According to the specific data management described in the present Policy (hereinafer: „Policy”), Ingatlancsoport Kft. (head office: 1042 Budapest, Árpád út 56. I. em. 2.; company registration number: 01-09-293638; e-mail: [email protected]; hereinafter: „Data manager”) is acknowledged as data manager.
The Data manager performs its activities under the governing legislations of the European Union and Hungary. Data management operates primarily under the legislation of the Regulation (EU) No 2016/679 of the European Parliament and Council of 27. April. 2016. on the protection and free movement of the private data of natural persons, and repealing Regulation 95/46/EK (hereinafter: ”GDPR”).
Further applicable legislations are the following:
The validity of the present Policy exclusively covers the Data manager’s website available on the following address: www.kvartyra.hu (hereinafter: ”Website”).
According to GDPR, any information connected to the identifiable or identified natural person (”subject”) is considered as personal data; any natural person, who can be identified directly or indirectly, especially in connection to any identification, such as by name, number, location data, online identification or by the physical, physiological, genetic, intellectual, economical, cultural or social attributes of the natural person,is deemed identifiable.
According to the restrictions of the present Policy, the person who establishes contact with the Data manager and submits their data and their consent to its management, is considered as a subject of data management. On that basis, the validity of the present Policy does not cover data in connection to other than natural entities (e.g. company data), as well as data unrelated to natural persons (e.g. statistical on anonymised data).
The validity of the present Policy exclusively covers the data management performed by the Data manager. In the absence of any contrary stipulation, the Policy does not cover the services and data management for promotions, prize competitions, services and other campaigns or published content provided by third parties advertising or by any means appearing on the Website. In the absence of any contrary stipulation, the Policy does not cover the services and data management of websites and services referenced or linked on the Website.
The Data manager handles the data in a legal, honourable and transparent manner. The Data manager aims to keep the managed data accurate and up-to-date. The Data manager provides the enforcement of the subject’s rights, and takes every action necessary to ensure the legality of data management in all stages.
The consent of the subject (Article 6.(1.)(a) of GDPR)
The legal basis of data management is primarily the consent of the subject. The Data manager exclusively handles the data based on the submission and consent of the subject. The consent is voluntary, the subject expresses their consent by registration, submitting their data and accepting the present policy. The consent can be withdrawn by the subject anytime.
The Data manager collects the data primarily from the subject. The Data manager only collects data from other sources, if the consent of the subject is expressed.
The Data manager handles the subject’s following data: name, e-mail address, phone number, details of proposal.
The Data manager sends advertisements with the permission of the subject. The consent can be withdrawn anytime by the subject. In this case, the Data manager terminates the data management of advertising purposes.
Data transmission for a third party is only performed by the Data manager, if the subject, knowing the scope and recipient of the transmitted data, definitely expressed their consent, or the Data manager possesses the appropriate legal basis to execute the transmission.
The Data manager ensures the safety of the data, takes the necessary technical and organizational actions and establishes the restrictions of procedures to enforce the requirements of data security. The Data manager tracks the processed data in accordance with the applicable legislation, providing that the data is only known by workers and other representatives of Data manager for whom it is necessary to carry out their tasks. Any representative of the Data manager is exclusively entitled to recognize the data that is necessary for them to carry out their tasks. The indicated persons shall handle the data confidential. In connection to their tasks, the Data manager ensures IT security in the following instances especially:
In case of visiting the Website, the system connected to the Website automatically records the IP address of the user’s computer, with the start date of the visit and in some cases, based on the settings of the computer, the type of the browser and the operating system. Data recorded with this method shall not be connected to other personal data. The processing of the data only serves statistical purposes.
Cookies make the Website possible to recognize former visitors. Cookies aim to assist the Data manager, as the operator of the Website, to optimize the Website, providing services in accordance with the habits of the users. Cookies are also suitable for:
In the event of the Data manager using outside web services to display content on the Website, a few other cookies can get stored, which are not overseen by the Data manager, not having any influence over the data this Website and outsider domains collect. Information about these cookies is provided by the restriction in connection with the given services. The Data manager uses Google Analytics cookies to collect the attendance statistics of the Website.
The Data manager applies a Facebook remarketing code in order to later cater to the visitors of the Website with Facebook remarketing advertisements. The remarketing code uses cookies to make the visitor of the Website identifiable for Facebook.
The Data manager uses a Google Adwords Remarketing cookie which, similarly to the aforementioned Facebook remarketing cookie, makes it possible for the users of the Website to receive advertisements later on Google.
Users can set their web search engines to accept or deny all of the cookies, or to notify the user if a cookie enters their computer. Setting options can usually be found in the browser under ”Options” or ”Settings”. Detailed information can be found on the following website: www.aboutcookies.org, that helps with the settings in multiple browsers.
The Data manager is entitled to commission a data processor. Data processors do not make their own decisions, they are only allowed to work by their contracts with the Data manager. The Data manager inspects the data processors' job. Data processors can only acquire further data processors with the Data manger’s consent. The Data manager publishes the data of the commissioned data processors. The Data manager acquires the following data processors:
The duration of the management of private data shall not exceed the necessary and legal measures. The Data manager shall ensure this by creating and obeying the restrictions regarding deletion.
Data will be deleted for the following reasons:
Privacy incident is a type of security breach resulting in the accidental or illegal termination, loss, modification or unauthorized publishment or access of the transmitted, stored or, by any means, processed private data. The Data manager shall immediately report the privacy incident to the National Authority for Data Protection and Freedom of Information, unless the privacy incident is unlikely to pose a risk to the subject’s rights and freedom. The Data manager registers privacy incidents and the related measure. In case of a serious incident (it is likely to pose high risk to the rights and freedom of the subject), the Data manager shall notify the subject about the privacy incident without undue delay.
Information (access): The subject has the right to request information about their data management. During registration, the Data manager informs the subject about data management, and the present Policy is also constantly available for the subject. During the entirety of the data management, the subject is entitled to request for comprehensive information about the management of their data. The subject is allowed to ask the Data manager to provide them with copies of the data.
Correction: The subject can request the Data manager to revise incorrect data, and to complete insufficient information.
Deletion, withdrawal of consent: The subject is entitled to withdraw their consent to data management anytime, and can ask for the deletion of their data. The Data manager shall only deny the request, if the data management is based on legally terms, or the data management is required for presenting, endorsing and protecting legal claims.
Limitations: The subject is entitled to ask for limitations regarding data management in the following cases:
If data management is limited, this personal data can only be managed, aside from storage, with the subject’s consent, or in the interest of presenting, endorsing and protecting legal claims, as well as to protect the personal rights of a natural or legal entity or in the public interests of the European Union or any of its member states.
Opposition: If data management is based on the endorsement of legitimate interests of the Data manager or a third party, the subject is entitled, in relation to their personal circumstances, to protest against the management of their personal data anytime. In this case, the data manager can no longer manage the personal data, unless the data manager proves that data management is necessary due to compelling legitimate grounds, overriding the interests, rights and freedom of the subject, as well as they are connected to the presentation, endorsement and protection of legal claims. If the management of private data is performed for direct marketing purposes, the subject is allowed to oppose against the management of their private data in that manner.
Data portability: The subject is entitled to receive their personal data in a divided, commonly used, machine-readable format, as well as to forward them to another data manager, on the condition that the data management is automated. The subject is allowed to request the transmission of the personal data to another data manager, if it is technically feasible
Simultaneously to establishing contact, the Data manager informs the subject about data management. For the request of the subject, the Data manager makes the present Policy available, and publishes it to the website of the Company. The present detailed Policy is available for the subject, and its existence and availability is highlighted by the Data manager. The Data manager also makes the privacy policy informant available, which contains the most crucial data protection rules based on the present Policy.
The subject is allowed to send their application for exercising their rights to the Data manager through any of the contact details defined in point 1.1. The Data manager shall inspect the application immediately, makes a decision about the execution of the request and takes the necessary actions. The Data manager notifies the subject about the actions taken within a month. The notification shall, in all cases, include the actions taken by the Data manager or the requested information. In the event of the Data manager denying the execution of the request (does not takes the necessary actions to fulfill the request), the notification shall include the legal basis and the reason of the refusal, as well as the subject’s possibilities of judicial remedy. The Data manager’s execution of the request is free of charge. If the circumstances of the submission indicate that the request was not applied by the subject, the Data manager can ask the applicant to confirm their eligibility, or to submit the application in an unequivocal manner.
The Data manager shall notify every recipient about the correction, deletion or data limitation, who received the personal data, unless the notification is deemed impossible or it takes a disproportionate effort. Upon their request, the subject shall be notified of these recipients by the Data manager.
In the event of violating the subject’s rights, the subject can request the abolition of the illegal data management, and the Data manager is asked to investigate the data management and the refusal of the subject’s application. The Data manager shall investigate such complaints in all cases, and the subject shall be notified about the conclusion of the investigation. The subjects can submit their complaints to the addresses defined in the contact details in point 1.1.
The subject can also directly appeal to the National Authority for Data Protection and Freedom of Information (address: 22/C. Erzsébet Szilágyi Alley, Budapest, 1125.; phone number: +36-1-391-1400; email: [email protected]; website: www.naih.hu).
In case of the infringement of their rights, the subject is entitled to bring the case to court. The Data manager shall inform the subject about the courts or authorities with competence to deal with applications, as well as the possibilities of taking judicial action.