DATA PROCESSING REGARDING THE OPERATION OF THE WEBSITE
1. GENERAL INFORMATION
Data Controller: PD Real Estate Development Kft.(registered office: 1068 Budapest, Városligeti fasor 38.; registration number: 01-09-280605).
- processes the personal data lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
- collects personal data for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’);
- processes personal data that are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
- processes accurate and up to date data (’accuracy’);
- keep personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’);
- processes the personal data in a manner that ensures appropriate security of the personal data (‘integrity and confidentiality’).
1.5. Data Controller’s data processing principles are in harmony with the relevant data protection regulations as effective, including but not limited to the following:
- The Constitution of Hungary (Freedom and Responsibility, Article VI);
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – “GDPR”)
- Act No. CXII of 2011 on the right to informational self-determination and on informational freedom (“Info Act”);
- Act No. V of 2013 on the Civil Code.
2. DATA PROCESSING
- Purpose of the data processing: Collecting personal data to contact the potential clients. Data Subject may provide his/her personal data to the Controller via the Website to require further information on the available properties.
- List of processed personal data: name, email address, telephone number, written communication between the parties.
- Optional personal data: address, age (not exact number, 4 predetermined category), occupation, real estate preferences (purpose of real estate purchase, real estate type, payment, floor area, parking space, smart home service), source of information about Data Controller’s service.
- Legal basis for the data processing: Data processing is necessary in order to take steps at the request of the data subject prior to entering into a contract (GDPR 1. (b) of Article 6).
- Duration of data processing: The contact data will be deleted 5 years after the end of the business relationship between the parties (general limitation period)
- Provision of personal data: Data Subject is not obliged to provide the personal data, but without providing the personal data, the Data Controller cannot contact the Data Subject.
- necessary cookies: their use is essential for navigating the Website and for the functionality of the Website. Without these, the Website, or parts of it, may not appear or may appear incorrectly. Website owner store necessary cookies based on Directive 2002/58/EC;
- functional cookies: the purpose of these cookies is to improve the user experience e.g. by remembering the device the user used for browsing, the language settings, the custom settings;
- statistics cookies: statistic cookies are collected anonymously; they help to understand how visitors interact with the Website;
- marketing cookies: these cookies collect detailed information about the user’s browsing habits and are used to deliver advertised content to the user. These cookies are placed on the Website by third party service providers.
The Website uses Google Analytics cookies. These cookies are set by external services and
- are under the control of the third-party service, not the Data Controller;
- can be accessed on any website that makes use of the service;
- can be used to track a user from one site to another;
- enable Data Contoller to deliver more relevant advertising to users.
You may find more information on Google Analytics cookies at the following Websites
|Tracking cookie for Google Analitycs||_ga (Google Analytics)||Time period of each visit||Until the end of session|
- Purpose of the data processing: To send offers in the future to the Data Subject.
- List of processed personal data: name, email address, telephone number;
- Legal basis for the data processing: The Data Subject has given consent to the processing of his or her personal data (GDPR 1. (a) of Article 6).
- Duration of the data processing: The Data Controller processes the data until the withdrawal of the consent, but not more than 10 years.
3. OTHER DATA PROCESSING
4. DATA PROCESSORS
5. PROCESSING OF THIRD PARTIES’ DATA
6. DATA SECURITY
(a)is available to authorized persons (availability);
7. RIGHTS AND REMEDIES
- access the personal data: Upon the Data Subject’s request, the Data Controller supplies information about the Data Subject’s data processed by the Data Controller as data controller and/or processed by a data processor on the Data Controller’s behalf if any of the conditions stipulated in Article 15 of GDPR is fulfilled.
- request the rectification of the personal data: The Data Controller rectifies the Data Subject’s personal data if such data is inaccurate or incomplete while the correct personal data is available to the Data Controller.
- request the erasure of the personal data (right to be forgotten): The Data Controller erases any and all personal data if any of the conditions stipulated in Article 17 of GDPR is fulfilled.
- restriction of processing: The Data Subject obtains from the Data Controller the limitation of the data processing if any of the conditions stipulated in Article 18 of GDPR is fulfilled.
- data portability: The Data Subject receives the personal data concerning him or her, which he or she has provided to the Data Controller, in a structured, commonly used and machine-readable format, if the processing is based on a consent or contract and it is carried out by automated means.
7.2. The Data Controller provides information on action taken on the Data Subject’s request sent to the contract person specified in Section 2.7. without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, considering the complexity and number of the requests. The Data Controller informs the Data Subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the Data Subject makes the request by electronic means, the information will be provided by electronic means where possible, unless otherwise requested by the Data Subject. If the Data Controller does not act on the Data Subject’s request, the Data Controller will inform the Data Subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
- iling a complaint with the authority:Without prejudice to any other administrative or judicial remedy, Data Subject may, in the event of an infringement of his or her rights, file a complaint with the data protection authority (Nemzeti Adatvédelmi és Információszabadság Hatóság: address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/c.; Tel.: +36 1 391 1400, Fax: +36 1 391 1410, email: [email protected]; website: https://naih.hu/index.html).
- filing a complaint with the court:Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority, Data Subjects have the right to an effective judicial remedy where he or she considers that his or her rights have been infringed as a result of the processing of his or her personal data in non-compliance with the data protection regulation. The Data Controller is liable for any loss or damage caused by the unlawful processing of the Data Subject’s data or by any violation of applicable data-security requirements. The Data Controller will be exempted from such liability if the loss or damage was caused by circumstances beyond its control and outside the scope of data processing. No compensation shall be paid to the extent that the loss or damage was caused by the Data Subject’s wilful orgrossly negligent conduct.