Legal notice

PRIVACY POLICY

system_check

I. GENERAL INFORMATION, THE DATA MANAGER

1.1. The identity and activities of the data manager

According to the specific data management described in the present Policy (hereinafer: „Policy”), Ingatlancsoport Kft. (head office: 1042 Budapest, Árpád út 56. I. em. 2.; company registration number: 01-09-293638; e-mail: [email protected]gatlanok.hu; hereinafter: „Data manager”) is acknowledged as data manager.

1.2. Applicable legislation

The Data manager performs its activities under the governing legislations of the European Union and Hungary. Data management operates primarily under the legislation of the Regulation (EU) No 2016/679 of the European Parliament and Council of 27. April. 2016. on the protection and free movement of the private data of natural persons, and repealing Regulation 95/46/EK (hereinafter: ”GDPR”).

Further applicable legislations are the following:

The applied legislations are available at: http://net.jogtar.hu

1.3 The validity of the Policy, the subject

The validity of the present Policy exclusively covers the Data manager’s website available on the following address: www.::url (hereinafter: ”Website”).

According to GDPR, any information connected to the identifiable or identified natural person (”subject”) is considered as personal data; any natural person, who can be identified directly or indirectly, especially in connection to any identification, such as by name, number, location data, online identification or by the physical, physiological, genetic, intellectual, economical, cultural or social attributes of the natural person,is deemed identifiable.

According to the restrictions of the present Policy, the person who establishes contact with the Data manager and submits their data and their consent to its management, is considered as a subject of data management. On that basis, the validity of the present Policy does not cover data in connection to other than natural entities (e.g. company data), as well as data unrelated to natural persons (e.g. statistical on anonymised data).

The validity of the present Policy exclusively covers the data management performed by the Data manager. In the absence of any contrary stipulation, the Policy does not cover the services and data management for promotions, prize competitions, services and other campaigns or published content provided by third parties advertising or by any means appearing on the Website. In the absence of any contrary stipulation, the Policy does not cover the services and data management of websites and services referenced or linked on the Website.

II. THE PRINCIPLES, PURPOSE AND LEGAL BASIS OF DATA MANAGEMENT

2.1. The principles of data management

The Data manager handles the data in a legal, honourable and transparent manner. The Data manager aims to keep the managed data accurate and up-to-date. The Data manager provides the enforcement of the subject’s rights, and takes every action necessary to ensure the legality of data management in all stages.

2.3. The legal basis of data management

The consent of the subject (Article 6.(1.)(a) of GDPR)

The legal basis of data management is primarily the consent of the subject. The Data manager exclusively handles the data based on the submission and consent of the subject. The consent is voluntary, the subject expresses their consent by registration, submitting their data and accepting the present policy. The consent can be withdrawn by the subject anytime.

III. DATA COLLECTION, THE SCOPE OF PROCESSED DATA, ADVERTISING

3.1. Data collection, the scope of processed data

The Data manager collects the data primarily from the subject. The Data manager only collects data from other sources, if the consent of the subject is expressed.

The Data manager handles the subject’s following data: name, e-mail address, phone number, details of proposal.

3.2. Data management for advertising purposes

The Data manager sends advertisements with the permission of the subject. The consent can be withdrawn anytime by the subject. In this case, the Data manager terminates the data management of advertising purposes.

IV. FURTHER INFORMATION REGARDING DATA MANAGEMENT

4.1. Data transmission

Data transmission for a third party is only performed by the Data manager, if the subject, knowing the scope and recipient of the transmitted data, definitely expressed their consent, or the Data manager possesses the appropriate legal basis to execute the transmission.

4.2 Data security, access to data

The Data manager ensures the safety of the data, takes the necessary technical and organizational actions and establishes the restrictions of procedures to enforce the requirements of data security. The Data manager tracks the processed data in accordance with the applicable legislation, providing that the data is only known by workers and other representatives of Data manager for whom it is necessary to carry out their tasks. Any representative of the Data manager is exclusively entitled to recognize the data that is necessary for them to carry out their tasks. The indicated persons shall handle the data confidential. In connection to their tasks, the Data manager ensures IT security in the following instances especially:

The Data manager takes the necessary actions towards the protection of paper registers, in particular consideration with physical and fire safety. Employees, trustees and other representatives of the Data manager shall securely protect the data carriers containing personal data that is in their use or possession, regardless of the recording method.

4.3. Technical data and cookies

In case of visiting the Website, the system connected to the Website automatically records the IP address of the user’s computer, with the start date of the visit and in some cases, based on the settings of the computer, the type of the browser and the operating system. Data recorded with this method shall not be connected to other personal data. The processing of the data only serves statistical purposes.

Cookies make the Website possible to recognize former visitors. Cookies aim to assist the Data manager, as the operator of the Website, to optimize the Website, providing services in accordance with the habits of the users. Cookies are also suitable for:

In the event of the Data manager using outside web services to display content on the Website, a few other cookies can get stored, which are not overseen by the Data manager, not having any influence over the data this Website and outsider domains collect. Information about these cookies is provided by the restriction in connection with the given services. The Data manager uses Google Analytics cookies to collect the attendance statistics of the Website.

The Data manager applies a Facebook remarketing code in order to later cater to the visitors of the Website with Facebook remarketing advertisements. The remarketing code uses cookies to make the visitor of the Website identifiable for Facebook.

The Data manager uses a Google Adwords Remarketing cookie which, similarly to the aforementioned Facebook remarketing cookie, makes it possible for the users of the Website to receive advertisements later on Google.

Users can set their web search engines to accept or deny all of the cookies, or to notify the user if a cookie enters their computer. Setting options can usually be found in the browser under ”Options” or ”Settings”. Detailed information can be found on the following website: www.aboutcookies.org, that helps with the settings in multiple browsers.

4.4. Data processing

The Data manager is entitled to commission a data processor. Data processors do not make their own decisions, they are only allowed to work by their contracts with the Data manager. The Data manager inspects the data processors' job. Data processors can only acquire further data processors with the Data manger’s consent. The Data manager publishes the data of the commissioned data processors. The Data manager acquires the following data processors:

4.5. The duration of data management

The duration of the management of private data shall not exceed the necessary and legal measures. The Data manager shall ensure this by creating and obeying the restrictions regarding deletion.

Data will be deleted for the following reasons:

  1. If private data is no longer needed for the purpose it was collected for, or it has been handled in a different manner. If the purpose of data management is terminated and the legislation does not require data management, the data shall be deleted by the Data manager.
  2. If the subject withdraws their consent. If the subject withdraws their consent, or the subject requests the deletion of the data, the Data manager shall delete the data in all cases. Deletion can only be denied if it is prohibited by legislation or any official order. If tax payments connected to prizes were involved, tax data will only be deleted, if the duration specified by law has expired.
  3. The subject protests against data management. If the subject protests against data management for advertisement purposes, the Data manager shall delete the connecting data.
  4. If illegal data management is confirmed. If the data management is illegal, the Data manager shall delete it in all cases immediately, as soon as the illegal management of data becomes apparent.
  5. If the Data manager is legally obligated to delete the data, or the deletion is ordered by the Hungarian National Authority for Data Protection and Freedom of Information. If the deletion is under legal obligation, or it was ordered by court or any legal authority and the judgement is final, the Data manager shall delete the data.

4.6. The management of privacy incidents

Privacy incident is a type of security breach resulting in the accidental or illegal termination, loss, modification or unauthorized publishment or access of the transmitted, stored or, by any means, processed private data. The Data manager shall immediately report the privacy incident to the National Authority for Data Protection and Freedom of Information, unless the privacy incident is unlikely to pose a risk to the subject’s rights and freedom. The Data manager registers privacy incidents and the related measure. In case of a serious incident (it is likely to pose high risk to the rights and freedom of the subject), the Data manager shall notify the subject about the privacy incident without undue delay.

V. THE SUBJECT’S RIGHTS AND THEIR ENFORCEMENT

5.1. The rights of the subject

Information (access): The subject has the right to request information about their data management. During registration, the Data manager informs the subject about data management, and the present Policy is also constantly available for the subject. During the entirety of the data management, the subject is entitled to request for comprehensive information about the management of their data. The subject is allowed to ask the Data manager to provide them with copies of the data.

Correction: The subject can request the Data manager to revise incorrect data, and to complete insufficient information.

Deletion, withdrawal of consent: The subject is entitled to withdraw their consent to data management anytime, and can ask for the deletion of their data. The Data manager shall only deny the request, if the data management is based on legally terms, or the data management is required for presenting, endorsing and protecting legal claims.

Limitations: The subject is entitled to ask for limitations regarding data management in the following cases:

  1. if the accuracy of personal data is contested by the subject, the limitations apply to the duration of time needed for the Data manager to examine the accuracy of the data;
  2. if the data management is illegal and the subject opposes to the deletion of the data, and requests to limit their usage instead;
  3. the data manager does not require the private data for data management, yet the subject requires them to present, endorse and protect legal claims;
  4. the subject protested against data management; in this case, the limitations apply to the duration of time needed to determine whether the legitimate reasons of the data manager prevail over the legitimate reasons of the subject.

If data management is limited, this personal data can only be managed, aside from storage, with the subject’s consent, or in the interest of presenting, endorsing and protecting legal claims, as well as to protect the personal rights of a natural or legal entity or in the public interests of the European Union or any of its member states.

Opposition: If data management is based on the endorsement of legitimate interests of the Data manager or a third party, the subject is entitled, in relation to their personal circumstances, to protest against the management of their personal data anytime. In this case, the data manager can no longer manage the personal data, unless the data manager proves that data management is necessary due to compelling legitimate grounds, overriding the interests, rights and freedom of the subject, as well as they are connected to the presentation, endorsement and protection of legal claims. If the management of private data is performed for direct marketing purposes, the subject is allowed to oppose against the management of their private data in that manner.

Data portability: The subject is entitled to receive their personal data in a divided, commonly used, machine-readable format, as well as to forward them to another data manager, on the condition that the data management is automated. The subject is allowed to request the transmission of the personal data to another data manager, if it is technically feasible

5.2. The insurance of the subject’s rights, the management of the subject’s requests

Simultaneously to establishing contact, the Data manager informs the subject about data management. For the request of the subject, the Data manager makes the present Policy available, and publishes it to the website of the Company. The present detailed Policy is available for the subject, and its existence and availability is highlighted by the Data manager. The Data manager also makes the privacy policy informant available, which contains the most crucial data protection rules based on the present Policy.

The subject is allowed to send their application for exercising their rights to the Data manager through any of the contact details defined in point 1.1. The Data manager shall inspect the application immediately, makes a decision about the execution of the request and takes the necessary actions. The Data manager notifies the subject about the actions taken within a month. The notification shall, in all cases, include the actions taken by the Data manager or the requested information. In the event of the Data manager denying the execution of the request (does not takes the necessary actions to fulfill the request), the notification shall include the legal basis and the reason of the refusal, as well as the subject’s possibilities of judicial remedy. The Data manager’s execution of the request is free of charge. If the circumstances of the submission indicate that the request was not applied by the subject, the Data manager can ask the applicant to confirm their eligibility, or to submit the application in an unequivocal manner.

The Data manager shall notify every recipient about the correction, deletion or data limitation, who received the personal data, unless the notification is deemed impossible or it takes a disproportionate effort. Upon their request, the subject shall be notified of these recipients by the Data manager.

5.3. Legal remedy

In the event of violating the subject’s rights, the subject can request the abolition of the illegal data management, and the Data manager is asked to investigate the data management and the refusal of the subject’s application. The Data manager shall investigate such complaints in all cases, and the subject shall be notified about the conclusion of the investigation. The subjects can submit their complaints to the addresses defined in the contact details in point 1.1.

The subject can also directly appeal to the National Authority for Data Protection and Freedom of Information (address: 22/C. Erzsébet Szilágyi Alley, Budapest, 1125.; phone number: +36-1-391-1400; email: [email protected]; website: www.naih.hu).

In case of the infringement of their rights, the subject is entitled to bring the case to court. The Data manager shall inform the subject about the courts or authorities with competence to deal with applications, as well as the possibilities of taking judicial action.