International Cordia sites Hungary Hungary Hungary Poland Poland Romania Romania

Data Handling Policy

Cordia Management Szolgáltató Korlátolt Felelősségű Társaság
Cordia Agent Hitelszervező and Ingatlanforgalmazó Korlátolt Felelősségű Társaság
Last modification: 11 February 2020

Cordia Management Szolgáltató Korlátolt Felelősségű Társaság
Cordia Agent Hitelszervező and Ingatlanforgalmazó Korlátolt Felelősségű Társaság
Last modification: 11 February 2020

Contents

1. General provisions and contact details

2. Updates and access to the Policy

3. Other data protection conditions

4. The scope of handled data and the purpose of data handling

5. Transfer of personal data to our contracted partners

6. Cookies used on the https://en.cordia.hu/ website

7. Personal data relating to children and third parties

8. Data security

9. Your data protection rights and legal options for remediation

1. General provisions and contact details

This policy (“Policy”) applies to the handling of any information (personal data) concerning identified or identifiable natural persons (data subjects) by Cordia Management Szolgáltató Korlátolt Felelősségű Társaság (“Cordia Management”) and/or Cordia Agent Hitelszervező és Ingatlanforgalmazó Korlátolt Felelősségű Társaság (“Cordia Agent”).

All data handling activities below that are carried out according to this Policy independently by one of the Cordia companies will appear separately under that company’s name. Those activities carried out jointly by Cordia Management and Cordia Agent (together “Cordia”) will be referred to as such. Joint data handling means that Cordia Management and Cordia Agent will determine the purpose and methods of any given data handling jointly. The joint data processors will determine in the agreement created between them, how their responsibilities are divided for the purposes of fulfilling their tasks according to EU 2016/679 General Data Protection Regulation (“GDPR”). The key points of the agreement must be made available to the data subject.

Cordia address: 1082 Budapest, Futó utca 47-53. VII. em.
Cordia Management company registration number: Cg. 01-09-289024
Cordia Agent company registration number: Cg. 01-09-877571
Cordia webpage: https://en.cordia.hu/
Cordia phone number: +36 1 266 2181
Cordia e-mail address: cordia.management@cordiahomes.com
Cordia representative and contact information: Földi Tibor, see contact information above

If you have any questions or remarks concerning this Policy, please contact Cordia at one of above contact details prior to using the website and prior to providing any information or data in accordance with this Policy.

If you provide Cordia with personal data through a third-party service (for example, through a social media page), you may be subject to the data handling policy and other terms of use of that given service, for which Cordia bears no responsibility.

2. Updates and access to the Policy

Cordia reserves the right to unilaterally modify the Policy, following any prior modifications, after which such modification shall come into effect. Modification of this policy can especially take place if it is necessary due to legal changes, data protection authority practice, company or employee demand, new purpose of data handling, or newly discovered security risks. Cordia may use the contact details of the data subject made available to Cordia for the purpose of making and maintaining contact with the data subject in connection with this Policy or with privacy issues or otherwise. Upon your request, for example, Cordia will send you a copy of the current effective version of this Policy or certify that the Policy has been made available to the data subjects.

3. Other data protection conditions

During use of the individual separate services, you may be subject to specific data protection conditions that you will be informed of prior to using the given service.

The data subjects must make available to Cordia the relevant personal data pursuant to applicable regulations in every case. In particular, they must have appropriate and informed consent or other legal basis for transferring personal data (such as transferring the data of contact persons, relatives). Id Cordia learns that any of the data of a data subject has been transferred without their consent or without other legitimate legal basis, Cordia may immediately delete such data; in addition, the data subject will be entitled to exercise their rights and options for legal redress under this Policy. Cordia shall not be responsible for any damage, loss or injury arising from breach of the above obligations or statements by the data subject.

4. The scope of handled data and the purpose of data handling

The scope of personal data processed by Cordia Management and/or Cordia Agent, the purposes of data handling, the duration of the data handling and those authorised to access the data is presented in detail in the table below.

The data management objectives are summarised as follows:

  • Preparation of a real estate sales contract between the clients of Cordia Management and the sellers of the properties they wish to purchase, in particular, providing information about the real estates you are seeking. Cordia Management will forward the contact details of buyers (name, address, email, phone number) to the presidents of the condominium boards concerned for the sales contract.
  • Forwarding data to Cordia FM Társasházkezelő Korlátolt Felelősségű Társaság.Property management services, as well as use of related real estate leasing, real estate brokerage and other services.
  • Online account creation on a Cordia website.
  • Sending of advertising materials via e-mail and/or with telephone inquiries (direct business acquisition) by Cordia.
  • Conducting a satisfaction survey after buying a flat or using Cordia’s services, for example in words, writing, via email or phone.
  • Sending buyer information by Cordia.
  • Preparation of loan and bank account contracts related to the real estate sales contract by OTP Bank Nyrt.
  • Installation and operation of Smart Home systems and tools for the automisation of your home.
  • Handling the data of contact persons of contracted partners acting in connection with contracts not identified in this Policy and of persons who are involved in the performance of these contracts and in monitoring performance (on a daily basis).
  • Handling the data of contracted partners, contact persons as well as persons involved in the performance of these contracts and in monitoring performance for compliance issues regarding the contracts or for any other purpose, including seeking options for legal redress for ensuring contractual rights.
  • Data handling in connection with the enforcement of the data protection rights of the data subjects (for details, see Section 9).
  • Archiving the consents of the data subjects to data handling and the withdrawal of their consent, if any.
  • Keeping records of privacy incidents (including the documentation of measures made in order to manage such idents).

If a data handling objective is necessary for the validation of legitimate interests of Cordia or a third party, Cordia will make available the weighing test used in determining legitimate interest if a request has been made through any of the above contacts.

Cordia particularly calls the attention to all involved parties that those involved have the right to object, at any time and for reasons connected to their personal situation, to the legitimate interest-based handling of their personal data, including profiling based on the provisions mentioned. In this case, Cordia will cease handling personal data unless it proves that the data handling is justified by such compelling reasons which give it priority over the interests, rights and freedoms of the involved party, or which are connected to the submission, enforcement or protection of legal claims. If the handling of personal data occurs for direct business acquisition purposes, the involved party has a right to object at any time to the handling of their personal data for this purpose, including profiling, if it is connected to direct business acquisition. When unsubscribing from advertising materials, a confirmation link will be sent to the e-mail address you’ve provided, which you must click to confirm your unsubscribe request. Confirmation is important because Cordia must be sure that the person wishing to unsubscribe is not a robot, is acting in their own name, is confirming the request through their own e-mail account and is using a genuine e-mail address. The confirmation link is valid for 48 (forty-eight) hours. The deadline to unsubscribe begins upon confirmation. If you do not confirm the unsubscribe request within 48 hours, the link will expire and a new one must be requested.

The legal basis and the period of each data handling actions are essentially defines by the following rules of law:

  • “Art.” – Act CL of 2017 on the rules of taxation. Cordia FM is obliged to keep the data supported by taxation certificates.
  • Ptk.” – Act V of 2013 on the Civil Code. If the duration of data handling is indicated as the expiry date of the obligation to provide information, the activity that interrupts the expiry extends the duration of data handling until the new date (Ptk. § 6:25 (2)). In the event that expiry is extended, the request can be presented within the one-year – or three-month if the period of expiry is shorter –deadline from the lifting of the restriction even if the period of expiry has already passed, or if less time remains than the above period. (Ptk. § 6:24 (2)).
  • “Advertising Act” – Act XLVIII of 2008 on Essential Conditions of and Certain Limitations to Business Advertising.
  • Accounting Act” – Act C of 2000 on accounting. Cordia FM is required to retain certain data – such as those that are contained in the documents (e.g. a sales contract) that support accounting, or that are included in the contract between Cordia FM and the client or on invoices issued – in accordance with the Accounting Act. The retention period of 8 years set forth in the Act from the date on which there was a piece of data in the given year that should be treated as an accounting item, or when the report/general ledger was based on the given data. In practice: if an item is included in a contract on the basis of which several different services are performed (e.g. several services are provided under the same contract), the 8-year period should be calculated separately for each service performed, because separate invoices are made out for each service, and the deals are recorded in the books accordingly. If the piece of data, for example, is included in a contract for the sale of something (the item has been delivered and the contract is terminated), the deal is entered into the books on the basis of the contract and the invoice, and the 8-year period mentioned above will commence from there.

5. Transfer of personal data to our contracted partners

In addition to the contracted partners separately named in this policy, Cordia uses the below contracted partners for the completion of tasks related to data handling activities.

The contracted partners are summarised as follows:

  • salesforce.com EMEA Limited – storage services
  • Attention CRM Consulting Kft. – website development and management.
  • LEAD GENERATION Kft. – customer service.
  • DONE Digital Kft. – website development.
  • Silver Frog Informatikai Kereskedelmi és Szolgáltató Kft. – storage services.
  • Hidden Design Kft. – storage services.
  • Wavemaker Hungary Média, Tartalom és Technológia – media planning and media purchasing tasks.
  • Cordia vendors – preparation of sales contracts.
  • Business Solution Informatikai Zrt – using server virtualisation and storage hosting services.
  • NK Services (Magyarország) Infokommunikációs Megoldások és Szolgáltatások Korlátolt Felelősségű Társaság – using server virtualisation and storage hosting services.

The contracted partner acts as a so-called ‘data processor’: it handles the personal data outlined in this policy on behalf of Cordia. Cordia may only use such data processors which provide adequate guarantees, in particular concerning expertise, reliability and resources, regarding the implementation of technical and organisational measures to ensure compliance with GDPR requirements, including data handling security. The specific tasks and responsibilities of the data processor are specified by the contract between the data processor and Cordia. Following the handling of data on behalf of Cordia, the data processor will return or delete the personal data at Cordia’s decision, unless EU law or that of a member state applicable to the data processor prescribes its storage.

Contracting partners.

Cordia Agent will provide financial intermediation service to OTP Pénzügyi Pont Zrt acting as a dependent sub-agent by intermediating the products and services of the OPT Group as set forth in the dependent sub-agency contract to customers that it has dealings with in its business activities. In this context, Cordia acts as data processor, and for the purpose of data processing, the Privacy Notice of OTP Pénzügyi Pont Zrt as data controller shall prevail.

6. Cookies used on the https://en.cordia.hu/ website

Cookies are used in certain areas of the https://en.cordia.hu/ website. The cookies are files that store information on your hard disk or web browser.

Cookies, for example, make it possible for the website to recognise if you have visited previously, or, by allowing us to see which sites you visit and how much time you spend there, help us understand what part of the website is most popular. By studying this, we can better adjust the site to your needs and offer a more varied user experience. With the help of cookies, we can assure that the information displayed on your next visit to the site will meet your expectations (without identifying you personally).

When you visit one of our websites, technical information may be gathered that does not allow you to be personally identified. For example, the name of another website that directed you here, the location from where you accessed the website, and search queries completed on the website. Collecting this information helps us identify the preferred search habits of our website users without using their personal data. Such information is used strictly for internal purposes. Anonymous or general data from which your person cannot be identified does not qualify as personal data and thus does not fall within the scope of this Policy.

You can change the web configuration to either accept cookies, delete all cookies, or receive notification when cookies appear on your machine. Since all web applications are different, we ask that you use the ‘Help’ menu on your browser to adjust your cookie settings. You can find further information on cookies and disabling them at a http://www.youronlinechoices.com/hu/.  The https://en.cordia.hu/ website was intended to operate with the use of cookies, so disabling them may affect on the functionality of the website, or prevent you from taking advantage of all its benefits.

Links for the handling of cookies in the case of most frequently used browsers:

Mozilla Firefox
Google Chrome
Internet Explorer

Google Analytics provides a further option of unsubscribing from the Google Analytics service: http://tools.google.com/dlpage/gaoptout?hl=en-GB.

Cookies used on the https://en.cordia.hu/ website – cookies table.

7. Personal data relating to children and third parties

With the exception of when parental consent is provided, persons under 16 years of age are not permitted to provide any personal data.

By providing personal data, you declare and affirm that you have considered the above and that your legal capacity related to providing personal data is not limited.

If you do not have the right to independently provide personal data, you must acquire the permission of the appropriate third party (i.e. legal representative, guardian, other persons you are representing), or provide another form of a legal basis to do so. In relation to this, you must be able to consider whether the personal data to be provided requires the consent of a third party. To this point, you are responsible for meeting all the necessary requirements, as Cordia may not otherwise come into contact with the data subject and Cordia shall not be liable or bear any responsibility in this regard. Nevertheless, Cordia has the right to check and verify whether the proper legal basis has been provided with relation to the handling of data at all times. For example, if you are representing a third party, we reserve the right to request the proper authorisation and/or consent of the party being represented with relation to the matter at hand.

We will do everything in our power to remove all unauthorised information provided and ensure that such information is not forwarded to any third party, or used for our own purposes (advertising or any other activity). We request that you inform us immediately should you become aware that a child or any other third party has provided any personal data of yours that you have not properly authorised them to do so.

8. Data security

Data processed by Cordia is protected by the restrictions applied to the access of information. For example, only those who require it, in the interests of and for the purposes listed previously, have access to the data.

9. Your data protection rights and legal options for remediation

Your data protection rights and legal options for remediation are detailed in the relevant provisions of the GDPR (particularly in GDPR articles 15, 16, 17, 18, 19, 20, 21, 22, 77, 78, 79, 80 and 82). The following summary contains the most important provisions, as well as information provided accordingly by Cordia, on your rights and legal options for remediation regarding data handling.

Please note that with respect to profiling (sending of promotional materials and handling of related apartment-seeking preferences) described above in this Policy, you are entitled to request personal intervention from Cordia, and to express your position in written form and make it known to Cordia. You may also object to the decision which follows the results of the profiling. In such a case, Cordia will investigate the decision with personal intervention and in consideration of the information you have provided, and will inform you of the outcome.

The information must be provided in writing or in other forms – including electronically in some cases. Verbal information may also be provided upon request, provided that you have otherwise confirmed your identity.

Electronic identity confirmation will occur through a confirmation link that will be sent to the e-mail address you’ve provided, which you must click to confirm your information request. Confirmation is important because Cordia must be sure that the person requesting the information is not a robot, is acting in their own name, is confirming the request through their own e-mail account and is using a genuine e-mail address. The confirmation link is valid for 48 (forty-eight) hours. The deadline for receiving the information begins upon confirmation. If you do not confirm the information request within 48 hours, the link will expire and a new one must be requested.

Cordia will inform you of any measures taken in response to your request without undue delay, but in any case within one month of the arrival of your application for legal remediation (see GDPR articles 15-22). If necessary, taking into account the complexity and number of applications, this deadline can be extended by two additional months. Cordia will inform you within one month of receiving the request of the extension of this deadline by indicating the reasons for the delay. If you submitted your request electronically, you must be informed electronically whenever possible unless otherwise requested.

If Cordia takes no action following your request, you will be informed of the reasons for the failure to act without delay and at most within one month of receipt of your request. You will also be informed that you may submit a complaint with a supervisory authority and exercise your right to judicial redress.

9.1 Access rights

(1) You are entitled to receive a notification from us to indicate that the handling of your personal data is in progress. If data processing is in progress, you are entitled to be provided with access to your personal data and the following information:

a) purpose of the data handling;
b) categories of the data subject’s personal data;
c) recipients or categories of recipients, who have been or will be informed of personal data, particularly third party national recipients and international organisations;
d) where appropriate, the planned period of personal data storage, or if it is not possible to provide this, the criteria for determining such a timeframe;
e) it is your right to request an update, deletion or processing restriction of personal data related to you, as well as to object to such personal data handling;
f) the right to lodge a complaint to the supervisory authority; and
g) if the data was not provided by you, all available information as to the source of such data;
h) automated decisions, including profiling, and at least in these cases, the applied logic and related information, the degree of relevance and expected consequences that these types of data handlings have for you.

(2) If personal data is transferred to a third country, you are entitled to receive notification of such associated applicable guarantees.

(3) A copy of the personal data subject to the data handling shall be made available to you. If your request was made electronically, the information shall be made available in the most commonly used electronic format, unless requested otherwise.

9.2 Right to update

You are entitled to have your information updated without delay or reason at your request. You are entitled to request that any missing or incomplete personal data is updated by making, inter alia, a supplementary declaration.

9.3 Right to deletion (‘right to be forgotten’)

(1) You are entitled to have your information deleted without delay or reason, at your request, if any of the following conditions are met:

a) there is no longer a need for the personal data for the purposes it was gathered for or handled otherwise;
b) you revoke your consent on which the handling is based and there is no other legal basis for the data handling;
c) you object to the data handling, and in the given case there is no overriding legitimate reason for the data handling;
d) the personal data was processed unlawfully;
e) the personal data must be deleted in order to fulfil our obligations under European Union or Member State law; or
f) the collection of personal data was associated with the offering of information society services,

You will find technical regulations related to the deletion of your account in the attached purposes for data handling.

(2) If Cordia disclosed any personal data and is obligated to delete such data based on paragraph (1), Cordia shall, with consideration to available technology and costs associated with carrying them out, take the necessary and expected steps – including technical measures – in the interest of informing those handling the data that the data subject has requested the deletion of links to the personal data in question or copies thereof, as well as further duplication of such personal data.

(3) Paragraphs (1) and (2) are not applicable in so much as the data handling is necessary, among others:

a) for the purposes of exercising the right to freedom of expression and information;
b) for the purposes of fulfilling our obligations relating to personal data handling under European Union or Member State law, as defined therein;
c) for the purposes of archiving in the public interest, scientific and historical research or statistical purposes, in so much as the rights contained in paragraph (1) would seriously threaten such data handling or most likely make it impossible; or
d) for the submission, validation and protection of legal proceedings.

9.4 Right to restrict data handling

(1) You are entitled to request that we restrict data handling if any of the following conditions are met:

a) you dispute the accuracy of the personal data, in which case the restriction is applied for the timeframe that allows for the inspection of the personal data’s accuracy;
b) the data handling is unlawful and you object to the deletion of the data, and instead request its restricted use;
c) we have no further use for the data for the purposes of data handling, but you request them for the submission, validation and defence of your legal claims; or
d) you objected to the data handling; in which case, the restriction applies to the time period required to determine whether Cordia’s legitimate reasons take precedence over those of the data subject.

(2) If data handling is subject to a restriction based on paragraph (1), such personal data, with the exception of storage, can only be processed with your consent, or for the submission, validation and defence of your legal claims, or in the interests of protecting the rights of other natural or legal persons, or in the important public interest of the European Union or a Member State.

(3) We shall inform you prior to the lifting of the data handling restriction.

9.5 Notification obligation related to the updating, deleting and data handling restriction of personal data

Cordia shall communicate any updates, deletion or data handling restriction to those recipients to whom the data have been disclosed, unless this proves to be impossible or requires excessive resources. We shall inform you of the recipients upon your request.

9.6 Right to data portability

(1) You are entitled to receive personal data applicable to you and made available to us, in an articulate, commonly used, machine-readable format, furthermore, you are entitled to forward these data to another data processor without obstruction from Cordia, if:

a) data handling is based on consent or a contractual agreement; and
b) data handling takes place through automated means.

(2) In exercising the right of data portability according to paragraph (1), you are entitled to – if technically possible – request the direct transmission of personal data between data controllers.

9.7 Right to object

(1) You have the right to object, on grounds relating to your own situation, to the handling of personal data based on a legitimate interest, including profiling. In such a case, we shall not further process your personal data, unless we demonstrate compelling legitimate grounds for handling that takes precedence over your interests, rights and freedoms or relates to the submission, validation and defence of legal claims.

(2) If the personal data is processed for the purposes of direct marketing, you have the right to object, at any time, to the handling of personal data relating to you in the interest of such, which also includes profiling in so much as it relates to direct marketing. When unsubscribing from advertising materials, a confirmation link will be sent to the e-mail address you’ve provided, which you must click to confirm your unsubscribe request. Confirmation is important because Cordia must be sure that the person wishing to unsubscribe is not a robot, is acting in their own name, is confirming the request through their own e-mail account and is using a genuine e-mail address. The confirmation link is valid for 48 (forty-eight) hours. Unsubscription becomes valid upon confirmation. If you do not confirm the unsubscribe request within 48 hours, the link will expire and a new one must be requested.

(3) If you object to the handling of personal data for the purposes of direct marketing, the personal data can no longer be processed for this purpose.

(4) You may also exercise your right to object through automated means, based on technical specifications, relating to the use of information society services and notwithstanding Directive 2002/58/EC of the European Parliament.

(5) If the handling of personal data is for the purpose of scientific or historical research or for statistical purposes, you have the right to object, on grounds relating to your own situation, to the handling of personal data, unless the handling of data is necessary for the performance of tasks carried out in the public interest.

9.8 Right to lodge a complaint to the supervisory authority

You are entitled to lodge a complaint to a supervisory authority – particularly in your habitual residence, place of work or the Member State of the alleged infringement –  if,  according to your assessment, the handling of personal data related to you infringes your rights under the GDPR. The competent supervisory authority in Hungary is: National Authority on Data Protection and Freedom of Data (http://naih.hu/; 1530 Budapest, Pf.: 5.; Tel.: +36 1 391 1400; fax: +36 1 391 1410; e-mail: ugyfelszolgalat@naih.hu).

9.9 Right to an effective judicial remedy against a supervisory authority

(1) You are entitled to an effective judicial remedy against the supervisory authority’s legally binding decision applicable to you.

(2) You are entitled to an effective judicial remedy if the competent supervisory authority does not respond to the complaint, or does not inform you within three months on the progress or outcome of the proceedings related to the lodged complaint.

(3) Proceedings against a supervisory authority shall be brought before the courts of the Member State where the supervisory authority is established.

9.10 Right to effective judicial remedy against the data controller or processor

(1) You are entitled to an effective judicial remedy if, according to your assessment, the handling of personal data was improperly processed as per the GDPR and, as a result, infringes your rights under the GDPR.

(2) The proceeding must be initiated against the data controller or the data processor before the courts of the Member State where the data controller or data processor has its principal place of business. Such proceedings may be initiated before the courts of the Member State of the data subject’s usual place of residence. In Hungary, such a proceeding falls under the jurisdiction of the court. The subject may initiate the proceeding before the court applicable to the place of residence or domicile as the subject chooses. You can find out more about the jurisdiction and contact details of the court at the following website: www.birosag.hu.

Previous Data Protection Notices:
Last modification: 30 July 2019
26 March 2019
23 May 2018
05 April 2018