+36 (70) 330 7577

HungarianHU
Naprakész leszek!

Adatkezelési tájékoztató

Főoldal / Rólunk / Adatkezelési tájékoztató / Privacy Notice - ArtHome Real Estate
Privacy Notice - ArtHome Real Estate

ArtHome Real Estate (Kis-Jakab Réka sole proprietor; Lolotea Ltd.)

Data Protection Rules

ArtHome Real Estate (hereinafter: ArtHome), as the data controller and the owner and operator of the website https://arthomeingatlan.hu/, declares that it processes all data obtained through its services in compliance with the applicable Hungarian and European Union laws and ethical requirements in force at all times, and that it always takes the technical and organizational measures necessary to ensure secure data processing.

ArtHome further declares that it respects the personal data and information of visitors to the website and registered users.

All data and facts that come to its knowledge are treated confidentially and are used exclusively for the operation of its services. The purpose of data processing is to record data relating to inquiries submitted through the website.

As data controller, ArtHome respects the privacy of all persons who provide personal data to it and is committed to protecting such data. Pursuant to Article 13 of the General Data Protection Regulation of the European Union (Regulation (EU) 2016/679, hereinafter: GDPR), it provides the following information:

The processing of data on https://arthomeingatlan.hu/ is carried out exclusively by ArtHome. Personal data shall not be disclosed to third parties without the explicit consent of the data subject.

If a competent authority requests ArtHome to provide or disclose data, ArtHome shall be obliged to disclose the personal data provided that all legal conditions for such disclosure are met.

The principles of its data processing are in line with the applicable data protection legislation, in particular the following:

  • Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information;

  • Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services;

  • Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities;

  • Act LXVI of 1992 on the Registration of Citizens’ Personal Data and Address, and Government Decree 146/1993 (X. 26.) on its implementation;

  • Act CXIX of 1995 on the Processing of Name and Address Data for the Purposes of Research and Direct Marketing;

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;

  • Act XXXIV of 2018 on the legislative amendments necessary for the implementation of the European Union’s data protection reform.

The Data Controller undertakes to comply unilaterally with the provisions of this Policy and requests that its clients also accept its provisions. The Data Controller reserves the right to amend this Privacy Policy, in which case the amended Policy shall be made publicly available.

Definitions Specified by Law

Personal data: any data relating to an identified or identifiable natural person (hereinafter: the data subject), as well as any conclusion concerning the data subject that can be drawn from such data. Personal data retains this quality during processing as long as its connection with the data subject can be restored. A person shall be regarded as identifiable in particular if he or she can be identified, directly or indirectly, by reference to a name, identification number, or one or more factors specific to his or her physical, physiological, mental, economic, cultural, or social identity.

Special categories of data: personal data revealing racial origin, nationality, political opinions or party affiliation, religious or other ideological beliefs, membership of any interest-representation organization, data concerning sexual life, health status, pathological addiction, and criminal personal data.

Consent: the freely given, specific, and informed indication of the data subject’s wishes by which he or she gives unambiguous agreement to the processing of personal data relating to him or her, either in full or for certain operations.

Objection: a statement made by the data subject objecting to the processing of his or her personal data and requesting the termination of the processing or the deletion of the processed data.

Data controller: the natural or legal person, or organization without legal personality, which alone or jointly with others determines the purposes of the processing of data, makes and implements decisions concerning data processing, including the means used, or has them implemented by a data processor.

Data processing: any operation or set of operations performed on data, regardless of the procedure used, including in particular collection, recording, registration, organization, storage, alteration, use, retrieval, transmission, disclosure, alignment or combination, blocking, erasure, destruction, and prevention of further use, as well as taking photographs, audio or video recordings, and recording physical characteristics suitable for personal identification, such as fingerprints, palm prints, DNA samples, or iris images.

Data transfer: making data accessible to a specified third party.

Disclosure: making data accessible to anyone.

Data erasure: rendering data unrecognizable in such a way that its restoration is no longer possible.

Data marking: affixing an identifying mark to data for the purpose of distinguishing it.

Data destruction: the complete physical destruction of the data carrier containing the data.

Data processing operations by processor: the performance of technical tasks related to data processing operations, irrespective of the method and means used for their execution and the place of application, provided that the technical task is performed on the data.

Data processor: the natural or legal person, or organization without legal personality, which processes data on the basis of a contract, including a contract concluded pursuant to law.

Data file: the totality of data managed in one register.

Third party: a natural or legal person, or an organization without legal personality, other than the data subject, the data controller, or the data processor.

EEA State: a Member State of the European Union and any other State party to the Agreement on the European Economic Area, as well as any State whose citizens enjoy the same legal status as citizens of an EEA State under an international agreement concluded between that State and the European Union and its Member States.

Data protection incident / personal data breach: unlawful handling or processing of personal data, including in particular unauthorized access, alteration, transfer, disclosure, deletion, destruction, as well as accidental destruction or damage.

Personal data may be processed if the data subject has consented thereto, or if it is ordered by law or, based on statutory authorization and within the scope defined therein, by a decree of a local government.

Special categories of data may be processed if the data subject has given written consent, or where processing is ordered by law for the enforcement of a fundamental right guaranteed by the Constitution, or for the purposes of national security, crime prevention, or criminal prosecution.

In the public interest, a law may order the disclosure of personal data with express indication of the scope of the data. In all other cases, disclosure requires the consent of the data subject, and in the case of special categories of data, written consent. In the event of doubt, it shall be presumed that the data subject has not given consent.

The data subject’s consent shall be deemed to have been given with regard to data communicated by the data subject during a public appearance or transferred by the data subject for the purpose of disclosure.

The data subject may also give consent במסגרת a written agreement concluded with the data controller for the purpose of performance of the contract. In such a case, the contract must contain all information that the data subject must know in relation to the processing of personal data under this law. The contract must clearly state that by signing it, the data subject consents to the processing of his or her data in accordance with the terms laid down therein.

In procedures initiated upon the request of the data subject, consent to the processing of the necessary data shall be presumed. The data subject must be informed of this fact.

The right to the protection of personal data and the personality rights of the data subject may not be infringed, unless otherwise provided by law, by other interests related to data processing, including the disclosure of data of public interest.

Purpose Limitation and Legal Basis of Data Processing

Personal data may only be processed for a specific purpose, for the exercise of a right and the performance of an obligation. Data processing must comply with this purpose at every stage.

Only personal data that is indispensable for the achievement of the purpose of the processing and suitable for achieving that purpose may be processed, and only to the extent and for the duration necessary to achieve that purpose.

The data subject must be informed clearly and in detail of all facts concerning the processing of his or her data, in particular the purpose and legal basis of the processing, the person entitled to carry out data processing and data processing operations, the duration of the processing, and who may access the data. The information must also cover the rights of the data subject in relation to data processing and the available remedies.

The primary legal basis for processing customer data is the performance of contracts concluded with customers.

Where personal data of contact persons are included in contracts concluded between the data controller and its customers, such as name and email address, the legal basis of the processing is the legitimate interest of the data controller and the third party/customer in the performance of the contract.

Accordingly, the purposes of data processing are:

  • processing the data of users of ArtHome’s services for the performance of legal obligations and the maintenance of customer relationships;

  • marketing activities for potential customers;

  • processing the data of employees and job applicants;

  • processing contact details of partners;

  • fulfilling customer orders;

  • facilitating internal administration;

  • fulfilling purposes prescribed by law.

Accordingly, the legal bases for the use of personal data are:

  • Issuing accounting documents in compliance with accounting legislation: legal basis: Article 6(1)(c) GDPR;

  • Contacting partners: legal basis: Article 6(1)(f) GDPR. In the case of employees and staff of partners, the legal basis is legitimate interest based on a balancing of interests. The legitimate interest of the data controller is the continuity of business operations;

  • Processing employee data: Article 6(1)(b) and (c) GDPR;

  • Processing the data of contractual partners: Article 6(1)(b) GDPR;

  • Marketing activities: Article 6(1)(a) GDPR;

  • A Facebook page is also operated for marketing purposes; however, no separate database is created and no profiling takes place;

  • Online registration: Article 6(1)(a) GDPR.

Contact Data of Natural Person Representatives of Legal Entity Clients

The scope of personal data that may be processed:

  • name of the natural person;

  • telephone number;

  • email address.

Legal basis of data processing: performance of a contract and legitimate interest.

Purpose of data processing: performance of the contract and business contact. Recipients of the personal data or categories of recipients: employees and other persons working in any employment-related legal relationship who perform customer service tasks, as well as data processors.

Retention period for data provided for contact purposes: up to one year following the end of the relationship.

Retention period for data related to contract performance: five years.

Data Processing Concerning Non-Legal Entity Clients

The scope of personal data that may be processed:

  • name;

  • tax number, tax identification number;

  • sole trader registration number (in the case of sole proprietors);

  • registered office and business premises address (in the case of sole proprietors);

  • telephone number;

  • email address;

  • bank account number.

Legal basis of data processing: performance of a contract and legitimate interest.

Purpose of data processing: performance of the contract and business contact. Recipients of the personal data or categories of recipients: employees and other persons working in any employment-related legal relationship who perform customer service tasks, as well as data processors.

Retention period for data provided for contact purposes: up to one year following the end of the relationship.

Retention period for data related to contract performance: five years.

Data Transfers and Linking of Data Processing Operations

Personal data may be transferred, and different data processing operations may be linked, if the data subject has consented thereto or if this is permitted by law, and if the conditions for data processing are met with respect to each item of personal data.

Transfer of Data Abroad

Personal data, including special categories of data, may be transferred from the country, regardless of the data carrier or the method of transfer, to a data controller or data processor in a third country if the data subject has expressly consented thereto or if permitted by law, and if an adequate level of protection of the personal data is ensured in the third country during the processing or handling of the transferred data. Personal data may also be transferred to a third country for the purpose and within the scope specified in an international legal assistance treaty.

Transfers of data to EEA States shall be deemed as transfers taking place within the territory of Hungary.

Data Security

The data controller, and within the scope of its activities the data processor, shall ensure the security of the data, and shall further take the technical and organizational measures and establish the procedural rules necessary to enforce this Act and other data protection and confidentiality rules. Data must in particular be protected against unauthorized access, alteration, disclosure, deletion, damage, or destruction.

ArtHome’s Privacy Principles, Website, Data Storage, and Security of Data Processing

Data processing on the website https://arthomeingatlan.hu/ is based on voluntary consent.

In all cases where the user provides data other than his or her own, the user is obliged to obtain the consent of the data subject for the provision of such data.

Comments Recorded on the Website

When a comment is submitted, in addition to the data provided in the comment form, the commenter’s IP address and browser user agent string are collected for the purpose of spam detection.

An anonymized string created from the email address, commonly called a hash, may be sent to the Gravatar service if that service is enabled on the site. The Gravatar service privacy policy is available at: https://automattic.com/privacy/. After approval of the comment, the content of the comment and the profile picture will be visible publicly.

If a registered user uploads an image to the website, EXIF data containing GPS location data should be avoided. Visitors to the website may download and extract location data from images on the website.

If a comment is recorded on the website, you may remain logged in by storing your provided name, email address, and website in a cookie. This is for your convenience so that you do not have to fill in these fields again when posting another comment. These cookies expire after one year.

If you have a user account and log in to the website, temporary cookies will be set. These cookies do not contain personal information and are deleted when the browser is closed.

When you log in to the website, several cookies are created that save login information and screen display options. Login cookies are valid for two days, and screen options cookies are valid for one year. If the “Remember Me” option is selected, login will persist for two weeks. Upon logout, login cookies are removed.

If a post is edited, an additional cookie will be stored in the browser. This cookie does not contain personal data; it simply stores the ID of the edited post. It expires after one day.

Embedded Content from Other Websites

Posts available on the website may include embedded content from external sources, such as videos, images, articles, and similar content. Embedded content from external sources behaves in the exact same way as if the visitor had visited the other website.

These websites may collect data about visitors, use cookies or third-party tracking code, monitor user interaction with the embedded content, and track interaction with embedded content if the user has an account and is logged in to that website.

Analytics

With Whom We Share User Data

How Long We Retain Personal Data

Comments and their metadata are retained in the system for an indefinite period. The purpose of this is to allow all follow-up comments to be recognized and approved automatically, rather than being held in a moderation queue.

Personal data of users registered on the website, if any, are also stored in their own user profile. All users may view, edit, or delete their personal data at any time, except that they may not change their username. Website administrators may also view and edit this information.

What Rights Users Have in Relation to Their Data

If you have a registered account on the website or have written comments, you may request an exported file of the personal data we hold about you, including any data you have provided to us. You may also request that any personal data previously provided be deleted. This does not include any data we are obliged to retain for administrative, legal, or security purposes.

Where We Send Data

Comments submitted by visitors may be checked through an automatic spam detection service.

Data Storage and Security of Data Processing

ArtHome and its data processor select and operate the IT tools used in the course of providing the service in such a way that the processed data are always kept as secure as possible. ArtHome and its cooperating partners do everything reasonably possible, in compliance with applicable laws, to ensure the technical protection of the data. Access to the data is granted only to designated employees of ArtHome and its cooperating partners.

Rights of Data Subjects and Their Enforcement

The data subject may request information concerning the processing of his or her personal data and may request the rectification or, except in the case of data processing required by law, deletion of such data.

Upon the request of the data subject, the data controller shall provide information about the data processed by it or by a processor engaged by it. The data controller shall provide such information in writing, in an intelligible form, as soon as possible after submission of the request, but no later than within 30 days.

The data controller shall rectify personal data if they are inaccurate. Personal data must be erased if:

a) their processing is unlawful;
b) the data subject requests it;
c) the data are incomplete or inaccurate, and this condition cannot be lawfully remedied, provided that deletion is not excluded by law;
d) the purpose of the data processing has ceased, or the statutory period for storing the data has expired;
e) deletion has been ordered by a court or by the data protection authority.

The data controller shall notify the data subject and all those to whom the data were previously transmitted for the purpose of processing about the rectification or deletion. Notification may be omitted if this does not prejudice the legitimate interests of the data subject in view of the purpose of the processing.

The data subject may object to the processing of his or her personal data if the processing or transfer of personal data is necessary solely for the enforcement of the rights or legitimate interests of the data controller or the data recipient, unless the processing is required by law.

The data controller shall examine the objection, while simultaneously suspending the data processing, as soon as possible after submission of the request, but no later than within 15 days, and shall inform the applicant in writing of the result. If the objection is justified, the data controller shall terminate the data processing, block the data, and notify all those to whom the personal data affected by the objection had previously been transferred and who are required to take measures to enforce the right to object.

Please note that we cannot delete your data if the processing is required by law. However, the data may not be transferred to a data recipient if the data controller has agreed with the objection, or if a court has established the legitimacy of the objection.

If your rights are violated, you may bring legal action against the data controller. The court shall act with priority in such cases. Jurisdiction lies with the regional court. At the choice of the data subject, proceedings may also be initiated before the regional court having jurisdiction according to the data subject’s place of residence or stay.

Newsletter

The data controller may send newsletters containing updates, news, and offers electronically to its partners. Such newsletters may be sent to legal entities without prior consent, while in the case of natural persons, and whenever the newsletter is sent to a named personal email address, prior consent is required on an opt-in basis. Such consent may be withdrawn at any time. Registered clients having an ongoing relationship with us automatically receive the newsletter, from which they may unsubscribe at any time.

Acceptance of the privacy notice takes place via a link and by accepting the text: “I have read and accepted the data protection rules.”

Subscription takes place by including the name of the declarant, the purpose of the data processing (customer contact, performance of contract), and the scope of personal data (name, email address), to the processing of which the declarant gives consent via checkbox.

Recipients of the personal data: persons carrying out customer service-related tasks.

Processing of the Data of Job Applicants, Applications, and CVs

The scope of personal data that may be processed:

  • name of the natural person;

  • date and place of birth;

  • mother’s name;

  • address;

  • photograph;

  • telephone number;

  • email address;

  • qualification data;

  • curriculum vitae;

  • motivation letter / cover letter.

Purpose of processing personal data: evaluation of the application and conclusion of an employment contract with the selected applicant. The data subject must be informed if the employer has not selected him or her for the position.

Legal basis of data processing: consent of the data subject.

Recipient of the personal data: the employer, a sole proprietor.

Retention period of personal data: until the application has been evaluated. The personal data of unsuccessful applicants must be deleted.

The employer may retain applications only on the basis of the explicit, clear, and voluntary consent of the data subject.

Data Controller’s Details and Contact Information

Name: ArtHome Real Estate, Kis-Jakab Réka sole proprietor
Registered office: 6726 Szeged, Szent Györgyi Albert u. 35.
Tax number: 69598162-1-26
Telephone: +36 70 330 7577
Website: https://arthomeingatlan.hu/
Email: info@arthomeingatlan.hu

Legal Remedies

The data subject may request from the data controller, through the email address provided above, information about the processing of his or her personal data, the rectification of such data, and the deletion or blocking of such data, except where processing is mandatory by law.

The data controller shall provide the requested information in writing, in an intelligible form, at the request of the data subject, as soon as possible after submission of the request, but no later than within 30 days.

Any complaint concerning possible unlawful processing by the data controller may be submitted to the National Authority for Data Protection and Freedom of Information:

National Authority for Data Protection and Freedom of Information
1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal address: 1530 Budapest, P.O. Box 5
Telephone: +36 1 391 1400
Fax: +36 1 391 1410
Email: ugyfelszolgalat@naih.hu

The data controller bears the burden of proving that the data processing complies with the law. The recipient of the data transfer bears the burden of proving the lawfulness of the data transfer.

Data Protection Officer

The data controller is not required to appoint a Data Protection Officer. Under the relevant legislation, appointing a Data Protection Officer is mandatory in three cases, and the data controller does not fall into any of these categories:

  • where data processing or data handling is carried out by a public authority or body performing public tasks;

  • where the organization’s core activities consist of processing operations which, by virtue of their nature, scope, and/or purposes, require regular and systematic monitoring of data subjects on a large scale, for example hospitals processing patient data for healthcare activities, or security companies carrying out surveillance in shopping centers or public areas;

  • where the core activities of the data controller or processor consist of processing special categories of personal data on a large scale.


Vissza