HU
1. General Information
Data Controller details:
Tóth Szabina
Registration number: 59685276
Tax number: 90487037-1-24
Phone: +36 20 347 9713
E-mail: ingatlan@tothszabina.hu
(hereinafter: Data Controller) operates the website www.tothszabina.hu (hereinafter: Website).
The Data Controller establishes its data protection statement in accordance with Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter: Information Act) and other applicable Hungarian legislation concerning data processing, and is entitled to modify it within the framework of the legislation in force at any given time. In the event of modification of the data processing statement, the Data Controller shall publish the updated, consolidated statement on the Website.
The Data Controller processes only personal data that is indispensable to achieving the data processing purpose set out in this privacy statement, suitable for achieving that purpose, exclusively for the purpose defined in this statement, in order to exercise its rights and fulfil its obligations, and only to the extent and for the duration necessary to fulfil the purpose of the data processing.
2. Definitions [based on Act CXII of 2011 on Freedom of Information]
Data subject: any specified natural person identified or — directly or indirectly — identifiable on the basis of personal data.
Personal data: any data that can be associated with the data subject — in particular the name, identification mark of the data subject, and one or more features characteristic of his/her physical, physiological, mental, economic, cultural or social identity — and any inference drawn from such data regarding the data subject.
Consent: the voluntary and definite expression of the data subject’s will, which is based on adequate information and through which he/she gives unambiguous agreement to the processing — in full or for individual operations — of personal data relating to him/her.
Data Controller: the natural or legal person, or organisation without legal personality, who or which alone or jointly with others determines the purpose of data processing, takes and executes decisions regarding the processing (including the means used), or has them executed by a data processor.
Data processing: any operation or set of operations performed on data, regardless of the procedure applied, in particular collecting, recording, organising, storing, altering, using, querying, transmitting, disclosing, aligning or linking, blocking, erasing and destroying, and preventing the further use of the data, the creation of photographs, audio or video recordings, and the recording of physical characteristics suitable for identifying a person (e.g. fingerprint or palm print, DNA sample, iris image).
Data transfer: making data available to a specified third party.
Disclosure: making data available to anyone.
Data erasure: rendering data unrecognisable in such a way that its restoration is no longer possible.
Data processing (technical): the performance of technical tasks related to data processing operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data.
Data Processor: the natural or legal person, or organisation without legal personality, who or which processes data on the basis of a contract — including a contract concluded on the basis of a legal provision.
Third party: a natural or legal person, or organisation without legal personality, who or which is not identical with the data subject, the Data Controller, or the Data Processor.
3. Purpose of data processing carried out by the Data Controller
The Data Controller processes personal and corporate data within the framework and for the purpose of the real estate service, and also uses it in connection with the tothszabina.hu website for sending electronic newsletters and informational materials.
4. Legal basis of data processing and the data processed
The Data Controller processes only such personal and corporate data as data subjects voluntarily provide on the basis of consent to data processing when completing the application form.
The Data Controller processes the following data of the data subject: company name, registered office address, tax number, main scope(s) of activity, number of employees, name of the contact person, telephone number, e-mail address, identity card, position.
5. Protection of data
The Data Controller does not disclose the personal data it processes. The Data Controller takes all necessary measures to ensure that the personal data it processes does not come to the knowledge or into the possession of unauthorised third parties.
Only those of its employees whose duties strictly require it may access the personal data processed by the Data Controller.
The Data Controller organises and carries out data processing operations in such a way as to ensure the protection of the data subjects’ privacy in accordance with the Information Act and other rules relating to data processing.
The Data Controller ensures the security of data and takes those technical and organisational measures and establishes the procedural rules that are necessary to enforce the Information Act and other rules on data and confidentiality protection.
The Data Controller protects the data with appropriate measures, in particular against unauthorised access, alteration, transmission, disclosure, deletion or destruction, accidental destruction and damage, and against becoming inaccessible due to changes in the technology used.
6. Transfer of personal data
The Data Controller does not transfer the personal data it processes to third parties other than those set out in sections 5.1 and 5.2, except where mandatory data provision to an authorised authority is a legal obligation of the Data Controller.
7. Information about the processing of personal data; rectification, deletion, and blocking of personal data
The data subject may, at any time, in a written statement sent to the registered office address specified in section 1.1 of this policy or to the electronic mailing address of the Data Controller, request information about the data processed or handled by the Data Controller, its source, the purpose, legal basis and duration of the processing, the name, address and activities of the Data Processor related to the processing, and — in the case of transfer of the data subject’s personal data — the legal basis and recipient of the transfer.
The Data Controller shall provide the information in writing within the shortest possible time from the submission of the request, but no later than thirty days. The Data Controller may refuse to provide the information in the cases specified in section 9(1) and section 19 of the Information Act.
The data subject may at any time initiate the modification (updating) of his/her personal and corporate data processed by the Data Controller, or request the rectification of his/her personal and corporate data in a written statement sent to the registered office address specified in section 1.1 of this policy or to the electronic mailing address of the Data Controller.
The data subject may at any time initiate the termination of the processing of his/her personal and corporate data processed by the Data Controller, or in a written statement sent to the registered office address specified in section 1.1 of this policy or to the electronic mailing address of the Data Controller, may at any time and without giving reasons request the erasure or blocking — except for mandatory data processing — of his/her personal and corporate data processed by the Data Controller.
The Data Controller shall also erase personal and corporate data if the purpose of the data processing has ceased to exist. Upon termination of data processing, in order to substantiate the legal basis of the terminated processing, the Data Controller shall retain the following data: time of registration, IP address used for registration, time of termination of registration, IP address used for termination of registration, and any statement sent to the Data Controller regarding the termination of registration or erasure of personal data.
8. Processed data not qualifying as personal data
In connection with the „3 jó cselekedet” (3 Good Deeds) programme and the operation of the Website (for example, tracking the number of visitors to the Website and the pages downloaded by them, etc.), the Data Controller records the following data — which are not suitable for personal identification — for statistical purposes, even in the absence of registration on the Website: the IP address of the visitor to the Website, the start time of the visit, and the end time of the visit.
9. Right to object
The data subject may object to the processing of his/her personal data if:
- the processing or transfer of personal data is necessary solely for the fulfilment of a legal obligation incumbent on the Data Controller, or for the enforcement of a legitimate interest of the Data Controller, the recipient of the data, or a third party, except in the case of mandatory data processing;
- the personal data is used or transferred for the purpose of direct marketing, opinion polling, or scientific research;
- the exercise of the right to object is otherwise permitted by law.
The Data Controller shall examine the objection within the shortest possible time from the submission of the request, but no later than 15 days, decide on its merits, and inform the requester in writing of its decision.
If the Data Controller establishes that the data subject’s objection is justified, it shall terminate the data processing — including any further collection and transfer of data — and block the data, and shall notify of the objection and the measures taken on the basis thereof all those to whom the personal data affected by the objection had previously been transferred, and who are obliged to take action in order to enforce the right to object.
If the data subject does not agree with the Data Controller’s decision regarding the objection, or if the Data Controller fails to meet the deadline set out in section 9.2, the data subject may, within thirty days of the communication of the decision or the last day of the deadline, apply to a court.
10. Judicial enforcement
In the event of a violation of his/her rights, the data subject may apply to a court. Adjudication of the proceedings falls within the jurisdiction of the regional court (törvényszék). The proceedings may — at the data subject’s choice — also be brought before the regional court of the data subject’s place of residence or place of stay.
