Data processing consent statement
By completing this form, I expressly consent to my personal data voluntarily provided above being processed by ....... real estate agent, as data controller, until my consent is withdrawn, for the purpose of sending me offers for the sale or purchase of real estate.
The e-mail received always contains an unsubscribe link.
Data processing information
In short
We only collect and process personal data in accordance with the law.
We only send DMs with specific consent. We can also send system messages without it.
We store the data as securely as possible.
We only provide personal data to third parties with consent.
We provide anyone with information about the data stored about them, and they can also request the deletion of their data at any time by contacting us.
Introduction
Vizicsiga Kft. registered office: 3600 Ózd, Március 15. utca 3., tax number: 23814529-12-05, (hereinafter referred to as: Service Provider, data controller) hereby submits itself to the following information.
Section 20 (1) of Act CXII of 2011 on the right to informational self-determination and freedom of information states that the data subject (in this case the website user, hereinafter referred to as: user) must be informed before the start of data processing whether the data processing is based on consent or mandatory.
Before the start of data processing, the data subject must be clearly and in detail informed of all facts related to the processing of his or her data, in particular the purpose and legal basis of the data processing, the person authorized to manage and process the data, and the duration of the data processing.
The data subject must be informed of the Info tv. Pursuant to Section 6(1), personal data may be processed even if obtaining the data subject's consent is impossible or would involve disproportionate costs, and the processing of the personal data is
• necessary for the performance of a legal obligation to which the data controller is subject, or
• it is necessary for the purposes of the legitimate interests of the controller or a third party, and the exercise of this interest is proportionate to the restriction of the right to the protection of personal data.
The information must also cover the rights and legal remedies of the data subject in relation to the data processing.
If personal information of the data subjects is impossible or would entail disproportionate costs (such as in this case on a website), the information may also be provided by publishing the following information:
a) the fact of data collection,
b) the scope of the data subjects,
c) the purpose of data collection,
d) the duration of data processing,
e) the identity of potential data controllers entitled to access the data,
f) a description of the rights and legal remedies of the data subjects in relation to data processing, and
g) if the data processing is subject to data protection registration, the registration number of the data processing.
This data processing information regulates the data processing of the following website: website name and is based on the above content specification. The information is available from the following page: website name…..hu/data processing
Amendments to the information will enter into force upon publication at the above address.
Definitions (§ 3)
1. Data subject/User: any specific natural person identified or identifiable – directly or indirectly – on the basis of personal data;
2. Personal data: data relating to the data subject – in particular the name, identification number and one or more physical, physiological, mental, economic, cultural or social identity of the data subject – and any conclusion that can be drawn from the data concerning the data subject;
3. Data controller: the natural or legal person or organisation without legal personality who, alone or jointly with others, determines the purposes of the processing of data, makes and implements the decisions relating to the processing of data (including the means used), or has them implemented by a data processor entrusted by him/her;
4. data management: any operation or set of operations which is performed on data, regardless of the method used, and in particular collection, recording, recording, organisation, storage, alteration, use, consultation, transmission, disclosure by communication, alignment or combination, restriction, erasure and destruction, as well as the prevention of further use of data, taking photographs, sound or image recordings and recording physical characteristics suitable for identifying a person (e.g. fingerprints or palm prints, DNA samples, iris images);
5. data processing: the performance of technical tasks related to data management operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;
6. data processor: the natural or legal person, or an organization without legal personality, who processes data based on a contract concluded with the data controller - including a contract concluded based on the provisions of the law;
7. data protection incident: unlawful handling or processing of personal data, in particular unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage.
Data processing related to website operation
1. Based on Section 20 (1) of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information, the following must be determined in the context of data processing related to website operation/operation:
a) the fact of data collection,
b) the scope of data subjects,
c) the purpose of data collection,
d) the duration of data processing,
e) the identity of potential data controllers authorized to view the data,
f) a description of the rights of data subjects related to data processing.
2. The fact of data collection, the scope of data processed and the purpose of data processing:
Personal data
Purpose of data processing
Name
Identification, contact, enabling the order.
Contact details (telephone number, e-mail address)
Contact.
Time of contact
Performance of technical operations.
In the case of the e-mail address, it is not necessary to contain personal data.
3. Scope of data subjects: All data subjects using the services provided on the website.
4. Duration of data processing, deadline for data deletion: Until the data subject requests deletion. Except in the case of accounting documents, since these data must be retained for 8 years pursuant to Section 169 (2) of Act C of 2000 on Accounting.
Accounting documents (including general ledger accounts, analytical and detailed records) that directly and indirectly support accounting records must be kept in a legible form for at least 8 years, and must be retrievable by reference to the accounting records.
5. Person of possible data controllers authorized to view the data: Personal data may be processed by the data controller’s sales and marketing staff, in compliance with the above principles.
6. Description of the rights of the data subjects in relation to data processing: The data listed in point 2 of this chapter can be modified or deleted on the website. The data subject can initiate the deletion or modification of personal data in the following ways:
– by e-mail at the e-mail address kovacsbogyojozsef@gmail.com
– by phone at +36 308900768.
7. Data processors used during data processing:
7.1. hosting provider
Webrakéta Kft., Address: 1111 Budapest, Lágymányosi út 12., Tax ID: 23980790-2-43, Company Registration Number: 01-09-987579
8. Registration number of the data processing: This data processing is exclusively customer relationship data processing pursuant to Section 65 (3) a) of the Information Act, so the Authority does not keep records of this data processing.
9. Legal basis for data processing: the User’s consent, Section 5 (1) of the Information Act, and Section 13/A (3) of Act CVIII of 2001 on certain issues of electronic commerce services and services related to the information society (hereinafter: the Elker Act):
The service provider may process personal data that are technically indispensable for the provision of the service. All other conditions being equal, the service provider must select and in all cases operate the means used in the provision of information society services in such a way that personal data are processed only if this is absolutely necessary for the provision of the service and the fulfilment of other purposes specified in this Act, but even in this case only to the extent and for the period necessary.
Cookie management
1. Pursuant to Section 20 (1) of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information, the following must be determined in the context of the website's cookie data management:
a) the fact of data collection,
b) the scope of data subjects,
c) the purpose of data collection,
d) the duration of data management,
e) the identity of potential data controllers authorized to view the data,
f) a description of the rights of data subjects related to data management.
2. Necessary cookies”, “Functional cookies”, “cookies responsible for managing website statistics”, “cookies tracking online advertising behavior” and “security cookies”, the use of which does not require prior consent from data subjects.
3. The fact of data management, the scope of data processed: Unique identification number, dates, times
4. The scope of data subjects: All data subjects visiting the website.
5. Purpose of data processing: Identification of users and tracking of visitors.
6. Duration of data processing, deadline for data deletion: In the case of session cookies, the duration of data processing lasts until the end of the visit to the websites.
7. Person of possible data controllers authorized to know the data: The data controller does not process personal data using cookies.
8. Description of the rights of the data subjects in relation to data processing: The data subject has the option to delete cookies in the Tools/Settings menu of the browsers, usually under the settings of the Data Protection menu item.
9. Legal basis for data processing: Consent from the data subject is not required if the sole purpose of using cookies is to transmit information via an electronic communications network or if the service provider absolutely needs it to provide an information society service explicitly requested by the subscriber or user.
Use of GoogleAdwords conversion tracking
1. The data controller uses the online advertising program called “GoogleAdWords” and, within its framework, uses Google’s conversion tracking service. Google Conversion Tracking is an analytics service of Google Inc. (1600 AmphitheatreParkway, Mountain View, CA 94043, USA; “Google”).
2. When a User reaches a website via a Google ad, a cookie required for conversion tracking is placed on their computer. These cookies have a limited validity and do not contain any personal data, so the User cannot be identified by them.
3. When the User browses certain pages of the website and the cookie has not yet expired, both Google and the data controller can see that the User has clicked on the ad.
4. Each GoogleAdWords customer receives a different cookie, so they cannot be tracked through the websites of AdWords customers.
5. The information – obtained using conversion tracking cookies – is used to compile conversion statistics for AdWords customers who have opted for conversion tracking. Customers are thus informed about the number of users who clicked on their ads and were forwarded to a page with a conversion tracking tag. However, they do not receive information that could be used to identify any individual user.
6. If you do not wish to participate in conversion tracking, you can refuse this by disabling the installation of cookies in your browser. You will then not be included in the conversion tracking statistics.
7. Further information and Google's data protection declaration can be found at: www.google.de/policies/privacy/
Using Google Analytics
1. This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and help the website operator analyze how you use the website.
2. The information generated by the cookies about your use of the website is usually transmitted to and stored by Google on a server in the USA. If IP anonymization is activated on the website, Google will first shorten your IP address within the member states of the European Union or in other states party to the Agreement on the European Economic Area.
3. The full IP address will only be transmitted to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate how the User uses the website, to compile reports on website activity for the website operator and to provide other services relating to website and internet usage.
4. The IP address transmitted by the User's browser within the framework of Google Analytics will not be merged with other data held by Google. The User can prevent the storage of cookies by setting their browser accordingly, however, please note that in this case not all functions of this website may be fully usable. You can also prevent Google from collecting and processing the data generated by cookies and relating to your use of the website (including your IP address) by downloading and installing the browser plugin available at the following link. https://tools.google.com/dlpage/gaoptout?hl=hu
Customer relations and other data processing
1. If the data controller should have any questions or problems while using our services, the data subject may contact the data controller via the methods provided on the website (telephone, e-mail, social media, etc.).
2. The data controller deletes the received e-mails, messages, data provided by telephone, Facebook, etc., together with the name and e-mail address of the interested party, as well as other voluntarily provided personal data, no later than 2 years after the data was provided.
3. We will provide information on data processing not listed in this information when the data is collected.
4. In the event of an exceptional official request or a request from other bodies based on the authorization of the law, the Service Provider is obliged to provide information, communicate, transfer data, or make documents available.
5. In these cases, the Service Provider shall only provide the requester with personal data - if the requester has indicated the exact purpose and scope of the data - to the extent and insofar as this is absolutely necessary to achieve the purpose of the request.
Data security (§ 7)
1. The data controller shall plan and implement data processing operations in such a way as to ensure the protection of the privacy of the data subjects.
2. The data controller ensures the security of the data (protection with a password, antivirus), takes the technical and organizational measures and develops the procedural rules that are necessary for the enforcement of the Info tv. and other data and confidentiality protection rules.
3. The data controller protects the data with appropriate measures, in particular
• against unauthorized access,
• against alteration,
• against transmission,
• against disclosure,
• against deletion or destruction,
• against accidental destruction and damage,
• against inaccessibility resulting from changes in the technology used.
4. The data controller shall ensure by means of appropriate technical solutions that the data stored in the registers cannot be directly linked and assigned to the data subject.
5. In order to prevent unauthorized access to personal data, alteration of data and unauthorized disclosure or use, the data controller shall ensure:
• the development and operation of an appropriate IT and technical environment,
• the controlled selection and supervision of the staff involved in the provision of services,
• the issuance of detailed operating, risk management and service procedures.
6. Based on the above, the service provider shall ensure that the data it processes
4. The data controller shall ensure by means of appropriate technical solutions that the data stored in the registers cannot be directly linked and assigned to the data subject.
5. In order to prevent unauthorized access to personal data, alteration of data and unauthorized disclosure or use, the data controller shall ensure:
• the development and operation of an appropriate IT and technical environment,
• the controlled selection and supervision of the staff involved in the provision of services,
• the issuance of detailed operating, risk management and service procedures.
6. Based on the above, the service provider shall ensure that the data it processes
2. At the request of the data subject, the data controller shall provide information about the data subject's data processed by it or by a data processor commissioned by it or at its direction, their source, the purpose, legal basis, duration of the data processing, the name, address of the data processor and its activities related to the data processing, the circumstances, effects of the data protection incident and the measures taken to remedy it, and – in the case of the transfer of the data subject's personal data – the legal basis and recipient of the data transfer.
3. The data controller – if it has an internal data protection officer, through the internal data protection officer – shall keep a register for the purpose of monitoring the measures related to the data protection incident and informing the data subject, which shall include the scope of the personal data concerned, the scope and number of those affected by the data protection incident, the date, circumstances, effects of the data protection incident and the measures taken to remedy it, as well as other data specified in the legislation prescribing data processing.
4. In order to verify the lawfulness of the data transfer and to inform the data subject, the data controller shall keep a data transfer record, which shall include the date of the transfer of the personal data processed by it, the legal basis and recipient of the data transfer, the definition of the scope of the personal data transferred, and other data specified in the law prescribing data processing.
5. At the request of the user, the Service Provider shall provide information on the data processed by it, their source, the purpose, legal basis, duration of the data processing, the name, address and activities of any data processor related to the data processing, and – in the case of the transfer of the data subject’s personal data – on the legal basis and recipient of the data transfer. The Service Provider shall provide the information in writing and in a plain language as soon as possible after the request is submitted, but no later than 25 days. The information shall be free of charge.
6. The Service Provider, if the personal data does not correspond to reality and the data controller has personal data corresponding to reality, will correct the personal data.
7. Instead of deletion, the Service Provider blocks the personal data if the User requests this or if, based on the information available to it, it can be assumed that deletion would harm the User's legitimate interests. Blocked personal data may only be processed as long as the purpose of data processing that precluded the deletion of the personal data exists.
8. The Service Provider deletes the personal data if its processing is unlawful, the User requests it, the processed data is incomplete or incorrect - and this condition cannot be legally remedied - provided that deletion is not excluded by law, the purpose of data processing has ceased, or the statutory deadline for storing the data has expired, or it has been ordered by a court or the National Data Protection and Freedom of Information Authority.
9. The data controller marks the personal data it processes if the data subject disputes its correctness or accuracy, but the incorrectness or inaccuracy of the disputed personal data cannot be clearly established.
10. The data subject and all those to whom the data were previously transmitted for the purpose of data processing shall be notified of the rectification, blocking, marking and erasure. Notification may be omitted if this does not prejudice the legitimate interests of the data subject in view of the purpose of data processing.
11. If the data controller does not comply with the data subject’s request for rectification, blocking or erasure, it shall communicate in writing the factual and legal reasons for rejecting the request for rectification, blocking or erasure within 25 days of receipt of the request. In the event of rejection of the request for rectification, blocking or erasure, the data controller shall inform the data subject of the possibility of judicial remedy and of contacting the Authority.
Legal Remedy
1. A user may object to the processing of his/her personal data if
a) the processing or transmission of personal data is necessary solely for the fulfillment of a legal obligation to which the Service Provider is subject, or for the exercise of the legitimate interests of the Service Provider, the data recipient or a third party, unless the processing is required by law;
b) the use or transmission of personal data is for the purpose of direct marketing, public opinion polling or scientific research;
c) in other cases specified by law.
2. The Service Provider shall examine the objection within the shortest possible time from the submission of the application, but no later than 15 days, make a decision on its merits, and inform the applicant of its decision in writing. If the Service Provider determines that the objection of the data subject is well-founded, it shall terminate the data processing – including further data collection and transmission – and block the data, and shall notify all those to whom the personal data affected by the objection was previously transmitted, and who are obliged to take measures to enforce the right to object, of the objection and of the measures taken on its basis.
3. If the User does not agree with the decision made by the Service Provider, he may appeal to the court within 30 days of its notification. The court shall act ex officio.
4. A complaint against a possible infringement of the data controller may be filed with the National Data Protection and Freedom of Information Authority:
National Data Protection and Freedom of Information Authority
1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, PO Box: 5.
Telephone: +36 -1-391-1400
Fax: +36-1-391-1410
Email: ugyfelszolgalat@naih.hu
Judicial enforcement
1. The data controller is obliged to prove that the data processing complies with the provisions of the law. The data recipient is obliged to prove the lawfulness of the data transfer.
2. The court shall adjudicate the case. The case may also be initiated before the court of the place of residence or residence of the data subject, at the choice of the data subject.
3. A party to the lawsuit may also be a person who does not otherwise have legal capacity to sue. The Authority may intervene in the lawsuit in the interest of the data subject's success.
4. If the court grants the request, it shall oblige the data controller to provide information, rectify, block or delete the data, annul the decision made by automated data processing, take into account the data subject's right to object, and provide the data requested by the data recipient.
5. If the court rejects the data recipient's request, the data controller shall be obliged to delete the data subject's personal data within 3 days of the notification of the judgment. The data controller shall be obliged to delete the data even if the data recipient does not apply to court within the specified deadline.
6. The court may order the publication of its judgment – ??by publishing the data controller's identification data – if the interests of data protection and the protected rights of a larger number of data subjects so require.
Compensation and damages
1. If the data controller infringes the data subject’s personal rights by unlawfully processing the data of the data subject or by violating the data security requirements, the data subject may claim damages from the data controller.
2. The data controller shall be liable to the data subject for the damage caused by the data processor and shall also pay the data subject the damages due in the event of a personal rights infringement caused by the data processor. The data controller shall be exempt from liability for the damage caused and from the obligation to pay damages if it proves that the damage or the infringement of the data subject’s personal rights was caused by an unavoidable cause outside the scope of data processing.
3. No compensation shall be required and no damages may be claimed if the damage or the infringement of the right to privacy was caused by the intentional or grossly negligent conduct of the injured party or the data subject.
Conclusion
When preparing this information, we have taken into account the following legal provisions:
– Act CXII of 2011 – on the right to informational self-determination and freedom of information (hereinafter referred to as the Information Act)
– Act CVIII of 2001 – on certain issues of electronic commerce services and services related to the information society (especially Section 13/A)
– Act XLVII of 2008 – on the prohibition of unfair commercial practices towards consumers;
– Act XLVIII of 2008 – on the basic conditions and certain limitations of economic advertising activities (especially Section 6)
– Act XC of 2005 on electronic freedom of information
– Act C of 2003 on electronic communications (specifically Section 155)
– Opinion No. 16/2011 on the EASA/IAB Recommendation on Best Practices for Online Behavioural Advertising
– Recommendation of the National Data Protection and Freedom of Information Authority on the requirements for prior information on data protection
– GDPR, Regulation 2016/679 of the European Parliament and of the Council on the processing of personal data of natural persons and on the free movement of such data (repealing Regulation 95/46 EC)
2025. 03. 03.
Vizicsiga Kft
