1.1. The aim of this Data Protection Notice shall be to set the data protection principles and principles of confidentiality applied by the Floor99 Proptech Fejlesztő Kft (principal place of business: H-9023 Győr, Körkemence u. 8; company registration number: 08-09-030459; hereinafter referred to as the Company or the Data controller), and the privacy and data policy of the Company, which the Company, as a data controller, recognizes as binding on itself.
1.2. This Data Protection Notice shall contain the principles of handling the personal data provided by the Users voluntarily on the Website in order to use the Company’s services.
1.3. In establishing the provisions of the Data Protection Notice, the Company has particularly taken into account the regulation (EU) 2016/679 of the European Parliament and the Council (hereinafter referred to as the General Data Protection Regulation or as the GDPR) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and on the repeal of the Directive 95/46/EC, the provisions of the Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter referred to as the Privacy Act); the Act V of 2013 on the Civil Code (hereinafter referred to as CC) and the provisions of the Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising (hereinafter referred to as EAA).
2.1. “Processing of personal data”: - any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
2.2. “Data controller”: Floor99 PropTech Fejlesztő Kft, Principal place of business: H-9023 Győr Körkemence utca 8 Company registration number: 0809030459
2.3. “Personal data”: Any information relating to an identified or identifiable natural person ("data subject");
- an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
2.4. “Personal data breach”: - A breach of security resulting in the accidental or illegal destruction, loss, modification, unauthorized disclosure of the forwarded, stored or otherwise processed personal data, or the unauthorized access thereto.
2.5. “Data processor”: For the services referenced in the Data Protection Notice, Data Processors may be:
- 2.5.1. SENDINBLUE 55 rue d’Amsterdam, 75008 Paris, France Intra-community VAT number: FR80498019298
- 2.5.2. Appentum Kft, H-9023 Győr, Körkemence u. 8,
- 2.5.3. Barion Payment Zrt, H-1117, Budapest, Infopark sétány 1,
- 2.5.4. Google Inc. 1600 Amphitheatre Pkwy, Mountain View, CA 94043, United States
- a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.
2.7. “Service(s)”: services operated and provided by the Data Controller, which are available on the Website and through the TabLog applications.
2.8. “User”: the natural person who registers for the Services and hereby provides the information listed below.
2.9. “Data Protection Notice”: Data Controller’s present Data Protection Notice.
3. SCOPE OF DATA PROCESSED
3.1. If the User visits the interface of a Website, the Data Controller’s system automatically records the User's IP address.
3.2. On the basis of a decision made by the User, the Data Controller may manage the following data in connection with the use of the Services available through the Website, in respect of particular Services:
3.2.1. Subscription: - Email address; - Name; - Business name; - Status; - Billing address; - Mobile phone number.
3.2.2. Subscription for newsletter: - Email address; - Name; - Business name; - Status; - Mobile phone number.
3.2.5. Reader questionnaire: - Email address.
3.2.6. Prize competitions: - in any case, the principles of data processing are defined in a separate manual.
3.2.8. Contact: - If the User sends an email or a letter by post (for example a message, a letter to the editor) to the Data Controller, the Data Controller shall record the User's given email address or postal address, and manage it to the extent necessary and for the period necessary for the provision of the service.
3.2.9. Content editing: - In the course of the content editing activities of the Data Controller, it shall manage the data of all natural persons who have contributed to the production of the content, either as a source or in such a way that they are referenced in the edited content. In this case, the personal data most frequently processed by the Data Controller are: name, status, workplace, and age of the person concerned, furthermore the data regarding the place of residence thereof and other data that indicates how the person concerned relates to the topic of the edited content.
3.3. Irrespectively of what has been described above, it may happen that the service provider technically related to the operation of the Services performs data management activities on the Website without informing the Data Controller. Such activity shall not be deemed to be a Data Processing by the Data Controller. The Data Controller shall do everything possible to prevent and filter out such data processing
4. SCOPE OF FURTHER DATA MANAGED BY THE DATA CONTROLLER
4.2. In the course of the provision of customized service, the Data Controller shall manage the following Personal Data using cookie: demographic data (based on the data referred to above), information on range of interests, habits, preferences (based on browsing history).
4.3. Data to be technically recorded during the operation of the systems: the data of the User's login computer, which are generated during the use of the Service and which are recorded by the Data Controller’s system as an automatic result of the technical processes. The automatically recorded data are automatically logged by the system at the time of login or logout without the User's specific statement or action.
5. LAWFUL BASIS AND PURPOSE OF DATA PROCESSING
5.1. Purpose of data processing by the Data Controller:
5.1.1. Subscription: - content service; - performance of services; - preparation of statistics and analyses; - request for direct business acquisition and marketing (for example newsletter, event notification, etc.); - contact whit the User; - protection of Users’ right; - legitimate interests pursued by the Data Controller.
5.1.2. Newsletter signup: - online content service; - contact whit the User; - performance of services; - preparation of statistics and analyses; - request for direct business acquisition and marketing (for example newsletter, event notification, etc.); - protection of Users’ right; - legitimate interests pursued by the Data Controller.
5.1.6. Prize competitions: - preparation of statistics and analyses; - request for direct business acquisition and marketing (for example newsletter, event notification, etc.); - in individual cases, organizing and implementing prize competitions, notifying the winners and providing the prize to them; - protection of Users’ right; - legitimate interests pursued by the Data Controller.
5.1.7. Contact: - contact whit the User; - performance of services; - handling and managing individual user inquiries; ▪ preparation of statistics and analyzes; - protection of Users’ right; - legitimate interests pursued by the Data Controller.
5.1.8. Complaint handling: - contact whit the User; - performance of services; - handling and managing individual user inquiries; ▪ preparation of statistics and analyzes; - protection of Users’ right; - legitimate interests pursued by the Data Controller.
5.1.9. Content editing: - online content service; - performance of services; - protection of Users’ right; - legitimate interests pursued by the Data Controller.
5.2. The Data Controller shall not use the provided Personal Data for purposes other than those described in these sections.
5.3. The Data Processing shall be based on the Users’ voluntary statement based on appropriate information. This statement shall contain the explicit consent of the Users to the use of their Personal Data provided during the use of the Website and to the use of Personal Data generated about them. In the case of contribution-based data processing, the User shall be entitled to withdraw its consent anytime, which, however, does not affect the legality of the data processing prior to the withdrawal.
5.4. When accessing the Website by the User, the Data Controller shall record the User's IP address in connection with the provision of the Service without the User's separate consent, regard to the legitimate interest of the Data Controller and for the purpose of the legal provision of the Service (for example in order to filter out illegal use or illegal content).
5.5. The legal basis of the Data Processing within the framework of the content service is, in addition to the voluntary consent of the User, in certain cases the provision of fundamental rights to information and expression, within the framework defined by law.
5.6. The User shall warrant that the personal data provided or made available thereby about other natural persons when using the Services has lawfully obtained the consent of the natural person concerned.
5.7. The User shall be fully liable for user content provided by the User. When providing the e-mail address and data of any User in the registration, User shall also assume responsibility for ensuring that only the User uses the Service from the provided e-mail address, address or by using the data provided thereby.
6. PRINCIPLES AND METHODS OF DATA PROCESSING
6.1. The Data Controller shall manage the Personal Data in accordance with the principles of good faith and fair dealing and transparency, as well as the provisions of the applicable legislation and this Data Protection Notice.
6.2. The Personal Data necessary for the use of the Services shall be used by the Data Controller with the consent of the User concerned and only for the specific purpose.
6.3. The Data Controller shall manage the personal data only in this Data Protection Notice for the purpose specified in the related legislation. The scope of managed personal data shall be proportionate to the aim of data processing, it shall not exceed the same. In all cases where the Data Controller wishes to use the Personal Data for a purpose other than the purpose of the original data recording, it shall inform the User thereof and obtain its prior, explicit consent and provide the User with an opportunity to prohibit the use.
6.4. The data Controller shall not check the provided personal data. The adequacy of the provided Personal Data shall be the sole responsibility of the person who provided it, however, the Data Controller shall take all reasonable measures to immediately delete or correct inaccurate personal data for the purposes of data processing.
6.5. The personal data of a person under the age of 16 may only be processed with the consent of an adult exercising parental responsibility over him or her. The Data Controller shall not be in a position to check the entitlement of the consenting person and the content of its statement, therefore the User and the person exercising parental supervision thereover shall warrant that the consent complies with the law. In the absence of a declaration of consent, the Data Controller shall not collect Personal Data relating to a person concerned under the age of 16, except for the IP address used when using the Service, which will be recorded automatically due to the nature of the Internet services.
6.6. The Data Controller shall not transfer the Personal Data managed by it to third parties other than the Data Processors specified in this Data Protection Notice.
6.7. An exception to the provision contained in this section shall be the use of the data in a statistically aggregated form, which may not contain any other data suitable for the identification of the User concerned in any form, thus it does not qualify as Data Processing or data transmission.
6.8. The Data Controller shall notify the User concerned of the correction, restriction or deletion of the Personal Data managed thereby, furthermore it shall notify all those to whom it has previously transmitted the Personal Data for the purpose of Data Processing. The notification may be waived if it does not harm the legitimate interests of the person concerned in view of the purpose of the Data Processing.
6.9. The Data Controller shall ensure the security of the Personal Data, shall take the technical and organizational measures and establish the procedural rules that ensure the protection of the recorded, stored and processed data, and it shall prevent their accidental loss, unauthorized destruction, unauthorized access, unauthorized use and unauthorized alteration or distribution. In order to fulfill this obligation, the Data Controller shall invite all third parties to whom it transmits Personal Data.
6.10. Having regard to the relevant provisions of the GDPR, the Data Controller shall not be obliged to designate a Data Protection Officer.
7. DURATION OF DATA PROCESSING
7.1. The Data Controller shall store the automatically registered IP addresses for up to 8 days after they are recorded.
7.2. In the case of emails and letters sent by the User solely for the purpose of contact or complaint handling, the requested Data Controller shall delete the email address or any address indicated in the letter on the 90th day after closing the case referred to in the request, in particular cases in which the legitimate interest of the Data Controller requires the further processing of the Personal Data, until the existence of this legitimate interest of the Data Controller.
7.3. The processing of the Personal Data provided by the User shall be maintained until the User unsubscribes from the Service but it does not request the deletion of the Personal Data, or it does not withdraw its consent or the Data Controller terminates the provision of the Service. In this case, the Personal Data will be unrecoverably deleted from the systems of the Data Controller.
7.4. The User's request to terminate the Data Processing without unsubscribing from the Service shall not affect his right to use the Service, however, in the absence of Personal Data, it may not be able to use some of the Services.
7.5. In case of illegal, misleading use of Personal Data or in case of a crime or attack on the system committed by the User, the Data Controller shall be entitled to delete the User's Personal Data immediately, however – in case of suspected criminal offences or civil liability – it shall be entitled to keep the Personal Data for the duration of the procedure to be followed.
7.6. If the court or authority legally orders the deletion of Personal Data, the deletion shall be carried out by the Data Controller.
8. USER RIGHTS, METHOD OF ENFORCEMENT THEREOF
8.1. The User may request the Data Controller to inform whether the Data Controller handles the User's personal data and, if so, the Data Controller shall grant the User access to the Personal Data managed thereby, with particular regard to the following: - the purposes of the Data Processing; - the categories of Personal Data concerned; - the categories of recipients to whom personal data have been or will be communicated, including particularly third country recipients or international organizations; - if appropriate, the envisaged duration of the storage of personal data, or, if not possible, the criteria used to determine that period; - the right of the User to request the Data Controller to correct or delete the personal data concerning it or to restrict the managing thereof and to oppose the processing of such personal data; - the right to file a complaint to a supervisory authority; - if the data were not collected from the person concerned, all available information on their source; - the fact of possible automated decisions, including profiling; - in such cases, the clear information on the logic involved and the significance of such Data Management and the expected consequences for the person concerned.
8.2. The User can request information on the managing of its Personal Data at any time in writing, by registered letter sent to the address of the Data Controller or by letter with an acknowledgement of receipt, or by e-mail to email@example.com.
8.3. The Data Controller shall consider the request for information authentic if the User can be clearly identified on the basis of the sent request. The Data Controller shall only consider the request for information sent by e-mail authentic if it is sent form the provided e-mail address of the User.
8.4. The User may request the correction or modification of its Personal Data managed by the Data Controller.
8.5. Considering the purpose of the Data Processing, the User may request the completion of incomplete Personal Data.
8.6. The Personal Data provided by the User in connection with the particular Service may be modified by email to the above email address of the Data Controller or by clicking on the link at the end of each Newsletter. Once the request to modify personal data has been fulfilled, the previous (deleted) data can no longer be restored.
8.7. The User may request the deletion of its Personal Data managed by the Data Controller. The deletion may be refused, - for the purpose of exercising the right to freedom of expression and information, or - if the processing of Personal Data is authorized by legislation; and to submit, enforce or protect legal claims.
8.8. The Data Controller in all cases shall inform the User of the refusal of the cancellation request indicating the reason for the refusal of the cancellation. Once the request for deletion of personal data has been fulfilled, the previous (deleted) data can no longer be restored.
8.9. Newsletters and event notifications sent by the Data Controller can be canceled via the unsubscribe link therein. In case of opt-out, the Data Controller shall delete the User's Personal Data in the newsletter database.
8.10. The User may request the Data Controller to restrict the processing of its Personal Data if - the data subject disputes the accuracy of the personal data, in this case the restriction shall apply to the period of time that allows the controller to verify the accuracy of the personal data; - the processing is illegal and the person concerned opposes the deletion of the data and instead, it requests a restriction on the use thereof; - the data controller no longer needs the personal data for the purpose of data processing, but the person concerned requests them in order to submit, enforce or protect legal claims; orthe person concerned opposed the processing, in which case the restriction shall be applied for the period until it is established if the legitimate reasons of the data controller take priority over the legitimate reasons of the person concerned.
8.11. The User may request the Data Controller to hand over the Personal Data provided by the User and managed by the Data Controller in an automated manner in a widely used, machine-readable format and / or to forward them to another data controller.
8.12. The User may oppose the processing of its Personal Data - if the processing of the Personal Data is necessary only for the fulfillment of the legal obligation on the Data Controller or to enforce the legitimate interest of the Data Controller or a third party; - if the purpose of the Data Processing is the direct business acquisition opinion polling or scientific research; orif, the Data Processing is implemented in order to perform a task in the public interest.
The Data Controller shall examine the legality of the User's protest and, if the validity of the protest is established, the same shall terminate the Data Management and block the processed Personal Data and also notify all those to whom the Personal Data affected by the protest was previously forwarded.
8.13. If the Data Protection Incident is likely to result in a high risk to the rights and freedoms of natural persons, the Data Controller shall inform the User about the Data Protection Breach without undue delay.
The User shall not need to be informed if any of the following conditions are satisfied:
the Data Controller has implemented appropriate technical and organizational security measures and these measures have been applied to the data affected by the Data Protection Breach, in particular those measures – such as the application of encryption – which make the data incomprehensible to persons not authorized to access personal data;
after the Data Protection Breach, the Data Controller has taken further measures to ensure that the high risk to the rights and freedoms of the person concerned is no longer likely to materialize;
information would require a disproportionate effort. In such cases, the Data Controller shall inform the persons concerned through public communication or shall take a similar measure which ensures that the persons concerned are informed in an equally effective manner.
9. DATA PROCESSING
9.1. The Data Controller shall use the Data Processors named above in this Data Protection Notice to perform its activities.
9.2. The Data Processors shall not make individual decisions, they shall be competent to act in accordance with the contract concluded with the Data Controller and the instructions received.
9.3. The Data Controller shall review the Data Processors’ work.
9.4. Data Processors are only entitled to use an additional data processor with the consent of the Data Controller.
9.5. By accepting this Data Protection Notice, the User shall expressly accept and agree to the Data Controller's transfer of its Personal Data to the Data Processors.
10. POSSIBILITY OF DATA TRANSMISSION
10.2. The Data Controller is entitled and obliged to forward all Personal Data possessed and duly stored by it to the competent authorities, for the transmission of which it is obliged by law or a final administrative decision. The Data Controller cannot be held liable for such data transfer and the consequences thereof.
10.3. The Data Controller shall keep a data transfer record in order to check the legality of the data transmission and to ensure that the User is informed.
11. MODIFICATION OF THE DATA PROTECTION NOTICE
11.1. The Data Controller shall reserve the right to modify this Data Protection Notice at any time by unilateral decision.
11.2. By the next access to the website, the User shall accept the provisions of the Data Protection Notice in force at any time, moreover, there is no need to seek the consent of each User.
12. ENFORCEMENT OPTIONS
12.1. If you have any questions or comments related to data processing, please contact the staff of the Data Controller by the email address firstname.lastname@example.org.
12.2. The User can make a complaint relating to the Data Processing to the Hungarian National Authority for Data Protection and Freedom of Information (address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/c.; telephone number: +36-1-391-1400; email address: email@example.com; website: www.naih.hu).
12.3. In case of breach of User's rights, the User may bring the action before the Court. The trial falls within the jurisdiction of the tribunal. At the choice of the person concerned, the action may also be brought before the court of the place of residence or stay of the person concerned. Upon the request of the Data Controller, the User will be informed about the possibility and means of judicial remedy.