Data subject: any specific natural person identified or – directly or indirectly – identifiable based on personal data;
Personal data: data which can be associated with the data subject – especially the name or identification code, or one or more pieces of information specific to the physical, physiological, mental, economic, cultural or social identity of the data subject – as well as any conclusion deductible from the data regarding the data subject;
Approval: the voluntary and expressed declaration of the will of the data subject, which declaration is based on appropriate information, and by means of which the data subject provides his or her unambiguous consent to managing the personal data concerning him or her – either wholly or in some operations;
Objection: : the statement of the data subject by means, of which the data subject objects to the management of his or her personal data and requests the termination of the data management or the deletion of the data managed;
Controller: : the natural or legal person or the organisation without a legal personality who or which, either independently or together with other parties, determines the objective of the data management (including the devices used), passes and implements or orders the data processor to implement the data management related decisions;
Data management: : regardless of the method applied, any operation or set of operations performed on the data, in particular the collection, recording, registration, organization, storage, alteration, use, query, transmission, disclosure, coordination, combination, locking, erasure or destruction of the data, as well as the prevention of the further use of the data, taking photographs or making audio or video recordings of the data, furthermore, recording the physical characteristics suitable for identifying the person (e.g.: fingerprints or palm prints, DNA samples and iris images);
Deletion of data: making the data unrecognisable so that the restoration of the data will no longer be possible;
Data management principles
Personal data may be managed exclusively for a determined purpose in order to exercise a right or comply with an obligation. The data management has to comply with the purpose of the data management in each stage and the data must be recorded and managed in a fair and lawful manner.
Only personal data, which is necessary for the implementation of the data management and suitable for achieving the objective may be managed. The personal data may only be managed to the extent and for the duration necessary for achieving the objective.
In the course of data management, the personal data retains the aforementioned quality as long as its relation to the data subject is restorable. The relation with the data subject is restorable if the controller is in the possession of the technical condition, which are necessary for the restoration.
The Controller acts in compliance with the data security requirements set forth in § 7 of the Information Act.
Objectives of data management
Objective of data management: to inform customers showing interest in purchasing or leasing the real estates at the cordia.hu website or other related services of the real estates and the services, to keep contact with customers, calling customers back, answering questions raised by customers, sending newsletters and performing the relevant administrative tasks.
The data management applies to the data of the persons having a customer relationship in conformity with paragraph (3) of § 65 of the Information Act.
Legal basis of data management:
In conformity with point a) paragraph (1) of § 5 of the Information Act, personal data may be managed if the data subject approves of it.
In conformity with point a) in paragraph (1) of § 5 of the Information Act the data subject (hereinafter referred to as: the ‘Data Subject ’) provides the following data based on his or her voluntary approval to keep contact with the customer:
› e-mail address
› telephone number
› family name, Christian name
The Data Subject provides his or her approval of the data management by providing the aforementioned data voluntarily at the cordia.hu website and by using the website. The approval also includes the data collection, recording, registration, classification, storage, use, deletion and erasure related operations.
The legal statement comprising the approval of a minor Data Subject over the age of 16 is valid without the consent or subsequent approval of the legal representative of the minor.
The eligibility of the person providing the approval may not be checked based on the data provided for the Controller voluntarily (name, e-mail address). In case of using the services (cordia.hu website) the Controller considers the proper approval of the legal representative as provided.
The Data Subject provides the Controller with his or her above-mentioned data voluntarily by registering the ‘Call me back’ or ‘Contact us’ box (by providing the data) at the cordia.hu website, as well as filling in a paper-based form (printed form), which is only accessible for the Controller. The Controller assumes strict commitment to confidentiality without any temporal limitation regarding the personal data managed by the Controller who may not disclose the personal data for any third party without the approval of the Data Subject.
Information on data management
Based on § 20 of the Information Act, so that the approval for the data management will be voluntary, expressed and explicit and based on proper information, this present Policy must be made known in each case prior to the management of any data that the Controller informs the Data Subject of each fact in relation to the management of the personal data of the Data Subject in advance, unequivocally and in detail. The Data Subject may gain knowledge of this present Policy at the cordia.hu website and make a statement on the acceptance of the Policy by checking the box next to it.
The technical information sent by the browser of the Data Subject in the course of using the website of the Controller are stored in the Server Log files. The cordia.hu website uses an anonymous website visitor identifier (cookie), which is a unique signal sequence – suitable for identification profile information storage – and which is installed on the computers of the visitors by the service providers. Such a signal sequence itself is in no way able to identify the customer, that is the visitor, it is only able to recognise the computer of the visitor – given the fact that during the use of the website the entire IP address is not stored. No name, e-mail address or other personal information has to be given, since the service provider does not require any data from the visitor in the course of applying such solutions and the data are actually exchanged between computers.
Sending newsletter, data management for marketing purposes
The Controller may manage the data of the Data Subjects who provided their explicit and express approval in order to send newsletters and for marketing purposes. The Controller – in compliance with the relevant legal obligation – has informed the Hungarian National Authority for Data Protection and Freedom of Information of this type of data management and performs the management of the data in conformity with the relevant legislative provisions.
The cordia.hu website interface includes a voluntary statement to the effect whether or not the Data Subject approves of receiving newsletters with a direct marketing content at the e-mail address given by the Data Subject. The approval statement may be provided by subscribing after ticking the appropriate box in the registration interface and is revocable without any restriction or justification and free of charge at any time. In case of a cancellation, the e-mail address of the person making the statement shall be deleted from the registration without undue delay and no newsletter may be sent for the said person in an e-mail in the future.
The Data Subjects who inquire personally about a real estate displayed at the cordia.hu website provide their approval – by filling in a separate form – for the Controller to use their data (e-mail address, family name, Christian name, telephone number) for sending newsletters.
The Controller keeps a registration on the data of the persons making an approval statement. The personal data registered in these records may only be managed in accordance with the provisions set forth in the approval statement and until withdrawal. The withdrawal statement may be made and sending the newsletter may be prohibited personally, by way of post or in an electronic mail. The Controller deletes the data within a maximum of 30 (thirty) calendar days as of receiving the request of the Data Subject.
The Data Subject may object to managing his or her personal data based on § 21 of the Information Act.
Duration of data management:
The management of the personal data of the Data Subject lasts from the date of providing the data until the deletion of the data by the Controller. During the period of the data management the Data Subject may request the deletion of his or her personal data at any time.
The Data Subject may request the Controller
a) to provide information on the management of his or her personal data,
b) to correct his or her personal data, and
c) to delete or lock his or her personal data – with the exception of the mandatory data management.
Upon the request of the Data Subject, the Controller provides information on the data of the Data Subject managed by the Controller or processed by the Controller or the data processor assigned by the Controller, the sources of the data, the objective, legal basis, duration of the data management, the name, address and the data management related activities of the data processor, the circumstances and effects of any data protection incident, the measures taken to avert such incidents, furthermore – in case of transmitting the personal data of the Data Subject – the legal basis and addressee of the data transmission. The Controller is obligated to provide written information in an easily intelligible form within the shortest possible time but not later than 25 days as of the Data Subject submits the relevant request. The information is free of charge if the person requesting the information has not submitted an information request for the same scope of data at the Controller in the given year. Compensation may be required in other cases.
The Controller may only reject the information of the Data Subject in the cases set forth in paragraph (1) of § 9 and § 19 of the Information Act.
In case of rejecting the information, the Controller informs the Data Subject in a written form of the provision of the said act, based on which the information was rejected. In case of rejecting the information, the Controller informs the Data Subject of how the Data Subject may resort to judicial legal remedy or turn to the Authorities.
The Controller informs the Authority of the rejected request once a year before 31 January of the year immediately following the subject year.
If the personal data fails to correspond to the facts and the personal data corresponding to the facts are available for the Controller, then the Controller corrects the personal data.
The Controller deletes the personal data of the Data Subject if the data management is unlawful, the Data Subject requests the deletion of the data – in conformity with the provisions set forth in point c) of § 14 of the Information Act – the objective of the data management has ceased or the duration of storing the data as set forth in the law has expired, the court or the Hungarian National Authority for Data Protection and Freedom of Information ordered the deletion of the data, the data management is insufficient or erroneous – and this situation cannot be remedied lawfully – presuming that the law does not exclude the deletion of the data.
The Controller locks the personal data of the Data Subject if the Data Subject requests it or if, based on the information available, it is presumable that the deletion would infringe the lawful interest of the Data Subject. The locked personal data may only be managed as long as the data management objective which excluded the deletion of the personal data is in existence.
The Controller marks the personal data managed by the Controller if the Data Subject challenges the accuracy or correctness of the personal data but the challenged accuracy or correctness cannot be ascertained unequivocally.
If the Controller fails to comply with the request of the Data Subject for the correction, locking or deletion of the data, then the Controller informs the Data Subject of the factual and legal causes of rejecting the request for the correction, locking or deletion of the data in a written form – or subject to the approval of the Data Subject in an electronic form – within 25 days as of receiving the relevant request. In case of rejecting request for the correction, locking or deletion of the data, the Controller informs the Data Subject of how the Data Subject may resort to judicial legal remedy or turn to the Authorities.
In case of an incidental infringement, Data Subjects may turn to the Data Protection Commissioner or enforce their claim in front of a court in conformity with the provisions set forth in the Information Act.
The Information Act comprises the detailed legislation appertaining to this and the obligations of the Controller.
Legal remedies or complaints may be submitted to the Hungarian National Authority for Data Protection and Freedom of Information:
Name: Hungarian National Authority for Data Protection and Freedom of Information
Company seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/C
Telephone: +36 1 391 1400
Facsimile: +36 1 391 1410
E-mail: [email protected]
If the Data Subject fails to agree with the decision of the Controller made in conformity with paragraph (2) of § 21 of the Information Act or if the Controller fails to comply with the deadline set forth in paragraph (2) of § 21 of the Information Act, then the Data Subject may turn to court in the manner as set forth in § 22 of the Information Act – within 30 days as of communication of the decision or the last day of the deadline. The judgement of the lawsuit falls within the scope of the court. The lawsuit may be initiated in front of the court according to the place of residence or stay of the Data Subject – to the discretion of the Data Subject.
The Controller reserves the right to amend this present data management information unilaterally. The Controller publishes the effective version of this present data management information on its Internet website. The Data Subject accepts the provisions set forth in the amended data management information by means of implicit conduct, taking the services rendered by the Controller.