Data Management and Cookie Policy

DATA MANAGEMENT AND COOKIE POLICY

Effective from 18.02. 2021

1. INTRODUCTION

This Data Management and Cookie Policy is issued by the Real-Deal Hungary Korlátolt Felelősségű Társaság for the purpose of regulating its data management activity.
The Real-Deal Hungary Korlátolt Felelősségű Társaság provides an internet service that provides helps for a lessor and a lessee in the concusion in the conclusion of a lease agreement, for exercising their rights under a lease and the fulfillment of their obligations.
The regulation is regularly updated to continuously comply with the applicable national and European Union legislation.
The version in force of Data Management and Cookie Policy is available any time via the website of http://albeeapp.hu (hereinafter referred to as the „Website”) and in the Albee application (hereinafter referred to as the „Albee”) developed for iOS and Android operating systems (the Website and the Albee together hereinafter refferred to as „Albee”).

2. DEFINITIONS (Article 4. of GDPR regulation)

“personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
“data subject”: identified or identifiable natural person
“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
“controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
“processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
“Data Subject’s consent” means the voluntary, specific and unambiguous statement of the Data Subject’s intention based on appropriate information, by which he or she consents to the processing of his/her personal data, through a statement or by a clear affirmative action;
“personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

3. THE PURPOSE OF THE REGULATION

The purpose of this Data Management and Cookie Policy is to determine the key rules related to personal data, and the principles and information on data management by the Controller.
The purpose of this Data Management and Cookie Policy is to ensure that the Controller complies with the data protection provisions of applicable law, in particular, but not limited to:

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data, and repealing Regulation (EC) No 95/46 (hereinafter referred to as the ’GDPR regulation’)
Act of CXII of 2011 on the right to informatiom self-determination and freedom of information law (hereinafter referred to as the’Info.Act’)

4. SCOPE OF THE REGULATION

4.1. TERM OF VALIDITY

This Data Management and Cookie Policy enters into force via the publication on the Website and on the Albee application on 11 December 2020.
The Controller is entitled to amend the Data Management and Cookie Policy anytime with that, that the amendmets enter into force with publication – which means it shall be displayed on the website and on the Albee application.
This Data Management and Cookie Policy – or its latter amended verisons – remain into force until revoked by the Controller.

4.2. PERSONAL SCOPE

The scope of this Data Management and Cookie Policy applies to

the Controller
the employees and the partners of the Controller; and
every further natural person, whose data are affected by data processing
governed by this Data Management and Cookie Policy.

4.3. MATERIAL SCOPE

This Data Management and Cookie Policy applies to the data processing of personal data by the Controller via the Website and the Albee.

5. CONTROLLER

Name: Real-Deal Hungary Korlátolt Felelősségű Társaság
Seat: 7726 Véménd, Zrínyi u. 58.
Address: 7726 Véménd, Zrínyi u. 58.
Court of Registry: Pécsi Törvényszék Cégbírósága
Company registration number: 02-09-084505
Tax number: 25971358-2-02
Representative: Ballók Attila ügyvezető
Phone number: +36 20 800 4010
E-mail: info@albeeapp.hu
Website: http://albeeapp.hu
Person responsible for the data processing activity: Ballók Attila
No data protection officer had been appointed at the Controller.

6. PROCESSOR

The Controller hires a Processor to facilitate its data processing activities.
The Controller shall endeavor to use a Processor who or which provides adequate guarantees for implematation of appropriate technical and organizational measures to ensure compliance with the requirements of data processing set out in the GDPR Regulation and to implement appropriate technical and organizational measures to protect the rights of the Data Subjects.

The Controller hires the following Processors:

1) Name: Isobar Budapest Zrt.
Seat: 1027 Budapest, Kacsa u. 15-23.
Company registration number: 01-10-044680
Tax number: 12740088-2-41
Contact: jog@isobarbudapest.com

2) Name: Amazon Web Services Emea Société Á Responsabilité Limitée
Seat: 38 Avenue John F. Kennedy, L-1855 Luxembourg
Contact: https://aws.amazon.com/contact-us/?nc1=f_m

3) Name: The Rocket Science Group, LLC
Seat: 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA
Contact: https://mailchimp.com/contact/

4) Name: Hotjar Ltd
Seat: Level 2
St Julians Business Centre,
3, Elia Zammit Street
St Julians STJ 3155, Malta, Europe
Contact: support@hotjar.com

5) Name: tawk.to.inc
Seat: 187 East Warm Springs Rd, SB298
Las Vegas, NV, 89119
Contact: support@tawk.to

6) Name: Usersnap Gmbh
Seat: Industriezeile 35, 4020 Linz, Austria
Contact: contact@usersnap.com

7) Name: INNOVATIVE GROUP Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság
Seat: 9400 Sopron, Bem u. 3.
Company registration number: 08-09-016137
Tax number: 14261150-2-08
Contact: szigeti.zsolt@innogroup.hu

7. DATA PROCESSING PRINCIPLES

The Controller follows the principals in accordance with Article 5 of the GDPR, that the processing of „the personal data” shall be

processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);
adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’)

The Controller shall be responsible for, and shall comply with the above principles (‘accountability’).

8. CERTAIN DATA PROCESSING

Registration (creating a user profile)
Processed data: first name, last name; e-mail address, status of lessor/ lessee, birth of date, address, city, postcode, street, number, floor, door; date of registration, IP address of the computer.

The strictly necessary data for the use of Albee is marked as required data in order to make it clear to the Data Subject which information is required to use Albee.

Optional data: gender, nickname, profile picture, bank account number, phone number

Purpose: identification of the Data Subject; creation of user profile; contacting and keeping in touch with the Data Subject.
Legal basis: consent of the Data Subject (Article 6 (1) (b) of the GDPR Regulation); and the legitimate interest of the Controller that it can perform the agreement for the provision of service with the Data Subject on Albee.

The Data Subject gives his/her consent to the Data Controller by entering (typing) his/her personal data via Albee in the interface created for this purpose.

When providing your data, the Data Subject must declare that he / she has read this Data Management and Cookie Policy, understands the information and expressly consents to the processing of his/her personal data in accordance with the Data Management and Cookie Policy. The Data Subject acknowledges that he or she will not be able to register on Albee or start providing services to him or her through Albee without his or her consent.

The Data Subject shall declare that he/she has read this Data Management and Cookie Policy, understands the regulation, and expressly consents to the processing of its personal data in accordance with the Data Management and Cookie Policy.

The Data Subject shall acknowledge, that it is not possible to register on Albee, and the provision of the service shall not start on Albee without his/her consent.

Deletion of the user profile: The Data Subject has the right to withdraw his or her consent of data processing at any time by sending a letter to the following email address: adatkezeles@albeeapp.hu. However, by accepting this Data Management and Cookie Policy, the Data Subject acknowledges that if another person has contected the real estate registered on Albee, his or her personal data may be deleted only if the another person agrees to the deletion of the data .

With regard to the data, the legal basis for data processing as follows:

Article 6 (1) (b) of the GDPR Regulation, the Controller deletes the data of the Data Subject 5 (five) years after the registration on Albee.
Article 6 (1) (f) of the GDPR Regulation, the Controller deletes the data of the Data Subject after the establishment of the lessor-lessee relationship established for the real estate registered on Albee.

Hírlevél küldése Newsletter sending
Processed data: last name, first name; e-mail address, lessor/ lessee status
Purpose: to send newsletter to the Data Subject; contacting and keeping in touch with the Data Subject.
Legal basis: Consent of the Data Subject (Article 6 (1) (f) of the GDPR Regulation).

The Data Subject can subscribe to the newsletter by entering their personal data and clicking on the „Subscribe newsletter” button.

The Data Subject aknowledges that it is not possible to subcribe to the newsletter without his or her consent.

The Data Subject is entitled to withdraw his or her consent to the sending of the newsletter at any time by clicking on the unsubscribe button at the bottom of the newsletter.

With the withdrawal of the Data Subject’s the personal data of the Data Subject shall not be processed any longer for the purpose of sending a newsletter.

Data processing related to the use of the service
Processed data:

First name, last name; e-mail address, lessor/lessee status; date of birth, address: city, postcode, street, number, floor, door; date of registration, IP address of the computer
Optional information for the user profile: gender, nickname, profile picture, bank account number, phone number
In order to use the service provided on Albee, it is necessary to provide the e-mail address of the other party of the lease agreement (lesser-lessee).

By accepting this Data Management and Cookie Policy, the Data Subject declares that if the e-mail address of the other party of the lease agreement contains personal data, he or she is authorized to provide the Controller with the email address of the other party of the lease agreement (lessor-lessee).

In the eventof claim inforcement of the other party of the lease agreement (lessor-lessee) arising in connection with his or her personal data, the Data Subject is liable, the Controller excludes its liability in this respect.

Data recorded in documents relating to real estate registered on Albee and uploaded by the Data Subject, such as in the lease agreement, or in the correspondence between the parties to the agreement

Purpose: use of the service provided by the Controller via Albee; the exercise of rights and obligations arisig out of the lease agreement.
Legal basis: the consent of the Data Subject (Article 6 (1) (a) of the GDPR Regulation); and the legitimate interest of the Controller is to be able to perform the agreement concluded with the Data Subject for the provision of service (Article 6 (1) (b) of the GDPR Regulation) on

By accepting this Data Management and Cookie Policy, the Data Subject declares that he or she is authorized to make the personal data of third parties available to the Controller (for example, in the event that the lessor-lessee relationship has more than one entity, but only one lessor-lessee can register on Albee for the real estate in question). In the event of claim inforcement of third parties in connection with their personal data, the Data Subject is liable, the Data Controller excludes its liability in this case.

The so-called operation of a recommendation system
Processed data: e-mail address
Purpose: there is a so-called referral system on Albee: you can send an invitation to the Data Subject’s friends (third party) inviting them to use the service on Albee.

The third parties can get to know Albee by invitation.

Legal basis: (Article 6 (1) (a) of the GDPR Regulation)

By accepting this Data Management and Cookie Policy, the Data Subject declares that he or she is authorized to provide the e-mail address of third partiest to the Controller.

In the course of enforcing a claim created by third parties in connection with their personal data, the Data Subject is liable, the Controller excludes its liability in this case

Enforcement of claims
Processed data:

Last name, First name, birth of date; address: city, postcode, street, number
Documents created on the subject of real estate on Albee and uploaded by the Data Subject, such as lease, correspondence between the partiest of the agreement.
Data and information enabling the enforcement of the demand.

Purpose: Enforcement of claims arising from the service used via Albee or from the lease establsihed through Albee.
Legal basis: In one hand, the Controller has a legitimate interest in being able to perform the agreement concluded with the Data Subject for the provision of the service on Albee (Article 6 (1) (b) of the GDPR Regulation); on the other hand, the legal basis for data processing is the enforcement of the legitimate interests of the Controller or a third party (Article 6 (1) (f) of the GDPR Regulation)
Use of technical data, cookies

What are cookies? A cookie is a small text file that your device saves when you use Albee. Your device stores the cookie for a specied period of time. This allows certain data and settings (such as language, font size and other display settings) to be “memorized” for a specified period of time.

The Data Subject can read the following information about the cookies used by Albee:’’Our website/application uses cookies, small packets of data that are stored by your browser/device when you visit our website/application. You can read more about the cookies in our Data Management and Cookie Policy. ’’

Under the cookie settings tab, the Data Subject can set which cookies would be allowed. You can change your settings at any time in order to withdraw your consent. However, it is important to know that disabling the use of cookies may affect the user experience and the operation of Albee.

The following cookies are used on Albee:

B.1.)

Name of the cookie	expiration date	Description
strictly necessary cookies
cookieControlPrefs	30 days	It stores cookie settings set by the user, namely those cookies which were granted before.
1P_JAR	6 months	It measures the number of the visitors, the duration of the visit, the navigation and other visited websites.
PHPSESSID		The PHPSESSID cookie is part of the PHP’s native version, which enables websites to store a unique sequence. It settles a user routine on the website and transfers status information through a temporary cookie, which is usually called routine-cookies. Since the PHPSESSID cookie does not have timed expiration, it ceases with the closure of the browser.
sf_redirect	routine	It saves the URL settings.
io (socket.io)	routine	It enables real time two-way event-based communication.

marketing cookies
_gid	24 hours	The name of the cookie is connected to the Google Universal Analytics. The cookie assigns a unique value for every visited page and updates it.
_gat	10 minutes	The name of the cookie is connected to the Google Universal Analytics, according to the documentation, its task is to improve the query scale to restrict the data collection of the most visited pages.
_ga	2 years	The name of the cookie is connected to the Google Universal Analytics – which is a significant update of the Google’s most used analityc service. The cookie is used to distinguish the individuel users with a randomly generated user-identification number. This appears at every page drawdown on a certain website and it calculates the data of the visitors, routines and campaignes for the website’s analytic reports. The cookie expires after 2 years by default.
DSID	11 days	The name of the cookie is connected to the Google DoubleClick service and it is for retargeting, optimalisation and reporting.
IDE, DSID, FLC, AID, TAID, exchange_uid	318 days	The name of the cookie is connected to the Google DoubleClick service. These cookies have marketing purposes, they help to customize the advertistments.

Processed data: the IP address of the visitor, the time of the visit, and the type of the browser and the operation system
Purpose: monitoring the data traffic of Albee, making attendance statistics, ensuring a higher level and more effective service operation, sending system messages in connection with the operation and service providing of Albee.
Legal basis: The consent of the Data subject (Article 6 (1) a) GDPR regulation).

The use of necessary cookies is vital for the proper operation of Albee, so in this case, the legal basis is Article 6. (1) b) of the GDPR regulation.

B.2.) Application of the Hotjar program

What is the hotjar program for? The hotjar program helps the Controller to collect feedback from the Albee’s visitors / users and to monitor the custom of Albee’s visitors /users according to the followings:

HOTJAR	expiration time	Description
_hjClosedSurveyInvites	365 days	Hotjar-cookie, which is loaded when a visitor interacts with a pop-up widow of a survey invitation. It secures that the same invitation would not appear again, if it had been shown previously.
_hjDonePolls	365 days	Hotjar-cookie, which is loaded when the visitor sends the feedback with the help of „Feedback Poll” widget. It secures, that the same voting would not appear again, if it had been filled previously.
_hjMinimizedPolls	365 days	Hotjar-cookie, which is loaded when the visitor closes the “Feedback Poll” widget. It secures, that the widget would stay closed, when the visitor navigates in yous website.
_hjShownFeedbackMessage	365 days	Hotjar-cookie, which is loaded when the visitor closes or fills the feedback. It happens as if the visitor navigates to anouther site, the feedback window would be loaded in closted status.
_hjid	365 days	Hotjar-cookie, which is loaded, when the user arrives on the same page with the Hotjar-script .This Hotjar is for the safekeeping of the user identifier, which is typical for the certain website in the browser. This secures, that the habit of the latter visit of the same website could be assigned to the same user identifier.
_hjRecordingLastActivity	Routine	It is updated, when the setting of the user begins and when the data would be sent through the WebSocket (when the user executes the procedure set by the Hotjar).
_hjTLDTest	Routine	When the Hotjar script ran down, we try to determine the most frequent cookie access route instead of the page’s hostname. This allows that the cookies could be shared between the subdomains (in certain cases). Until it is successfully determined, we try to store the _hjTLDTest cookie at alternative URL subtexts. After this controll, the cookie would be deleted.
_hjUserAttributesHash	Routine	The user attributes sent via Hotjar Identify API are stored in cashe memory during the routine in case of getting to know when had the attribute had changed and if any update is necessary.
_hjCachedUserAttributes	Routine	This cookie stores the user attributes, which are sent via the Hotjar Identify API, when the user is not in the pattern. These attributes are saved only whent the user interacts with a Hotjar Feedback instrument.
_hjLocalStorageTest	under 100sec	This cookie is for controlling if the Hotjar Tracking Script is allowed to use local storage. If it is allowed, 1 value is set in the cookie.
_hjIncludedInSample	Routine	This cookie is set, that it would notify the Hotjar if the user is in the pattern used for producing channels.
_hjAbsoluteSessionInProgress	30 minutes	This cookie is used to detect the first pageview session of a user. This is a True/False flag set by the cookie.
ajs_anonymous_id	365 days	This cookie is for identifying the user’s first page visiting routine. This is a true/false value, which is set by the cookie. This cookie is set by the application as a randomly generated identifier for the anonym users.
_gcl_au	3 months	This cookie is set by the Google Analytics to gain information from the advertistment’s clicks and stores it in the user’s cookie to make the conversations assignable outside the target page.

Processed data: the name of the internet provider, type of the browser and operation system, the time and duration of the visit, information on the Data Subject’s device, Unique identifier of the Data Subject (which is not linked to the Data Subject’s name, email address and lessor/lessee status given through the registration)
Purpose: analisation of the Albee behaviour and activity of the Data Subject, monitoring the usage of Albee, making visit statistics to improve the service level and the service effectivness
Legal basis: Consent of the Data Subject (Article 6 (1) a) of the GDPR regulation)

The Data Subject gives consent with visiting Albee that a hotjar programm would be applicable in Albee

B.3.) Application of Facebook Pixel

What is Facebook Pixel? According to the official definition of Facebook, it is an analytical instrument which can measure the effectiveness of the advertisment activity and gives information on the actions of the Data Subject in Albee.

In Albee, the following Facebook cookies are applicable:

FACEBOOK
fr (.facebook.com)	88 days	It stores encrypted Facebook and browser ID.
_fbp	60 days	Facebook uses it for determining the appearance order of the advertisment products, for example for real time bids from third party’s advertiser.
act	Routine	This cookie distincts the two routines provided in different moments by the same user.
c_user	58 days	The c_user cookie contains the currently logged user’s user identification.
datr	2 years	The aim of the datr cookie is to identify that browser, which is used for connecting to Facebook, independently from the logged user. This cookie has a key role in the Facebook’s security and website-integrity function.
fr	88 days	It stores encrypted Facebook and browser ID.
presence	Routine	This cookie is for showing the user’s chat status.
sb	2 years	The Facebook uses it for improving the friend suggestions.
spin	2 months	Facebook uses advertistment cookies for analysing the social campaigns, establishing troubleshooting campaigns in accordance with establishing campaign, establishing cumulative public groups in the websites of the campaigns and for targeting the outsider activity tendences.
wd	2 months	It stores the site’s resolution.
xs	88 days	The Facebook cookie is for maintaining the routine. It operates with the c_user cookie to certify the identity on Facebook.
locale	6 days	This cookie contains the browser’s last logged user’s editing scope.
m_pixel_ratio	Routine	It is for optimalising the website’s capacity for the advertisers.
dpr	6 days	This cookies are used by Facebook for supporting the sharing and the integration of the Facbook services.

Processed data: more infromation is available on the following website https://www.facebook.com/policies/cookies/
Purpose: monitoring the usage of Albee, making visit statistics, improving the service level and the service effectiveness
Legal basis: Consent of the Data Subject (Article 6 (1) a) of the GDPR regulation)

The Data Subject gives consent with visiting Albee that cookies would be applicable in Albee

B.4.) Application of Tawk.to program

What the tawk.to program is for? With the application of the tawk.to program, the Data Subject can use a chat window in order to connect the Controller.

In Albee, the following tawk.to cookies are applicable:

Cookie Name	Expiration Time (HU)	Description (HU)
__tawkuuid	6 moths	This cookie identifies the user to connect the chats in case of producing better services. The cookie is stored for 6 months.
TawkConnectionTime	Routine	This cookie enables the identification of the user to optimalise chat-box functions.
tawkUUID	179 days	This cookie is used for collecting information ont he user’s interactions with the chat function of the website.
TawkWindowName	Routine	It is necessary for the operation of the chat-box function.
ss	Routine	The Tawk.to is our live chat service. The cookies are used for identifying anonymously the user’s usual location and for continuing the chat when returns.

Processed data: more infromation is available on the following website https://www.tawk.to/legal/
Purpose: to contact the Data Controller; ensuring the highest possible quality and efficient operation of the service
Legal basis: Consent of the Data Subject (Article 6 (1) a) of the GDPR regulation)

By using the chat function, the Data Subject consents to the use of “cookies” on Albee.

B.5.) Application of Usersnap program

What is Usersnap program for? With the application of Usersnap program at Albee, the Data Subject can notify the Controller on the errors noticed while using Albee on the error notification platform (named Hibabejelentés).

In Albee, the following Usersnap cookies are applicable:

Cookie Name	Expiration Time (HU)
usfbdashcookie	25 days
amp_	10 years
prism_	30 days
intercom-id-rycucve3	8 months
amplitude_id	10 years

Processed data: more infromation is available on the following website https://www.usersnap.com
Purpose: Connecting the Controller, notifying the Controller about the errors noticed while using Albee and improving the service level and the service efficiency therewith.
Legal basis: Consent of the Data Subject (Article 6 (1) a) of the GDPR regulation)

The Data Subject consents to the use of “cookies” on Albee by indicating the errors detected on Albee in the Error Reporting interface.

9. THE DURATION OF THE DATA PROCESS

The Controller will no longer store the data in the event of termination of the reason or purpose of the data processing. Data processing is terminated by the deletion of the data by the Controller.

With regard to data for which the legal basis is the following:

Article 6 (1) b) of GDPR regulation, the Controller deletes the data of the Data Subject after 5 (five) years from the registration.
Article 6 (1) f) of GDPR regulation, the Controller deletes the data of the Data Subject after 5 (five) years from establishing the lessor-lessee connection regarding the real estate registered on Albee.

10. THE RIGHTS OF THE DATA SUBJECTS (Articles 15 – 21 of GDPR regulation, Articles 14-15 and 17-20. of the Info. Act)

The Data Subject is entitled in relation to its personal data processed by the Controller to

according to the Data Subject’s request, provide access to the personal data and information on data process of the Data Subject (right of access)
according to the Data Subject’s request, rectify and/or amend the Data Subject’s personal data (right of rectification)
according to the Data Subject’s request, restrict the process of the personal data (right to restriction of processing)
according to the Data Subject’s request, delet the personal data (right to delete/right to be forgotten)
The Data Subject has the right to receive the personel data in structured, commonly-used, machine-readable form, and moreover has the right to transfer these data to another controller without the hindrance of the Controller (right to data portability)

Right of access: The Data Subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information.

Right of rectification: The Data Subject shall have the right to obtain from the Controller the rectification and completion of inaccurate personal data concerning him or her.

Right to restriction of processing: The Controller, upon request of the Data Subject, restricts the data process if the accuracy, the pertinence or the completeness of the personal data is contested by the Data Subject, and the accuracy, pertinence or competeness of the Processed data cannot be certified without doubt, during the time until the doubt is clarified, or in case of the deletion of the data could be needed, but if according to the written declaration of the Data Subject or the available information at the Controller, it is reasonably assumable, that the deletion of data would harm the Data Subject’s until the existence of the legal interests underlying the deletion. Upon request of the Data Subject, the Controller restricts the Data process if the Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims; or the Data Subject has objected to processing pending the verification whether the legitimate grounds of the Controller override those of the Data Subject. Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the Data Subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. A Data Subject who has obtained restriction of processing shall be informed by the Controller before the restriction of processing is eliminated.

Right to erasure/right to beeing forgotten: The Controller shall delete the personel data of the Data Subject without delay if the Data process is unlawful, especially if the Data process harms the principals determined in Article 4 of the Info. Act, its aim had been terminated, or the Data process is not necessary for reaching the aim of the data process, or the time period determined in laws, international agreements or a binding legal act of the European Union had been expired, or its legal basis had been terminated and there is no other legal basis of the Data process. The Controller shall delete the personel data of the Data Subject without delay if the Consent of the Data Subject had been withdrawn or if the Data Subject requests the deletion or if the deletion of the data had been ordered by laws, any binding legal act of the EU, the Authority or the court, or the time period determined in Section 19 (1) b)-d) of the Info. Act had been expired.

Right to data portability: The Data Subject shall have the right to request the direct transfer of his or her personel data between controllers.

The Data Subject shall have the right to object against the data process of his or her personel data.

The Controller shall consider the request submitted by the Data Subject regarding his or her rights to be enforced as soon as possible but not later then 25 (twenty-five) days following the submission, and inform the Data Subject on its decision in written form, or in electronic form, if the request had been submitted by the Data Subject in electronic form.

11. DUE PROCESS POSSIBILITIES

The Data Subject is entitled to contact directly the Controller with any complaints regarding data processing or using the website (see Clause 5 of this current Data Management and Cookie Policy), who shall immediately terminate or remedy any unlawful processings.

The Data Subject is entitled to contact the Hungarian National Auhtority for Data Protection and Freedom of Information with any request (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c; post office: 1530 Budapest, Pf. 5.; electronic contact: ugyfelszolgalat@naih.hu; phone: + 36 1 391-1400; telefax: + 36 1 391 1410; address of homepage: http://naih.hu; hereinafter refferred to as: „Authority”).

The Data Subject is entitled to initiate an inquiry of the Authority for the purpose of investigating the lawfulness of the Controller’s Data process, in case of the Controller harms the enforcement of the Data Subject’s rights or rejects its petition regarding the enforcement of the Data Subject’s rights determined in this Data Management and Cookie Policy, moreover the Data Subject shall have the right to initiate a claim to the Authority for conducting a data protecion procedure, if in his or her opinion, the Data process of the the controller or the Processor acting on behalf of, or instructed by, the Controller infringes the the provisions stipulated in relevant laws or a binding legal act of the European Union on data protection. (Section 22 of Info. Act)

The Data Subject may seek judicial remedy against the Controller if, in his or her opinion, the Controller or a processor entrusted by or acting on his or her behalf processed his or her personal data with violation of the provisions on the processing of personal data stipulated in law or in a binding legal act of the European Union. The Data Subject may bring the action before the regional court having territorial jurisdiction over his domicile or place of residence, according to his choice. (Section 23 (1), (3) of Info. Act)

12. DATA PROTECTION INSTRUMENTS

The Controller shall have appropriate technical and organisational measures in force to provide protecion against unathorized use, disclosure or access.

13. PERSONAL DATA BREACH (Article 33-34. of GDPR regulation)

If the personal data breach is likely to involve a high risk to the rights and freedoms of natural persons, the Controller shall notify the Data Subject of the personal data breach without undue delay.

In the notification provided to the Data Subject, the Controller shall clearly and intelligibly describe the nature of the personal data breach and communicate the names and contact details of other contact persons providing further information; describe the likely consequences of the personal data breach; the measures taken or planned by the Controller to remedy the personal data breach, including, where appropriate, measures to mitigate any adverse consequences arising from the personal data breach.

The Controller shall not inform the Data Subject, if any of the following conditions emerge:

the Controller executed appropriate technical and organisational protection measures and these measures were applied in connection with the data affected by the personal data breach, especially those measures – for example applying encryption – which make the data undefinable for unathorized person,
following the personal data breach, the Controller initiated further measures to ensure that the high risk to the Data Subject’s rights and freedoms referred to above is no longer likely to materialize;
The notification would require unreasonable effort. In these cases, the Controller shall inform the Data Subject through public announcements, or initiate such measure which enables the effective notification of the Data Subject.

If the Controller has not yet notified the Data Subject of the personal data breach, the supervisory Authority, after considering whether the personal data breach is likely to involve a high risk, shall order the information of the Data Subject thereof, or impose one of the conditions referred to in points (a), (b) or (c). fulfillment.

Reporting a personal data breach to the Authority: The breach of personal data shall be notified by the Controller to the competent supervisory authority pursuant to Article 55 of the GDPR Regulation without undue delay and, if possible, no later than 72 (seventy-two) hours after becoming aware of the breach of personal data, unless the personal data breach would not result any risks for the rights and freedoms of the natural persons. If the notification is not made within 72 (seventy-two) hours, the Controller shall also enclose the reasons for the delay.

Budapest, 2020.12.11.

Real-Deal Hungary Korlátolt Felelősségű Társaság

Albee menedzsment

Albee hirdetések

Albee szerződések