Provacy policy

Webshop user account sending marketing messages to B2B customers via natural person contacts

 

This information note relates to the processing for marketing purposes of business user accounts that can be created on our webshop. This user account is created for your employer/company. Our aim is to send your employer/company more customized, personalized business offers through you. To this end, if you tick the consent box, we will analyze your searches and preferences from your account on our webshop (non-automated) and send a customized offer to our business partner, your employer/company. We believe that analyzing your site visits can help us deepen our business relationship by sending you personalized marketing offers.
Furthermore you also agree to receive a weekly newsletter with marketing content. The newsletter will inform you about our latest products and offers.
However, we will respect your choice if you do not want us to analyze your search preferences, so if you do not consent to this feature, it will not be activated on your company account.

  1.  Controller

Bramcke Hungary Kft. (Headquarters: 4031 Debrecen, Kishatár street 17, representative: Szivós István Dániel managing director)
Phone number: +36 52 794 696
e-mail: info@bramcke.hu
website: https://newb2b.bramcke.hu

  1. Purpose of personal data processing

The purpose of personal data processing is sending personalized offers and marketing messages to business partners. Send marketing newsletters.

  1. Scope of processed data

Name of contact person, name of company represented, contact person’s company e-mail address, phone number, date and address of pages visited on our webshop (product category, product subpages, products)

  1. Legal basis of data processing

The data subject’s consent is the legal basis for the processing in accordance with Article 6(1)(a) of the GDPR.

The processing is based on your consent, which you can withdraw at any time by sending an e-mail to info@bramcke.hu, but this does not affect the lawfulness of the processing carried out on the basis of your consent before its withdrawal.

  1. Period of storage of personal data

For contact details: until the termination of the personal account or the withdrawal of the data subject’s consent, whichever is the earlier. In relation to the newsletter service, until unsubscription.

 

With regard to page visit data: the data controller will retain the stored data for 6 months.

 

The period of data management of invoice data is 8 years, pursuant to Section 169 (2) of the Invoice Act.

  1. Circle of persons entitled to know the data

Co-workers of the controller who processes purchase orders.

  1. Rights of data subjects

Your data protection rights and remedies are set out in detail in the GDPR. You may request information about your data from the controller at any time, request the rectification, erasure or restriction of processing of your data, and object to processing based on legitimate interest (contact details). The most important provisions are summarized below.
Right to information: Where the Data Controller processes personal data relating to you, the Data Controller is obliged to provide you with information, even without your request, on the main features of the processing, such as the purposes of the processing, the legal basis for the processing, the duration of the processing, the identity and contact details of the Data Controller and of its representative, the recipients of the personal data (with appropriate and suitable safeguards in the case of transfers to third countries), the legitimate interests of the Controller and/or third parties in the case of processing based on legitimate interests, and your rights and remedies (including the right to lodge a complaint with a supervisory authority) in relation to the processing, if you do not already have this information.
Right of access: you have the right to receive feedback from the Data Controller on whether or not your personal data are being processed and, if such processing is ongoing, the right to access your personal data and certain information relating to the processing, including the purposes of the processing, the categories of personal data concerned, the recipients of the personal data, the (envisaged) duration of the processing, the rights and remedies of the data subject and, where the data are collected from the data subject, information on the source of the data. Upon your request, the Data Controller will provide you with a copy of the personal data that are the subject of the processing. For additional copies requested by you, the Controller may charge a reasonable fee based on administrative costs. The right to request a copy must not adversely affect the rights and freedoms of others. The Controller will provide you with information on the possibility of obtaining a copy, the method of obtaining a copy, the possible costs and other details at your request.
Right to rectification: you have the right to obtain, at your request and without undue delay, the rectification of inaccurate personal data relating to you. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
Right to erasure: You have the right to have your personal data erased by the Controller without undue delay upon your request, and the Controller is obliged to erase your personal data without undue delay if certain conditions are met. Among other things, the Controller is obliged to delete your personal data at your request if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; if you withdraw your consent on the basis of which the data are processed and there is no other legal basis for the processing; or if the personal data have been unlawfully processed; or you object to the processing and there are no overriding legitimate grounds for the processing; the personal data must be erased in order to comply with a legal obligation under Union or Member State law applicable to the Controller; the personal data were collected in connection with the provision of information society services.
Right to restriction of processing: you have the right to obtain, at your request, restriction of processing by the Data Controller if one of the following conditions is met: (a) you contest the accuracy of the personal data, in which case the restriction shall be for a period of time which allows the Controller to verify the accuracy of the personal data; (b) the processing is unlawful and you oppose the erasure of the data and request instead the restriction of their use; (c) the Controller no longer needs the personal data for the purposes of the processing but you require them for the establishment, exercise or defense of legal claims; or (d) you have objected to the processing, in which case the restriction shall apply for a period of time until it is established whether the legitimate grounds of the Controller prevail over your legitimate grounds. Where processing is subject to restriction on the basis of the above, such personal data may be processed, except for storage, only with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the Union or of a Member State.

In the event that the restriction on processing is lifted, the Controller shall inform you in advance.
Right to lodge a complaint: The Data Controller will inform you without undue delay, but in any event within one month of receipt of the request, of the action taken in response to the request concerning your rights listed above. If necessary, taking into account the complexity of the request and the number of requests, this time limit may be extended by a further two months. The Data Controller shall inform you of the extension, stating the reasons for the delay, within one month of receipt of the request. If the Data Controller does not take action on your request, it shall inform you without delay, but at the latest within one month of receipt of the request, of the reasons for the failure to take action and of your right to lodge a complaint with the competent data protection supervisory authority (in Hungary, the National Authority for Data Protection and Freedom of Information; “NAIH”) and to exercise your right to judicial remedy. (The contact details of the NAIH are: 1055 Budapest, Falk Miksa Street 9-11., postal address: 1363 Budapest, Pf.: 9. Tel: +36 1391 1400, Email: ugyfelszolgalat@naih.hu). The court has jurisdiction. You can also choose to bring the case before the court of the place where you live or reside. You may seek compensation from the Controller responsible for the damage suffered by you as a result of unlawful processing (including failure to take security measures).

  1. Transfers of personal data to a third country or an international organization

It will not be implemented.

  1. Automated decision-making, profiling

It will not be implemented.

  1. Data security measures:

The controller shall design and implement the processing operations in such a way as to ensure the protection of the privacy of data subjects in the application of the GDPR and other legislation applicable to data processing. The controller shall ensure the security of the data, and shall take the technical and organizational measures and establish the procedural rules necessary to enforce the GDPR and other data protection and confidentiality rules. It shall take measures proportionate to the risks involved to protect the data, in particular against unauthorised access, alteration, disclosure, transmission, erasure or destruction, accidental destruction or damage and inaccessibility resulting from changes in the technology used. In this context, the Company stores the personal data of the data subject in a password-protected and/or encrypted database. The Company protects the data with firewalls and anti-virus programs as part of a risk-proportionate protection. Data breaches are monitored on an ongoing basis. The completed questionnaires are stored electronically on the data controller’s own server.