Privacy Policy

This privacy policy sets out how fraau.com uses and protects any information that you give fraau.com when you use this website. Fraau.com is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement. Fraau.com may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.

What we collect

We may collect the following information:

  • name
  • contact information including email address
  • demographic information such as postcode, preferences and interests
  • other information relevant to customer surveys and/or offers


Tóth Sarolta E.V. /FRAAU (54 Báthory utca, BUDAPEST, 1196, HUNGARY; company registration number: 51758000; tax number:68445968-1-43; phone number: +45 91826400; henceforward referred as Controller) unconditionally accepts and protects the policies and objectives included in the 5th clause of the General data protection regulation. Especially:

Controller handles personal data during every procedure with care:

legally, in accordance with the conditions of decency, following the principles of clearance.

collection of data happens only for reasons that have been set, clarified beforehand and are legal.

data handling happens in correlation with the goals only in a necessary and proportional way.

precise and updates constantly, takes every logical measure to assure that no inaccurate personal data gets stored, takes action towards deleting or correcting false data immediately.

personal data will be stored only for the time that is necessary for reaching the goals of data handling during personal identification.

provides appropriate technical or organizational measures to ensure the integrity and confidentiality of personal data.

is responsible for enforcing the above principles and can be held liable for the breach of these principles.

Controller maintains an internal record of the handling of personal data, as well as for existing data management. 

  1. General terms

2.1 ’personal data’: any information that can have a correlation with the affected person, either in a direct or an indirect way. Especially any type of IDs like name, number, location data, online username or the physical, physiological, genetical, mental, economical, cultural or social data related to the natural person.

2.2 ’data management’: the collective name for any automated or not automated procedure (like collecting, recording, fixating, arranging, sorting, articulating, storing, changing, modifying, to query, introspecting, using, announcing, forwarding, sharing or any other way of making it accessible: synchronizing, interlocking, limiting, deleting and/or destroying) that can be done with personal data or files.

2.3 ’controller’: the natural or legal person, or any other institution which determines the purposes and assets of the treatment of personal data, independently or jointly with others. Only if the European Union membership has the rights to determine the goals and instruments of data management.

2.4 ’data-processor’: the natural or legal person, public authority, agency or any other body which practices control of personal data on behalf of the controller.

2.5 ’the consent of the person’: is a voluntary, concrete and appropriate statement of the person concerned who was thoroughly informed beforehand. It is a relevant statement or an unmistakably expressive act of the consent in regards of any personal data treatment.

2.6 ’privacy incident’: a breach in security which results in destroying, losing, changing, publishing or giving access unauthorized haphazardly or in an illicit way of the data be forwarded, stored or handled any other way.

2.7 ’supervisory authority’: a public authority operating in a Member State, which carries out duties of the data protection authority, in Hungary it is the National Data Protection and Information Authority (Nemzeti Adatvédelmi és Információszabadság Hatóság, NAIH)

User rights

The Users have the right to access and inform about any data referring to them. Furthermore, they can practice surveillance of the legality of data processing at any reasonable time. Especially, they have emphasized rights for the followings (in the chart) due to their requests.


User can apply for

Time frame

Getting informed

after data collection

Access personal data

1 month

Correcting data

1 month

Deleting, covering data

until deletion

Limiting data processes

until retraction, immediately

Data portability

1 month

Protesting due to data processing issues

at the time of the incident

Protesting against automated procedures and profiling

at the time of the incident


The Controller will give information to the User about the procession of data, their sources, the goal of the process, the argument, duration, and the recipient of data transfer. This will happen in a written form in 15 days of handing in the request. Controller is obligated to inspect the issue of protest and answer on deadline.  If Controller misses the deadline the User – from the statement of the decision and 30 days after the deadline’s last day – can bring the case to court.

Information is costless

The data must be deleted

- on request of the User, if the data handling proves illegal, the data is incorrect or incomplete – and this matter cannot be solved in legal ways – provided that deletion is not forbidden by any law or does not offend the Controller’s legal business interests.

- the goal of data handling was terminated

-court or any authorities commanded

Controller has to inform the affected User about any corrections or deletion. Informing the User is dispensable if it will not offend the Customer’s legal interests with the data handling.

Legal remedy

User can turn to the National Data Protection and Freedom of Information Authority (Nemzeti Adatvédelmi és Információszabadság Hatóság) with any questions about data handling and processing. (1125 Budapest, Szilágyi Erzsébet fasor 22/c, telefon: 36 1 391 1400, e-mail: ugyfelszolgalat@naih.hu) The procedure is free of charge.

If the Data does not correspond to reality and the Controller is in possession of the correct values, the Controller will correct the data that does not correspond.

  1. Obligations of Controller

Controller agrees to making an updated inventory of variable probability and serious risks regarding the data handling’s nature. Controller will take technical and institutional measures to lower risks involved like anonymizing data or classification.

Controller will take technical measures and organize to ensure that only the piece of personal data will be handled that is necessary for reaching the goal specified beforehand. This obligation applies to the quantity of collected data, level of process, storage duration and accessibility. These measures must be taken to ensure that personal data cannot be accessed by an unspecified number of people without the natural person’s permission by default.

Controller will keep a record of all data handling and processing measures within its scope of authority and surveys the location of personal data in the system (survey of data asset). Controller makes GAP analysis and privacy impact assessment.

In addition, cooperates with the local supervisory authority, Controller will make all records accessible upon their request.

Controller makes internal procedures in case of privacy incidents.  Controller must alert the affected without any delay, as soon as the incident occurred and became known, but at least in the next 72 hours. Controller must also notify the local authorities. The notification must name the circumstances of the incident, the expected consequences (except if Controller can prove with certainty hand in hand with the principle of accountability that there are no considerable risks to follow the incident regarding the natural person’s rights and freedom.

If the data processing is done by a third party in name of the Controller, the Controller must resort to data-processors that can meet the expectations of the specified criteria of protecting the Costumer’s rights with the technical measures and organization methods.

Controller must designate a data protection officer.

  1. Collection, processing and use of personal data

Data is stored in digital form on computers, on servers of Controller or a commissioner third party. The exact place of data processing: Shopify cég, aki a szerverszolgáltatást végzi, vagy ahol a szerverszolgáltatás fut

Customers can take back their consent about handling their data in the future (like sending out newsletters for them) that they have given during registration or any event by sending a letter to 54. Báthory utca, Budapest, 1196, Hungary or an e-mail to info@fraau.com.

In case the Users ask for deletion of any registered data or take back their consent of any kind of data that is related to their registration, it results in the deletion of the registration itself. In this case Users can only access the services after another valid registration giving their personal data.

Protection of children

Especially important matter any consent that is given by a child in this Privacy Policy. We take the official Facebook policies and e-mail account policies as a base for that. Children cannot consent to procession of their data under the age of 13, so the use of the application and its services is not accessible for those under the age of 13.

Data processing

Data processing is done by the Controller. Controller ensures the User that any other service will be sent with former consent and request of the User. In addition, Controller provides opportunity to end these services.


Controller agrees to use the usual and professional systems for protecting personal data and constantly updating, expanding these systems. Controller will take any necessary steps to ensure that no unauthorized person can access any personal data.

  1. The type of processed data

The data we get to store is always volunteerly given with thorough consent of the User.  We need this consent for using, processing and even for collecting the data. In this case the User accepts the conditions below and consent to legal data handling procedures.


  1. The claim and finality of data processing

User gives undeniable consent and permission to handling personal data (forwarding, storing and processing) by registering and giving these informations in the Roll application. As a result, Controller will take any necessary steps in protection of that personal data and for professional data processing due to this present Privacy Policy.

The claim of data handling; according to the General Data Protection Regulations’ 6th clause 1st paragraph:

Affected person’s consent for any other personal data

Legal obligation and fulfillment bound by contract

Data handling for the legitimate interest of Controller or a third party

If the goal of data handling is the operation of the application. Controller stores the data only for the time period that is necessary to realize the goal and uses only those pieces of data that is an indispensable tool regarding reaching the goal of the data handling.


  1. Duration of data processing

The duration of data processing is the time period between the Users’ registration and the time when they request deletion of their account or deleting the application. In case of Users request deleting their registration or account Controller must delete all data relating to User from the system in a maximum of 30 workdays.

Data stored in the mobile application or shared via social media (Facebook) will automatically be deleted from Controller’s system in 30 days.


User accepts everything included in this Privacy Policy and states that accepting the policy happened voluntarily and after an appropriate explanation. User has the right to withdraw from accepting the terms. In case User disagrees with our data protection and Privacy Policy, User should not accept and delete the application.

We ask for your understanding that without your consent the service of fraau.com through the website cannot be used. Controller can give the service for those only who accepted both present Privacy Policy and the Terms and Conditions.