Pompadur SRO. - Privacy Policy



This document provides information about the processing of personal data by Pompadur S.r.o , Hlavná 22 , Štúrovo, Slovakei 943 01 as the data controller (hereinafter referred to as the "Controller") through the Web Application operated by the Controller. Please read the following information carefully.

1.
The personal data of the data subjects (hereinafter referred to as the "Data Subject, Customer, User") who register and make purchases through the Web Application (https://app.bbooster.net) (hereinafter referred to as the "Web Application") and visit the website (hereinafter referred to as the "Data Subject", "Customer", "User") are processed by the Data Controller in accordance with the provisions of the 2011 Act on the Right to Informational Self-Determination and Freedom of Information. (hereinafter referred to as the "Infotv.") and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (hereinafter referred to as the "Regulation", GDPR).

The Data Controller hereby informs the Data Subjects about the processing of personal data in connection with registration, purchases, sending newsletters and the processing necessarily connected with the use of https://app.bbooster.net as a website, the purposes of the processing, the storage period, the storage and transmission of the data, the principles and practices of the processing of personal data, as well as the means and possibilities for exercising the rights of the Data Subjects.

The Data Controller reserves the right to unilaterally amend this document at any time.

2.
The controller of the data published on the Web Application is

Data Controller: Pompadur S.r.O.
Registered office: Hlavná 22 , Štúrovo, Slovakei 943 01
E-mail: hello@bbooster.net
Website: https://bbooster.net
Company registration number: 53 849 663

3. Data processing during the use of the Web Application (also referred as Business Booster)

3.1 Registration

The Data Controller draws the attention of the Data Subjects to the fact that the purchase on the Web Application is subject to prior registration, however, after registration the purchase is not mandatory. If the Data Subjects start the purchase without registration, the Web Application will redirect to the registration interface where the Data Subjects will have to complete the registration.

Please note that only one registration per e-mail address is allowed. The Data Controller reserves the right to delete registrations which are manifestly incorrect or false and, in case of doubt, to verify the authenticity of the data provided.

The Data Controller expressly draws the attention to the fact that the Data Subjects are responsible for the accuracy and timeliness of the data. In this regard, we ask you to update the data recorded in your account in the event of any changes to your personal data. Following the modification of the data, the system will send an automatic confirmation email to the registered email address, allowing the Data Subject to finalise the modification of their data.

Purpose of the processing.

Legal basis for the processing: the data subject's voluntary, informed and explicit consent, which the User gives by ticking the checkbox that appears during the registration process, on the basis of the information contained in this document. Article 5 (1) (a) and Article 6 (1) (a) of the GDPR).

Scope of the data processed:

- For private persons: billing name, billing address, postal code, city, address, country, telephone number, email address, password.

- for legal persons: billing name, billing address, postal code, location, address, country telephone number, email address, password, EU tax number.

Data retention period: until the withdrawal of the data subject's consent, until the definitive deletion of the user's account, which the user may request by sending a request to the contact details of the Data Controller specified in point 2, or until the deletion of the registration by the Data Controller in the case of a manifestly erroneous or false registration, or in the case of 2 years of inactivity.

Please note that if you make a purchase on the Web Application after registration, your account will still be deleted in the above cases, but in such case the invoices issued in connection with the purchase (and therefore the personal data contained therein) will continue to be stored as set out in section 3.2.

Place of processing: IT tools located on the premises of the controller.

Method of data storage: electronic.

Data transmission: no data transmission will take place.

Data processor: Pompadur S.r.o , Hlavná 22 , Štúrovo, Slovakei 943 01

Data processing activities carried out by: hosting services

Possible consequences of not providing the data: it is not possible to make a purchase on the Web Application without registration.

3.2. Purchasing on the Web Application

Purchases by Users on the Web Application are subject to prior registration. However, once registered on the Web Application, the purchase is not necessary. In this respect, the Data Controller will provide separate information on the processing of the User's personal data related to the two processes.e

The purpose of data processing: is to record the User's orders from the Web Application, to confirm and fulfil the order, to issue an invoice and receipt for the purchase, and to comply with the obligation to keep the records and to provide the records.

Legal basis for processing: processing is necessary for the performance of a contract to which the data subject is a party (Article 6(1)(b) GDPR).If the sales contract between the parties has been fulfilled (the data subject as the buyer has paid the purchase price and the Data Controller as the Seller has delivered the ordered product to the buyer, who has taken delivery of the product), the legal basis for processing is Article 169(2) of the Accounting Act. Scope of the data processed:

Scope of the data processed:

- for private persons: billing name, billing address postal code, city, address, country telephone number, email address, password.
- for legal entities: billing name, billing address, postal code, location, address, country, telephone number, email address, password, EU tax number
- card details: the controller does not store bank card details.

Stripe amerkia financial company is responsible for the further processing and storage of the data, which can be accessed by our customers at https://stripe.com/.

Data retention period: last day of the 8th year following the last day of the 8th year following the last day of the year of issue of the invoice, in accordance with Article 169 (2) of the Accounting Act.

Place of data processing: IT equipment located on the premises of the Data Controller, in the case of paper documents and invoices, the Data Controller's archives.

Transfers of data: the data concerned by the processing as defined in this Chapter are transferred to the following controllers:

Data Controller and Data Processors:
Name of Data Controller: Pompadur S.r.o.
Registered office: Hlavná 22 , Štúrovo, Slovakia 943 01
E-mail: hello@bbooster.net
Website: app.bbooster.net
Company registration number: 53 849 663

3.3. Newsletter distribution, direct marketing

Pursuant to Article 6 of Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activities (hereinafter referred to as the Advertising Act), the User may expressly consent in advance to being contacted by the Data Controller as a service provider with advertising offers and other mailings at the contact details provided by the Data Subject. In addition, the Data Subject may, subject to the provisions of this Privacy Policy, consent to the processing of personal data by the Controller necessary for the sending of advertising offers.

The Data Controller will not send unsolicited commercial communications and the User may unsubscribe from receiving such communications free of charge, without restriction and without giving any reason. In this case, the Data Controller shall delete all personal data necessary for sending the advertising messages from its records and shall not contact the User with further advertising offers. The User can unsubscribe from the newsletters by clicking on the link in the message.

The purpose of data processing: sending e-mail messages containing advertising to the data subject, providing information on current information, products, promotions.

The legal basis for the processing is the voluntary, informed and explicit consent of the data subject, which the User gives by clicking on the hyperlink in the e-mail sent to confirm the subscription to the newsletter, after subscribing to the newsletter, on the basis of the information contained in this document. 5 (1) a) and Article 6 (1) a) of the GDPR).

Data processed: surname, first name, e-mail address.

Data retention period: until the data subject's consent is withdrawn by clicking on the unsubscribe button at the bottom of the newsletter.

Place of processing: IT equipment located at the premises of the Data Controller or at the premises of the data processors used by the Data Controller.

Method of data storage: electronic.

Transfers of data: no transfers of the data concerned by the processing under this Chapter will take place.

Data processors:
Name of data controller: Pompadur S.r.O.
Registered office: Hlavná 22 , Štúrovo, Slovakia 943 01
E-mail: hello@bbooster.net
Website: app.bbooster.net
Company registration number: 53 849 663

Data processing activities of the company: sending of newsletters.

Possible consequences of not providing the data: information letters about discounts and promotions can only be sent after the data subject has provided his/her data and given his/her consent.

3.4.
The Data Controller hereby informs the User that when downloading certain parts of the website, the web server automatically places small data files, so-called cookies ("Cookies") on the User's Device, and reads them back during the subsequent visit. In some cases, these data files are considered personal data under the Infotv. and GDPR, as the browser returns a previously saved cookie, and the cookie management service provider has the possibility to link the User's current visit to previous visits, but only with respect to its own content.

The Web Application places a cookie on the User's device during use for two different purposes. The first of these is the TOKEN, which is essential for the operation of the Web Application and is placed by the Web Application in order to identify the logged-in User's session until log-off and thus protect the registered User's data. If you do not allow your browser to accept any cookies, including TOKEN, you will not be able to use the web application. This cookie therefore does not require the user's consent.

In addition, the Data Controller uses Google Analytics to collect statistical data, which places cookies on your browser and thus sends data to the Data Controller about what you have visited on the site. These cookies do not store personal data, they are used to track what the data subject has done on the website.

In addition, the Data Controller uses the online advertising program Google AdWords and, within the framework of this program, also makes use of Google's conversion tracking service. By using this service, when the User reaches a website through a Google advertisement, a cookie necessary for conversion tracking is placed on his/her computer. These cookies do not contain any personal data and therefore do not identify the User.

The latter two cookies are set with the user's consent, and are therefore only set with this consent, which the data subject gives by clicking on the "I agree" button in the pop-up window. If you do not wish to participate either in the data collection by Google Analytics or in the conversion tracking by Google Adwords, you can opt-out by not giving your consent to the setting of these cookies in your browser.

The User may accept or reject the use of Cookies on a case-by-case basis, or reject the use of all Cookies by setting the browser appropriately. More information on how to do this and on Cookies can be found at https://www.youronlinechoices.eu/. If the User chooses to opt-out of cookies, he or she may have limited access to certain pages of the Site and certain features or services of the Site may not function properly.

The purposes of the processing are: to identify and distinguish users, to identify users' session, to store the data provided during the session, to prevent data loss, to identify users, to carry out web analytics measurements, to operate the Site properly, to enhance the user experience, to display advertisements to Users.

Legal basis for data processing: the consent of the data subject, which the User gives by clicking on the "I agree" button on the pop-up cookie warning, based on the appropriate information contained in this notice. 5 (1) a) and Article 6 (1) a) of the GDPR).

The data processed include: ID number, date, time and the page previously visited.

Method of data storage: electronic.

Data transfer: no data transfer will take place.

3.5. Information on the use of the Web Application as a website

Although we are of the opinion that the data obtained by the Data Controller in the course of the processing described in this section do not constitute personal data, in order to provide full information, we wish to record that the Data Controller collects and stores in its own system, by means of logging, statistical information in aggregate form, which is not suitable for the identification of the user. The log includes, but is not limited to, the IP address of the computer of the Data Subject's user, the time of use and the user activity. The Data Controller shall not disclose this data to third parties and may use the contents of the log solely for its own analytical purposes, to improve the user experience and for the technical development of its IT system.

4.
The Data Controller shall respect the provisions on the security of personal data, and both the Data Controller and the authorised data processor shall take all technical and organisational measures and establish the procedural rules necessary to enforce the provisions of the Information Act and the GDPR on confidentiality and security of data processing.

The Data Controller shall take appropriate measures to protect the data processed by it against unauthorised access, alteration, disclosure, transmission, disclosure, deletion or destruction, as well as against accidental destruction or damage.

The Data Controller shall retain the data during its processing:

- a) confidentiality: it shall protect the information so that only those who are entitled to have access to it may do so;
- b) integrity: to protect the accuracy and completeness of the information and the processing method;
- (c) availability: ensures that the authorised user has effective access to the information required when he needs it and that the means to access it are available.

The Data Controller shall adequately protect its information technology systems and networks against computer fraud, espionage, fire and flooding, viruses and computer intrusions. The Operator shall ensure security through server-level and application-level protection procedures. The Operator monitors its systems in order to record and provide evidence of any security incidents. System monitoring also allows the effectiveness of the security measures in place to be verified. The compliance of the information protection measures applied by the Data Controller is required and monitored by the Data Controller on the basis of the provisions of the contracts concluded with the data processors it uses.

5.
Rights of data subjects and enforcement

All personal information provided by the Data Subject to the Data Controller must be true, complete and accurate in all respects.

The Data Subject may request information about the processing of his or her personal data, and may request the rectification, erasure or withdrawal of his or her personal data, except for mandatory processing, and exercise his or her rights of retention and objection, in the manner indicated when the data were collected or by contacting the Controller at the above contact details.

Right to information.

The right to information can be exercised in writing by using the contact details indicated in point 2 of this notice. The data subject may also be provided with information orally at his or her request, after verification of his or her identity.

The data subject's right of access: the data subject has the right to obtain from the controller information as to whether or not his or her personal data are being processed and, if such processing is taking place, the right to access the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom or with which the personal data have been or will be disclosed, including in particular recipients in third countries or international organisations; the envisaged period of storage of the personal data; the right to rectification, erasure or restriction of processing and the right to object; the right to lodge a complaint with a supervisory authority; information on the data sources; the fact of automated decision-making, including profiling, and clear information on the logic used and the significance of such processing and its likely consequences for the data subject. In the event of a transfer of personal data to a third country or an international organisation, the data subject is entitled to be informed of the appropriate safeguards for the transfer.

The Data Controller shall provide the data subject with a copy of the personal data which are the subject of the processing. For additional copies requested by the data subject, the controller may charge a reasonable fee in line with the administrative costs. At the request of the data subject, the controller shall provide the information in electronic form. The controller shall provide the information within a maximum of one month of the request.

Right of rectification.

Right to erasure: The data subject shall have the right to obtain, upon his or her request and without undue delay, the erasure of personal data relating to him or her where one of the following grounds applies:

- The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- the data subject withdraws the consent on the basis of which the processing was carried out and there is no other legal basis for the processing;
- the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
- the personal data have been unlawfully processed;
- the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
- the personal data have been collected in connection with the provision of information society services
The erasure of the data may not be initiated if the processing is necessary: for the exercise of the right to freedom of expression and information; for compliance with an obligation under Union or Member State law to process personal data or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for public health purposes or for archiving, scientific or historical research purposes or statistical purposes in the public interest; or for the establishment, exercise or defence of legal claims.

Right to restriction of processing:

- the data subject contests the accuracy of the personal data, in which case the restriction shall apply for the period of time necessary to allow the accuracy of the personal data to be verified;
- the processing is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use;
- the controller no longer needs the personal data for the purposes of the processing but the data subject requires them for the establishment, exercise or defence of legal claims; or
- the data subject has objected to the processing; in this case, the restriction shall apply for a period of time until it is established whether the legitimate grounds of the controller override the legitimate grounds of the data subject.

Where processing is subject to restriction, personal data, other than storage, may be processed only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or of an important public interest of the Union or of a Member State. The Controller shall inform the data subject in advance of the lifting of the restriction on processing.

Right to data portability: the data subject has the right to obtain the personal data concerning him or her which he or she has provided to the controller in a structured, commonly used, machine-readable format and to transmit these data to another controller.

Right to object: the data subject has the right to object at any time, on grounds relating to his or her particular situation, to processing of his or her personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions. In the event of an objection, the controller may no longer process the personal data, unless there are compelling legitimate grounds for doing so which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such purposes, including profiling, where it is related to direct marketing. In the event of an objection to the processing of personal data for direct marketing purposes, the data shall not be processed for those purposes.

Automated decision-making in individual cases, including profiling: the data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

The above right shall not apply where the processing

- necessary for the conclusion or performance of a contract between the data subject and the controller; - permitted by Union or Member State law applicable to the controller which also lays down appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; or - is based on the explicit consent of the data subject.

Right of Withdrawal. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal.

Procedural rules. If necessary, taking into account the complexity of the request and the number of requests, this time limit may be extended by a further two months.

The controller shall inform the data subject of the extension, stating the reasons for the delay, within one month of receipt of the request. Where the data subject has made the request by electronic means, the information shall be provided by electronic means, unless the data subject requests otherwise.

If the controller does not act on the data subject's request, the data subject shall be informed without delay and at the latest within one month of receipt of the request of the reasons for the non-action and of the possibility for the data subject to lodge a complaint with a supervisory authority and to exercise his or her right of judicial remedy.

The Controller shall provide the requested information and notification free of charge. Where the data subject's request is manifestly unfounded or excessive, in particular because of its repetitive nature, the controller may, taking into account the administrative costs of providing the information or information requested or of taking the action requested, charge a reasonable fee or refuse to act on the request.

The controller shall inform each recipient to whom or with which the personal data have been disclosed of any rectification, erasure or restriction of processing that it has carried out, unless this proves impossible or involves a disproportionate effort. The controller shall inform the data subject, at his or her request, of these recipients.

The controller shall provide the data subject with a copy of the personal data which are the subject of the processing. For additional copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. If the data subject has made the request by electronic means, the information shall be provided in electronic format, unless the data subject requests otherwise.

Compensation and damages: any person who has suffered pecuniary or non-pecuniary damage as a result of a breach of the Regulation shall be entitled to receive compensation from the controller or processor for the damage suffered. A processor shall be liable for damage caused by the processing only if it has failed to comply with the obligations expressly imposed on processors by law or if it has disregarded or acted contrary to lawful instructions from the controller.

Where more than one controller or more than one processor, or both controller and processor, are involved in the same processing and are liable for the damage caused by the processing, each controller or processor shall be jointly and severally liable for the total damage.

The controller or processor shall be exempt from liability if it proves that it is not in any way responsible for the event giving rise to the damage.

Data protection authority procedure: the data subject may lodge a complaint about the processing of his or her personal data with the National Authority for Data Protection and Freedom of Information

- Name: National Authority for Data Protection and Freedom of Information
- Registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
- Postal address: 1530 Budapest, PO Box 5.
- Phone: 06.1.391.1400
- Fax: 06.1.391.1410
- E-mail:ugyfelszolgalat@naih.hu
- Website:http://www.naih.hu
Right to bring a case before the courts. The court shall rule on the case out of turn.

7.
If the User wishes to contact the Data Controller, he/she may do so through the contact details of the Data Controller, as specified in point 2 of the Prospectus.