Privacy Policy

for the AR Books LibrARy application and arbookslibrary.co.uk portal and webshop

According to Act CXII / 2011 Paragraph 15 and Item 13 of the Regulation of the European Parliament and of the Council (EU) 2016/679 on self-determination and freedom of information.

 

Terms

Mobile phone application: AR Books Library (hereinafter App)

Website: https://arbookslibrary.co.uk (hereinafter Portal)

Webshop: https://arbookslibrary.co.uk (hereinafter: Webshop)

Az Registered and unregistered users and customers who use the app, the portal and the webshop (hereinafter: User)

Data management

Data controller:

Multilearn Kft. (hereinafter Publisher)
Address: Hungary 1188 Budapest, Lőrinci út 6/b
Tax number: 423 9734 82
Trade register number: EORI GB423973482000

Data processor

Prostep Consulting Ltd.
Address: Hungary 2089 Telki, Kamilla utca 23.
Tax number: HU23077496
Trade register number: 13-09-220637

It is the responsibility of the Data controller to create the Privacy Policy and to comply with its content. The effective version is always available on the portal.

The Data controller is responsible for ensuring that the personal data stored in the system are lawfully managed and that all employees, subcontractors and natural persons involved in other legal relationships are informed accordingly in accordance with Act CXII / 2011 Paragraph 3, Numbers 9, 17, 18. on informational self-determination and freedom of information and Article 4, Numbers 7 and 8 as well as Articles 24 and 28 (with the exception of Number 2) of the Regulation of the European Parliament and of the Council (EU) 2016/679 (General Data Protection Regulation), for the protection of natural persons in the Processing of personal data and the free movement of data and the repeal of Regulation 95/45 / EC, which came into force on May 25, 2018. The Data processor is only responsible for the proper operation of the system and the availability of the IT environment.

With regards to data management in connection with sales (invoicing) and the use of personal data provided during registration, the legal basis for managing personal data in the case of invoicing is Section 169 (2) of Law C (2000). The legal basis for managing personal data provided during registration and for sending newsletters is the prior, express and voluntary consent of the User involved.

Notifications of technical changes, downtimes and other changes to the general terms and conditions of the Portal, Webshop and App will be sent without the separate consent of the User.

The Data controller may not pass on the processed personal data to third parties without the prior, express and informed consent of the data subjects, with the exception of the transmission of data to authorities with a legal title (e.g. Section 264 of Act XC of 2017 on criminal proceedings for investigative authorities ), in which cases the transmission of data to the data manager at the request of the competent authorities is required by law.

Data storage

Data that is requested and stored by default during registration:

  • Name
  • Email address
  • Phone number
  • Password
  • Billing and shipping address
  • Tax number (if required)

Depending on the settings of the Data controller, other data can be requested during registration. All of these listed data can be changed later at any time by the registered User on the online interface.

The purpose of data storage is to identify users in the system, to send non-promotional notifications by email, e.g. forgotten password, access to published content, general technical information. At the express request of the user, a periodic marketing request can be made on the basis of the information provided.

Data transmission

When purchasing in the Webshop the system requests and stores data required for invoicing. Data related to online credit card payments are transferred by the Data Controller to payment service provider partners. The Webshop sends the billing data to the billing and accounting service partners. The data can also be transferred to an external partners who delivers the publications in order to fulfill the delivery.


Payment Service Provider partners

Data transmitted: name, e-mail address, billing address, the identifier and the amount of the purchase.

PayPal
Location: 2211 N 1st St San Jose, CA 95131, United States

Stripe Corporate
Location: 185 Berry St #550, San Francisco, CA 94107, USA


Billing partner

KBOSS.hu Ltd. – szamlazz.hu
Location: Hungary 1031 Budapest, Záhony utca 7.
Trade register number: 01-09-303201
Tax number: 13421739-2-41

Data transmitted: name, address, name of the service, for organization: tax number

Reason / purpose of the data transfer: create an electronic invoice.

 

Accounting and business partners

IM Bookkeeping Ltd.
Location: Marshall House, Ring Way, Preston PR1 2QD
Registration number: 08631599

Abacus-Audit Ltd.
Location: Hungary 1071 Budapest, Dózsa György út 66. 3. em.
Trade register number: 01-06-612036
Tax number: HU11571883

Data transmitted: name, address, name of the service, for organization: tax number

Reason / purpose of data transfer: Carrying out accounting tasks.


Analytical partner

Meta Platforms Ireland Limited (formerly: Facebook Ireland Limited)
Location: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Data transmitted: for content viewing, registration, shopping cart, purchase (payment initiation, payment details): email address, phone number, IP address, browser data
Reason/ purpose of data transfer: measurement services, ad targeting (Facebook Conversion API)

Meta Ireland's Privacy Policy contains further information on how Meta Ireland processes personal data, including the legal basis for processing and the choices available to Data Subjects in relation to Meta Ireland as data controller.


Delivery partners

Data transmitted: name, e-mail address, phone number, delivery address.

Reason / purpose of data transfer: delivery of purchased products to Users, notify Users of the shipment.

Royal Mail Group Limited
Seat: 185 Farringdon Road London, EC1A 1AA
Registration number: 4138203
VAT registration number: GB243170002.


Purpose of data storage

The system logs and stores the data related to the system logins, The purpose of data storage: To monitor the operation of developers and administrators in the system.

  • User name
  • IP address
  • domain
  • date
  • Activity (e.g. downloading AR content related to a publication)

The system stores the data for viewing the content, the purpose of data storage: analysis of usage habits, monitoring of network traffic.

  • User name
  • Name of the augmented reality content
  • Usage time

 

Data portability

The registered User has the right to data portability, i.e. the right to receive personal data about him, which are processed with his consent and made available to the data administrator in a structured, widely used, machine-readable format, and the transfer of this personal data directly to to request another data administrator if technically feasible (data portability).

 

Data transfer

By accepting the Privacy Policy the registered User agrees that in the event that certain functions are used (e.g. purchase) the Data controller will transmit his data to the service providers directly connected to him, who will only use the data received to provide the contractually agreed services, they will not be passed on to third parties in any way.

 

Data storage time

The processing of personal data required for invoicing takes 8 years after invoicing.

In the case of personal data that are processed on the basis of consent, the retention period is 5 years after the consent has been withdrawn, as the limitation period for data protection claims is 5 years. The Data controller does not use the relevant personal data in any way from the date of revocation of the consent, the data are only stored so that in the event of a data protection dispute, this can serve as evidence of the legality of the data management.

 

Data deletion

The consent to the processing of the personal data provided during registration, to the sending of the newsletter can be revoked by the user concerned at any time in the form in which the consent was given.

The registered User has the right at any time to request access to the correction, deletion or restriction of the processing of personal data concerning him and to object to the processing of this personal data.

 

Data security

Data controller declares that he guarantees the security of the data he manages as well as the security of the data provided, stored or processed and prevents their unauthorized use. The Data controller undertakes to establish the necessary data management rules, technical conditions and organizational processes that ensure the protection of the data. The Data controller takes all possible measures to ensure that the data is not damaged or destroyed.

The security measures are also binding for the employees of the Data controller who are involved in data management.

Data controller ensures that the processed data cannot be accessed, changed, deleted, disclosed or transferred by unauthorized persons. Only registered users of the system with the appropriate authorization can access the managed data; the data administrator does not transfer them to unauthorized third parties.

 

Data collected in connection with a visit to the portal (cookies)

IT cookies are processed by Google Analytics to track traffic to our various content. The data collected in this way will not be used for advertising or other commercial purposes. The legal basis for data management is the consent of the User.

The purpose of storing session cookies is to ensure that the portal works. Law CVIII/2001 is the legal basis for data management on certain issues relating to e-commerce and information society services.

Most web browsers automatically accept cookies by default. In the browser settings you can specify that you do not automatically accept cookies and ask you every time whether the user wants to accept cookies or not.

If the User has previously accepted the use of cookies but would like to revoke this authorization later and delete the cookies, he can do this in the settings of the browser.

Description of how to set and delete: Google Chrome browser, Mozilla Firefox browser, Microsoft Edge browser, Apple Safari browser.

Third-party cookies

Google Analytics, Facebook Pixel may also place cookies on the User's device for analytical purposes.

Google Analytics: to generate traffic statistics, to improve the website.

Facebook Pixel: to generate statistics on visitors from the Facebook page; to use remarketing services provided by Facebook; to display targeted advertising, optimize it for the right audience, display personalized ads, display ads, and generate reports, statements. (Read more)

 

AR Books LibrARy Application

Our App only requests access to the user's camera and device storage. When using the camera the goal is only to find the visual objects necessary to initialize the AR content loaded into the App. The App does not record, save or transmit any data using the camera. The App takes a comparative analysis of the camera image with the initialization image objects stored in the App.

When accessing the device memory the App only performs operations to download and manage the augmented reality elements it uses. Apart from these tasks the App does not scan, manage, or transfer any data stored in any other location.


Claim

The registered User is entitled to lodge a complaint against the data management of the data administrator with the National Authority for Data Protection and Freedom of Information, see contact details under the following link: https://naih.hu/about-the-authority.

 

Technical information

A list of the additional software used in the program code of the Portal can be found at this link.

 

Further Information

Should you require further information please contact us at arbookslibrary.co.uk/contact details.