1. Introduction

In this Privacy Notice, the Data Controller fulfils its obligation to provide prior information pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, the General Data Protection Regulation, commonly known as the GDPR.

1.1. During which data subject activities does the Data Controller obtain personal data?

1.2. How long does the processing last?

Personal data provided by e-mail, telephone, contact form or callback request form will be deleted without undue delay after withdrawal of consent or after the response has been provided, but no later than within 30 days.

If an offer is provided, the personal data will be deleted without undue delay after the expiry of the validity period of the offer, but no later than within 30 days.

1.3. How is the data processed?

The Data Controller deletes personal data provided by e-mail, telephone, contact form or callback request form without undue delay after withdrawal of consent or after the response has been provided, but no later than within 30 days.

Withdrawal of consent may be submitted by post at 1103 Budapest, Gyömrői út 99., by telephone at +36 30 420 5018, by e-mail at info@p2homes.hu, or in person.

Where an offer is provided, the Data Controller deletes the personal data without undue delay after the expiry of the validity period of the offer, but no later than within 30 days.

1.4. Is data disclosed to third parties?

Yes, disclosure to third parties may take place.

1.5. Are data processors used?

Yes.

Hosting provider:

1.6. Is automated decision-making or profiling carried out?

No.

1.7. Who is authorised to access the data?

• the managing director,
• the data protection officer,
• heads of organisational units responsible for customer relations and IT,
• employees who process personal data as part of their job duties,
• persons working under other contractual relationships aimed at performing work.

1.8. What data security measures does the Data Controller apply?

The Data Controller ensures in particular:

• that unauthorised persons are denied access to the equipment used for data processing,
• that unauthorised reading, copying, modification or removal of data media is prevented,
• that unauthorised input of personal data into the data processing system, as well as unauthorised access to, modification or deletion of stored personal data, is prevented,
• that the data processing systems cannot be used by unauthorised persons through data transmission equipment,
• that persons authorised to use the data processing system only have access to personal data covered by their access rights,
• that it is possible to verify and establish to which recipients personal data have been or may be transmitted or made available by means of data transmission equipment,
• that it is possible to verify and establish retrospectively which personal data were entered into the data processing system, when and by whom,
• that unauthorised access to, copying, modification or deletion of personal data is prevented during transmission or while data media are being transported,
• that the data processing system can be restored in the event of a malfunction,
• that the data processing system remains operational, that errors occurring during its operation are reported, and that stored personal data cannot be altered as a result of system malfunction.

1.9. Other information

-

2. What rights do data subjects have and how can they exercise them?

The following table shows the relationship between the rights of the data subject and the legal basis or bases specified above in relation to the processing, so that the data subject can clearly see which rights may be exercised under the applicable legal basis. After the table, the data subject is informed about the content of these rights and how they may be exercised.

2.1. Right to information (Articles 13 and 14 GDPR)

Where the Data Controller processes personal data concerning the data subject, the Data Controller is required to provide the data subject with information, even without a specific request, about the main characteristics of the processing. This includes the purpose, legal basis and duration of processing, the identity and contact details of the Data Controller and its representative, the contact details of the data protection officer, the recipients of the personal data, the legitimate interest pursued by the Data Controller or a third party in the case of processing based on legitimate interest, the rights of the data subject and available remedies, and, where the data are not obtained from the data subject, the source of the personal data and the categories of personal data concerned.

The Data Controller provides this information by making this Privacy Notice available to the data subject.

2.2. Right of access (Article 15 GDPR)

The data subject has the right to obtain confirmation from the Data Controller as to whether personal data concerning them are being processed. Where such processing is taking place, the data subject has the right to access the personal data and information concerning the circumstances of the processing.

Where personal data are transferred to a third country or an international organisation, the data subject has the right to be informed of the appropriate safeguards relating to the transfer pursuant to Article 46 GDPR.

The Data Controller provides the data subject with a copy of the personal data undergoing processing if requested by the data subject.

2.3. Right to withdraw consent (Article 7 GDPR)

The data subject has the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

2.4. Right to rectification (Article 16 GDPR)

The data subject has the right to request that the Data Controller rectify inaccurate personal data concerning them without undue delay.

2.5. Right to object (Article 21 GDPR)

The data subject has the right to object, on grounds relating to their particular situation, at any time to the processing of personal data concerning them where the processing is based on Article 6(1)(e) or Article 6(1)(f) GDPR.

In this case, the Data Controller may no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject.

2.6. Right to restriction of processing (Article 18 GDPR)

The data subject has the right to request that the Data Controller restrict processing where any of the conditions set out in the GDPR apply. In such cases, the Data Controller may not carry out any operation on the data other than storage.

Where the data subject has objected to processing, the restriction applies for the period during which it is determined whether the legitimate grounds of the Data Controller override those of the data subject.

2.7. Right to erasure, also known as the right to be forgotten (Article 17 GDPR)

The data subject has the right to request that the Data Controller erase personal data concerning them without undue delay where the processing no longer has a purpose, the data subject has withdrawn consent and there is no other legal basis for processing, there is no overriding legitimate ground for processing in the event of an objection, the data have been unlawfully processed, or the data must be erased for compliance with a legal obligation.

Where the Data Controller has made the personal data public and is required to erase them, the Data Controller shall, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other controllers processing the data that the data subject has requested the erasure of any links to, or copies or replications of, those personal data.

2.8. Right to data portability (Article 20 GDPR)

The data subject has the right to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used and machine-readable format. The data subject also has the right to transmit those data to another controller without hindrance from the controller to which the personal data were provided, where the statutory conditions are met.

3. Where and how can the data subject request detailed information about the processing and transfer of data, and where and how can they exercise their rights?

The Data Controller informs data subjects that they may submit requests for information, exercise their right of access and exercise their other rights by sending a statement to the postal or e-mail address of the Data Controller.

Postal address: 1103 Budapest, Gyömrői út 99., Hungary
E-mail: info@p2homes.hu

The Data Controller examines and responds to the statement as soon as possible after receipt, and takes the necessary steps in accordance with the statement, the internal data protection policy and applicable law.

3.1. Contact details of the supervisory authority in case of a complaint

Hungarian National Authority for Data Protection and Freedom of Information

Address: 1055 Budapest, Falk Miksa utca 9-11., Hungary
Mailing address: 1363 Budapest, P.O. Box 9, Hungary
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
Web: www.naih.hu
E-mail: ugyfelszolgalat@naih.hu

Further information about the rights of the data subject and the procedure for lodging a complaint with the authority is available here: http://naih.hu/panaszuegyintezes-rendje.html

In the event of a violation of their rights, the data subject may also apply to the competent court according to their place of residence and may, among other remedies, claim damages for non-material harm.

The competent court according to the place of residence can be searched here: https://birosag.hu/birosag-kereso