Móra-BOOKR Kids Kft., as the operator of the website www.bookrmesetar.hu, hereby informs the visitors and customers of the website about its data management practices, the organizational and technical measures taken to protect data, and the users’ legal remedies.
1. THE DATA CONTROLLER
The data controller is Móra-BOOKR Kids Kft. (registered office: 1066 Budapest, Jókai utca 6., tax number: 25116195-2-42, registered with the Budapest Court of Companies under number 01 09 200672, represented by: Dorka Horváth, Managing Director) hereinafter referred to as the Data Controller.
Data management registration number of the webshop: 79120
Data management registration number of the newsletter: 79121
Server service provider for the Service Provider: OVH Hosting LTD (registered office: 5 Fitzwilliam Place, Dublin 2, electronic contact: www.ovh.ie – email: customersupport@ovh.ie
2. SCOPE OF DATA PROCESSED
During viewing the website, due to technical operation, the start and end time of the user’s visit is automatically recorded, and in some cases – depending on the settings of the user’s computer – the browser, operating system data and the user’s IP address, as well as the URL of the entry and exit page. The system automatically generates statistical data from this data. The Data Controller does not connect this technical data with other personal data, it uses it exclusively to prepare visitor statistics.
The Data Controller sends a cookie to the visitor’s computer, which ensures the use of the website’s services.
If your computer settings do not allow the use of cookies, you may only be able to use some services to a limited extent.
The Data Controller carries out two types of data processing depending on the use of the services:
Anyone can visit the website without having to provide any personal data beyond the technically automatic data processing. Therefore, when browsing the website, only the technical data recorded above – time of visit, IP address, and browser and operating system data – are recorded for statistical purposes.
To make a purchase in the webshop and to subscribe to the newsletter, the following personal data must be voluntarily provided: last name, first name, e-mail address, postal code, town, street name and house number, and telephone number. The Data Controller handles the information provided with the utmost care and in strict confidence. Unauthorized persons may not access your data, and it will not be disclosed to third parties under any circumstances – with the exception of the service provider providing the storage space, except in the event that you have ordered from the webshop or if required to do so by law.
The Data Controller is entitled and obliged to forward all personal data that it has at its disposal and that it has properly stored to the competent authorities, which data it is obliged to forward by law or a legally binding official obligation. The Data Controller cannot be held liable for such data transmission and the consequences arising therefrom.
If you have ordered from the webshop, your contact details (name, address, telephone number) must be provided to the supplier of the ordered product (MPL courier service). By placing the order, you consent to the Data Controller providing your contact details to the service delivering the ordered product(s) to your home.
Furthermore, the use of data in a statistically aggregated form, which may not contain the name of the user concerned or other data suitable for identification in any form, is an exception to the data transmission, and in certain cases – due to an official court, police request, legal proceedings due to copyright, property or other infringement or reasonable suspicion thereof, the harm to the interests of the Data Controller, endangering the provision of its services, etc. – in case of third parties, the data of the affected user is made available to third parties.
By making a purchase on the website and subscribing to the newsletter, you expressly consent for an indefinite period to the Data Controller processing your personal data. The processing of personal data takes place with your voluntary consent, in the knowledge of this information, provided that you can request the Data Controller to delete your personal data at any time on the interface provided for this purpose on the website or by registered mail. The Data Controller will comply with this request within 5 working days of receipt.
“Notification”: We send system messages (different from the newsletter) to registered subscribers from time to time. A system message is any message related to the operation of bookrkids, possible service outages, maintenance, functions, changes to existing and new functions, new functions, the scope of available services and how to use them, the General Terms and Conditions, the Data Management Information, or their amendments, the rights, obligations of registered Users, and services used, including confirmation messages, certificates, notifications, confirmations, electronic receipts, invoices sent about individual services used (including, among others, notification that the subscription expires, so that you can no longer access the previously used service; sending a welcome message after registration). The so-called notifications are sent independently of the newsletters, so they are also sent to registered subscribers who do not request the newsletter. These messages do not contain marketing messages. (Required data: name, e-mail address. Source of data: registered subscriber. Purpose of data processing: sending a system message in order to fulfill the contract; legal basis: fulfillment of the Contract pursuant to Article 6 (1) (b) of the GDPR, duration of data processing: up to 3 months from the termination of the contract.)
3. PURPOSE OF DATA PROCESSING
The processing of the time of visit, IP address, and browser and operating system data is a feature of the system’s operation, their processing is technically essential, and is carried out exclusively for statistical purposes.
The purpose of the processing of personal data provided to the Data Controller during a purchase on the website is to serve the use of the website’s services and to ensure communication between the service provider and the user in order to provide the service. This data is also used for aggregated, statistical purposes.
If the user subscribes to the newsletter, the additional purpose of the processing of the e-mail address is to deliver the newsletter.
If you participate in a prize draw as a buyer, the purpose of managing your e-mail address is also to ensure communication between the user and the prize draw organizer.
By clicking on the check-box for the newsletter, you consent to the Data Controller sending you advertising messages. This form of consent complies with the provisions of Act CVIII of 2001 on certain issues of electronic commerce services and services related to the information society.
4. DURATION OF DATA PROCESSING
Session IDs are automatically deleted when you close your browser. The purpose of the cookie we place is to ensure the use of the website services. The purpose of the cookie placed by Google Analytics is to collect statistical data related to the visit to the site. The purpose of the cookie placed by GoogleMaps is to display the PostaPonts, Parcel Post Offices and Publishers specified as the collection points for paid products on the map. The purpose of the cookie placed by Facebook is to use the like or share service.
The user can delete his/her own cookie at any time. The session cookie is deleted when the browser is closed, the cookies placed in connection with voting are deleted after 24 hours, and the other cookies are automatically deleted after 183 days. You can also delete cookies in your browser at any time.
You can request the deletion of the personal data provided at any time, and the Data Controller itself can delete it if the service is terminated or if the use of the service is prohibited.
5. ACCESS TO DATA
The personal data provided by users, as well as the data automatically known due to technical operation, can only be accessed by the Data Controller’s employees and collaborators.
None of the data provided for billing and delivery during the purchase is public and is not accessible to third parties.
The Data Controller does not provide personal data to third parties – apart from the Data Controller’s employees and collaborators. This does not apply to any mandatory data transfers required by law. Before fulfilling each official data request, the Data Controller examines whether the legal basis for the data transfer actually exists for each data item, and if necessary, requests the opinion of the National Data Protection and Freedom of Information Authority. By consenting to the processing of your personal data, you also consent to the Data Controller transferring the personal data to its legal successor – while ensuring the level of data processing set out in this data protection notice. If requested, the Data Controller will delete the user’s personal data before transferring it to the legal successor. See point 7.
6. DATA SECURITY MEASURES
Personal data is stored in a dedicated virtual data center provided by GTS Hungary.
Please note that if you are browsing the Internet from a location where others may use the same computer, you should definitely exit your browser and delete your cookies at the end of your browsing session in order to protect your personal data. By deleting cookies, you prevent anyone from commenting on your behalf, participating in a prize draw, requesting a newsletter or learning about your personal data.
7. USERS’ RIGHTS RELATED TO THE MANAGEMENT OF THEIR PERSONAL DATA AND THEIR EXERCISE
All users may request information about the management of their personal data. Upon request, the Data Controller shall provide the data subject with written information within 30 days about the data it processes, the purpose, legal basis, duration of the data processing, the name, address (registered office) of the data processor and its activities related to the data processing, as well as who receives or has received the data and for what purpose. Anyone can request this information at the Data Controller’s mailing address or at the email address info@bookrkids.hu, by confirming their involvement and providing their mailing address.
Users can also request the correction and deletion of their personal data at the Data Controller’s mailing address or at the email address info@bookrkids.hu.
The deletion of data requested by email, or – if the personal data used does not correspond to reality and the personal data corresponding to reality is available to the Data Controller – the modification of data will take place no later than 5 working days from the receipt of the request.
Regarding the newsletter sent electronically, the user may at any time withdraw his consent to the processing of his e-mail address for such purposes – even while continuing to use the service. To do so, send an e-mail to info@bookrkids.hu. The Data Controller will delete the user from the list of users who have given their consent on the working day following receipt of the request, and as long as the user does not request the sending of a newsletter again, the Data Controller will not contact the user for the purpose of sending a newsletter.
The Data Controller will delete personal data:
– upon such request by the User;
– if its processing is unlawful;
– incomplete or incorrect data (if the error cannot be remedied);
– if the purpose of the data processing has ceased, within the deadline set out in point 4;
– if ordered by a court or the National Data Protection and Freedom of Information Authority;
If the Data Controller does not comply with the User’s request for correction or deletion, it shall communicate the reasons for the rejection of the request in writing within 30 days of receiving the User’s request, and shall inform the User about the possibility of judicial redress and contacting the authorities.
The User may object to the processing of his/her personal data by sending a statement to the e-mail address info@bookrkids.hu, if its purpose is solely to fulfill legal obligations within the scope of the Data Controller’s interests, to enforce legitimate interests, or if the data processing is for the purpose of direct marketing, public opinion polling or scientific research.
The Data Controller shall examine the objection within 15 days of submitting the request and shall inform the User of its decision in writing by sending a message to the e-mail address provided by the User. In the event of a decision granting the request, the Data Controller shall terminate the data processing – including further data collection and data transmission – and block the data, including the data recorded at the service provider providing the storage space. The User shall also notify all those to whom the personal data affected by the objection were previously transmitted about the objection and the measures taken on the basis of the objection, stating that they are also obliged to take measures to block the data.
If the User disagrees with the Data Controller’s decision or the Data Controller fails to examine the objection within 15 days of submission, within 30 days of the communication of the decision or the last day of the deadline, the User may take legal action against the Data Controller.
If you feel that we have violated your right to the protection of personal data, please contact us so that we can remedy the possible violation. We inform users that in addition to legal enforcement, they can also seek the assistance of the National Data Protection and Freedom of Information Authority. The National Media and Communications Authority acts in relation to advertisements sent electronically. The detailed rules regarding this, as well as the obligations of the Data Controller and the rights of the data subject, are contained in Act CXII of 2011 on the right to informational self-determination and freedom of information, and Act CVIII of 2001 on certain issues of electronic commerce services and services related to the information society.
If you have any further questions regarding the protection of personal data, please send them to the e-mail address info@bookrkids.hu.
8. TERMS
The Data Controller reserves the right to change its data protection information. This may occur in particular if the scope of services is expanded or if it is required by law. A change in data management may not mean the processing of personal data for purposes other than those specified in this information. The Data Controller will publish the relevant information on its website fifteen days in advance.
This data protection information is effective from May 23, 2018.
Móra-BOOKR Kids Kft.