cordia_adatvedelem_header

Data Handling Policy

Cordia Management Szolgáltató Korlátolt Felelősségű Társaság
Cordia Agent Hitelszervező and Ingatlanforgalmazó Korlátolt Felelősségű Társaság

 

Contents

1. General provisions and contact details

2. Updates and access to the Policy

3. Other data protection conditions

4. The scope of handled data and the purpose of data handling

5. Transfer of personal data to our contracted partners

6. Cookies used on the https://cordia.hu website

7. Personal data relating to children and third parties

8. Data security

9. Your data protection rights and legal options for remediation

1. General provisions and contact details

This policy (“Policy”) applies to the handling of any information (personal data) concerning identified or identifiable natural persons (data subjects) by Cordia Management Szolgáltató Korlátolt Felelősségű Társaság (“Cordia Management”) and/or Cordia Agent Hitelszervező és Ingatlanforgalmazó Korlátolt Felelősségű Társaság (“Cordia Agent”).

All data handling activities below that are carried out according to this Policy independently by one of the Cordia companies will appear separately under that company’s name. Those activities carried out jointly by Cordia Management and Cordia Agent (together “Cordia”) will be referred to as such. Joint data handling means that Cordia Management and Cordia Agent will determine the purpose and methods of any given data handling jointly. The joint data processors will determine in the agreement created between them, how their responsibilities are divided for the purposes of fulfilling their tasks according to EU 2016/679 General Data Protection Regulation (“GDPR”). The key points of the agreement must be made available to the data subject. Cordia is required to comply with the provisions of GDPR from 25 May 2018.

Cordia address: 1082 Budapest, Futó utca 47-53. VII. em.
Cordia Management company registration number: Cg. 01-09-289024
Cordia Agent company registration number: Cg. 01-09-877571
Cordia webpage: https://cordia.hu/
Cordia phone number: 36/1/2662181
Cordia e-mail address: cordia.management@cordia.hu
Cordia representative and contact information: Földi Tibor, see contact information above

If you have any questions or remarks concerning this Policy, please contact Cordia at one of above contact details prior to using the website and prior to providing any information or data in accordance with this Policy.

If you provide Cordia with personal data through a third-party service (for example, through a social media page), you may be subject to the data handling policy and other terms of use of that given service, for which Cordia bears no responsibility.

2. Updates and access to the Policy

Cordia reserves the right to unilaterally modify the Policy, following any prior modifications, after which such modification shall come into effect. Modification of this policy can especially take place if it is necessary due to legal changes, data protection authority practice, company or employee demand, new personal data handling activities, or newly discovered security risks. With this in mind, it is recommended to regularly visit the https://cordia.hu/ website to carefully follow any changes. Upon your request, we will be happy to provide you with an up-to-date hard copy of the Policy.

3. Other data protection conditions

During use of the individual separate services, you may be subject to specific data protection conditions that you will be informed of prior to using the given service.

4. The scope of handled data and the purpose of data handling

The scope of personal data processed by Cordia Management and/or Cordia Agent, the purposes of data handling, the duration of the data handling and those authorised to access the data is presented in detail in the table below.

The data management objectives are summarised as follows:

  • Preparation of a real estate sales contract between the clients of Cordia Management and the sellers of the properties they wish to purchase.
  • Property management services, as well as use of related real estate leasing, real estate brokerage and other services.
  • Online account creation on a Cordia website.
  • Sending of advertising materials via e-mail and/or with telephone inquiries (direct business acquisition) by Cordia.
  • Preparation of loan and account contracts related to the real estate sales contract by OTP Bank Nyrt.
  • Installation and operation of Smart Home systems and tools for the automisation of your home.

If a data handling objective is necessary for the validation of legitimate interests of Cordia or a third party, Cordia will make available the weighing test used in determining legitimate interest if a request has been made through any of the above contacts.

Cordia particularly calls the attention to all involved parties that those involved have the right to object, at any time and for reasons connected to their personal situation, to the legitimate interest-based handling of their personal data, including profiling based on the provisions mentioned. In this case, Cordia will cease handling personal data unless it proves that the data handling is justified by such compelling reasons which give it priority over the interests, rights and freedoms of the involved party, or which are connected to the submission, enforcement or protection of legal claims. If the handling of personal data occurs for direct business acquisition purposes, the involved party has a right to object at any time to the handling of their personal data for this purpose, including profiling, if it is connected to direct business acquisition. When unsubscribing from advertising materials, a confirmation link will be sent to the e-mail address you’ve provided, which you must click to confirm your unsubscribe request. Confirmation is important because Cordia must be sure that the person wishing to unsubscribe is not a robot, is acting in their own name, is confirming the request through their own e-mail account and is using a genuine e-mail address. The confirmation link is valid for 48 (forty-eight) hours. The deadline to unsubscribe begins upon confirmation. If you do not confirm the unsubscribe request within 48 hours, the link will expire and a new one must be requested.

If this Policy indicates the limitation period for the satisfaction of requirements as the data handling period, the act interrupting the limitation period extends the data handling period to a new time of limitation.

5. Transfer of personal data to our contracted partners

In addition to the contracted partners separately named in this policy, Cordia uses the below contracted partners for the completion of tasks related to data handling activities.

The contracted partners are summarised as follows:

  • salesforce.com EMEA Limited – storage services.
  • Attention CRM Consulting Kft. – website development and management.
  • LEAD GENERATION Kft. – customer service.
  • DONE Digital Kft. – website development.
  • Silver Frog Informatikai Kereskedelmi és Szolgáltató Kft. – storage services.
  • Hidden Design Kft. – storage services.
  • Wavemaker Hungary Média, Tartalom és Technológia – media planning and media purchasing tasks.
  • A Cordia értékesítői – preparation of sales contracts.

The contracted partner acts as a so-called ‘data processor’: it handles the personal data outlined in this policy on behalf of Cordia. Cordia may only use such data processors which provide adequate guarantees, in particular concerning expertise, reliability and resources, regarding the implementation of technical and organisational measures to ensure compliance with GDPR requirements, including data handling security. The specific tasks and responsibilities of the data processor are specified by the contract between the data processor and Cordia. Following the handling of data on behalf of Cordia, the data processor will return or delete the personal data at Cordia’s decision, unless EU law or that of a member state applicable to the data processor prescribes its storage.

Contracting partners.

6. Cookies used on the https://cordia.hu website

Cookies are used in certain areas of the https://cordia.hu website. The cookies are files that store information on your hard disk or web browser.

Cookies, for example, make it possible for the website to recognise if you have visited previously, or, by allowing us to see which sites you visit and how much time you spend there, help us understand what part of the website is most popular. By studying this, we can better adjust the site to your needs and offer a more varied user experience. With the help of cookies, we can assure that the information displayed on your next visit to the site will meet your expectations.

When you visit one of our websites, technical information may be gathered that does not allow you to be personally identified. For example, the name of another website that directed you here, the location from where you accessed the website, and search quiries completed on the website. Collecting this information helps us identify the preferred search habits of our website users without using their personal data. Such information is used strictly for internal purposes. Anonymous or general data from which your person cannot be identified does not qualify as personal data and thus does not fall within the scope of this Policy.

You can change the web configuration to either accept cookies, delete all cookies, or receive notification when cookies appear on your machine. Since all web applications are different, we ask that you use the ‘Help’ menu on your browser to adjust your cookie settings. You can find further information on cookies and disabling them at a http://www.youronlinechoices.com/hu/.  The https://cordia.hu website was intended to operate with the use of cookies, so disabling them may affect on the functionality of the website, or prevent you from taking advantage of all its benefits.

Links for the handling of cookies in the case of most frequently used browsers:

Mozilla Firefox
Google Chrome
Internet Explorer

Google Analytics provides a further option of unsubscribing from the Google Analytics service: http://tools.google.com/dlpage/gaoptout?hl=en-GB.

Cookies used on the https://cordia.hu/ website – cookies table.

7. Personal data relating to children and third parties

With the exception of when parental consent is provided, persons under 16 years of age are not permitted to provide any personal data.

By providing personal data, you declare and affirm that you have considered the above and that your legal capacity related to providing personal data is not limited.

If you do not have the right to independently provide personal data, you must acquire the permission of the appropriate third party (i.e. legal representative, guardian, other persons you are representing), or provide another form of a legal basis to do so. In relation to this, you must be able to consider whether the personal data to be provided requires the consent of a third party. To this point, you are responsible for meeting all the necessary requirements, as Cordia may not otherwise come into contact with the data subject and Cordia shall not be liable or bear any responsibility in this regard. Nevertheless, Cordia has the right to check and verify whether the proper legal basis has been provided with relation to the handling of data at all times. For example, if you are representing a third party, we reserve the right to request the proper authorisation and/or consent of the party being represented with relation to the matter at hand.

We will do everything in our power to remove all unauthorised information provided and ensure that such information is not forwarded to any third party, or used for our own purposes (advertising or any other activity). We request that you inform us immediately should you become aware that a child or any other third party has provided any personal data of yours that you have not properly authorised them to do so.

8. Data security

Data processed by Cordia is protected by the restrictions applied to the access of information. For example, only those who require it, in the interests of and for the purposes listed previously, have access to the data.

9. Your data protection rights and legal options for remediation

Your data protection rights and legal options for remediation are detailed in the relevant provisions of the GDPR (particularly in GDPR articles 15, 16, 17, 18, 19, 20, 21, 22, 77, 78, 79, 80 and 82). The following summary contains the most important provisions, as well as information provided accordingly by Cordia, on your rights and legal options for remediation regarding data handling.

The information must be provided in writing or in other forms – including electronically in some cases. Verbal information may also be provided upon request, provided that you have otherwise confirmed your identity.

Electronic identity confirmation will occur through a confirmation link that will be sent to the e-mail address you’ve provided, which you must click to confirm your unsubscribe request. Confirmation is important because Cordia must be sure that the person wishing to unsubscribe is not a robot, is acting in their own name, is confirming the request through their own e-mail account and is using a genuine e-mail address. The confirmation link is valid for 48 (forty-eight) hours. The deadline to unsubscribe begins upon confirmation. If you do not confirm the unsubscribe request within 48 hours, the link will expire and a new one must be requested.

Cordia will inform you of any measures taken in response to your request without undue delay, but in any case within one month of the arrival of your application for legal remediation (see GDPR articles 15-22). If necessary, taking into account the complexity and number of applications, this deadline can be extended by two additional months. Cordia will inform you within one month of receiving the request of the extension of this deadline by indicating the reasons for the delay. If you submitted your request electronically, you must be informed electronically whenever possible unless otherwise requested.

If Cordia takes no action following your request, you will be informed of the reasons for the failure to act without delay and at most within one month of receipt of your request. You will also be informed that you may submit a complaint with a supervisory authority and exercise your right to judicial redress.

9.1       Access rights

(1) You are entitled to receive a notification from us to indicate that the handling of your personal data is in progress. If data processing is in progress, you are entitled to be provided with access to your personal data and the following information:

a) purpose of the data handling;
b) categories of the data subject’s personal data;
c) recipients or categories of recipients, who have been or will be informed of personal data, particularly third party national recipients and international organisations;
d) where appropriate, the planned period of personal data storage, or it is not possible to provide this, the criteria for determining such a timeframe;
e) it is your right to request an update, deletion or processing restriction of personal data related to you, as well as to object to such personal data handling;
f) the right to lodge a complaint to the supervisory authority; and
g) if the data was not provided by you, all available information as to the source of such data;
h) automated decisions, including profiling, and at least in these cases, the applied logic and related information, the degree of relevance and expected consequences that these types of data handlings have for you.

(2) If personal data is transferred to a third country, you are entitled to receive notification of such associated applicable guarantees.

(3) A copy of the personal data subject to the data handling shall be made available to you. If your request was made electronically, the information shall be made available in the most commonly used electronic format, unless requested otherwise.

9.2      Right to update

You are entitled to have your information updated without delay or reason at your request. You are entitled to request that any missing or incomplete personal data is updated by making, inter alia, a supplementary declaration.

9.3       Right to deletion (‘right to be forgotten’)

(1) You are entitled to have your information deleted without delay or reason, at your request, if any of the following conditions are met:

a) there is no longer a need for the personal data for the purposes it was gathered for or handled otherwise;
b) you revoke your consent on which the handling is based and there is no other legal basis for the data handling;
c) you object to the data handling, and in the given case there is no overriding legitimate reason for the data handling;
d) the personal data was processed unlawfully;
e) the personal data must be deleted in order to fulfil our obligations under European Union or Member State law; or
f) the collection of personal data was associated with the offering of information society services.

You will find technical regulations related to the deletion of your account in the attached purposes for data handling.

(2) If Cordia disclosed any personal data and is obligated to delete such data based on paragraph (1), Cordia shall, with consideration to available technology and costs associated with carrying them out, take the necessary and expected steps – including technical measures – in the interest of informing those handling the data that the data subject has requested the deletion of links to the personal data in question or copies thereof, as well as further duplication of such personal data.

(3) Paragraphs (1) and (2) are not applicable in so much as the data handling is necessary, among others:

a) for the purposes of exercising the right to freedom of expression and information;
b) for the purposes of fulfilling our obligations relating to personal data handling under European Union or Member State law, as defined therein;
c) for the purposes of archiving in the public interest, scientific and historical research or statistical purposes, in so much as the rights contained in paragraph (1) would seriously threaten such data handling or most likely make it impossible; or
d) for the submission, validation and protection of legal proceedings.

9.4       Right to restrict data handling

(1) You are entitled to request that we restrict data handling if any of the following conditions are met:

a) you argue the accuracy of the personal data, in which case the restriction is applied for the timeframe that allows for the inspection of the personal data’s accuracy;
b) the data handling is unlawful and you object to the deletion of the data, and instead request its restricted use;
c) we have no further use for the data for the purposes of data handling, but you request them for the submission, validation and defence of your legal claims; or
d) You objected to the data handling; in which case, the restriction applies to the time period required to determine whether Cordia’s legitimate reasons take precedence over those of the data subject.

(2) If data handling is subject to a restriction based on paragraph (1), such personal data, with the exception of storage, can only be processed with your consent, or for the submission, validation and defence of your legal claims, or in the interests of protecting the rights of other natural or legal persons, or in the important public interest of the European Union or a Member State.

(3) We shall inform you prior to the lifting of the data handling restriction.

9.5       Notification obligation related to the updating, deleting and data handling restriction of personal data

Cordia shall communicate any updates, deletion or data handling restriction to those recipients to whom the data have been disclosed, unless this proves to be impossible or requires excessive resources. We shall inform you of the recipients upon your request.

9.6      Right to data portability

(1) You are entitled to receive personal data applicable to you and made available to us, in an articulate, commonly used, machine-readable format, furthermore, you are entitled to forward these data to another data processor without obstruction from Cordia, if:

a) data handling is based on consent or a contractual agreement; and
b) data handling takes place through automated means.

(2) In exercising the right of data portability according to paragraph (1), you are entitled to – if technically possible – request the direct transmission of personal data between data controllers.

9.7       A tiltakozáshoz való jog

(1) You have the right to object, on grounds relating to your own situation, to the handling of personal data based on a legitimate interest, including profiling. In such a case, we shall not further process your personal data, unless we demonstrate compelling legitimate grounds for handling that takes precedence over your interests, rights and freedoms or relates to the submission, validation and defence of legal claims.

(2) If the personal data is processed for the purposes of direct marketing, you have the right to object, at any time, to the handling of personal data relating to you in the interest of such, which also includes profiling in so much as it relates to direct marketing. When unsubscribing from advertising materials, a confirmation link will be sent to the e-mail address you’ve provided, which you must click to confirm your unsubscribe request. Confirmation is important because Cordia must be sure that the person wishing to unsubscribe is not a robot, is acting in their own name, is confirming the request through their own e-mail account and is using a genuine e-mail address. The confirmation link is valid for 48 (forty-eight) hours. The deadline to unsubscribe begins upon confirmation. If you do not confirm the unsubscribe request within 48 hours, the link will expire and a new one must be requested.

(3) If you object to the handling of personal data for the purposes of direct marketing, the personal data can no longer be processed for this purpose.

(4) You may also exercise your right to object through automated means, based on technical specifications, relating to the use of information society services and notwithstanding Directive 2002/58/EC of the European Parliament.

(5) If the handling of personal data is for the purpose of scientific or historical research or for statistical purposes, you have the right to object, on grounds relating to your own situation, to the handling of personal data, unless the handling of data is necessary for the performance of tasks carried out in the public interest.

9.8       Right to lodge a complaint to the supervisory authority

You are entitled to lodge a complaint to a supervisory authority – particularly in your habitual residence, place of work or the Member State of the alleged infringement –  if,  according to your assessment, the handling of personal data related to you infringes your rights under the GDPR. The competent supervisory authority in Hungary is: National Authority on Data Protection and Freedom of Data (http://naih.hu/; 1530 Budapest, Pf.: 5.; Tel.: +36 1 391 1400; fax: +36 1 391 1410; e-mail: ugyfelszolgalat@naih.hu).

9.9       Right to an effective judicial remedy against a supervisory authority

(1) You are entitled to an effective judicial remedy against the supervisory authority’s legally binding decision applicable to you.

(2) You are entitled to an effective judicial remedy if the competent supervisory authority does not respond to the complaint, or does not inform you within three months on the progress or outcome of the proceedings related to the lodged complaint.

(3) Proceedings against a supervisory authority shall be brought before the courts of the Member State where the supervisory authority is established.

9.10     Right to effective judicial remedy against the data controller or processor

(1) You are entitled to an effective judicial remedy if, according to your assessment, the handling of personal data was improperly processed as per the GDPR and, as a result, infringes your rights under the GDPR.

(2) The proceeding must be initiated against the data controller or the data processor before the courts of the Member State where the data controller or data processor has its principal place of business. Such proceedings may be initiated before the courts of the Member State of the data subject’s usual place of residence. You can find out more about the jurisdiction and contact details of the court at the following website: www.birosag.hu.

Please find our previous Data Protection Notice here.