Introduction and Scope
Book Flow House is committed to protecting your privacy in accordance with Regulation (EU) 2016/679 (GDPR). This policy governs the processing of personal data collected through our literary e-commerce platform, mobile applications, and customer service channels, ensuring transparent handling of information for all Hungarian and international customers browsing our curated collections.
Data Controller Information
The data controller is Book Flow House Kft., registered in Hungary under applicable commercial regulations, with registered office in Budapest. Our Data Protection Officer can be reached at [email protected] or through our dedicated secure contact portal for all privacy-related inquiries, data subject requests, and regulatory correspondence.
Categories of Personal Data Collected
We process identification data including full name and title, contact details such as email address and phone number, shipping and billing addresses, financial information handled via encrypted tokenization by payment partners, transaction history including purchased titles and order values, technical data encompassing IP addresses and browser types, and behavioral data derived from your navigation patterns and literary preferences within our digital library environment.
Methods of Data Collection
Personal data is collected directly when you register an account, complete purchases, subscribe to newsletters, submit reviews, or contact customer service. Automated collection occurs through cookies, server logs, and analytics tools during your interaction with our platform. Additional data may be received from payment service providers and logistics partners strictly necessary to fulfill contractual obligations.
Purposes and Legal Basis of Processing
We process data for contract performance including order fulfillment and delivery coordination, legal compliance such as tax accounting and consumer protection regulations, legitimate interests encompassing fraud prevention and website security maintenance, and consent-based activities including personalized book recommendations and marketing communications regarding new literary arrivals and cultural events.
Data Retention Periods
Account information is retained for the duration of active membership plus two years following last activity. Transaction and accounting records are preserved for eight years per Hungarian financial regulations. Marketing consent data is maintained until explicit withdrawal, followed by deletion within thirty days. Technical security logs are stored for twelve months before anonymization or secure deletion.
Data Recipients and Third-Party Transfers
Your data may be shared with trusted logistics providers for delivery execution, certified payment processors for transaction handling, cloud hosting services operating within EU/EEA jurisdictions, and analytics platforms under strict data processing agreements. International transfers outside the European Economic Area utilize Standard Contractual Clauses and adequacy decisions to ensure continued GDPR-equivalent protection standards.
User Rights Under GDPR
You possess comprehensive rights including access to your stored personal data, rectification of inaccurate information, erasure under the right to be forgotten, restriction of processing activities, data portability in structured machine-readable formats, and objection to processing based on legitimate interests or direct marketing. All requests are processed within thirty days through verified channels.
Security Measures and Data Protection
We implement technical safeguards including TLS 1.3 encryption for data transmission, AES-256 encryption for stored databases, role-based access controls, multi-factor authentication for administrative systems, and regular security audits. Organizational measures encompass staff confidentiality agreements, privacy-by-design development practices, and documented breach response procedures with seventy-two-hour regulatory notification capability.
Children's Privacy and Special Categories
Book Flow House does not knowingly collect personal data from individuals under sixteen years of age without verifiable parental consent. Account creation requires age affirmation, and our children's literature sections implement additional privacy safeguards. We do not process special category data including racial, ethnic, religious, or biometric information unless explicitly required by law with explicit consent.
Policy Updates and Contact Information
This privacy policy is reviewed quarterly and updated to reflect legal developments or platform enhancements. Material changes are communicated via email and prominent website notifications thirty days prior to effectiveness. For questions regarding data protection practices, exercise of rights, or complaints, contact our Data Protection Officer or the Hungarian National Authority for Data Protection and Freedom of Information (NAIH).