Privacy policy
Privacy Policy
For the data processing related to the toolvia.ai website
Name and contact details of the Data Controller
Company name: BRAUNIQ SOLUTION Kft (the "Service Provider") Registered seat: 1154 Budapest, Bercsényi Miklós utca 51., Hungary Tax number: 24896784-2-42
Company registration number: 01 09 188120 Represented by: Gergely-Nagy Arnold
Contact: marketing@toolvia.ai
Concepts used in this Policy
"personal data" and "data subject": any information relating to an identified or identifiable natural person (the "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by
reference to an identifier such as a name, a number, location data, or an online identifier.
"processing": any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or
alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"controller": the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data.
"processor": the natural or legal person, public authority, agency or other body which processes personal data on behalf of and in the interest of the controller, according to the provisions of the contract concluded with the controller (and the controller's instructions).
"recipient": the natural or legal person, public authority, agency or other body to which the personal data are disclosed.
"User": the person who visits the site and reads its content.
"Customer": the User who purchases a product or service through the website.
Data processing related to the use of the website
The Controller does not process any data that it did not collect from the data subject. No profiling or automated decision-making takes place.
Registration
Data subjects are those visitors of the website who register on the website by providing their e-mail address.
The Controller does not carry out profiling or automated decision-making, but reserves the right to subsequently restrict or block access on a case-by-case basis.
Scope of data |
Purpose |
Data subject's e-mail address |
Facilitating the use of the website |
Legal basis of processing: The processing is based on point (a) of Article 6(1) of Regulation (EU) 2016/679 of the European Parliament and of the Council; the data subject has given their explicit consent to the processing.
Duration of processing: Until deletion of the profile. Recipient of the data: The Controller's representative. Processor: Commercial platform (Shopify)
Data transfer: None
Purchase
Data subjects are those Users who have made a purchase through the website.
The Controller handles payment through several payment providers. The Controller does not process bank card data or other banking data.
Scope of data |
Purpose |
|
Order data; Acceptance of statements |
Sending the ordered digital product |
Legal basis of processing: based on point (b) of Article 6(1) of Regulation (EU) 2016/679; necessary for the performance of a contract concluded between persons not present.
Duration of processing: The Controller processes the data for 8 years from the purchase, or for 1 year after deletion of the profile.
Processors: Commercial platform (Shopify), database software developer (Supabase), and the chosen payment provider (Apple Pay, Google Pay, PayPal)
Data transfer: None
Data processing related to invoicing
Data subjects are those Users who have paid for a product purchased through the website.
Scope of data |
Purpose |
Invoicing data |
Legal compliance — invoice issuance |
Legal basis of processing: based on point (c) of Article 6(1) of Regulation (EU) 2016/679; necessary due to a legal obligation applicable to the Controller.
Duration of processing: 8 years following the issuance of the invoice.
Processors: The Controller's appointed accountant (iSuccess Kft.) and the operator of the invoicing system used by the Controller (Szamlazz.hu).
Data transfer: National Tax and Customs Administration (NAV — Hungary)
Data processing related to complaints
Data subjects are those Customers who have sent a complaint to the rma@toolvia.ai electronic address.
Scope of data |
Purpose |
|
Order data; Complaint data |
Legal compliance — complaint handling |
Legal basis of processing: based on point (c) of Article 6(1) of Regulation (EU) 2016/679; necessary due to a legal obligation applicable to the Controller.
Duration of processing: 5 years following the closure of the complaint.
Processors: None
Data transfer: None
Data processing related to product reviews
Data subjects are those Customers who have reviewed a product purchased through the website.
Scope of data |
Purpose |
E-mail address; Review data |
Measuring and publishing customer satisfaction |
Legal basis of processing: based on point (a) of Article 6(1) of Regulation (EU) 2016/679; the data subject has given their explicit consent to the processing.
Duration of processing: Until consent is withdrawn.
Processors: Commercial platform (Shopify), review-system support application (Judge.me)
Data transfer: None
Advertising-purpose contact
Data subjects are those Customers who, at some point on the website, by providing their e-mail address, consented to receiving electronic mail for advertising purposes.
Scope of data |
Purpose |
E-mail address |
Keeping in contact, sending offers |
Legal basis of processing: based on point (a) of Article 6(1) of Regulation (EU) 2016/679; the data subject has given their explicit consent to the processing.
Duration of processing: Until consent is withdrawn.
Processors: Webshop developer (Shopify), marketing and customer-relationship platform (Klaviyo)
Data transfer: None
Cookies used on the website
Like most websites, we also use cookies on the website. These cookies are small data files that may serve several purposes.
You can accept, refuse, or customise the cookies in the pop-up window on the website that requests permission for cookies.
Scope of data |
Purpose |
Session cookies |
Ensuring the use of the website. |
Convenience cookies |
Enhancing the user experience |
Other cookies |
Purchase encouragement, sending targeted advertisements, measuring advertising effectiveness. |
Legal basis of processing: based on point (a) of Article 6(1) of Regulation (EU) 2016/679; the data subject has
given their explicit consent to the processing. Consent can be given by accepting the cookies on the website. In the absence of acceptance of the session cookies, the site cannot be viewed.
Duration of processing: For session cookies, until the use of the site. For convenience cookies, 1 month. If you delete your browsing history, the cookies are also deleted. Other cookies: for a variable period — tracking
programs known as Meta, TikTok, and Google pixel, which measure the Controller's advertising effectiveness.
Processors: Meta, TikTok, Google.
Data security: Importantly, even when cookies are enabled, the site's Operator does not memorise any identifier or password. Even when accepting cookies, the visitor can use the Controller's electronic services in complete safety.
Scopes of data
The groups indicated in the scopes of data comprise the following personal data.
- Order data: E-mail address, Order ID, Name and quantity of products, Amount payable in USD, Transaction receipt, Electronic mail confirming performance.
- Acceptance of statements: E-mail address, Order ID, Date and time of acceptance, Content of the statements.
- Invoicing data: Customer's name, Customer's address, Order ID, Date, Receipt ID, Name and quantity of products, Amount paid in HUF.
- Complaint data: Product name, Description of the complaint.
- Review data: E-mail address, Product name, Rating and text of the review, Date of the review.
Recipients of the personal data, and categories of recipients
On the Controller's side: The Controller's representative may access the data.
Processors: The Controller works only with processors that demonstrably carry out the processing and protection of personal data in accordance with the law. Some of our processors operate outside the EEA (USA, Singapore) and have appropriate safeguards (SCC) with regard to the processing of personal data.
The Controller is in contact with the following processors in connection with the data processing.
Name |
Address |
Activity |
Shopify Inc |
Ground Floor, 151 O'Connor Street, Ottawa, Ontario, K2P 2L8, Canada |
Website support |
Supabase PTE Ltd. |
65 Chulia Street #38-02/03, OCBC Centre, Singapore 049513 |
Data storage and query support |
Apple Inc (Apple Pay) |
One Apple Park Way, Cupertino, CA 95014, United States |
Payment service |
Google LLC (Google Pay) |
1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA |
Payment service |
PayPal (Europe) S.à r.l. et Cie, S.C.A. |
22-24 Boulevard Royal, L-2449 Luxembourg |
Payment service |
iSuccess Kft. |
1161 Budapest, Csömöri út 10., Hungary |
Accounting service |
Szamlazz.hu — KBOSS Kft. |
1031 Budapest, Záhony utca 7/D, Hungary |
Invoicing system |
Judge.me Ltd. |
Buckworths 2nd Floor, 1-3 Worship Street, London, England, EC2A 2AB |
Support for collecting reviews |
Klaviyo Inc. |
125 Summer Street, Floor 6, Boston, MA 02111, United States |
Marketing and customer-relationship support |
The data subject's rights in relation to the data processing
Deadline
The Controller fulfils the data subject's request for the exercise of their rights within a maximum of one month from its receipt. The day of receipt of the request is not included in the deadline.
Data subject rights related to the data processing
Right of access
The data subject is entitled, through the contact details given in point 1, to request information as to whether the processing of their personal data is ongoing, and if such processing is ongoing, is entitled to access the data.
The Controller provides a copy of the personal data undergoing processing free of charge on the data subject's first such request; thereafter it may charge a reasonable fee based on administrative costs.
In order to meet the data security requirements and to protect the data subject's rights, the Controller is obliged to verify that the identity of the data subject and of the person wishing to exercise the right of access match; for this
reason, information, inspection of the data, and the issuing of a copy thereof are conditional on identification of the data subject.
Right to rectification
The data subject may request, through the contact details given in point 1, that the Controller modify any of their personal data. The Controller fulfils the request within a maximum of one month and notifies the data subject of this at the contact details provided by them.
Right to erasure
In connection with the data processing described in this Policy, the data subject may exercise their right to erasure at any time. The Controller fulfils the erasure as soon as possible, if no other right obliges it to retain the data.
With the deletion of the profile, the personal data are also deleted, but the deletion does not affect data processed due to a legal obligation. Due to a legal obligation, invoicing data cannot be deleted for 8 years and complaint-
related data for 5 years.
Right to blocking (restriction of processing)
The data subject may request, through the contact details given in point 1, that the Controller restrict the processing of their personal data.
Right to object
The data subject may, through the contact details given in point 1, object to the processing at any time on grounds relating to their particular situation, if in their view the Controller is not properly processing their personal data in
connection with the purpose indicated in this Privacy Policy. With regard to the processing of data to which the data subject has given their consent, objection is not applicable.
Right to data portability
The data subject is entitled to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, machine-readable format, and is further entitled to transmit this data to another
controller.
Right to remedy
Hungarian data protection authority
If the data subject considers that the Controller has infringed the applicable data protection requirements during the processing of their personal data, they may lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH).
Address: 1055 Budapest, Falk Miksa utca 9-11. Postal address: 1363 Budapest, Pf. 9.
E-mail: ugyfelszolgalat@naih.hu, website: www.naih.hu
In addition, in order to protect their data, the data subject has the option to turn to a court, which acts in the matter as a priority. In this case, the data subject may freely decide whether to file their action with the competent regional court of their domicile (permanent address) or residence (temporary address), or of the Controller's
registered seat. The regional court can be located at https://birosag.hu/birosag-kereso.
EU data protection authorities
In justified cases, the data subject has the right to turn to the data protection authority of another EU Member State. The contact details of the EU authorities can be found here: https://www.naih.hu/unios-adatvedelmi-felugyeleti-hatosagok
International dispute resolution
In disputed matters, the Service Provider always strives for an amicable settlement, and therefore primarily seeks to resolve disagreements with the assistance of a national or EU body specialised for this purpose. The body
recommended by the Service Provider is the Budapest Conciliation Board, competent according to the registered seat (Address: HU-1016 Budapest, Krisztina krt. 99. E-mail: bekelteto.testulet@bkik.hu).
In the case of a cross-border digital service, it recommends the Consumer Redress Portal, where the Customer can find the territorially competent dispute-resolution forum specialised for the service.