International Cordia sites Hungary Hungary Hungary Poland Poland Romania Romania

DATA HANDLING POLICY

Cordia FM Apartment House Management Limited Liability Company
Last modified: 20 March 2020

Cordia FM Apartment House Management Limited Liability Company
Last modified: 20 March 2020

Contents

1. General provisions and contact details

2. Updates and access to the Policy

3. Understanding and accepting the Policy

4. The scope of handled data and the purpose of data handling

5. Transfer of personal data to our contracted partners

6. Cookies used on the website

7. Personal data relating to children and third parties

8. Data security

9. Your data protection rights and legal options for remediation

1. General provisions and contact details

This policy (“Policy”) applies to the handling of any personal data concerning identified or identifiable natural persons (data subjects, according to the EU 2016/679 General Data Protection Regulation – “GDPR”) by Cordia FM Társasházkezelő Korlátolt Felelősségű Társaság (“Cordia FM”).

Cordia FM address: 1082 Budapest, Práter utca 29/a fszt. 21.
Cordia FM company registration number: Cg. 01-09-906033
Cordia FM webpage: https://en.cordia.hu/
Cordia FM phone number: 36 1 788 2199
Cordia FM e-mail address: cordiahaz@cordia.hu
Cordia FM representative and contact information: Földi Tibor and Haraszti Károly CEO see contact information above

If you have any questions or remarks concerning this Policy, please contact Cordia at one of above contact details prior to using the website and prior to providing any information or data in accordance with this Policy.

2. Updates and access to the Policy

Cordia FM reserves the right to unilaterally modify the Policy, following any prior modifications, after which such modification shall come into effect, with attention to applicable legal restrictions and, if necessary, informing those concerned in due time prior to changes. The Policy is subject to change especially if it becomes necessary due to legislative changes, official data protection actions, business or employee requirements, new activities requiring handling of personal data, newly discovered security risks, or feedback from effected persons. Upon your request, Cordia FM will be happy to provide you with an up-to-date copy of the Policy.

3. Understanding and accepting the Policy

Specific data protection terms may apply during the course of using various other services or to specific data handling activities (such as operation of security cameras), about which you will be informed prior to using the given service or processing these specific activities.

The data subjects must make available to Cordia the relevant personal data pursuant to applicable regulations in every case. In particular, they must have appropriate and informed consent or other legal basis for transferring personal data (such as transferring the data of contact persons, relatives). Id Cordia learns that any of the data of a data subject has been transferred without their consent or without other legitimate legal basis, Cordia may immediately delete such data; in addition, the data subject will be entitled to exercise their rights and options for legal redress under this Policy. Cordia shall not be responsible for any damage, loss or injury arising from breach of the above obligations or statements by the data subject.

In the context of the data protection objectives established in this Policy, please always provide current personal information to us and to third parties. Regarding our property management service, for example, please provide your bank with your current address where the bank can send official notifications.

We also ask that in the context of the data protection objectives established in this Policy, please provide us only with the most necessary personal information. Regarding our property management service, for example, tenants often confirm rent payments by sending a particular part of their bank account – in cases like these, we ask that you obscure non-relevant data from your bank account.

If you provide us with access to your personal information through use of services from a third party service provider (like through the chat board of a social media platform), then the data handling may be subject to the data handling policy and other terms of use for the given service. Cordia FM bears no responsibility for this.

Cordia FM particularly calls the attention to all involved parties that those involved have the right to object, at any time and for reasons connected to their personal situation, to the legitimate interest-based handling of their personal data, including profiling based on the provisions mentioned. In this case, Cordia FM will cease handling personal data unless it proves that the data handling is justified by such compelling reasons which give it priority over the interests, rights and freedoms of the involved party, or which are connected to the submission, enforcement or protection of legal claims. If the handling of personal data occurs for direct business acquisition purposes, the involved party has a right to object at any time to the handling of their personal data for this purpose, including profiling, if it is connected to direct business acquisition.

The durations of the individual types of data handling were fundamentally determined on the basis of the following legal regulations:

– “Art.” – Act CL of 2017 on the rules of taxation. Cordia FM is obliged to keep the data supported by taxation certificates.

– “Ptk.” – Act V of 2013 on the Civil Code. If the duration of data handling is indicated as the expiry date of the obligation to provide information, the activity that interrupts the expiry extends the duration of data handling until the new date (Ptk. § 6:25 (2)). In the event that expiry is extended, the request can be presented within the one-year – or three-month if the period of expiry is shorter –deadline from the lifting of the restriction even if the period of expiry has already passed, or if less time remains than the above period. (Ptk. § 6:24 (2)).

– “Accounting Act” – Act C of 2000 on accounting. Cordia FM is required to hold certain data – such as those that are contained in the documents that support accounting, or that are included in the contract between Cordia FM and the client or on invoices issued – in accordance with the Accounting Act. The retention period of 8 years set forth in the Act from the date on which there was a piece of data in the given year that should be treated as an accounting item, or when the report/general ledger was based on the given data. In practice: if an item is included in a contract on the basis of which several different services are performed (e.g. several services are provided under the same contract), the 8-year period should be calculated separately for each service performed, because separate invoices are made out for each service, and the deals are recorded in the books accordingly. If the piece of data, for example, is included in a contract for the sale of something (the item has been delivered and the contract is terminated), the deal is entered into the books on the basis of the contract and the invoice, and the 8-year period mentioned above will commence from there.

4. The scope of handled data and the purpose of data handling

The scope of personal data processed by Cordia FM, the purposes of data handling, the duration of the data handling and those authorised to access the data are presented in the table below.

In accordance with Pmt. 12. §, the client is required during the entirety of the existence of a commercial relationship to inform Cordia FM within five working days of being informed that a change has occurred in the data provided during customer due diligence or one which affects the person of the owner.

5. Transfer of personal data to our contracted partners

Cordia FM uses the below contracted partners for the completion of tasks related to data handling activities. The contracted partner acts as a so-called ‘data processor’: it handles the personal data outlined in this policy on behalf of Cordia FM.

Cordia FM may only use such data processors which provide adequate guarantees, in particular concerning expertise, reliability and resources, regarding the implementation of technical and organisational measures to ensure compliance with GDPR requirements, including data handling security. The specific tasks and responsibilities of the data processor are specified by the contract between the data processor and Cordia. Following the handling of data on behalf of Cordia, the data processor will return or delete the personal data at Cordia’s decision, unless EU law or that of a member state applicable to the data processor prescribes its storage.

Contracting partners.

6. Cookies used on the website

Cookies are used in certain areas of the website. The cookies are files that store information on your hard disk or web browser.

Cookies, for example, make it possible for the website to recognise if you have visited previously, or, by allowing us to see which sites you visit and how much time you spend there, help us understand what part of the website is most popular. By studying this, we can better adjust the site to your needs and offer a more varied user experience. With the help of cookies, we can assure that the information displayed on your next visit to the site will meet your expectations.

When you visit one of our websites, technical information may be gathered that does not allow you to be personally identified. For example, the name of another website that directed you here, the location from where you accessed the website, and search queries completed on the website. Collecting this information helps us identify the preferred search habits of our website users without using their personal data. Such information is used strictly for internal purposes. Anonymous or general data from which your person cannot be identified does not qualify as personal data and thus does not fall within the scope of this Policy.

You can change the web configuration to either accept cookies, delete all cookies, or receive notification when cookies appear on your machine. Since all web applications are different, we ask that you use the ‘Help’ menu on your browser to adjust your cookie settings. You can find further information on cookies and disabling them at http://www.youronlinechoices.com/hu/. The https://en.cordia.hu/ website was intended to operate with the use of cookies, so disabling them may affect on the functionality of the website, or prevent you from taking advantage of all its benefits.

Links for the handling of cookies in the case of most frequently used browsers:

Mozilla Firefox
Google Chrome
Internet Explorer

Google Analytics provides a further option of unsubscribing from the Google Analytics service: http://tools.google.com/dlpage/gaoptout?hl=en-GB.

Cookies used on the website – cookies table.

7. Personal data relating to children and third parties

With the exception of when parental consent is provided, persons under 16 years of age are not permitted to provide any personal data.

By providing personal data, you declare and affirm that you have considered the above and that your legal capacity related to providing personal data is not limited.

If you do not have the right to independently provide personal data, you must acquire the permission of the appropriate third party (i.e. legal representative, guardian, other persons you are representing), or provide another form of a legal basis to do so. In relation to this, you must be able to consider whether the personal data to be provided requires the consent of a third party. To this point, you are responsible for meeting all the necessary requirements, as Cordia FM may not otherwise come into contact with the data subject and Cordia FM shall not be liable or bear any responsibility in this regard. Nevertheless, Cordia FM has the right to check and verify whether the proper legal basis has been provided with relation to the handling of data at all times. For example, if you are representing a third party, we reserve the right to request the proper authorisation and/or consent of the party being represented with relation to the matter at hand.

We will do everything in our power to remove all unauthorised information provided and ensure that such information is not forwarded to any third party, or used for our own purposes (advertising or any other activity). We request that you inform us immediately should you become aware that a child or any other third party has provided any personal data of yours that you have not properly authorised them to do so.

8. Data security

Data processed by Cordia FM is protected by the restrictions applied to the access of information. For example, only those who require it, in the interests of and for the purposes listed previously, have access to the data.

9. Your data protection rights and legal options for remediation

Your data protection rights and legal options for remediation are detailed in the relevant provisions of the GDPR (particularly in GDPR articles 15, 16, 17, 18, 19, 20, 21, 22, 77, 78, 79, 80 and 82). The following summary contains the most important provisions, as well as information provided accordingly by Cordia FM, on your rights and legal options for remediation regarding data handling.

The information must be provided in writing or in other forms – including electronically in some cases. Verbal information may also be provided upon request, provided that you have otherwise confirmed your identity.

Cordia FM will inform you of any measures taken in response to your request without undue delay, but in any case within one month of the arrival of your application for legal remediation (see GDPR articles 15-22). If necessary, taking into account the complexity and number of applications, this deadline can be extended by two additional months. Cordia FM will inform you within one month of receiving the request of the extension of this deadline by indicating the reasons for the delay. If you submitted your request electronically, you must be informed electronically whenever possible unless otherwise requested.

If Cordia FM takes no action following your request, you will be informed of the reasons for the failure to act without delay and at most within one month of receipt of your request. You will also be informed that you may submit a complaint with a supervisory authority and exercise your right to judicial redress.

9.1 Access rights

(1) You are entitled to receive a notification from us to indicate that the handling of your personal data is in progress. If data processing is in progress, you are entitled to be provided with access to your personal data and the following information:

a) purpose of the data handling;
b) categories of the data subject’s personal data;
c) recipients or categories of recipients, who have been or will be informed of personal data, particularly third party national recipients and international organisations;
d) where appropriate, the planned period of personal data storage, or it is not possible to provide this, the criteria for determining such a timeframe;
e) it is your right to request an update, deletion or processing restriction of personal data related to you, as well as to object to such personal data handling;
f) the right to lodge a complaint to the supervisory authority; and
g) if the data was not provided by you, all available information as to the source of such data;
h) automated decisions, including profiling, and at least in these cases, the applied logic and related information, the degree of relevance and expected consequences that these types of data handlings have for you.

(2) If personal data is transferred to a third country, you are entitled to receive notification of such associated applicable guarantees.

(3) A copy of the personal data subject to the data handling shall be made available to you. If your request was made electronically, the information shall be made available in the most commonly used electronic format, unless requested otherwise.

9.2 Right to update

You are entitled to have your information updated without delay or reason at your request. You are entitled to request that any missing or incomplete personal data is updated by making, inter alia, a supplementary declaration.

9.3 Right to deletion (‘right to be forgotten’)

(1) You are entitled to have your information deleted without delay or reason, at your request, if any of the following conditions are met:

a) there is no longer a need for the personal data for the purposes it was gathered for or handled otherwise;
b) you revoke your consent on which the handling is based and there is no other legal basis for the data handling;
c) you object to the data handling, and in the given case there is no overriding legitimate reason for the data handling;
d) the personal data was processed unlawfully;
e) the personal data must be deleted in order to fulfil our obligations under European Union or Member State law; or
f) the collection of personal data was associated with the offering of information society services.

(2) If Cordia FM disclosed any personal data and is obligated to delete such data based on paragraph (1), Cordia FM shall, with consideration to available technology and costs associated with carrying them out, take the necessary and expected steps – including technical measures – in the interest of informing those handling the data that the data subject has requested the deletion of links to the personal data in question or copies thereof, as well as further duplication of such personal data.

(3) Paragraphs (1) and (2) are not applicable in so much as the data handling is necessary, among others:

a) for the purposes of exercising the right to freedom of expression and information;
b) for the purposes of fulfilling our obligations relating to personal data handling under European Union or Member State law, as defined therein;
c) for the purposes of archiving in the public interest, scientific and historical research or statistical purposes, in so much as the rights contained in paragraph (1) would seriously threaten such data handling or most likely make it impossible; or
d) for the submission, validation and protection of legal proceedings.

9.4 Right to restrict data handling

(1) You are entitled to request that we restrict data handling if any of the following conditions are met:

a) you argue the accuracy of the personal data, in which case the restriction is applied for the timeframe that allows for the inspection of the personal data’s accuracy;
b) the data handling is unlawful and you object to the deletion of the data, and instead request its restricted use;
c) we have no further use for the data for the purposes of data handling, but you request them for the submission, validation and defence of your legal claims; or
d) You objected to the data handling; in which case, the restriction applies to the time period required to determine whether Cordia FM’s legitimate reasons take precedence over those of the data subject.

(2) If data handling is subject to a restriction based on paragraph (1), such personal data, with the exception of storage, can only be processed with your consent, or for the submission, validation and defence of your legal claims, or in the interests of protecting the rights of other natural or legal persons, or in the important public interest of the European Union or a Member State.

(3) We shall inform you prior to the lifting of the data handling restriction.

9.5 Notification obligation related to the updating, deleting and data handling restriction of personal data

Cordia FM shall communicate any updates, deletion or data handling restriction to those recipients to whom the data have been disclosed, unless this proves to be impossible or requires excessive resources. We shall inform you of the recipients upon your request.

9.6 Right to data portability

(1) You are entitled to receive personal data applicable to you and made available to us, in an articulate, commonly used, machine-readable format, furthermore, you are entitled to forward these data to another data processor without obstruction from Cordia FM, if:

a) data handling is based on consent or a contractual agreement; and
b) data handling takes place through automated means.

(2) In exercising the right of data portability according to paragraph (1), you are entitled to – if technically possible – request the direct transmission of personal data between data controllers.

9.7 Right to object

(1) You have the right to object, on grounds relating to your own situation, to the handling of personal data based on a legitimate interest, including profiling. In such a case, we shall not further process your personal data, unless we demonstrate compelling legitimate grounds for handling that takes precedence over your interests, rights and freedoms or relates to the submission, validation and defence of legal claims.

(2) If the personal data is processed for the purposes of direct marketing, you have the right to object, at any time, to the handling of personal data relating to you in the interest of such, which also includes profiling in so much as it relates to direct marketing.

(3) If you object to the handling of personal data for the purposes of direct marketing, the personal data can no longer be processed for this purpose.

(4) You may also exercise your right to object through automated means, based on technical specifications, relating to the use of information society services and notwithstanding Directive 2002/58/EC of the European Parliament.

(5) If the handling of personal data is for the purpose of scientific or historical research or for statistical purposes, you have the right to object, on grounds relating to your own situation, to the handling of personal data, unless the handling of data is necessary for the performance of tasks carried out in the public interest.

9.8 Right to lodge a complaint to the supervisory authority

You are entitled to lodge a complaint to a supervisory authority – particularly in your habitual residence, place of work or the Member State of the alleged infringement – if, according to your assessment, the handling of personal data related to you infringes your rights under the GDPR. The competent supervisory authority in Hungary is: National Authority on Data Protection and Freedom of Data (http://naih.hu/; 1530 Budapest, Pf.: 5.; Tel.: +36 1 391 1400; fax: +36 1 391 1410; e-mail: ugyfelszolgalat@naih.hu).

9.9 Right to an effective judicial remedy against a supervisory authority

(1) You are entitled to an effective judicial remedy against the supervisory authority’s legally binding decision applicable to you.

(2) You are entitled to an effective judicial remedy if the competent supervisory authority does not respond to the complaint, or does not inform you within three months on the progress or outcome of the proceedings related to the lodged complaint.

(3) Proceedings against a supervisory authority shall be brought before the courts of the Member State where the supervisory authority is established.

9.10 Right to effective judicial remedy against the data controller or processor

(1) You are entitled to an effective judicial remedy if, according to your assessment, the handling of personal data was improperly processed as per the GDPR and, as a result, infringes your rights under the GDPR.

(2) The proceeding must be initiated against the data controller or the data processor before the courts of the Member State where the data controller or data processor has its principal place of business. Such proceedings may be initiated before the courts of the Member State of the data subject’s usual place of residence. Such cases are heard in Hungary by the relevant local court of jurisdiction. The effected party is entitled to initiate a claim according to their place of residence or temporary accommodation – whichever he or she prefers. You can find out more about the jurisdiction and contact details of the court (local court of jurisdiction) at the following website: www.birosag.hu.

Previous Data Protection Notices:
Last modification: 31 July 2019
26 April 2019