Brand It Online- online supplier of Promotional Products, Branded items and Promotional Gift Items. Offering a wide range of highly customizable promotional products and merchandise, including promotional pens, giveaways, and branded items, our website pr
What kind of information do you find in our Privacy Policy?
In our Privacy Policy (hereinafter: Policy), you will find all the information you need to know about which of your personal data, for what purpose, and for how long, will be processed by our Company and to which service provider we forward your personal data. Besides that, you’ll find out what data security measures we take to protect your data during our data processing and what rights you have in relation to our data processing. We process your personal data prudently, in accordance with the applicable legislation. If you have any questions or complaints regarding our data processing, feel free to contact us at the contact information provided in the present Policy.
I. The Data Controller
1. Who processes your data as a data controller?
Company name (short form): Maksoft JSCo
Registered and postal address: 150 Vassil Levski Blvd., 1527 Sofia, Bulgaria
Registration number: 202236421
Company Registry Court: Europe, Bulgaria (BG)
Tax ID: BG202236421
Website: www.brandit-online.eu
E-mail: [email protected]
2. How can you contact us with questions and problems regarding data processing?
Feel free to contact us at the following contacts, preferably by email, for quick and verifiable administration!
Maksoft JSCo.
150 Vassil Levski Blvd., 1527 Sofia, Bulgaria
E-mail: [email protected]
II. Details of each data processing
1. Data processing of contractual contacts
With respect to contractual contact persons, we process their personal data that is either public (e.g., published on websites) or obtained from our clients (on business cards, in contracts, etc.).
Purpose of data processing: concluding contracts and contracts, efficient communication, ensuring business continuity
The processed data:
name,
position,
company address, including sole proprietor (head office, establishment, or place of business),
business telephone number (landline and/or mobile), sole proprietor,
company email address, including sole proprietor,
business fax number, including that of a sole proprietor.
If the contractor is a sole proprietor, we will not handle business or company information, but the information that the sole proprietor will provide to us in connection with the conclusion of the contract or on his website or business card.
Legal basis of the data processing:
In the case of contracts with a sole proprietor, if the contractor is also the contact person, the performance of the contract is governed by Article 6 (1) (b) of the GDPR.
In the case of contracts with other entities, the legitimate interest (Article 6 (1) (f) of the GDPR), which is the conclusion, performance of the contract, effective communication, and ensuring business continuity,
Retention of data:
Contractual contact information will be retained during the term of the agreements and thereafter until the expiration of any applicable tax limitation period from the termination of the relevant agreement, which shall be 8 years from the date of issue of this Policy and shall commence with the disclosure.
2. Customer service data processing
Personal data received by email addresses as well as customer service inquiries by phone are received at our head office and handled by those employees with appropriate access privileges whose job is related to customer support requests.
Purpose of data processing: to handle customer service requests we receive and answer questions.
Legal basis of data processing: legitimate interest (Article 6 (1) (f) of the GDPR), which is recording, responding to, and utilizing recorded customer service communications in case of any claims.
The processed data:
When contacting us via email, the person who contacts us:
name
Additional personal data you provide (including, in particular, the contact details of the inquirer or other person involved and the circumstances of the case in which the inquirer contacted us)
When contacting us by phone, the person who contacts us:
name
phone number (landline or mobile)
data from the call
time of the call
Additional personal data you provide (including, in particular, the contact details of the inquirer or other person involved and the circumstances of the case in which the inquirer contacted us)
In the case of a request sent by post:
name of the sender
address
date of delivery
Additional personal data you provide (including, in particular, the contact details of the inquirer or other person involved and the circumstances of the case in which the inquirer contacted us)
Duration of data processing: personal data (including emails) processed in connection with general inquiries will be deleted after the purpose of the data processing has ceased. Thus, if it’s unlikely that we will need the e-mail and the response for further administration and enforcement, we will delete those data; otherwise, the request and reply will be deleted after 5 years from the date of communication, in accordance with the civil statute of limitations.
We work only with companies like advertising agencies, merchants, distributors, and private individuals who guarantee that they represent a company.
3.Handling complaints
Purpose of data processing: handling incoming customers and client complaints
Legal basis for data processing: legitimate interest (Article 6 (1) (f) of the GDPR), efficient and verifiable handling of customer or client complaints, use of such correspondence or personal communication in any official process or in any claim.
The processed data:
name
e-mail or postal address
Additional personal data you provide (including, in particular, the contact details of the inquirer or other person involved and the circumstances of the case in which the inquirer contacted us)
Duration of data processing: personal data processed in such a case will be retained within the civil statute of limitations (currently 5 years), which begins with the disclosure.
4. Server logging
Purpose of data processing: troubleshooting, detection of system failures, security protection, and, for webshop users, restoring the contents of the cart.
Legal basis of data processing: legitimate interest (Article 6 (1) (f) of the GDPR) troubleshooting, detection of various system failures, protection against various system hacking, restoring contents of the cart when used in the webshop.
Duration of data processing: 1 year
Server logging stores the data below on our own server:
IP address
User agent
Login time
Referer
Cookies
Set-Cookie
However, in the event of a major system failure, ad hoc logging may also result in the storage of personal data provided during registration.
III. Data processing principles, rights of the data subject and their enforcement, time limit of administration
1. Data processing principles
We will process your personal data in accordance with applicable legal requirements, so personal data will only be processed and stored for the purposes and for the period of time required for the purposes of this Policy, only as provided by you as the data subject or in a legitimate interest, and in accordance with the applicable law and the present Policy.
If we intend to use your personal data for purposes other than those for which it was originally collected, we will inform you in advance, by email or on our website, in order to obtain your consent and to provide you with the opportunity to prohibit data processing for purposes other than the original purpose.
In particular, the following data processing principles apply:
Lawfulness, fairness, and transparency
purpose limitation
data minimisation
accuracy
storage limitation
integrity and confidentiality
accountability
2. Rights of the data subject
You, as the data subject, are granted the following rights in accordance with the provisions of the GDPR:
2.1. Right to be informed
You, as the data subject, have the right to be informed about all the legal grounds for data processing. We strive to fulfill our obligation to provide information in a concise, clear, understandable, and easily accessible form with clear wording.
2.1.1. How will we inform you about the processing of your data?
We comply with our obligation to provide information primarily in writing, including by email. Oral information may be provided upon your express request, provided that you have properly verified your identity.
2.1.2. What is the deadline for informing you about our data processing?
Without undue delay, but in any case within 30 days of receipt of the request, we will inform you of the action we have taken in response to your request to exercise your right.
Where necessary, taking into account the complexity and number of requests, the 30-day time limit may be extended by a further 60 days. We will inform you of the extension within 30 days of receipt of the request, stating the reasons for the delay. If you have submitted your request electronically, the information will be provided electronically as far as possible, unless you request otherwise. Requests sent by post will also be answered by post.
2.1.3. Is there a charge for the information?
Information and measures are provided free of charge. If your request is manifestly unfounded or excessive, in particular because of its repetitive character, taking into account the administrative costs of providing the information requested or of taking the requested action,
We may charge a reasonable amount (see paragraph 2.2 below for the copy fee), or
refuse to act on the application.
It is for us to prove that the claim is manifestly unfounded or excessive.
2.2. Right to access
You have the right to access all the legal bases for data processing.
2.2.1. What information do we provide access to?
You have the right to receive feedback from us as to whether your personal data is being processed and, if so, to have access to your personal data and the following information:
the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipients to whom the personal data have been or will be communicated;
where applicable, the proposed period for which the personal data will be stored;
your right to request from us the rectification of your personal data, the deletion or limitation of the processing of certain data in connection with a legal basis, and the right to object to the processing of such personal data in the case of certain legal data processing;
the right to lodge a complaint with the supervisory authority;
if the data have not been collected from you, any available information on their source;
the fact that automated decision-making, including profiling, and, at least in these cases, the logic used and the significance and foreseeable consequences for you of such data management
2.2.2. How do we provide access to your data?
Within a maximum of 30 days from its receipt, we will respond to your request for access by posting a copy of your personal data that we process to the contact information provided in the request.
If you submit your request electronically, our response letter will also be sent to you electronically, protected by a password that we send to the mobile number you provided. (Pdf and Excel files can be encrypted.) If you are requesting another type of response, please indicate this in your request.
2.2.3. What personal data can you request a copy of?
We will provide you with a copy of your personal data subject to data processing at any time upon request.
2.2.4. Do I have to pay for a copy?
Usually, we will provide you with a free copy of the personal data we process. However, if you request more than one copy, we may charge you a reasonable fee based on administrative costs for the additional copies, as set out below:
Copy fee:
A4 sheet size: 15 HUF + VAT per page
A3 sheet size: 25 HUF + VAT per page
If you request the information electronically, you will receive it in CD format at a cost of 1 000 HUF + VAT. We will deliver the CD by post to the address you provide.
2.3. Right to completion and rectification
You have a right of rectification in respect of all data processing legal bases.
2.3.1. What does the right of rectification mean?
If one or more of your personal data is incorrect or inaccurate in our systems, you have the right to request the rectification of that personal data. If you request a correction, we will correct your inaccurately processed personal data without undue delay.
You also have the right to request that your personal data be completed.
2.3.2. How do we ensure that your data is corrected or completed?
Within a maximum of 30 days from its receipt, we will respond to your request for rectification using the contact information provided in the request.
If you submit your request electronically, our response letter will also be sent to you electronically. If you are requesting another type of response, please indicate this in your request.
Your business information, billing information, and email address may only be changed after consultation with your sales representative, so please address your request to your sales representative.
You can modify the following information at your own discretion:
phone number
password
mailing address
2.4. Right to erasure (‘right to be forgotten’)
You are not automatically entitled to request erasure with regard to the processing of data relating to all legal bases.
2.4.1. When do we delete personal data on your request?
We will delete your personal data without undue delay if any of the following applies:
personal data are no longer necessary for the purpose for which they were collected or otherwise processed;
you withdraw your consent to the processing of data (in the case of consent-based data processing) and there is no other legal basis for the processing;
You object to the data processing, and there is no overriding legitimate reason for the processing of data on legal grounds based on public authority or legitimate interest;
the personal data have been unlawfully processed;
Personal data must be deleted in order to comply with a legal obligation imposed by the EU or an applicable Member State law.
2.4.2. When will your personal data not be erased despite your request for deletion?
We will not comply with your request for deletion if processing is necessary to comply with a legal obligation applicable to our company that governs the processing of your personal data.
2.4.3. What actions can we take before deleting data?
When we receive a deletion request, we first verify that the request is from the entitled person.
In order to accomplish the above, we may take the following actions:
request information to identify the contract between you and us (e.g., contract number, contract date),
We may ask for the ID number of the document we issued to you.
We may ask you to provide identity data recorded about you (however, we may not ask for any additional data that we do not record about you as identification).
2.4.4. How do we delete your personal data?
If we are required to comply with the deletion request, we are obliged to do our best to delete your personal data from all databases.
A record of the deletion will be made so that we can confirm that the deletion has taken place, except that registration will be canceled.
The record shall be signed by a representative of our company or by the person(s) authorized to do so by virtue of their job description. The deletion report shall include:
the name of the data subject (i.e., you);
the type of personal data deleted;
the date of cancellation.
We will inform anyone to whom personal data have been transferred of the obligation to delete them.
If the data processing is based on consent, you have the right to withdraw your consent at any time without justification. Upon withdrawal of your consent, your personal data, in the absence of any other legal basis, will be deleted. The withdrawal of consent shall not affect the lawfulness of the prior processing.
2.5. Right to restriction of processing
You have the right to restriction in respect of all data protection legal bases.
You dispute the accuracy of your personal data, in which case the limitation applies to the period of time that allows us to verify the accuracy of your personal data;
The data processing is unlawful, and you object to the deletion of the data and instead request a restriction on their use;
We no longer need personal data for the purposes of data processing, but you request it for the purpose of making, enforcing, or defending legal claims; or
You have objected to the processing of data on the basis of a public authority license or a legitimate interest; in this case, the limitation applies for a period until it is determined that our legitimate interests have priority over your legitimate reasons.
2.5.1. When will we continue to process your personal data despite the restriction?
If data processing is restricted under the preceding paragraph, such personal data, with the exception of storage, shall only be processed with your consent, for the purpose of submitting, asserting, or defending legal claims, or protecting the rights of other natural or legal persons, if it is in the public interest.
We inform all persons to whom personal data have been transferred of this obligation.
2.6. Right to object
You have the right to object to data processing on legal grounds based on public authority or legitimate interest.
2.6.1. What is the result of your protest against data processing?
We may not further process your personal data in response to your request for objection unless we have demonstrated that the processing is justified by compelling legitimate reasons, overriding your interests, rights, and freedoms, or relating to the filing, enforcement, or protection of legal claims.
2.6.2. How do you object to the processing of your personal data for direct business purposes?
If your personal data is processed for the purpose of direct marketing (a newsletter), you have the right to object (unsubscribe) to the processing for this purpose at any time.
If you object to the processing of personal data for the purpose of direct marketing, personal data may no longer be processed for this purpose.
2.7. Right to data portability
In the case of consent- or contract-based data processing, you have the right to data portability, given that the processing is automated.
2.7.1. What do we provide you with in terms of your data portability?
We ensure that the personal data you provide to us will be provided to you in a structured, widely used, machine-readable format and that you may pass it on to another controller.
2.7.2. How do we ensure the right to data portability?
Customer information, registration data, shopping lists, and any other data recorded by the system will be provided to you in the form of an Excel spreadsheet.
We will respond to your request without undue delay, but no later than 30 days from the date of receipt, and it will be sent by post to the contact details provided in the request.
If you submit your request electronically, our reply letter will also be sent to you electronically, protected by a password, which we will forward to your mobile number (PDF and Excel files can be encrypted). If you are requesting another type of response, please indicate this in your request.
3. Complaint, common rules of procedure
3.1. Complaint
In the event of an alleged infringement of your personal data processing rights, we will investigate your complaint within 30 days at most.
3.1.1. To whom can you submit your complaint?
Please send your complaint to us first, by post or email:
Maksoft JSCo.
Head office: 1527 Sofia, 150 Vassil Levski Blvd.
e-mail: [email protected]
Please only exercise your right to oral information if you are unable to contact us in any other way, given that written certainty protects both your interests and ours.
3.1.2. Where can you complain if you are not satisfied with our complaint handling?
If you are not satisfied with our complaint handling, you can also file a claim with the competent tribunal (the Metropolitan Court or the place of residence) or initiate an investigation with the Bulgarian National Authority for Data Protection and Freedom of Information at:
postal address: H-1024 Budapest, Szilágyi Erzsébet fasor 22/C.,
e-mail: [email protected],
telephone: +36-1-3911400
representative, Head of the Authority: Dr. Péterfalvi Attila
website: www.naih.hu
3.2. Common rules of procedure
3.2.1. What data do we need to properly handle your complaint?
Please provide your personal identification information and mailing address when contacting us. If any doubts arise about your identity or if the information provided is not sufficient for us to identify you, we are entitled to ask for additional identification.
3.2.2. How long does it take to respond to your inquiry?
We will endeavor to process your request as soon as possible. The administrative deadline is 30 days, which we are entitled to extend for another 60 days if necessary. We will send you, as an applicant or claimant, a reasoned notification no later than 30 days after your request.
3.2.3. In what form do we respond to you?
We will respond to requests in writing in the form in which they were received, that is, by post or email, unless specifically stated otherwise in the request.
3.2.4. Is there a fee for complaint handling?
Well-founded requests will be met free of charge. However, if the application is manifestly unfounded or, especially because of its repetitive nature, excessive, we reserve the right to charge a reasonable amount or even refuse to act on the application. (For the applicable rates, see Section III./1.2.4 above under Copy Fee.)
IV. Data transfer, data processors, and other data controllers
1. To whom do we transfer your personal data?
Your data will be made available only to data processors and other data controllers whose services are absolutely necessary for the operation of our website, the provision of storage space, the fulfillment of accounting obligations, and the operation of IT systems.
The contacts of the referenced companies are listed below, so that our company may at any time unilaterally choose to use another service provider. In such a case, we will amend the present Policy accordingly.
In addition to the above, your personal data will only be forwarded to the authorities, courts, notaries, and other organizations authorized by law to handle the data.
Legal basis of data transfer: Article 6 (1) (c) of the GDPR, fulfillment of legal obligation
2. Data processors and their contacts
By visiting our website, you acknowledge that your personal data will be processed by the following service providers as data processors in a targeted and necessary manner:
2.1 Hosting-provider:
Hosting provider: Virgo Systems Kft.
Hosting provider’s registered office: H-8200 Veszprém, város tér 25.
Hosting provider’s website: https://systems.virgo.hu/
Hosting provider’s email: [email protected]
Hosting provider’s customer service: +36 1 336 0630
2.2 Web server operator:
Company name: Virgo Systems Kft.
Registered office: H-8200 Veszprém, város tér 25.
Company registration number: 01-09-689231
Tax number: 12497278-2-42
Represented by: Laczkovich Bence
2.3 Auditor:
Company name: ICT Europa Holding Inc.
Registered office: H-1117 Budapest, Fehérvári t 50-52.
Company registration number: 01-09-998752
Tax number: 24266479-2-43
Contact: Gulyás Gábor
V. IT data security
We guarantee data security in accordance with the provisions of the GDPR, including in particular the state of the art and the costs of implementation, the nature, scope, circumstances, and purposes of data processing. Taking into account the varying probability and severity of the risks to the rights and freedoms of natural persons, we shall implement appropriate technical and organizational measures to ensure a level of data security appropriate to the degree of risk.
In order to prevent the destruction, unauthorized use, or alteration of your personal information, we will, in particular, apply the following measures, which we will continually improve on a need-to-know basis:
We create automatic backups of our databases on a separate server.
We use mirroring,
Our server is a dedicated server located in Hungary, protected 24 hours a day.
We use a firewall to protect your personal data, and our server has an active and passive security system.
VI. Data breach
1. Definition of data breach
A data breach is any case in which an unauthorized person has access to personal data or the data is destroyed, lost, or changed.
2. Risk assessment of data breaches
In the event of a data breach, acting in accordance with GDPR, the impact and risks of that incident will be assessed by a team, and based on that assessment, we will take the necessary steps to resolve it and notify the competent authority or the data subject, as appropriate.
3. Informing the data subject
If the result of the risk analysis is that a data breach is likely to pose a high risk to the rights of those affected, i.e., your rights, we will notify you of the data breach. Depending on the nature of the data breach, the information will be provided through our website or through other more direct means (e.g., email).
4. Data breach policy: incident management
We have a separate internal incident management policy for dealing with data incidents, which ensures that when a privacy incident occurs, we can deal with it efficiently and quickly and also make the appropriate notifications, but first and foremost, under the circumstances, to minimize the risk of potential data corruption or loss and any damage.
VII. Definitions, Governing Law, Disclosure, and Amendments to the Policy
1. Definitions
1.1. Privacy legislation: all applicable data protection, privacy, and information security laws, especially but not exclusively the General Data Protection Regulation (GDPR), any related national transposition, amendment, or replacement legislation from time to time, and also the Act CXIII of 2011 on the Right of Informational Self-Determination and on Freedom of Information.
1.2. Personal data: means any personal data as defined by applicable data protection legislation, including, in particular, any information relating to an identified or identifiable natural person ("data subject") as defined in the GDPR; identifiable is a natural person who, directly or indirectly, in particular by virtue of one or more factors such as name, number, position, online identification, or physical, physiological, genetic, intellectual, economic, cultural, or social identity of the natural person identified,
1.3. Data controller: means a natural or legal person, public authority, agency, or any other body that determines the purposes and means of the processing of personal data, alone or in association with others.
1.4. Data processor: means a natural or legal person, public authority, agency, or any other body that processes personal data on behalf of the controller.
1.5. Recipient: means a natural or legal person, public authority, agency, or any other body to whom personal data are disclosed, whether a third party or not. Public authorities that have access to personal data in the framework of a specific inquiry in accordance with Union or Member State law shall not be considered recipients; the processing of such data by these public authorities shall comply with the applicable data protection rules in accordance with the purposes of the processing.
1.6. Third party: means any natural or legal person, public authority, agency, or any other body that is not the data subject, the controller, the processor, or any person authorized to process personal data under the direct control of the controller or processor.
1.7. Data processing: means any or all of the operations carried out in an automated or non-automated way on personal data or data files, such as collection, recording, systematization, classification, storage, transformation or alteration, retrieval, access, use, communication, distribution, or otherwise making available, coordinating or linking, limiting, deleting, or destroying.
1.8. Consent of the data subject: means the voluntary, explicit, and unambiguous expression of the will of the data subject, by which the data subject indicates his or her consent to the processing of personal data concerning him or her by means of a statement or act of unambiguous confirmation;
1.9. Data breach (privacy incident): means a security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access of personal data transmitted, stored, or otherwise processed;
1.10. Filing system: means a set of personal data, in any form—centralized, decentralized, functional, or geographical—accessible according to specified criteria;
1.11. Data stock: a document to assess the scope and nature of personal data managed by the controller
2. Governing Law
The present policy is made and interpreted in accordance with current Bulgarian law. The policy, in particular but not limited to, is governed by the following legislation:
Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR")
Act CXIII of 2011 on the Right of Informational Self-Determination and on Freedom of Information („Infotv.")
Act V of 2013 on the Civil Code („Ptk")
Act C of 2000 on accounting („Sztv.")
Act CVIII on certain issues of electronic commerce activities and information society services („Ekertv.")
Act XLVIII of 2008 on the essential conditions and certain limitations of business advertising activity („Grt.")
3. Disclosure of the Privacy Policy
The Privacy Policy is published on our website under the Privacy Policy menu item and is permanently available there.
4. Amendment of the Privacy Policy
We reserve the right to unilaterally modify the present Policy at any time. In the event of changes, we will inform you in our news.
The amended provisions will become effective upon publication on our website or otherwise being notified to you.
Promotional personalised pens delivered free in Europe with a minimum order of 1000pc....
Brand your promotional shipping calendars at lowest prices in EU. Printing promotional ...
All kinds of promotional carrier bags, personalised backpacks, drawstring bags and bag hangers with...
Silicone wristbands and holiday bracelets on stock in E.Europe. Branded promotional wristbands....
Wholesale promotional notebooks, custom notebooks, softcover and hardback notebooks, promotional...