Privacy Policy

The aim of the present privacy notice is for the data processing of DG144 Kft and DG148 - Beta Kft. (hereinafter: Controller) will comply with the obligation to provide prior information and advise the data subjects of the principles of the processing and the data subjects rights.

When compiling this privacy notice, the Controller relied mainly on the following legislation:

  1. General Data Protection Regulation (EU) 679/2016 (“GDPR”)
  2. Act CXII of 2011 on Informational Self-determination and Freedom of Information (hereinafter as: “bInfo Act”),
  3. Act CVIII of 2001 on Electronic Commerce and on Information Society Services (hereinafter as: E-commerce Act),
  4. Act XLVIII of 2008 on Business Advertising Activity (hereinafter as: “Business Activity Act”),
  5. Act V of 2013 on the Civil Code (hereinafter as: “Civil Code”).

The present notice applies to the processing performed by the Controller in relation to dispatching newsletters and offers (“CRM Data Processing”) as well as to data processing performed during the visit of the website (“Webpage Data Processing”).

1. The Controller and its contact information

Name of the Controller: DG144 Kft and DG148 - Beta Kft. (hereinafter as: „the Controller”)

Seat: 1094 Budapest Ferenc tér 2-3 6.em 1.

Mailing address: 1094 Budapest Ferenc tér 2-3 6.em 1

Telephone: +36 1 266 6000


2. Principles of processing of personal data

2.1. Lawfulness, fairness and transparency: the Controller shall process the personal data only lawfully, fairly and in such a manner that it will be transparent and available for the clients.

2.2. Purpose limitation: the Controller shall process the data subjects’ personal data only for the purposes specified in Section 4 and in a manner that is compatible with said purposes.

2.3. Data minimization: the Controller shall process only the personal data that are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

2.4. Accuracy: the Controller shall take all reasonable actions to ensure that they process only accurate and up-to-date personal data and they shall erase any inaccurate data without delay.

2.5. Storage limitation: the Controller shall store the personal data only for a period that is absolutely necessary to attain the purposes set out in Section 4.

2.6. Integrity and confidentiality: the Controller shall process the personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures.

3. Legal grounds for data processing

The Controller uses all the identified personal data in particular for the preparation of contracts and the performance of the contract (Art. 6 (1) b) GDPR), for the purposes of its legitimate interest (Art. 6 (1) f) GDPR) or in case the data subject has given consent to the processing (Art. 6 (1) a) GDPR).

  • preparation and performance of a contract: correspondence with the data subject, make an offer, provide services;
  • legitimate interest: ensure website security, administrative tasks, IT services, prevention of fraud, processing of personal data regarding the users’ behavior in connection with the website
  • consent: direct marketing (pl. eDM).
The Participants contribution

eDMs and other offers (sent by email or SMS) shall only be sent if the Participant has consented. The consent can be given

  1. when registering on the website / microsite, or
  2. in a separate declaration.

The Participants are entitled to withdraw consent at any time, without restriction, by notice addressed to the Controller to the above address or by an email or under the unsubscribe link placed in each message. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

4. Purpose of the data processing

4.1. Purpose of the data processing in respect of CRM: searching for services on websites operated by the Controller, including, in particular, making offers and sending quotations, possible complains, contacts and satisfying the data subjects’ demands to the greatest possible extent.

The Controller’s fulfillment of market research goals, tax and accounting and other legal and contractual obligations, quality control of provided services, development of IT system.

The personal data to be provided for the use of such services are contained in paragraph 5.2 of the present Notice.

4.2. Purpose of the data processing in respect of Webpage Processing: the Controller shall use cookies for the operation of the website in order to assess the number and frequency of visits to the webpage, detailed in paragraph 5.1.

4.3. The Controller shall not use the personal data provided by the data subject for any purposes other than those specified herein. The personal data may be not disclosed to third parties or authorities – unless stipulated otherwise by the relevant laws.

4.4. The Controller shall not verify the personal data provided by the data subject. Liability for adequacy of the personal data shall fall solely on the data subject providing them. However, this shall not affect the Controller’ obligation to process only accurate personal data. When giving his or her e-mail address, the data subject shall also guarantee that the specific service will be solely utilized from the e-mail address provided by the data subject. With regard to said commitment, in the course of the use of the specific e-mail address, all liabilities shall fall solely on the person who registered the e-mail address.

5. The range of processed data

5.1. Webpage Data Processing:

For the performance and monitoring of the service and for the prevention of misuses, the Controller shall record the following personal data of visitors during visits to the website/webpage: time of visit, visitor’s IP address, the address of the visited website and the website previously visited, type of the user’s browser.

Data to be recorded technically during the operation of the system: the personal data of the computer of the user logging in which are generated when using the service and which are recorded as an automatic result of technical processes. Upon login and log out, the system shall automatically log the personal data to be recoded automatically without any additional statement or action of the data subject. The system shall not connect the data in the log file to any other personal data. The data shall be accessed solely by the Controller.

5.2 CRM Data Processing:

Personal data to be recorded during the registration process: user name, password, password reminder, e-mail address, country, address, telephone number, consent on receiving newsletters, date of registration, number of logins, time of the last login, login IP address, services used by the data subject on the webpage/website and the data of such services.

The Controller shall record personal data in the electronic system serving the systematization and operation of customer relationship management (“CRM system”). Apart from the above-mentioned data, the CRM system shall store the activity of the customer, the contact, its content and time. If the data subject intends to enter into contract regarding the services provided by the Company, additional data shall also be transferred into the CRM system: banking data, personal identification data of the data subject (tax number, identification card number, mother’s name, place and date of birth), data of the selected real property, specifications, design and construction data.

Insofar as the persons showing interest enter into contract in relation to the selected property, the Controller shall continue to store their personal data in particular to perform the contract.

6. Content of the data processing

6.1. The electronic mail addresses (e-mail addresses) processed by the Controller mainly serve for the purpose of communication. In the case of change to the services provided by the Controller, the Controller shall send the information related to said changes via e-mail. The Controller shall use the mailing addresses for sending advertisements based on the data subject’s consent and in accordance with the applicable laws.

6.2. The Controller, or in the case of a hyperlink to an external server, the external provider of the hyperlink shall place or identify small packages (so-called cookies) on the computer of the user. When the browser returns a previously saved cookie, the service provider managing the cookie may connect the user’s data saved during his current visits with the previous data, yet only in respect to the service provider’s own content. The user shall be able to delete or block the application of cookies in his or her own browser. In most cases, cookies can be managed under the ‘privacy settings menu item in the menu tools/settings by clicking on ‘cookie’. The detailed cookie policy is available under the following link:

7. Duration of the data processing

7.1 The Controller manages the personal data of the Parties to fulfill the following legal obligations for the following period:

Pursuant to Section 169 (2) of Act C of 2000 is 8 years

Pursuant to Section 78 (3) of Act CL of 2017 is 5 years

Pursuant to Section 56 (2), 57 (2)-(3) and 58 (1) of Act LIII of 2017 is 8-10 years.

In any other cases personal data may only be stored until it is compatible with the purposes of the processing. Personal data shall be erased or anonymized after such period.

7.2. Should the data subject request the erasure of their data or withdraw his or her consent of processing, the affected data shall be erased without undue delay after the receipt of the request or the withdrawal of the consent unless a longer period is prescribed for the processing or retention of personal data by law, in which case the personal data shall be erased on the day subsequent to the expiry of the time limit required by law.

7.3. The personal data recorded automatically or technically in the course of the operation of the system and webpage shall be stored in the system for a reasonable period for the assurance of the operation of the system. The Controller shall ensure that such automatically recorded data will not be linked to other personal data of the user, with the exception of cases specified by law as being mandatory.

7.4. In the case of unlawful or misleading use of personal data, crimes committed or attacks against the system, the Controller shall be entitled to erase the personal data of the data subject simultaneously with the suspension of the registration, and at the same time, in the case of reasonable grounds of alleged criminal activities or civil law liability, the Controller may retain the data in question for the period of the proceedings to be conducted.

8. Individuals with access to the personal data, data transfer and processing

8.1. The personal data may be obtained primarily by the Controller or the colleagues thereof who are responsible for operating the CRM system the delivery of the services advertised by the Company yet without publishing and transferring the data to any third person.

8.2. The Controller may hire a data processor (system operator) for the operating of the IT system, performance of the service and settlement of accounts. The Controller guarantee that the data processors shall ensure the lawful and secure processing of the personal data and enable the data subjects to exercise the rights provided by law. The Controller shall employ the services of the following processors:

  • DG144 Kft és DG148 – Beta Kft.(sales tasks, investor, general representation of the Controller);
  • Pesti Házak Zrt. (sales tasks, accounting tasks);
  • Because Agency Kft. (sales system’s IT operation, fullfilment of marketing tasks)

8.3. During the performance of the processing activity, other processors may be hired according to the instructions of the Controller. The processor may not make pivotal decisions related to the processing and shall process the obtained personal data only according to the orders of the Controller; they shall not perform data processing for their own purposes, and shall store and retain the personal data according to the instructions of the Controller.

8.4. The Controller may provide third parties with access to the personal data of the data subject in certain cases, including official requests by courts or police, legal proceedings due to substantiated grounds of the violation of copyrights, property- or other rights, violation of the Controller’ interests, threatening the provision of their services, enforcement of the Controller’ claims, etc.

8.5. The Controller is entitled and required to transfer any available personal data duly stored by them to the competent authorities if the data must be rendered in order to comply with laws or official requests (e.g. demands, resolutions, rulings, etc.). The Controller shall not be held liable for such data transfer or consequences arising therefrom. In such cases, the Controller shall check without exception whether the request has been received from the court or authority, and they shall transfer them in a secure manner, precluding data leakage.

8.6. In case the data subjects intend to conclude the contract for the services offered by the Controller, the Controller may transfer the data subjects’ personal data required to the conclusion of the contract for the Controller involved in the Green Court Project. The Controller shall specifically notify the data subjects of the exact recipients and circumstances of the transfer.

8.7. The Controller shall promptly notify the data subject in all cases when they intend to use the data for purposes deviating from that of the data collection.

8.8. The Controller shall adhere to the restriction without exception during the collection, recording and processing of the personal data and shall inform the data subject of their activities via e-mail.

8.9. The Controller’ system may collect data on the data subject’s activities, which cannot be linked by the users to the data generated when using other web pages or services.

8.10. The Controller does not transfer personal data to any third country.

9. Security of personal data

9.1. The Controller shall plan and carry out the processing operations in such a way that it will ensure the protection of the data subject’s privacy during the application of the GDPR and other relevant laws.

9.2. The Controller shall provide for the security of the personal data, and shall take all technical and organizational measures and develop procedural rules which are required for the enforcement of the GDPR and other relevant laws.

9.3. The Controller shall protect the personal data by means of suitable measures against unauthorized access, alteration, transmission, public disclosure, deletion or destruction, as well as damage and accidental loss, and to ensure that the data stored cannot be corrupted and rendered inaccessible due to any changes in or modification of the applied technique.

10. The users’ rights in relation to their personal data processed by the controller:

10.1. The data subject may request from the Controller (a) access to his or her personal data, (b) rectification (c) or erasure – if the conditions in the applicable laws are met – of personal data, (d) restriction of processing or (e) the data subject has the right to object to processing as well as (f) the right to data portability.

Subject access rights and right to legal redress: the affected individuals may, by using the contact details above:

  • request access to his/her personal data, including the right to receive a copy of the personal data held by the data controller and a right to check that it is done lawfully;
  • request correction of his/her personal data held by the controller. This enables the individual to have any incomplete or inaccurate data corrected, though the data controller may need to verify the accuracy of the new data provided by the individual to the data controller;
  • request erasure of his/her personal data. This enables the data subject to ask the data controller to delete or remove personal data where there is no good reason for it continuing to process it. The data subject also has the right to ask the data controller to delete or remove his/her personal data where he/she has successfully exercised the right to object to processing (see below), where the data controller may have processed the information unlawfully or where it is required to erase such personal data. Note, however, that the data controller may not always be able to comply with such requests of erasure for specific legal reasons which will be notified to the data subject, if applicable;
  • object to the processing of his/her personal data where the data controller is relying on a legitimate interest (or those of a third party) and the affected data subject believes that such legal interests are overridden by his/her interests or fundamental rights and freedoms;
  • request restriction of processing of his/her personal data, if, for instance, the use of the data is unlawful but the data subject do not want the data controller to erase it or where he/she contests the accuracy of the processed data;
  • request the transfer of his/her personal data to him/herself or to a third party. Note that this right only applies to automated information provided by the data subject to the data controller;
  • withdraw consent at any time where the data controller is relying on consent to process his/her personal data. However, this will not affect the lawfulness of any processing carried out before the individual withdraws his/her consent;
  • lodge a complaint with the supervisory authority in case of unlawful data processing. In case the affected individual believes that his/her rights have been infringed, the data controller recommends that the individual initiate a discussion with the data controller. Should such discussion not be fruitful, or should the individual not wish to partake in such activities, he/she may, without prejudice to any other administrative or judicial remedy, lodge a complaint with the Hungarian Data Protection and Freedom of Information Authority (NAIH), or another supervisory authority competent as per the affected individual’s habitual residence, place of work or place of the alleged infringement. In case of instigating a court procedure, the individual may decide to launch it before the court which has jurisdiction as per his/her address or residence. The contact details of the NAIH are as follows: 1125 Budapest, Szilágyi Erzsébet fasor 22/C; phone: +36 1 391 1400; fax: +36 1 391 1410; e-mail:; website:

11. Binding force and amendment of the privacy notice

11.1. The Controller undertake to act in the course of the processing of the personal data in accordance with the provisions of the present notice.

11.2. The Controller reserve the right to amend the present privacy notice at their sole discretion at any time.

11.3. Subsequent to the amendment hereto, the Controller shall inform the data subject by appropriate means (e.g. by displaying it on the website or by other means). Through the continued use of the service, the data subject shall acknowledge the amended privacy rules, and the Controller shall not be obliged to obtain additional consent.

If the user has provided the personal data of any third party at the registration for the use of the service or caused any damage in the course of the use of the website/webpage, the Controller may file a claim for damages. In such cases, the Controller shall use their best efforts to assist the proceeding authorities to identify the offender.

Budapest, 24 February 2020.