google’s privacy statement can be found at the following link: https://www.google.com/intl/hu/policies/privacy/.
Cookies set by Facebook
The Data Controller operates a Facebook page which can be accessed directly from its website.
Facebook also places various cookies on the data subject’s computer, more information about which can be found at https://hu-hu.facebook.com/policies/cookies/, where you can also find out how to disable cookies.
The Website may also contain links to external servers (not managed by the data controller or processors) and sites accessible through these links may place their own cookies or other files on your computer, collect data or request personal data. The controller disclaims any liability for these.
The Data Controller may use the data collected by cookies to send targeted advertising messages. A cookie is used to track a user across multiple websites. The Data Controller shall provide the Data Subject with the possibility to withdraw his/her consent at any time, either in person at the Data Controller’s headquarters or by electronic mail.

 

Other facts relating to the processing

Data security

The employees of BFour Innovative Tools Ltd. and any other data controllers and data processors are entitled to access the data to the extent necessary for the performance of their duties.

How long do we keep your personal data?
As already mentioned in the third party data protection principles, we will only process your personal data for legitimate purposes and for the time necessary to achieve those purposes. When we no longer need your personal data, we will securely destroy it. However, we need to have up-to-date data in order to provide you with our services, so after the expiry of the retention period indicated above, we will clean and update the data we hold and delete inactive data. The deletion of the data is carried out by the operator and a record of the deletion is kept for 10 years to ensure accountability.

Your rights

It is important for us that you are aware of your data protection rights. To this end, we have set out below a non-exhaustive list of the data protection rights you have in relation to the data you entrust to us.

Right to withdraw consent.
Right of access to data: you have the right to be adequately informed at any time by contacting us whether your personal data is being processed and, if so, you have the right to access and request a copy of your personal data held by us and to be informed of how we process your personal data.
When we provide you with this information, we will provide you with the following information:
what the purpose of the processing is,
what personal data are concerned, who are the recipients of the data transferred, and the storage period,
you may request rectification, erasure, restriction or object to the processing of your data and lodge a complaint with a supervisory authority ( www.naih.hu ),
if we have obtained the data from a 3rd party, you have the right to receive all relevant information.
Right to rectification.
Right to erasure: You may request that we erase without undue delay certain of your personal data held by us where:
We no longer need that data;
You withdraw your consent to the processing of certain data; You object to the processing of your personal data,
You object to the processing of personal data where you have given your consent to the processing of personal data that you no longer wish to have deleted;
You have a concern about the legal basis for our processing of your data.
Right to restriction of processing.
You may also request restriction where we no longer need your data but you, as the data subject, require it to establish, exercise or defend a legal claim. You may also request restriction if you contest the legal basis for processing based on legitimate interest.
During the restriction, no processing operations may be carried out, only storage of the data. You will be informed in advance by radroller.hu of the lifting of the restriction.

Legal remedies and complaints may be lodged with the National Authority for Data Protection and Freedom of Information:
If you are interested in data protection, please send an e-mail to rad@bfour.eu.
If you have any queries regarding data protection, please contact the National Authority for Data Protection and Freedom of Information at
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C Postal address: 1530 Budapest, Pf. 5
Phone: +36-1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
Website: https://www.naih.hu

Judicial enforcement
The controller must prove that the processing is lawful. It is for the recipient to prove the lawfulness of the transfer. The court has jurisdiction to rule on the case. The action may also be brought, at the option of the data subject, before the courts for the place where the data subject resides or is domiciled.
A person who does not otherwise have legal capacity may be a party to the proceedings. The Authority may intervene in the proceedings in order to ensure that the person concerned is successful.
If the court upholds the application, the controller shall be ordered to provide the information, rectify, block or erase the data, annul the decision taken by automated processing, take account of the data subject’s right to object or disclose the data requested by the data subject.
If the court rejects the data subject’s request, the controller shall erase the personal data of the data subject within 3 days of the notification of the judgment. The controller shall also be obliged to delete the data if the data subject does not apply to the court within the time limit. The court may order the publication of its judgment, with the publication of the controller’s identification data, if the interests of data protection and the protected rights of a larger number of data subjects so require.
Compensation and damages
If the controller causes damage to another person by unlawfully processing the data subject’s data or by breaching data security requirements, the controller must compensate the damage.
Where the controller infringes the data subject’s right to privacy by unlawfully processing his or her data or by breaching data security requirements, the data subject may claim damages from the controller.
The controller shall be liable to the data subject for the damage caused by the processor and the controller shall also pay the data subject the damages due in the event of a personal data breach caused by the processor. The controller shall be exempted from liability for the damage caused and from the obligation to pay the damage fee if it proves that the damage or the infringement of the data subject’s personality rights was caused by an unavoidable cause outside the scope of the processing.
No compensation or damages shall be payable where the damage or injury to the personality right of the data subject was caused by the intentional or grossly negligent conduct of the data subject.

Zalaegerszeg, 25 May 2018.

Update: 05.01.2021.

BFour Innovative Tools Ltd.

radroller.hu

 

Annex No. 1
In drawing up this Information Document, we have taken into account the relevant legislation in force and the

The information has been drafted in accordance with the applicable legislation and the main international recommendations, in particular the following:

 

REGULATION (EU) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 2016
27.) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation)
Act CXII of 2011 – on the Right to Informational Self-Determination and Freedom of Information (Infotv.);
Act C of 2003 on electronic communications (Act C of 2003 on electronic communications);
Act V of 2013 – on the Civil Code (Civil Code); Act CLV of 1997 – on consumer protection (Consumer Protection Act); Act C of 2000 – on accounting (Accounting Act);
Act CVIII of 2001 – on certain issues of electronic commerce services and information society services (Eker. tv.);
Act C of 2003 – on Electronic Communications (Eht.);
Act XLVIII of 2008 – on the Basic Conditions and Certain Restrictions of Economic Advertising Activities (Act XLVIII of 2008).

 

Subscribe to the waiting list We will notify you by email when the product is back in stock. Please enter your email address: