in which Boróka Park 2 Hungary Kft. and NHOOD Services Hungary Kft. as joint controllers (hereinafter referred to as "Data Controllers") inform visitors to the website www.borokapark.hu (hereinafter referred to as "Website") and users of services as data subjects about the processing and use of their personal data in accordance with Article 13 (1)-(2) of the GDPR as follows.
1. INTRODUCTION
1.1. Information about the Data Controllers:
| company name | Boróka Park 2 Hungary Kft. | NHOOD Services Hungary Kft. |
| location | 1095 Budapest, Soroksári út 44. II. em. | 1095 Budapest, Soroksári út 44. II. em. |
| phone | +36 1 887 45 20 | +36 1 887 45 20 |
| jog[at]nhood.com | jog[at]nhood.com |
2. PROCESSING OF WEBSITE VISITORS' DATA
2.1. Purpose of data processing
Visitors to the Website are not normally required to provide any personal information in order to use the Website. However, during and in connection with the browsing of the Website, the Data Controllers collect data for the purposes of making the Website available and providing the services available therein, improving the services available on the Website, detecting and preventing abuse, measuring visitor data, improving the user experience and for statistical purposes, which may in certain cases involve the processing of personal data.
2.2. Scope of processed data
In case of consent, the Data Managers use Google Analytics on the Website, which transmits data related to the Website's traffic to Google and through it to the Website's operator.
Detailed information can be found in the cookie information sheet.
The Google Analytics notice is available at the following link:
https://support.google.com/analytics/answer/2799357?hl=en#where
The Data Controllers do not associate the above data with the personal data provided by the data subject when using the services available on the Website and do not seek to identify the visitor in any other way.
2.3. Duration of data processing
Log files are stored by Data Controllers for 8 weeks, after which they are deleted.
2.4. Legal basis for processing
If the above activity results in the processing of personal data, the legal basis for data processing is the consent of the data subject according to Article 6 (1) point a) of the GDPR.
2.5. Use, data and activities of a data processor
name: Gábor Gyarmati, sole proprietor
registered office: 8500 Pápa, Teleki u. 37.
activities related to data management: website development, operation, hosting services.
2.6. The possibility of data management independent of the Data Managers
The html code of the Website may contain links to third party websites independent of the Data Controller. When clicking on these, the third party's server is connected directly to the computer used by the visitor. In this case, the processing of the data on the website of the operator of the external service is carried out by the third party concerned in accordance with its own privacy policy. Currently, the code of the Website contains links to the websites of the following third parties: facebook.com, instagram.com. These links are subject to change.
3. CONTACT USING THE FORM FOUND IN THE CONTACT MENU
3.1. Summary
The data subject can contact the Data Controllers by using the form in the "Contact" menu item of the Website.
3.2. Purpose of data management
The inquiry and its response, maintaining contact.
3.3. Scope of data handled during data management
Name, e-mail address of the data subject, subject of the message, date of the message, consent and when the message was sent
3.4. Legal basis for data management
The legal basis for Data Management is the consent expressed by the data subject by ticking the separate checkbox on the form and clearly indicating her intention to consent.
3.5. Withdrawal of consent
At any time, the data subject has the free and unlimited opportunity to give or withdraw his/her consent for the above data management purposes together without justification. The data subject can exercise this right by sending a message to the e-mail address jog@nhood.com or by writing to 1095 Budapest, Soroksári út 44. II. em. you can exercise it with a statement sent to the postal address. The Data Controllers can undertake the registration of the withdrawal of consents or renunciations with a maximum lead time of 10 (ten) working days, for technical reasons, i.e. the Data Controllers' processing shall cease no later than on the 10th (tenth) working day following the communication of the data subject's statement of withdrawal of consent or renunciation to any Data Controller.
3.6. Source of data
The data subjects voluntarily provide the Data Controllers with the data concerned when filling in the form or when contacting the Data Controllers.
3.7. Duration of data processing
Until the consent is withdrawn or for 5 (five) years, whichever is earlier.
3.8. Data processors
In the course of data processing, Data Controllers use the following data processors:
name: Gábor Gyarmati, sole proprietor
registered office: 8500 Pápa, Teleki u. 37.
activities related to data management: website development, operation, hosting services.
4. REQUEST A CALL BACK IF YOU ARE INTERESTED IN A SPECIFIC APARTMENT
4.1. Summary
The data subject can view the current housing offer, obtain further information on the selected apartment and contact the Data Controllers by clicking on the "Request a Callback" button on the "Apartments on offer" section of the Website.
4.2. Purpose of data processing
The inquiry and its response, maintaining contact.
4.3. Scope of data handled during data management
the name, telephone number, e-mail address of the data subject, the date of giving the consent
4.4. Legal basis for data management
The legal basis for Data Management is the consent expressed by the data subject by ticking the separate checkbox on the form and clearly indicating her intention to consent.
4.5. Withdrawal of consent
At any time, the data subject has the free and unlimited opportunity to give or withdraw his/her consent for the above data management purposes together without justification. The data subject can exercise this right by sending a message to the e-mail address jog@nhood.com or by writing to 1095 Budapest, Soroksári út 44. II. em. you can exercise it with a statement sent to the postal address. The Data Controllers can undertake the registration of the withdrawal of consents or renunciations with a maximum lead time of 10 (ten) working days, for technical reasons, i.e. the Data Controllers' processing shall cease no later than on the 10th (tenth) working day following the communication of the data subject's statement of withdrawal of consent or renunciation to any Data Controller.
4.6. Source of data
Data subjects voluntarily provide the Data Controllers with the data concerned by the processing when filling in the form or contacting any Data Controller.
4.7. Duration of data processing
Until the consent is withdrawn or for 5 (five) years, whichever is earlier.
4.8. Data processors
In the course of data processing, Data Controllers use the following data processors:
name: Gábor Gyarmati, sole proprietor
registered office: 8500 Pápa, Teleki u. 37.
activities related to data management: website development, operation, hosting services.
5. DATA SECURITY MEASURES
The Website is operated on secure servers, which are not accessible to anyone other than the relevant employees of the Data Controllers and the company operating the server. Accesses are personalized, protected by secure passwords and regularly reviewed. The working environment is protected by firewalls. Operations involving personal data are logged.
6. RANGE OF PERSONS AUTHORIZED TO ACCESS DATA BY DATA CONTROLLERS
The right of access to the data shall be reserved to the Data Controllers' agents and employees involved in the processing and processing of the data and authorised to do so, to the extent and within the limits of their tasks and duties in the processing. Colleagues in these jobs are responsible for accessing, analyzing and deleting data generated on the website at the request of the data subject. Only statistical interpretations may be derived from these analyses, which do not contain any personal data. Exceptions to the above rule are requests from public authorities and courts, which the Data Controllers will comply with in accordance with the legislation in force.
7. DATA SUBJECTS' RIGHTS AND REMEDIES IN RELATION TO DATA PROCESSING
The data subject may exercise his or her rights under the GDPR, as set out in this Policy, in relation to and against each of the Data Controllers in accordance with the relevant provisions of the GDPR.
The Data Controllers are under an obligation to inform each other without delay if the data subject wishes to exercise a data subject right which cannot be exercised by the Data Controller to which the request has been made.
The Data Controllers shall specify in the joint processing agreement between them the allocation of their responsibilities for the performance of their obligations under the GDPR, in particular in relation to the exercise of the data subject's rights and the provision of the information referred to in Articles 13 and 14 of the GDPR.
In relation to the processing of your personal data, you have the following rights:
a) right of access (Article 15 GDPR):
The data subject has the right to obtain from the Data Controller information as to whether or not his or her personal data are being processed and, if such processing is ongoing, the right to access the personal data and the information contained in this Policy.
The Data Controllers shall provide the data subject with a copy of the personal data processed upon request. For additional copies requested by the data subject, the Data Controllers may charge a reasonable fee based on administrative costs. Where the data subject has made a request by electronic means, the information will be provided in a commonly used electronic format, unless the data subject requests otherwise.
b) the right to rectification (GDPR Article 16):
The data subject has the right to request that the Data Controllers correct inaccurate personal data concerning the data subject without undue delay. The data subject is also entitled to request the addition of incomplete personal data.
c) the right to erasure (GDPR Article 17):
The data subject has the right to request that the Data Controllers delete the personal data concerning the data subject without delay, and the Data Controllers are obliged to delete the personal data concerning the data subject without delay if one of the following reasons exists:
- the personal data are no longer needed for the purpose for which they were collected or otherwise processed;
- if the legal basis for the data management is the data subject's consent and the data subject withdraws it and there is no other legal basis for the data management;
- the data subject objects to data processing and there is no overriding legal reason for data processing;
- personal data has been processed unlawfully;
- the personal data must be deleted in order to fulfill the legal obligation prescribed by the EU or Member State law applicable to the Data Controllers.
The above provisions according to this point c) do not apply if (i) it is necessary for the purpose of fulfilling an obligation under the EU or Member State law applicable to Data Controllers, which prescribes the processing of personal data, or (ii) data processing is necessary for the submission, enforcement and protection of legal claims.
d) the right to limit data processing (GDPR Article 18):
The data subject is entitled to request that the Data Controllers restrict data processing if one of the following conditions is met:
- the data subject disputes the accuracy of the personal data, in which case the limitation applies to the period that allows the Data Controllers to check the accuracy of the personal data;
- the data processing is illegal and the data subject opposes the deletion of the data and instead requests the restriction of its use;
- the Data Controllers no longer need the personal data for the purpose of data management, but the data subject requires them to submit, enforce or defend legal claims; obsession
- the data subject objected to data processing; in this case, the restriction applies to the period until it is determined whether the legitimate reasons of the Data Controllers take precedence over the legitimate reasons of the data subject.
e) the right to object (GDPR Article 21):
The data subject has the right to object to the processing of his personal data at any time for reasons related to his own situation. In this case, the Data Controllers may no longer process the personal data, unless the Data Controllers prove that the data processing is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the data subject, or that are necessary for the presentation, enforcement or defense of legal claims are connected. In the event that data processing takes place in order to fulfill a legal obligation, the exercise of the right to protest does not result in the termination of data processing according to this information.
f) the right to information about the above rights (GDPR Article 12):
The Data Controllers shall inform the data subject without delay, but in any case, within one month of receipt of the data subject's request in accordance with points a)-e) above, in a concise, transparent, comprehensible and clear manner. If necessary, taking into account the complexity of the application and the number of applications, this deadline can be extended by another two months. The Data Controllers will inform the data subject of the extension of the deadline, indicating the reasons for the delay, within one month of receiving the request.
The information is free. If the data subject's request is clearly unfounded or - especially due to its repeated nature - excessive, the Data Controllers, taking into account the administrative costs associated with providing the requested information or information or taking the requested action: i) may charge a reasonable fee, or ii) refuse to process the request measure. It is the responsibility of the Data Controllers to prove that the request is clearly unfounded or exaggerated.
The Data Controllers will inform all recipients of the provisions of points b)-d) above (i.e. all corrections, deletions or data management restrictions) to whom or to whom the personal data was communicated, unless this proves to be impossible or requires a disproportionately large effort. The Data Controllers will inform the data subject about these recipients at the request of the data subject.
Verbal information can also be provided upon request, which must be recorded. If you request verbal information (e.g. by phone), you must prove your identity to the Data Controllers.
For further information on the processing of your personal data, please contact the Data Controllers at the contact details indicated in point 1.1.
g) the right to lodge a complaint (GDPR Article 77):
The data subject has the right to file a complaint with the supervisory authority - in particular in the Member State of his or her usual place of residence, workplace or the place of the suspected infringement - if, in his opinion, the handling of personal data concerning the data subject violates the GDPR. The complaint can be made to the National Data Protection and Freedom of Information Authority (address: 1055 Budapest, Falk Miksa utca 9-11; phone: +36 1 391 1400; fax: +36 1 391 1410; www.naih.hu; ugyfelszolgalat@naih.hu).
h) the right to go to court (GDPR Article 79):
The person concerned is entitled to a legal remedy if, in his judgment, his rights under the GDPR have been violated as a result of the processing of his personal data not complying with the GDPR. Proceedings against the Data Controllers must be initiated before the court of the Member State where the Data Controllers operate. Such proceedings can also be initiated before the court of the Member State of the habitual residence of the person concerned.
i) the right to data portability (GDPR Article 20):
The data subject has the right to data portability if the legal basis for data processing is point a) or b) of Article 6 (1) of the GDPR, i.e. the consent of the data subject or the fulfillment of a contract with the data subject. In this case, the data subject is entitled to receive the personal data relating to the data subject and provided by the data subject to the Data Controllers in a segmented, widely used, machine-readable format, and is also entitled to transmit this data to another data controller without the Data Controllers this would be hindered. The data subject is also entitled, if this is technically feasible, to request the direct transfer of personal data to another data controller from the Data Managers.
Budapest, January 1, 2022.
Boróka Park 2 Hungary Kft. and NHOOD Services Hungary Kft.
joint data controllers
