DATA PROTECTION POLICY and INFORMATION
The objective of this present Data Protection Policy and Information is to record the data protection and processing principles used by PANNONIA PROPERTY SOLUTIONS Ingatlanforgalmazó Betéti Társaság (seat of company: 1075 Budapest, Károly krt 3/A. 3. emelet 9/A., company registration number: 01-06-761029), as Controller, as well as the data protection and processing policy of the company, according to which it processes Tenant’s personal data, and which policy the company considers binding on itself.
During the development of the provisions of this present Data Protection Policy and Information, the company took into consideration, in particular, the provisions set forth in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (‘General Data Protection Regulation’ or ‘GDPR’), Act CXII of 2011 on Information Self-determination and Freedom of Information (‘Infotv.’), and Act V/2013 promulgating the Civil Code (‘Ptk.’)
Data Processing: independent from any methods of processing, it means any operation or set ofoperations which is performed on Personal data or on sets of Personal data, whether or not by automated means, as regards Personal data in particular, the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Controller: means the entity which, alone or jointly with others, determines the purposes andmeans of the processing of Personal data. As regards this present Data Protection Policy and Information, the Controller shall be PANNONIA PROPERTY SOLUTIONS Ingatlanforgalmazó Betéti Társaság (seat of company: 1075 Budapest, Károly krt 3/A. 3. emelet 9/A., registered at the Company Registry Court of Budapest-Capital Regional Court, company registration number: 01-06-761029, tax number: 21855362-2-42, represented by: Garamszegi Tamás authorized to represent the company alone).
Personal data or Data: means any and all data and information relating to a natural person Tenant,by which it can be identified, directly or indirectly.
Data subject: means an identifiable natural person who can be identified, directly or indirectly, inparticular by reference to a personal data (identifier).
Data processing: means carrying out the technical duties and tasks related to data processingirrespective of the method and means of carrying out the duties and tasks, and of the location of its application, provided that the technical duties and tasks are carried out on the data themselves.
Data Processor: means the service provider which processes Personal data on behalf of theController. As regards the services referred to in this present Data Protection Policy and Information, Data Processors can be as follows:
Pannonia Properties Solutions Bt. (seat of company: 1075 Budapest, Károly krt 3/A, 3. emelet 9/A., represented by: Garamszegi Tamás, Chief Executive, company registration number: 01-06-761029)
Dr. Staub Timea ügyvéd (seat: 1065 Budapest, Podmaniczky utca 17., reg nr: 17313)
Angelatti Kft (seat: 1147 Budapest, Lőcsei út 12/a, accountant: Kelemen Istvánné)
Informatív-Hungary Kft. (seat: 1075 Budapest, Károly krt 3/A., accountant: Tóth-Nagy Rita)
Disclosure: means making the data available to any persons.
Consent: of the data subject means any freely given, specific, informed and unambiguousindication of the data subject’s wishes by which he or she, by a clear affirmative statement, signifies agreement to the processing of personal data, comprehensive or extending to particular procedures, relating to him or her.
Erasure of Data: means rendering the data useless in a way that data recovery shall no longer bepossible.
Personal Data Breach: means unlawful processing of Personal data, in particular its unauhorizedaccess, alteration, transfer, disclosure, erasure and destruction, as well as incidental destruction and damage.
Range of the Data Processed
From time to time, depending on the purpose of data processing, and for the above reasons we need to process one or more data, which data in general, depending on the specific case, can be as follows:
- your identification data (for instance your first name, surname, the language and the country you communicate with us from, contact details, etc.)
- data relating to contact, geographical location and/or on browsing (for example, if you contact us by using your mobile phone)
- commercial information (for example, whether or not you subscribed to our newsletter)
When we request you to provide us your personal data in order to give you access to any function or service on the user interface, certain areas must be marked as mandatory, since these data are necessary for us to provide you the service in question or make the function in question accessible to you. Please consider that if you decide not to provide us these data, we may not be able to create your user registration, or we may not be able provide you these services or functions either.
The Purpose and Legal Basis of Processing
The purpose of data processing: the use of the page www.pps.hu, furthermore any and all services relating to it, which services in details are as follows:
In case of your personal registration: We use your personal data to create and manage your personal account to provide personalized and relevant experience. We make your order history available together with the ordering details; we also enable you to manage your account setup (including your marketing preferences).
Direct marketing: We use your personal data to send you marketing offers, surveys, and invitations via e-mails, text messages, telephone calls, and written correspondence. If and when you sign up for our newsletters, we process your personal data in order to manage your subscription, including sending you, by different ways (e.g. email or text messages) personalized notifications regading our products, and services. If you have granted access to you mobile device, these pieces of information can be made accessible via push notification (you may skip this part if you don’t have it)
Data processing shall be carried out in accordance with the Users’ voluntary, freely given and informed statement, which statement shall contain the Users’ explicit consent that their personal data disclosed by them during the use of the page, or the Personal data generated during use can be used. In case of processing based on consent, the User shall have the right to withdraw their consent at any time, which withdrawal of consent shall not affect the lawfulnessof processing before its withdrawal. In association with the provision of services, having regards to the Controller’s legitimate interests, and for ensuring the attainment of the legitimate provision of services (e.g. unlawful use and illegal content, respectively), Controller shall record the User’s IP address used when the User accesses individual websites without having User’s explicit consent.
Data transmission to Controllers set out and defined in this present Data Protection Policy and Information can be carried out without User’s specific given consent. Disclosure of personal data to any and all third parties/persons or the authorities, unless the applicable law provides otherwise, can only be possible on the basis of a final and enforceable legal decision, or based on User’s explicit prior consent.
The User ensures and guarantees that they have obtained in a lawful way the consent of the data subject natural person to the processing of data (e.g. disclosure or publication of User-generated content, etc.), provided or made otherwise available by the User on other natural persons during the provision of the services, User shall retain full responsibility for any and all user content uploaded into and shared in Services.
By providing the e-mail address, or any other data (e.g. user name, identifier, password, etc.) provided during the registration process, any User shall take responsibility for ensuring that it shall exclusively be User who use the services from the provided e-mail address, and by the data provided by him, respectively. Having regard to this responsibility, any and all responsibility related to the entries into the given e-mail address, and/or with the use of the data provided by User, lies essentially with the User who registered the e-mail address and provided the data.
The legal basis for data processing shall be the legitimate interests pursued by the Controller.
The Basic Principles and Methods for Processing
Controller shall process any and all Personal data on good faith, fairly and in a transparent manner, in accordance with the provisions of the existing legislation in force and of the present Data Protection Policy and Information.
The Personal data considered absolutely necessary to establish a legal relationship shall be used by Controller upon the consent of the Tenant concerned, and with an explicit purpose only.
Controller shall process the Personal data for the sole purposes set forth in this present Data Protection Policy and Information, and the purposes set out in the applicable legislation, respectively. The scope of the Personal data processed shall be proportionate to the purpose for processing and cannot extend beyond it. In each case when Controller intends to use the Personal data for purposes different from the initial purposes, it shall inform Tenant and shall obtain Tenant’s prior explicit consent, and shall grant Tenant the opportunity to prohibit use, respectively.
Controller shall not check and verify the Personal data it has been provided with. The adequacy of the Personal data provided shall be the responsibility of the person providing them.
Where the person is below the age of 16 years, their Personal data shall lawfully be processed if and to the extent that consent is given or authorized by the adult person being the holder of the parental responsibility over the child. The Controller is not in a position to check the entitlement of the consenting person and the content of the statement, respectively; therefore it is the User or by the adult person being the holder of the parental responsibility over the User who ensures and guarantees that the consent complies with the legislation. In the absence of the declaration of consent, the Controller shall not collect any Personal data, with the exception of the IP address used during the use of the Service, whose recording shall be automatic due to the nature of the internet services, on the data subject natural person below the age of 16 years.
Apart from the Controllers set out and defined in this present Data Protection Policy and Information, as well as in some cases referred to in this present Data Protection Policy and Information, the Controller shall not communicate the Personal data processed by the Controller to any third party apart from the external service providers. An exception to the provision in this present paragraph is the use of the data in a statistically aggregate form, which cannot contain other data in any form that enable them to identify the User concerned, thus it does not constitute either Data processing or data transfer. The Controller, in certain cases such as official judicial request, request by the police, legal proceedings based on copyright infringement, material and other breaches, respectively, or on reasonable grounds of the previous, or on undermining the Controller’s interests, or jeopardizing the provision of the Services shall disclose and make available the accessible Personal Data of the concerned User to third parties.
The Controller’s system may collect data on the Users’ activities, which data cannot be linked to other data given by Users during registration, nor can they be linked to data resulting from using other homepage sor services.
The Controller shall inform the data subject User on the rectification, restriction, and erasure, respecitvely, of the Personal data the Controller processes; furthermore the Controller shall inform all persons to whom he/she previously transmitted the Personal data for the purpose of Data processing. The information may be omitted if it, having regard to the purpose of the Data processing, does not violate the data subject’s legitimate interests.
Controller shall ensure Personal data security, and shall take the necessary technical and organizational measures, and establish procedural rules that ensure that the recorded, stored or processed data be protected, as well as it prevents the accidental loss, unlawful destruction, unauthorized access to, unauthorized use, unauthorized alteration, and unauthorized dissemination of data. Controller shall promote of their obligation any and all third parties to whom it transfers Personal data.
With due consideration of the respective provisions of the GDPR, Controller is under no obligation to designate a data protection officer.
The Location and Time Period of Data Processing
Your Personal data will be stored on the computer located in the office of Data Processor at 1075 Budapest, Károly krt 11.The time period for data processing shall be the time period in accordancewith the legislation in force at the time, but at least the time of termination of the lease agreement.
As regards consent for the purpose of direct marketing, until the day of the user’s withdrawal of consent.
As regards profile data, four years from the date of the last login.
Controller shall store the automatically recorded IP addresses for not more than 7 days upon them being recorded.
In case of e-mails sent by the User, if the User has not been registered, the Controller deletes and erases the e-mail address on the 90th day following the closure of the case referred to in the request, except when the legitimate interests of the Controller justifies the further processing of the Personal data in individual cases, in such cases until the Controller’s legitimate interests persist.
Processing the Personal data provided by the User shall be maintained until the User, with his/her user name, relinquishes the Service, or otherwise requests that the Personal data be deleted and erased. In such cases, the Personal data will be erased from the Controller’s systems. Processing the Personal data provided by the User, even in cases when the User does not relinquish the Service, or he/she has just discontinued the possibility of logging in by erasure with maintaining the comments stored therein and the uploaded contents, can be processed by the Controller until the User explicitly requests in writing that Data processing of the previous be terminated. The User’s request without the Data processing being unsubscribed shall not prejudice User’s right to use the Services, however, User may not be supplied with certain Services in default of not providing Personal data.
In case of using unlawful or misleading Personal data, or in case of offences committed by the User, or in case of an attack against the information system, respectively, the Controller shall have the right, concurrently with the termination of the registration, to erase the Personal data without undue delay – at the same time Controller shall have the right to maintain the personal data for the entire duration of the legal proceeding that follows upon suspicion of offences or civil liabilities.
From their being generated, the data automatically recorded in the information system during its operation will be stored in the system for the time period appropriate to ensure the operation of the system. The Controller shall ensure that these automatically recorded data cannot be linked to any other Personal data, with the exception of cases made compulsory by legislation. If the User has terminated his/her consent as regards processing his/her Personal data, or the User has unsubscribed from the Services, then subsequently his/her person will not be identifiable from the technical data, with an exception of cases by the investigative authorities and their experts, respectively.
If a court or an authority finally orders that the Personal data be erased, Controller shall carry out the erasure of such data. Instead of erasure, Controller shall, in consultation with Tenant, restrict the processing of Personal data upon Tenant’s request or if, on the basis of the information available, it may be assumed that the erasure would violate the Tenant’s legitimate interests. Controller shall not erase any Personal data until the specific purpose of processing the data, which excludes the erasure of the Personal data, applies.
The Rights of the Data Subject
- Right of access and data portability by the data subject: Tenant may request that it be informed by Controller whether or not Controller processes Tenant’s Personal data; and where that is the case, it may request that it be granted access to its Personal data. At all times, Tenant may request information in writing regarding the processing of Personal data by sending a registered letter (with or without acknowledgement of receipt) mailed to Controller’s postal address at 1075 Budapest, Károly krt 3/A. 3. emelet 9/A., or via e-mail sent to firstname.lastname@example.org e-mail address. Controller shall consider the request for information sent in letter valid if it has been sent from Tenant’s registered e-mail address; however it does not expressly exclude the possibility of Tenant’s being identified by any other means by Controller prior to Controller’s providing information. Request for information may extend to Tenant’s data processed by Controller, the source of the data, the purpose, legal basis, and time period of Data Processing, the name(s) and address(es) of Controller(s), the activities related to Data Processing, furthermore in case of the transfer of Personal data, the name of recipient(s) and the purpose for transfer of Tenant’s data.
Tenant shall have the right to request its stored data be delivered to Tenant or another party or other parties in a structured format that is generally used and is machine-readable.
- Right to rectification: Tenant may request the rectification or amendment of its Personal data processed by Controller. Considering the purpose of Data Processing, Tenant may also request to have incomplete Personal data completed.
- Right to erasure: Tenant may request to obtain from the Controller the erasure of its Personal data. The erasure of data may be refused (i) for exercising the right of freedom of expression and information or (ii) if the legislation authorizes the processing of Personal data and (iii) when processing is necessary for the establishment, exercise or defence of legal claims. Controller informs Tenants at all times regarding the refusal of the request to erasure, indicating the ground for refusal. In case of the satisfaction of the request to erasure of Personal data, the previous (erased) data cannot be restored.
- Right to restriction of processing: Tenant may request that Controller restrict the processing of Tenant’s Personal data if Tenant contests the accuracy of the processed Personal data. In such cases, restriction shall apply to the time period enabling the Controller to verify the accuracy of the Personal data. Controller marks the Personal data processed by Controller, if Tenant contests its accuracy and correctness, but when the inaccuracy or incorrectness of the contested Personal data cannot be established unequivocally. Tenant may request that Controller restrict the processing of Tenant’s personal data in cases when Data Processing is unlawful, but Tenant opposes the erasure of Personal data and requests the restriction of their use instead. Furthermore, Tenant may also request that Controller restrict the processing of Tenant’s Personal data if the purpose of Data Processing has been fulfilled, but Tenant requires that they be processed by Controller for the establishment, exercise or defence of Tenant’s legal claims.
- Tenant may request to receive the personal data concerning him or her, which he or she has provided to Controller and processed by Controller in an automated way, in a structured, commonly used and machine-readable format and/or have the right to transmit those data to another Controller.
- Right to object: Tenant may object at any time to processing of Tenant’s Personal data if (i) processing the Personal data is exclusively for compliance with Controller’s legal obligations or for exercising the legal rights of Controller, Controller’s any service provider or any and all third parties; (ii) when the purpose of Data Processing is for direct marketing purposes, any opinion polls or scientific research; or (iii) processing is necessary for the performance of a task carried out in the public interest. Controller shall then examine the lawfulness of Tenant’s objection, and if it establishes that the objection is relevant and reasoned, it shall then terminate Data Processing, and block the processed Personal data; furthermore it shall inform any and all parties, to whom the Personal data under objection have previously been transmitted, on the objection itself, and on the measures taken on the basis of the objection.
The Possibility of Data Transfer
Controller is entitled and obliged to transfer to the competent authorities any and all Personal data, available to Controller and properly stored, which transmission of Personal data is statutorily obligatory or obligatory by the authority’s final decision. Controller cannot be held responsible for such Data transmission and its consequences.
For the purpose of verifying the legality of data transmission and for the purpose of providing Tenant information, Controller shall keep a record of data transmission (filing system).
Special Rules and Regulations on Cookies
During providing personalized services, the Controller, by using cookies, shall process the Personal data as follows: demographic data, as well as data on personal interests, customs, preferences (based on browsing history).
The data technically recorded during the operation of the systems are as follows: data generated during the use of the Services from the User’s computer used for logging in, and which data are recorded as automatic results of technical processes by the Controller’s system. The system will automatically log the automatically recorded data when logging in or out, without the User’s explicit consent or action.
Types of Cookies:
Session cookies: Session cookies are transient cookie files which are normally deleted when closing the browser. If you restart your browser and return to the website that created that specific cookie, the website will welcome and treat you as a new visitor.
Persistent cookies: Persistent cookies will remain in the browser as long as you manually delete them or the browser deletes them on the expiration date assigned to the cookie. These cookies recognize you as a repeat visitor.
First-party cookies: First-party cookies are necessary to operate this present website. Using this, you can navigate throughout the site and use its element, too.
An IP address is the numerical label assigned to your computer and each time you go online, other computers in the network identify your device as a host in the network. IP addresses can be recorded for the reasons as follows: (i) troubleshooting technical defects, (ii) maitaining the safety and security of the website, (iii) gaining a better understanding as regards the patterns of use of websites, and (iv) customizing the content depending on your location (country) you access and use the websites from.
Gathering information and data collection by us (or by third parties acting on our behalf) can be carried out in the form of log files, which record and keep log of the events on the websites and collect statistics on individual users’ web browsing habits. These log entries are generated anonymously and, among other uses, are of assistance to us in collecting the pieces of information as follows: (i) the type of browser and the operational system the users use, (ii) a file of the users communications (transactions) (e.g. which URL the user arrived from, what time he/she visited our website, which pages he/she visited on our site, and how much time he/she spent on that given page), (iii) and other data related to either navigation or visitors’ routes.
The Right to Enforcement, the Right to Lodge a Complaint with the Supervisory Authority
As regards any inquiries and comments related to data processing, feel free to contact us at the following postal address 1075 Budapest, Károly krt 3/A. 3. emelet 9/A. or via e-mail sent to email@example.com e-mail address.
As regards any and all complaints related to data processing, Tenant may directly contact the National Authority for Data Protection and Freedom of Information (full postal address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; Telephone: +36-1-391-1400; e-mail: firstname.lastname@example.org; homepage: www.naih.hu).
In case of the infringement of its rights, Tenant shall have the right to apply to the court. The competent court shall have jurisdiction over the legal action. The legal action may also be brought, according to the wish of the concerned party (data subject), in the courts for the place of the concerned party’s (data subject’s) domicile or place of residence. Upon request, Controller shall inform Tenant on the possibility of appeal and redress procedures.
Updates to Data Protection Policy
Controller reserves the right to unilaterally change, modify and amend this present Information at any time. Any and all significant changes, modifications and amendments to the Data Protection Policy shall always be communicated to Tenants.
Dated on the 1st of March, 2019 in Budapest