Bijó Kft's Data Protection Guidelines
Bijó Kft. shall make all reasonable efforts to protect your personal data and thus your rights and freedoms. Bijó Kft. is committed to protecting your personal data and takes responsibility for the information security. Our data processing operations are based on the triple principle of necessity, proportionality and suitability. Our data processing processes are fair and transparent.
Our data processing activities are based on full conformity with the data processing rules and regulations of the European Union and Hungary.
Relevant Legislation
- Act CXVII of 1995 on Personal Income Tax
- Act CXIX of 1995 (Direct Marketing Act) – on the Use of Name and Address Information Serving the Purposes of Research and Direct Marketing
- Act LXXX of 1997 Eligibility for Social Security Benefits and Private Pensions and the Funding for These Services (Social Security Act).
- Act CVIII of 2001 on Certain Issues of Electronic Commerce Activities and Services Relating to the Information Society
- Act LIII of 2005 on the Promulgation of the Additional Protocol of 8 November 2001 in Strasbourg about the supervisory authorities and the flow of personal data through national borders, attached to the Convention of 28 January 1981 on the protection of persons during the automatic processing of persona data, on the conditions for and certain restrictions on automated processing
- Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities
- Act CXII of 2011 on the Right to Informational Self-determination and on the Freedom of information
- Act I of 2012 on the Labour Code
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR).
I. Definitions
data security: |
physical protection of data on any subject, stored in any form, from destruction, unauthorised access, corruption or unauthorised modification |
processor: |
a natural or legal person, public authority, agency or any other body processing personal data on behalf of the controller; |
processing: |
any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, viewing, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; |
controller: |
the natural or legal person, public authority, agency or any other body which, alone or together with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by the relevant EU or Member State legislation, the controller or the specific criteria for the designation of the controller may also be determined by relevant EU or Member State legislation; |
restriction processing: |
the identification of stored personal data for the purpose of restricting their future processing; (data storage only) |
destruction of data: |
complete physical destruction of the medium containing the data; |
deletion of data: |
making data unrecognisable in such a way that its recovery is no longer possible; |
data transmission: |
making data accessible to a specific third party |
data protection: |
preventing unlawful processing of personal data, protecting privacy |
personal data breach: |
unlawful processing or processing of personal data, in particular, unauthorised access, alteration, disclosure, transmission, disclosure, erasure or destruction, accidental destruction or accidental damage |
biometric data: |
any personal data relating to the physical, physiological or behavioural characteristics of a natural person obtained by means of specific technical procedures which allow or confirm the unique identification of a natural person, such as facial image or dactyloscopic data; |
confidentiality: |
the data may be accessed, used or disposed of only by those authorised to do so and only in accordance with their respective authorisations |
recipient: |
the natural or legal person, public authority, agency or any other body with whom or to which the personal data are disclosed, whether or not a third party. |
health data: |
personal data relating to the physical or mental health of a natural person, including data relating to health services provided for a natural person, containing information about the health of the natural person; |
data subject: |
any natural person who is, or can be, identified, directly or indirectly, on the basis of specific personal data; |
third party: |
a natural or legal person, public authority, agency or any other body, other than the data subject, the controller, the processor or the persons who are authorised to process the personal data under the direct control of the controller or processor; |
third country: |
any country that is not a member state of the EEA |
consent: |
voluntary and concrete expression of the data subject's intent based on adequate information whereby the data subject indicates, by way of a declaration or some other behaviour unambiguously expressing their confirmation, to consent to the processing of their personal data; |
special data: |
Personal data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, along with genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sexual orientation or sex life |
registration system: |
a set of personal data structured in any means, by centralised, decentralised or functional or geographical perspectives which can be accessed on the basis of specific criteria; |
statistical data: |
processing of personal data in such a way – e.g. by means of statistical methods – that they meet the requirements pertaining to the erasure of data, i.e. that they are no longer linked in any way to specific natural persons and no such link can be restored any more |
availability: |
ensuring that the necessary data are accessible for those authorised to access them, when necessary and in the form required by them |
integrity: |
the criterion of existence, authenticity, integrity, completeness of the data itself |
personal data: |
any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; |
disclosure: |
making data accessible for anyone. |
objection: |
a declaration made by the data subject that he or she exercises the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data based on Article 6(1)(e) or (f) of the GDPR, including profiling based on those provisions. In that case, the controller may no longer process the personal data, unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. |
II. Who is the data controller?
II.1 Name of controller: Bijó Kft.
II.2 company registration number: 01-09-178111
II.3 registered office: 1135 Budapest, Róbert Károly körút 96-100.
II.4. telephone number: +36 1 814 6464
II.5. e-mail address: info@bijo.hu
II.6. name and contact details of the data protection officer: Erika Pál, adatvedelem@bijo.hu
III. Information on the types of personal data we process in relation to you.
III.1. When you register at our registered office by submitting paper-based information or at www.bijobolt.hu , www.bijo.hu , www.bijoszakaruhaz.hu ; www.bijotermekek.hu , www.aroy-d.hu , www.ellaskitchen.hu the websites or social media pages (https://www.facebook.com/bijobolt; https://twitter.com/bijoszakaruhaz; www.facebook.com/ellaskitchenhungary; www.facebook.com/aroydhungary) or subscribe for our newsletter at the same sites or if you apply for a customer card, or order a product or products from our webshop or contact us through our customer service, we process the personal data received from you.
III.2. During the above, including, in particular, as specified in subsection IV.1., we process the following data:
III.2.1. name, name at birth, position
III.2.2. address of residence, delivery address, bank account number
III.2.3. e-mail address
III.2.4. personal identity card (ID card), home address card, driving licence, tax card, TAJ (SoSe) card, numbers of certificates of educational attainment
III.2.5. telephone number
III.2.6. age
III.2.7. sex
III.2.8. any other information shared with us orally or in writing during communication with us (by e-mail, telephone, social media, in person)
III.2.9. place of stay, geographical location of your computer or other device as identified with real-time IP address if you are using location based services and enable them on your device or computer.
III.I.10. portrait (camera shot: moving and still)
III.I.11. customer number, Bijó partner code
III.I.12. vehicle plate number, place of stay and time, fuel consumption
III.I.13. In the case of baby card: name and date of birth of the baby
Our data processing activities are accessible at www.bijo.hu where you can view which of your personal data are processed in the case of which data processing operation.
IV. For what purpose(s), on what legal ground(s) and how long we process your data.
In the case of personal data processing the legitimate purpose of processing must be clearly specified.
IV.1. The purposes of data processing:
IV.1.1. Registration of people interested in the products and the company, recording online and offline orders, storing customer data, keeping in contact and provision of information in general
IV.1.2. Issuing invoices, settling accounts with authorities, fulfilling accounting and auditing obligations, preserving documents
IV.1.3. Liaising with resellers and suppliers, managing, recording and following up the administration of deferred, cash or credit card payments
IV.1.4. Customer card: provision of various discounts, delivery of news, enabling parking and traffic in the building.
IV.1.5. Authorising access for customers, keeping records of the place and time of entry, monitoring the movements of cardholders for asset protection and security reasons.
IV.1.6. Maintaining contact/communicating with customers, dealing with disputes and legal issues, ensuring the improvement of service levels.
IV.1.7. To protect the assets of Bijó Kft. and avoid possible infringement or misuse, security cameras record the facial images of people in the customer area (Bijó Speciality Store), parking lot and other premises.
IV.1.8. We use your data for profiling, to make personalised (relevant) proposals and offers based on your sex, age and location (newsletter, social media, Google Adwords, Google Analytics).
IV.1.9. Sending newsletters for marketing purposes, organising prize games, providing information about discounts, prizes, new products, promotions, other important information (e.g. changes in opening hours) and contacting you
IV.1.10. Providing employees with a company e-mail address to facilitate efficient working
IV.1.11. Sending job offers and contacting to applicants for open positions (vacancies)
IV.1.12. GPS-based tracking of company vehicles owned by Bijó Kft., monitoring the proper use of vehicles in order to prevent misuse
IV.1.13. Data processing in relation to the registration of employees, employment contracts and their attachments, and to compliance with applicable pieces of legislation
IV.1.14. Replying to questions received on-line.
V.2. What is the legal basis of our data processing?
V.2.1. Our data processing activities are distinguished by their legal bases. We only process your personal data based on legal bases, including:
V.2.1.1. The legal basis for processing is the performance of a contract (GDPR Article 6(b)) if you have purchased goods from us or
V.2.1.2. We preserve our accounting documents in order to fulfil our legal obligations (GDPR Article 6(c)) or
V.2.1.3. Your consent is required for our processing (GDPR Article 6(a)) Pursuant to the applicable legal regulations, essentially we only process data of persons aged 16 or over; we only process data of persons under the age of 16 only with the consent of a parent or legal guardian.
V.2.1.4. The controller may process your data in its legitimate interest (GDPR Article 6(f)) after the completion of the interest balancing test.
VI.3. How long do we process your data?
VI.3.1. The period during which the personal data are retained corresponds to the achievement of the purpose (e.g. existence of customer relationship, performance of a contract). Exceptions include cases when we have a legal obligation to fulfil (e.g. accounting rules, employment, a request from a public authority, a court case, etc.): in such cases, until the expiry of the period prescribed by the law imposing the legal obligation and as long as we are able to deal with legitimate complaints, legal proceedings and other requests and to defend our own legal rights. Also different is data processing based on consent, where processing cannot continue if you withdraw your consent.
VI.3.2. If we no longer need your personal data or you withdraw your consent, we securely delete or destroy the data.
VII. Are your data secure?
When processing your personal data, we pay particular attention to the security of your data, so that they are not damaged, destroyed or out of our control in any way. We take a variety of protective measures (e.g. technology, physical protection, firewalls, SSL, standards/certificates, anti-virus, online payment, passwords, locked storage, alarms, etc.)
VIII. Do we transmit or disclose your data to others, or share them anywhere?
VIII.1. We do not disclose your personal data to anybody else, apart from disclosures in response to requests of competent authorities. We keep records of such disclosures.
VIII.2. We transmit no data to the territory of any third country.
VIII.3. Data sharing:
VIII.3.1. We share your personal data with credit and deposit card issuers and on-line payment companies through which you make payments.
VIII.3.2. We share your personal data with the courier services of Magyar Posta Zrt. (MPL) MixPakk Kft. (MixPakk) to enable delivery of the products you have ordered or to clarify, manage and resolve any issue or complaint.
VIII.3.3. From our websites (www.bijotermekek.hu; www.bijo.hu; www.bijobolt.hu; www.bijoszakaruhaz.hu; www.aroy-d.hu; www.ellaskitchen.hu) you can navigate to social media portals (https://www.facebook.com/bijobolt; https://twitter.com/bijoszakaruhaz; www.facebook.com/ellaskitchenhungary; www.facebook.com/aroydhungary). In case you have registered on any of these social media portals we may access your personal data for the sharing of which you registered instructions on such pages, in order to personalise your use of our websites. The above social media plug-ins are also available on our websites so that information about you is shared with your social media provider, may appear on your profile and, depending on your settings, may be shared on the social network. To avoid any inconvenience, please check the privacy policies of these social media players and check and change your settings there.
VIII.3.4. Cookies and tracking
We use cookies on our websites. A cookie is a packet of information sent by the server to the web browser and then sent back by the browser to the server for each request directed to the server. Cookies are created by the web server itself via the browser on the user's computer, where they are stored in a separate directory. It is most often used to identify registered users of a website, to keep a "shopping basket" or to track visitors. Cookies are in fact used to recognize and track visitors to our website, and they allow Bijó Kft. to provide you with the most suitable products, because they store your contact details and your identification. The vast majority of browsers you use accept cookies, but you can set them to decline or delete them. Your browser's "help" function can help you to set the cookie management according to your preferences. You should be aware that if you disable cookies, some features of the website may not function properly on your computer. The cookies used by Bijó Kft. do not monitor the data on your computer.
We use software (e.g. Google Analytics) to monitor your website usage patterns in order to use such data for improving the website, but the software does not record any personal data about you.
IX. What external service provider (data processor) do we use?
We use the following external service providers as data processors for operating our websites and maintain our servers:
|
Name |
Contact details |
Activity
|
IX.1. |
Globserver Kft., |
1139 Budapest, Frangepán utca 46., |
property protection |
IX.2. |
Vision-Software Kft., VS Fejlesztési Stúdió Kft., Visionsoft Üzleti Megoldások Kft. |
1149 Budapest, Pósa Lajos u. 51. |
operation, development and maintenance of IT systems, newsletter distribution software and webshop |
IX.3. |
Számokban Utazunk Kft. |
2011 Budakalász, Patak sor 9. |
bookkeeping, payroll accounting |
IX.4. |
Magyar Posta Zrt. |
1138 Budapest, Dunavirág utca 2-6. |
courier service, delivery (MPL) |
IX.5. |
MixPakk Kft. |
1119 Budapest, Rátz László utca 26. 1. em. 6. |
courier service, delivery (MixPakk) |
IX.6. |
Dr. Imre Révész |
4029 Debrecen, Kölcsey utca 10. |
auditing services |
IX.7. |
TELL Rendszerszolgáltatások Kft.
|
4034 Debrecen, Vágóhíd utca 2.
|
tracking of company vehicles (GPS-based) |
IX.8. |
Global Payments Europe sro. Magyarországi Fióktelepe
|
1117 Budapest, Október huszonharmadika utca 8-10. |
bank card payments (POS and VPOS) services |
IX.9. |
Fire Box Kft.
|
2600 Vác, Avar utca 5. |
complex fire safety and EHS services |
IX.11. The above processors are fully compliant with data security requirements and we have concluded a data processing contract with them.
X. How are your rights and freedoms ensured?
X.1. In the prescribed specific cases you have the following rights:
X.1.2. You have the right to request information from us at any time about whether we process your personal data and, if so, what data we process and for what purposes.
X.1.3. You have the right to request access to the personal data that we process.
X.1.4. You have the right to ask us to amend your personal data, and you have the right to clarify or complete them
X.1.5. If your consent was the basis for processing, you have the right to ask us to delete your data and we will do so unless we have a good reason for continuing to process it. If you have legitimately objected to the processing, you have the right to also ask us to delete your data
X.1.6. You have the right to object to processing, in particular the processing of your personal data for direct marketing purposes and automated individual decisions, including profiling.
X.1.7. You have the right to request the transfer of your personal data, in electronic and structured form, to yourself or to a third party.
X.1.8. You have the right to withdraw your consent at any time, after which we may no longer process your personal data.
X.2. You can exercise your above rights free of charge. We may charge you a reasonable fee for making an excessive, unfounded request or refuse to comply with your request.
X.3. You are kindly asked to send us your above requests to: adatvedelem@bijo.hu.
XI. You can access our data processing activities at www.bijo.hu.
XII. Legal remedy
If you consider that the processing of your personal data concerning you infringes the General Data Protection Regulation, you may contact the Data Protection Officer of the controller, the competent court in your place of residence or domicile, or lodge a complaint with the National Authority for Data Protection and Freedom of Information (1125 Budapest, Szilágyi Erzsébet fasor 22/C; telephone.: +36 (1) 391-1400; e-mail: ugyfelszolgalat@naih.hu; web: www.naih.hu).
- Amendments to the data protection guidelines
We will amend our Data Protection Guidelines as necessary, we will notify you by email if we have your email address, and we will post the amended policy on our websites.
This privacy notice is owned by Bijó Kft. and is under copyright protection. It may only be copied, modified or used exclusively with prior written permission.