Barion Pixel
By using our website, you consent to the use of cookies in accordance with the Cookie Policy.

Privacy Statement

ZBS Kft. - Release date: 05/23/2018

1.) The purpose of the data management information

The purpose of the data management information is to define the principles and rules for the management of personal and other data provided by visitors to the www.bartools.hu website while using the website and managed by ZBS Kft. (hereinafter referred to as Service Provider / Data Controller) as well as the principles of data protection and data security in order to enforce its requirements.

2.) Change tracking

The data protection guidelines arising in connection with the data management of the Service Provider are continuously available at https://bartools.hu/adatkezelesi-tajekoztato-44. The Service Provider reserves the right to change this information at any time.

3.) General provisions

The service provider handles personal data confidentially in accordance with the applicable legal regulations, ensures their security, and takes the necessary administrative, logical, and physical security and organizational measures, as well as develops the procedural rules necessary to enforce the relevant provisions of the applicable laws.

The Service Provider maintains confidentiality during data management: it protects the information so that only those authorized to do so can access it; integrity: protects the accuracy and completeness of the information and the method of processing; availability: it ensures that when the authorized user needs it, he can really access the desired information and that the related tools are available.

As a data controller, the Service Provider undertakes to ensure that all data management related to its activities complies with the provisions of this data management information sheet and the relevant legislation in force.

Data protection officer appointed by the Service Provider,

the. participates and provides assistance in making decisions related to data management, as well as in ensuring the rights of the data subjects;

b. verifies compliance with the provisions of this law and other legislation on data management, as well as internal data protection and data security policies and data security requirements;

c. investigates the reports received, and calls the data manager or the data processor to terminate it if unauthorized data processing is detected;

d. provides education on data protection knowledge.

e. ensures compliance with legal requirements within the organization

f. ensures that the involved data processors comply with the legal requirements related to data protection

4.) Legal background

The Service Provider is obliged to comply with the legal regulations related to the management of personal data in all phases of data management. The data management carried out by the Service Provider is primarily governed by the provisions laid down in the following legislation:

- Act V of 2013 on the Civil Code ("Ptk.")

- Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) - on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and on the repeal of Regulation 95/46/EC (general data protection regulation, GDPR);

- CXII of 2011 on the right to information self-determination and freedom of information. TV. ("Privacy TV.");

5.) Concepts

Concept

Description

affected

Any specific natural person identified or - directly or indirectly - identifiable on the basis of personal data.

personal data

The data that can be associated with the data subject - in particular the data subject's name, identification mark, and one or more physical, physiological, mental, economic, cultural or social characteristics of the data subject - as well as the conclusion about the data subject that can be drawn from the data.

contribution

The voluntary and firm declaration of the data subject's wishes, based on adequate information, and with which he gives his unequivocal consent to the processing of his personal data - in full or covering certain operations.

protest

The statement of the data subject, with which he objects to the processing of his personal data and requests the termination of the data processing and the deletion of the processed data.

data handling

Regardless of the procedure used, any operation or set of operations performed on personal data, such as collection, recording, recording, organization, storage, alteration, use, transmission, disclosure, alignment or connection, blocking, deletion and destruction of the data, as well as further preventing its use, taking photographs, audio or video recordings, and recording physical characteristics suitable for identifying the person (e.g. fingerprints, palm prints, DNA samples, iris images)

data processing

Performing technical tasks related to data management operations, regardless of the method and tool used to perform the operations, as well as the location of the application 

l, provided that the technical task is performed on the data.

data transfer

Making the data available to specific third parties.

disclosure

Making the data available to anyone.

data controller

A natural or legal person, or an organization without legal personality, who, or which, independently or together with others, determines the purpose of personal data management, makes and implements decisions regarding data management (including the device used), or has them implemented by the data processor it has commissioned.

data processor

A natural or legal person, or an organization without legal personality, who processes data on the basis of a contract, including a contract concluded under the provisions of the law.

data deletion

Making data unrecognizable in such a way that their recovery is no longer possible.

data file

The totality of the data managed in one register.

third person

A natural or legal person, or an organization without legal personality, who or which is not the same as the data subject, the data controller or the data processor;

6.) Information and contact details of the data controller

Company name of the data controller: ZBS Kft.

The registered office of the data controller is at Ciklámen u. 6000 Kecskemét. 14.

The telephone number of the data controller is: +36 30 207 6383

Company registration number: 03-09-129284

Tax number: 14797945-2-03

E-mail address: info@bartools.hu

Website operated by data controller: https://bartools.hu

Data management registration number: NAIH-133795/2017

7.) Data Protection Officer

The name of the data protection officer: Zsolt Bárkai

The telephone number of the data protection officer is +36 30 2076383

The e-mail address of the data protection officer is: info@bartools.hu

8.) Data processors

Company name of the data controller: ShopRenter.hu Kft.

The registered office of the data controller is: Kassai út 129, 4028 Debrecen.

Company registration number: 09-09-020636

Tax number: 23174108-2-09

The data is transferred to ShopRenter.hu Kft. after registration in the webshop, as these data are processed on the Shoprenter online interface.

Company name of the data controller: GLS Hungary Kft.

The registered office of the data controller is: 2351 Alsónémedi GLS Európa u. 2.

Company registration number: 13-09-111755

Tax number: 12369410-2-44

Data is transferred to GLS Hungary Kft. for the purpose of delivering the Service Provider's packages, only the name, e-mail address, telephone number and exact address of the person concerned. The company does not receive information about the exact contents of the package.

Company name of the data controller: Mailchimp - The Rocket Science Group, LLC

The head office of the data controller is: 675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308 USA

Tax number: MOSS No. EU372008134

The Service Provider provides Mailchimp - The Rocket Science Group, LLC with the data of those concerned who, after registration, customer inquiry or purchase, consented to the Service Provider sending them additional newsletters and/or direct inquiries. The name, e-mail address and telephone number of the person concerned, as well as the value and content of the purchased product, will be transferred for the purpose of making further offers.

The Service Provider has a contractual obligation with all data processors in accordance with the legal requirements, which ensures that personal data can only be processed based on the written instructions of the data controller, the data processor undertakes a confidentiality obligation, formulates guarantees for the data processor's IT and other security conditions, and, upon request, the data processor provides all necessary information to the data controller. Data subjects consent to the transfer of data to all of the above data processors if the conditions detailed above exist.

9.) Scope, legal basis and revocability of processed personal data

Below we discuss in detail that in each case:

- what is the purpose of data management

- what is the legal basis for data management

- which personal data will be processed

- who are the stakeholders

- revocability of consent

- is the data subject obliged to provide personal data

- what consequences may arise if the person concerned does not provide the personal data

- how long does the controller store the personal data provided

Voluntary consent to data management:

By accepting the data management information, users expressly consent to the Data Controller handling their personal data in the manner described in this information. If the visitor does not provide their own personal data, it is the responsibility of the data provider to obtain the consent of the data subject. In the case of data management based on voluntary consent, the data subjects may withdraw their consent at any stage of the data management, which does not affect the legality of the previous data management.

10.1.) Personal data provided during registration

The purpose of data management is to provide personalized service to those concerned through the online store. The legal basis for data management is the voluntary consent of the data controller 

acceptance of the content of the data management information during registration. The personal data to be processed are the user name chosen by the data subject and the data subject's own e-mail address. All interested persons who initiate registration on the website are affected during data management. Consent can be revoked by canceling the registration, however, the withdrawal of consent does not affect the legality of the data processing that took place prior to the consent. The data subject is obliged to provide the data, as future identification cannot be carried out without the listed data. If the data subject does not provide personal data, the registration cannot be completed, but the data subject can still view the public parts of the website without restriction. The storage period lasts until the registration is canceled.

10.2.) Personal data provided during telephone or direct contact

The purpose of data management is to provide personalized service to the data subjects and to send a price offer at the request of the data subjects. The legal basis for data management is the voluntary consent of the data subject to the data management, the recording of the data is initiated by the data subject. The personal data to be processed are the name, telephone number and e-mail address of the person concerned. All interested persons who initiate contact are affected during data management. Consent can be revoked by e-mail or telephone, however, the withdrawal of consent does not affect the legality of the data processing that took place prior to consent. The data subject is obliged to provide the data, as future identification cannot be carried out without the listed data. If the person concerned does not provide the personal data, the offer cannot be made. The storage period is 1 year after the offer.

10.3.) Cookies and IP address

The Service Provider places an anonymous user identifier (cookie) on the Data Subject's computer, which in itself is not capable of identifying the Data Subject in any way, it is only suitable for recognizing the Data Subject's computer, it is not necessary to enter a name, e-mail address or any other personal information, since the when applying the solution, the User does not hand over personal data to the Service Provider, the data exchange takes place only and exclusively between the machines.

The user has the right to prohibit the placement of a unique identifier (cookie) on his computer by setting his browser. The user has the right to prohibit the use of marketing and other types of cookies in a pop-up window when viewing websites.

The Service Provider manages cookies for the purpose of data management, so that it can learn more about the information usage habits of the Data Subjects and thus improve the quality of its services, as well as display customized pages and marketing (advertising) materials during website visits. The legal basis for data management is the data subject. person's voluntary consent to data management, you can control the operation of Cookies in the relevant pop-up window when opening the website. The personal data processed are Cookies used by Google Analytics, Cookies that help the website function, and Cookies for marketing purposes. All interested persons who initiate contact are affected during data management. Consent can be revoked by e-mail or telephone, however, the withdrawal of consent does not affect the legality of the data processing that took place prior to consent. The data subject is obliged to provide the data, as future identification cannot be carried out without the listed data. If the person concerned does not provide the personal data, the offer cannot be made. The storage period is 1 year after the offer.

Cookies collect information about visitors and their devices; they note the individual settings of the visitors, which will be used, e.g. when using online transactions, so you don't have to type them in again; facilitate the use of the website; they provide a quality user experience.

10.4.) Biography data

A resume can be sent to the e-mail address specified for job advertisements specified under the career menu item on the website, as well as for job advertisements launched by our partners.

The purpose of data management is to fill the position advertised by the Service Provider and to establish an employee relationship. The legal basis for data management is the voluntary consent of the data subject to data management, the data subject voluntarily consents to the processing of his data by sending his biography. The personal data to be processed are the name, telephone number, e-mail address, schools, and other data provided in the biography of the person concerned. All interested persons who voluntarily apply for the job advertisement are affected during data management. Consent can be revoked by e-mail or telephone, however, the withdrawal of consent does not affect the legality of the data processing that took place prior to consent. The data subject is obliged to provide the data, the admission process cannot be started without the requested data. If the person concerned does not provide the personal data, the application will be automatically rejected 

costs The storage period is the end of the probationary period of the hired employee, but a maximum of 6 months.

10.5.) Invoice preparation

The purpose of data management is the Service Provider's legal compliance: issuing invoices. The personal data to be processed are the name, invoicing address, and e-mail address of the data subject in the case of issuing an e-invoice. The data subject is obliged to provide the data, the admission process cannot be started without the requested data. If the person concerned does not enter the personal data, the purchase process cannot be completed.

10.6) Package delivery

The personal data of the person concerned will be transferred to the partner for the purpose of delivering the packages of ZBS Kft. The personal data to be processed are the name, e-mail address, telephone number and exact address of the person concerned. The company does not receive information about the exact contents of the package.

10.7.) Newsletter sending

The purpose of data management is to send out regular newsletters by ZBS Kft. The Service Provider provides Mailchimp - The Rocket Science Group, LLC with the data of those concerned who, after registration, customer inquiry or purchase, have consented to the Service Provider sending them additional newsletters and/or direct inquiries. The name, e-mail address and telephone number of the person concerned, as well as the value and contents of the purchased package, will be transferred for the purpose of making further offers.

11.) Transfer of data abroad, for an international organization

The data controller does not directly transmit personal data abroad, personal data is stored exclusively in Hungary. If a data processor stores or transmits personal data within or outside the European Union, then the storage or transmission takes place in the manner required by the GDPR legislation.

12.) Your rights and legal enforcement options

12.1.) Right to transparent information

The fundamental right of the data subject is the right to adequate, transparent information, which is an obligation of the data controller. The Data Controller informs the data subject in a concise, transparent, comprehensible, easily accessible format, in a clear and comprehensible manner, about the circumstances of the data management and the rights to which he is entitled.

In the event of a request for information, we will provide the information without undue delay, but within 30 days at most.

12.2.) Right of access

The data subject has the right to receive feedback from the data controller as to whether his personal data is being processed, and if such data processing is in progress, he is entitled to receive access to the personal data and related information, in particular to the source of the personal data, and regarding whether the data has been forwarded to a third party. The data controller shall provide the information within a maximum of one month from the date of submission of the request.

12.3.) Right to data portability

The data subject has the right to receive the personal data concerning him/her provided to the data controller in a segmented, widely used, machine-readable format, and to forward this data to another data controller.

12.4.) Right of correction and modification

The data subject has the right to have inaccurate personal data corrected or supplemented by the data controller without undue delay upon request.

12.5.) Right to be forgotten and deleted

The data controller is obliged to delete the personal data concerning the data subject without undue delay if one of the following reasons exists:

- personal data are no longer needed for the purpose for which they were collected or otherwise processed;

- the storage period set by the data controller has expired

- the data subject withdraws the consent that forms the basis of the data management, and there is no other legal basis for the data management;

- the data subject objects to the data processing and there is no overriding legal reason for the data processing;

- personal data were handled illegally;

- personal data must be deleted in order to fulfill the legal obligation prescribed by EU or Member State law applicable to the data controller;

- the collection of personal data took place in connection with the offering of services related to the information society.

If the managed data is necessary for legal enforcement or, for example, accounting to an authority, data processing can be continued based on the fulfillment of a legal obligation or legitimate interest.

During the erasure, the data controller is also obliged to notify the involved data processors of the erasure obligation.

12.6.) Right to protest

The data subject has the right to object at any time for reasons related to his own situation to the processing of his personal data necessary for the performance of a task carried out in the public interest or within the framework of the exercise of public authority granted to the data controller, or the processing necessary to enforce the legitimate interests of the data controller or a third party, including profiling based on the aforementioned provisions too. In the event of a protest, the data controller may no longer process the personal data, unless there are compelling legitimate reasons to do so 

are blamed, which take precedence over the interests, rights and freedoms of the data subject, or which are related to the submission, enforcement or defense of legal claims.

12.7.) Right to restrict data processing

In the case of restrictions, personal data can only be stored, other data processing can only take place with the consent of the data subject, for the purpose of presenting a legal claim, or in the public interest. The data subject has the right to request that the data controller restricts data processing if one of the following conditions is met.

- the data subject disputes the accuracy of the personal data, in this case the limitation applies to the period that allows checking the accuracy of the personal data;

- the data management is illegal and the data subject opposes the deletion of the data and instead requests the restriction of their use;

- the data controller no longer needs the personal data for the purpose of data management, but the data subject requires them to submit, enforce or defend legal claims;

- the data subject objected to data processing; in this case, the restriction applies to the period until it is determined whether the legitimate reasons of the data controller take precedence over the legitimate reasons of the data subject.

12.8.) Automated decision-making in individual cases, including profiling

The Service Provider does not use or perform profiling, automatic decision-making, or automatic mechanisms.

13.) Automated decision-making and profiling

The Service Provider does not use or perform profiling, automatic decision-making, or automatic mechanisms. The service provider does not allow automated decision-making or profiling for its data processors either, only if the data subject has given separate, written consent to this.

14.) Data protection incident, data protection log

The Data Controller is obliged to inform the competent Authority and the persons affected by the data protection incident as soon as possible, but no later than 72 hours after becoming aware of any data protection incident. The data controller uses the means at his disposal to do everything in order to reduce the data protection and other damages caused to the data subjects as a result of the incident. The data controller is obliged to ensure that similar incidents do not occur in the future.

Data controller about all cases related to data protection - data protection-related inquiries of data subjects, possible data protection incidents - so-called. keeps a data protection log, the content of which is provided for a given data subject upon request.

15.) Addressing the court

In the event of a violation of their rights, the data subject may apply to the court against the Data Controller. The court acts out of sequence in the case. Adjudication of the lawsuit falls within the jurisdiction of the court. The lawsuit can also be initiated before the court of the data controller's seat or, at the data subject's choice, of the data subject's place of residence or residence.

If the Data Controller causes damage to others by illegally handling the data subject's data or by violating data security requirements, it is obliged to compensate them. If the Data Controller violates the data subject's right to privacy by illegally handling the data subject's data or violating data security requirements, the data subject may demand damages from the Data Controller. The Data Controller is released from responsibility for the damage caused and from the obligation to pay compensation if it proves that the damage or the violation of the privacy rights of the data subject was caused by an unavoidable cause outside the scope of data management. The damage does not have to be compensated and no compensation can be claimed if the damage resulted from the intentional or grossly negligent behavior of the injured party or the violation of the right to privacy.

16.) Authority procedure, filing a complaint

The affected person can file a complaint, or you can also request information from the competent Authority:

Name: National Data Protection and Information Authority

Headquarters: 1125 Budapest Szilágyi Erzsébet fasor 22/c.

Postal address: 1530 Budapest, Pf.: 5.

Mailing address: 1530 Budapest, Pf.: 5.

Phone: +36 (1) 391-1400

Fax: +36 (1) 391-1410

E-mail: ugyfelszolgalat@naih.hu

Website: http://naih.hu

17.) Other provisions

We provide detailed information on data processing not listed in this information when the data is collected. The Service Provider only discloses personal data to the authorities - if the authority has indicated the exact purpose and the scope of the data - to the extent and to the extent that is absolutely necessary to achieve the purpose of the request.