The aim of the present privacy notice is for the data processing of DG144 Kft and DG148 - Beta Kft. (hereinafter: Controller) will comply with the obligation to provide prior information and advise the data subjects of the principles of the processing and the data subjects rights.
When compiling this privacy notice, the Controller relied mainly on the following legislation:
The present notice applies to the processing performed by the Controller in relation to dispatching newsletters and offers (“CRM Data Processing”) as well as to data processing performed during the visit of the website www.greencourtoffice.hu (“Webpage Data Processing”).
Name of the Controller: DG144 Kft and DG148 - Beta Kft. (hereinafter as: „the Controller”)
Seat: 1094 Budapest Ferenc tér 2-3 6.em 1.
Mailing address: 1094 Budapest Ferenc tér 2-3 6.em 1
Telephone: +36 1 266 6000
2.1. Lawfulness, fairness and transparency: the Controller shall process the personal data only lawfully, fairly and in such a manner that it will be transparent and available for the clients.
2.2. Purpose limitation: the Controller shall process the data subjects’ personal data only for the purposes specified in Section 4 and in a manner that is compatible with said purposes.
2.3. Data minimization: the Controller shall process only the personal data that are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
2.4. Accuracy: the Controller shall take all reasonable actions to ensure that they process only accurate and up-to-date personal data and they shall erase any inaccurate data without delay.
2.5. Storage limitation: the Controller shall store the personal data only for a period that is absolutely necessary to attain the purposes set out in Section 4.
2.6. Integrity and confidentiality: the Controller shall process the personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures.
The Controller uses all the identified personal data in particular for the preparation of contracts and the performance of the contract (Art. 6 (1) b) GDPR), for the purposes of its legitimate interest (Art. 6 (1) f) GDPR) or in case the data subject has given consent to the processing (Art. 6 (1) a) GDPR).
eDMs and other offers (sent by email or SMS) shall only be sent if the Participant has consented. The consent can be given
The Participants are entitled to withdraw consent at any time, without restriction, by notice addressed to the Controller to the above address or by an email or under the unsubscribe link placed in each message. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
4.1. Purpose of the data processing in respect of CRM: searching for services on websites operated by the Controller, including, in particular, making offers and sending quotations, possible complains, contacts and satisfying the data subjects’ demands to the greatest possible extent.
The Controller’s fulfillment of market research goals, tax and accounting and other legal and contractual obligations, quality control of provided services, development of IT system.
The personal data to be provided for the use of such services are contained in paragraph 5.2 of the present Notice.
4.3. The Controller shall not use the personal data provided by the data subject for any purposes other than those specified herein. The personal data may be not disclosed to third parties or authorities – unless stipulated otherwise by the relevant laws.
4.4. The Controller shall not verify the personal data provided by the data subject. Liability for adequacy of the personal data shall fall solely on the data subject providing them. However, this shall not affect the Controller’ obligation to process only accurate personal data. When giving his or her e-mail address, the data subject shall also guarantee that the specific service will be solely utilized from the e-mail address provided by the data subject. With regard to said commitment, in the course of the use of the specific e-mail address, all liabilities shall fall solely on the person who registered the e-mail address.
5.1. Webpage Data Processing:
For the performance and monitoring of the service and for the prevention of misuses, the Controller shall record the following personal data of visitors during visits to the website/webpage: time of visit, visitor’s IP address, the address of the visited website and the website previously visited, type of the user’s browser.
Data to be recorded technically during the operation of the system: the personal data of the computer of the user logging in which are generated when using the service and which are recorded as an automatic result of technical processes. Upon login and log out, the system shall automatically log the personal data to be recoded automatically without any additional statement or action of the data subject. The system shall not connect the data in the log file to any other personal data. The data shall be accessed solely by the Controller.
5.2 CRM Data Processing:
Personal data to be recorded during the registration process: user name, password, password reminder, e-mail address, country, address, telephone number, consent on receiving newsletters, date of registration, number of logins, time of the last login, login IP address, services used by the data subject on the webpage/website and the data of such services.
The Controller shall record personal data in the electronic system serving the systematization and operation of customer relationship management (“CRM system”). Apart from the above-mentioned data, the CRM system shall store the activity of the customer, the contact, its content and time. If the data subject intends to enter into contract regarding the services provided by the Company, additional data shall also be transferred into the CRM system: banking data, personal identification data of the data subject (tax number, identification card number, mother’s name, place and date of birth), data of the selected real property, specifications, design and construction data.
Insofar as the persons showing interest enter into contract in relation to the selected property, the Controller shall continue to store their personal data in particular to perform the contract.
6.1. The electronic mail addresses (e-mail addresses) processed by the Controller mainly serve for the purpose of communication. In the case of change to the services provided by the Controller, the Controller shall send the information related to said changes via e-mail. The Controller shall use the mailing addresses for sending advertisements based on the data subject’s consent and in accordance with the applicable laws.
7.1 The Controller manages the personal data of the Parties to fulfill the following legal obligations for the following period:
Pursuant to Section 169 (2) of Act C of 2000 is 8 years
Pursuant to Section 78 (3) of Act CL of 2017 is 5 years
Pursuant to Section 56 (2), 57 (2)-(3) and 58 (1) of Act LIII of 2017 is 8-10 years.
In any other cases personal data may only be stored until it is compatible with the purposes of the processing. Personal data shall be erased or anonymized after such period.
7.2. Should the data subject request the erasure of their data or withdraw his or her consent of processing, the affected data shall be erased without undue delay after the receipt of the request or the withdrawal of the consent unless a longer period is prescribed for the processing or retention of personal data by law, in which case the personal data shall be erased on the day subsequent to the expiry of the time limit required by law.
7.3. The personal data recorded automatically or technically in the course of the operation of the system and webpage shall be stored in the system for a reasonable period for the assurance of the operation of the system. The Controller shall ensure that such automatically recorded data will not be linked to other personal data of the user, with the exception of cases specified by law as being mandatory.
7.4. In the case of unlawful or misleading use of personal data, crimes committed or attacks against the system, the Controller shall be entitled to erase the personal data of the data subject simultaneously with the suspension of the registration, and at the same time, in the case of reasonable grounds of alleged criminal activities or civil law liability, the Controller may retain the data in question for the period of the proceedings to be conducted.
8.1. The personal data may be obtained primarily by the Controller or the colleagues thereof who are responsible for operating the CRM system the delivery of the services advertised by the Company yet without publishing and transferring the data to any third person.
8.2. The Controller may hire a data processor (system operator) for the operating of the IT system, performance of the service and settlement of accounts. The Controller guarantee that the data processors shall ensure the lawful and secure processing of the personal data and enable the data subjects to exercise the rights provided by law. The Controller shall employ the services of the following processors:
8.3. During the performance of the processing activity, other processors may be hired according to the instructions of the Controller. The processor may not make pivotal decisions related to the processing and shall process the obtained personal data only according to the orders of the Controller; they shall not perform data processing for their own purposes, and shall store and retain the personal data according to the instructions of the Controller.
8.4. The Controller may provide third parties with access to the personal data of the data subject in certain cases, including official requests by courts or police, legal proceedings due to substantiated grounds of the violation of copyrights, property- or other rights, violation of the Controller’ interests, threatening the provision of their services, enforcement of the Controller’ claims, etc.
8.5. The Controller is entitled and required to transfer any available personal data duly stored by them to the competent authorities if the data must be rendered in order to comply with laws or official requests (e.g. demands, resolutions, rulings, etc.). The Controller shall not be held liable for such data transfer or consequences arising therefrom. In such cases, the Controller shall check without exception whether the request has been received from the court or authority, and they shall transfer them in a secure manner, precluding data leakage.
8.6. In case the data subjects intend to conclude the contract for the services offered by the Controller, the Controller may transfer the data subjects’ personal data required to the conclusion of the contract for the Controller involved in the Green Court Project. The Controller shall specifically notify the data subjects of the exact recipients and circumstances of the transfer.
8.7. The Controller shall promptly notify the data subject in all cases when they intend to use the data for purposes deviating from that of the data collection.
8.8. The Controller shall adhere to the restriction without exception during the collection, recording and processing of the personal data and shall inform the data subject of their activities via e-mail.
8.9. The Controller’ system may collect data on the data subject’s activities, which cannot be linked by the users to the data generated when using other web pages or services.
8.10. The Controller does not transfer personal data to any third country.
9.1. The Controller shall plan and carry out the processing operations in such a way that it will ensure the protection of the data subject’s privacy during the application of the GDPR and other relevant laws.
9.2. The Controller shall provide for the security of the personal data, and shall take all technical and organizational measures and develop procedural rules which are required for the enforcement of the GDPR and other relevant laws.
9.3. The Controller shall protect the personal data by means of suitable measures against unauthorized access, alteration, transmission, public disclosure, deletion or destruction, as well as damage and accidental loss, and to ensure that the data stored cannot be corrupted and rendered inaccessible due to any changes in or modification of the applied technique.
10.1. The data subject may request from the Controller (a) access to his or her personal data, (b) rectification (c) or erasure – if the conditions in the applicable laws are met – of personal data, (d) restriction of processing or (e) the data subject has the right to object to processing as well as (f) the right to data portability.
Subject access rights and right to legal redress: the affected individuals may, by using the contact details above:
11.1. The Controller undertake to act in the course of the processing of the personal data in accordance with the provisions of the present notice.
11.2. The Controller reserve the right to amend the present privacy notice at their sole discretion at any time.
11.3. Subsequent to the amendment hereto, the Controller shall inform the data subject by appropriate means (e.g. by displaying it on the website or by other means). Through the continued use of the service, the data subject shall acknowledge the amended privacy rules, and the Controller shall not be obliged to obtain additional consent.
If the user has provided the personal data of any third party at the registration for the use of the service or caused any damage in the course of the use of the website/webpage, the Controller may file a claim for damages. In such cases, the Controller shall use their best efforts to assist the proceeding authorities to identify the offender.
Budapest, 24 February 2020.