Data Handling Policy
Last modification: 21 May 2019
Contents
1. General provisions and contact details
2. Updates and access to the Policy
3. Other data protection conditions
4. The scope of handled data and the purpose of data handling
5. Transfer of personal data to our contracted partners
6. Cookies used on the https://bastionresidence.hu website
7. Personal data relating to children and third parties
8. Data security
9. Your data protection rights and legal options for remediation
1. General provisions and contact details
This policy (hereinafter referred to as: Policy) applies to the handling of any information (personal data) concerning identified or identifiable natural persons (data subjects) by the BASTION Residence Limited Liability Company (hereinafter referred to as: BASTION, BASTION Residence LLC or our Company).
Related data protection legislation:
– Act 4 of 2013 on the Civil Code of Hungary (“PTK”);
– Act 63 of 1992 on protecting personal data and the publicity of public data („Data protection Act”);
– Act 112 of 2011. on information freedom („Info Act”);
– GDPR, Regulation (EU) 2016/679 of the European Parliament and of the Council, Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Data Protection Directive)
Registered address of BASTION Residence LLC: 1126 Budapest, Királyhágó Street 2. III/4.
Residence Office of the BASTION Residence LLC: 1011 Budapest, Szalag Street 28. ground floor 1.
Registration No. of the BASTION Residence LLC: Cg. 01-09-280827
Website of the BASTION Residence LLC: https://bastionresidence.hu/
Phone No. of the BASTION Residence LLC: +36706259545
Email address of the BASTION Residence LLC: info@bastionresidence.hu
Name and contact detail of the data protection officer appointed by the BASTION Residence LLC:
dr. Balázs Péter; peter.balazs@bastionresidence.hu
If you have any questions or remarks concerning this Policy, please contact BASTION at one of above contact details prior to using the website and prior to providing any information or data in accordance with this Policy.
If you provide BASTION with personal data through a third-party service (for example, through a realtor or via social media page), you may be subject to the data handling policy and other terms of use of that given service, for which BASTION bears no responsibility.
2. Updates and access to the Policy
BASTION reserves the right to unilaterally modify the Policy, following any prior modifications, after which such modification shall come into effect. Modification of this policy can especially take place if it is necessary due to legal changes, data protection authority practice, company or employee demand, new personal data handling activities, or newly discovered security risks. Upon your individual request, we will be happy to provide you with an up-to-date hard copy of the Policy.
3. Other data protection conditions
During use of the individual separate services, you may be subject to specific data protection conditions that you will be informed of prior to using the given service.
4. The scope of handled data and the purpose of data handling
The scope of personal data processed by BASTION, the purposes of data handling, the duration of the data handling and those authorised to access the data is presented in detail below.
Scope of the data handled:
BASTION only handles personal data voluntarily provided, we do not collect or gather personal data on our own.
The personal data handled by BASTION are the following:
In case you contact our Company:
-
your name;
-
your phone number;
-
your email address;
-
data of the real estate you have been interested in
In case you are engaged in concluding a real estate lease contract or you have entered into such a contract with out Company, then beyond the data above:
-
maiden name of your mother;
-
place and date of birth;
-
your residential address;
-
number of your identification document;
-
data of the real estate rented and its rental fee;
-
you bank account details
The data management objectives are summarized as follows:
Preparation of a real estate lease contract between the clients and BASTION, concluding lease contracts and keeping contact with the contracted clients.
Keeping, supervising and auditing the financial books of the BASTION.
Fulfilling the obligatory data service for official surveys and queries.
Sending of advertising materials via e-mail and/or with telephone inquiries (direct business acquisition) by BASTION.
If a data handling objective is necessary for the validation of legitimate interests of BASTION or a third party, BASTION will make available the weighing test used in determining legitimate interest if a request has been made through any of the above contacts.
BASTION particularly calls the attention to all involved parties that those involved have the right to object, at any time and for reasons connected to their personal situation, to the legitimate interest-based handling of their personal data. In this case, BASTION will cease handling personal data unless it proves that the data handling is justified by such compelling reasons which give it priority over the interests, rights and freedoms of the involved party, or which are connected to the submission, enforcement or protection of legal claims.
If the handling of personal data occurs for direct business acquisition purposes, the involved party has a right to object at any time to the handling of their personal data for this purpose, if it is connected to direct business acquisition. BASTION does not send newsletters or automated messages the direct acquisition is always intended to the recipient with specific offers. If you do not wish to receive such communication, you have to send an email on that to BATION and BASTION shall not send you any business acquisitions as you requested.
If this Policy indicates the limitation period for the satisfaction of requirements as the data handling period, the act interrupting the limitation period extends the data handling period to a new time of limitation.
5. Transfer of personal data to our contracted partners
In addition to the contracted partners separately named in this policy, BASTION uses the below contracted partners for the completion of tasks related to data handling activities.
The contracted partners are summarized as follows:
Corvinus SPV Kft. – company management services;
NIR Bt. – project management;
BALÁZS & BÁCS Law Firm – legal services;
Tower Interconsult Kft. – accounting services;
The Back Office (Lebanon) – auditing, financial supervising;
HRENKÓ Kft. – website development and management;
DENINET Kft. – webhosting and webmail services;
The contracted partner acts as a so-called ‘data processor’: it handles the personal data outlined in this policy on behalf of BASTION. BASTION may only use such data processors which provide adequate guarantees, in particular concerning expertise, reliability and resources, regarding the implementation of technical and organizational measures to ensure compliance with GDPR requirements, including data handling security. The specific tasks and responsibilities of the data processor are specified by the contract between the data processor and BASTION. Following the handling of data on behalf of BASTION, the data processor will return or delete the personal data at BASTION’s decision, unless EU law or that of a member state applicable to the data processor prescribes its storage
6. Cookies used on the https://bastionresidence.hu website
Cookies are used in certain areas of the https://bastionresidence.hu website. The cookies are files that store information on your hard disk or web browser.
Cookies, for example, make it possible for the website to recognize if you have visited previously, or, by allowing us to see which sites you visit and how much time you spend there, help us understand what part of the website is most popular. By studying this, we can better adjust the site to your needs and offer a more varied user experience. With the help of cookies, we can assure that the information displayed on your next visit to the site will meet your expectations (without identifying you personally).
When you visit one of our websites, technical information may be gathered that does not allow you to be personally identified. For example, the name of another website that directed you here, the location from where you accessed the website, and search queries completed on the website. Collecting this information helps us identify the preferred search habits of our website users without using their personal data. Such information is used strictly for internal purposes. Anonymous or general data from which your person cannot be identified does not qualify as personal data and thus does not fall within the scope of this Policy.
You can change the web configuration to either accept cookies, delete all cookies, or receive notification when cookies appear on your machine. Since all web applications are different, we ask that you use the ‘Help’ menu on your browser to adjust your cookie settings. You can find further information on cookies and disabling them at a http://www.youronlinechoices.com/hu/. The https://bastionresidence.hu website was intended to operate with the use of cookies, so disabling them may effect on the functionality of the website, or prevent you from taking advantage of all its benefits.
Google Analytics provides a further option of unsubscribing from the Google Analytics service: http://tools.google.com/dlpage/gaoptout?hl=en-GB.
7. Personal data relating to children and third parties
With the exception of when parental consent is provided, persons under 18 years of age are not permitted to provide any personal data.
By providing personal data, you declare and affirm that you have considered the above and that your legal capacity related to providing personal data is not limited.
If you do not have the right to independently provide personal data, you must acquire the permission of the appropriate third party (i.e. legal representative, guardian, other persons you are representing), or provide another form of a legal basis to do so. In relation to this, you must be able to consider whether the personal data to be provided requires the consent of a third party. To this point, you are responsible for meeting all the necessary requirements, as BASTION may not otherwise come into contact with the data subject and BASTION shall not be liable or bear any responsibility in this regard. Nevertheless, BASTION has the right to check and verify whether the proper legal basis has been provided with relation to the handling of data at all times. For example, if you are representing a third party, we reserve the right to request the proper authorization and/or consent of the party being represented with relation to the matter at hand.
We will do everything in our power to remove all unauthorized information provided and ensure that such information is not forwarded to any third party, or used for our own purposes (advertising or any other activity). We request that you inform us immediately should you become aware that a child or any other third party has provided any personal data of yours that you have not properly authorized them to do so.
8. Data security
Data processed by BASTION is protected by the restrictions applied to the access of information. For example, only those who require it, in the interests of and for the purposes listed previously, have access to the data.
BASTOIN only forwards personal data outside of the EU to the shareholders of the BASTION Residence LLC and to the person assigned to supervise and audit the financial books of the BASTION Residence LLC and only with a limited scope (name of the tenant, data of the real estate rented, rental fee, invoices issued by BASTION) necessary for the supervision by the shareholders, making shareholders’ decisions and supervising the financial books and databases of the BASTION Residence LLC.
9. Your data protection rights and legal options for remediation
Your data protection rights and legal options for remediation are detailed in the relevant provisions of the GDPR (particularly in GDPR articles 15, 16, 17, 18, 19, 20, 21, 22, 77, 78, 79, 80 and 82). The following summary contains the most important provisions, as well as information provided accordingly by BASTION, on your rights and legal options for remediation regarding data handling.
The request for information, legal remedy and other declarations regarding data processing and data protection must be provided in writing – including electronically in some cases. In case your inquiry is not posted from the email address registered by BASTION then BASTION is obliged to ask you to duly confirm your identity.
BASTION will inform you of any measures taken in response to your request without undue delay, but in any case within one month of the arrival of your application for legal remediation (see GDPR articles 15-22). If necessary, taking into account the complexity and number of applications, this deadline can be extended by two additional months. BASTION will inform you within one month of receiving the request of the extension of this deadline by indicating the reasons for the delay. If you submitted your request electronically, you must be informed electronically whenever possible unless otherwise requested.
If BASTION takes no action following your request, you will be informed of the reasons for the failure to act without delay and at most within one month of receipt of your request. You will also be informed that you may submit a complaint with a supervisory authority and exercise your right to judicial redress.
9.1 Access rights
(1) You are entitled to receive a notification from us to indicate that the handling of your personal data is in progress. If data processing is in progress, you are entitled to be provided with access to your personal data and the following information:
a) purpose of the data handling;
b) categories of the data subject’s personal data;
c) recipients or categories of recipients, who have been or will be informed of personal data, particularly third party national recipients and international organizations;
d) where appropriate, the planned period of personal data storage, or if it is not possible to provide this, the criteria for determining such a timeframe;
e) it is your right to request an update, deletion or processing restriction of personal data related to you, as well as to object to such personal data handling;
f) the right to lodge a complaint to the supervisory authority; and
g) if the data was not provided by you, all available information as to the source of such data;
h) automated decisions, including profiling, and at least in these cases, the applied logic and related information, the degree of relevance and expected consequences that these types of data handlings have for you.
(2) If personal data is transferred to a third country, you are entitled to receive notification of such associated applicable guarantees.
(3) A copy of the personal data subject to the data handling shall be made available to you. If your request was made electronically, the information shall be made available in the most commonly used electronic format, unless requested otherwise.
9.2 Right to update
You are entitled to have your information updated without delay or reason at your request. You are entitled to request that any missing or incomplete personal data is updated by making, inter alia, a supplementary declaration.
9.3 Right to deletion (‘right to be forgotten’)
(1) You are entitled to have your information deleted without delay or reason, at your request, if any of the following conditions are met:
a) there is no longer a need for the personal data for the purposes it was gathered for or handled otherwise;
b) you revoke your consent on which the handling is based and there is no other legal basis for the data handling;
c) you object to the data handling, and in the given case there is no overriding legitimate reason for the data handling;
d) the personal data was processed unlawfully;
e) the personal data must be deleted in order to fulfil our obligations under European Union or Member State law; or
f) the collection of personal data was associated with the offering of information society services,
You will find technical regulations related to the deletion of your account in the attached purposes for data handling.
(2) If BASTION disclosed any personal data and is obligated to delete such data based on paragraph (1), BASTION shall, with consideration to available technology and costs associated with carrying them out, take the necessary and expected steps – including technical measures – in the interest of informing those handling the data that the data subject has requested the deletion of links to the personal data in question or copies thereof, as well as further duplication of such personal data.
(3) Paragraphs (1) and (2) are not applicable in so much as the data handling is necessary, among others:
a) for the purposes of exercising the right to freedom of expression and information;
b) for the purposes of fulfilling our obligations relating to personal data handling under European Union or Member State law, as defined therein;
c) for the purposes of archiving in the public interest, scientific and historical research or statistical purposes, in so much as the rights contained in paragraph (1) would seriously threaten such data handling or most likely make it impossible; or
d) for the submission, validation and protection of legal proceedings.
9.4 Right to restrict data handling
(1) You are entitled to request that we restrict data handling if any of the following conditions are met:
a) you dispute the accuracy of the personal data, in which case the restriction is applied for the timeframe that allows for the inspection of the personal data’s accuracy;
b) the data handling is unlawful and you object to the deletion of the data, and instead request its restricted use;
c) we have no further use for the data for the purposes of data handling, but you request them for the submission, validation and defense of your legal claims; or
d) you objected to the data handling; in which case, the restriction applies to the time period required to determine whether BASTION’s legitimate reasons take precedence over those of the data subject.
(2) If data handling is subject to a restriction based on paragraph (1), such personal data, with the exception of storage, can only be processed with your consent, or for the submission, validation and defense of your legal claims, or in the interests of protecting the rights of other natural or legal persons, or in the important public interest of the European Union or a Member State.
(3) We shall inform you prior to the lifting of the data handling restriction.
9.5 Notification obligation related to the updating, deleting and data handling restriction of personal data
BASTION shall communicate any updates, deletion or data handling restriction to those recipients to whom the data have been disclosed, unless this proves to be impossible or requires excessive resources. We shall inform you of the recipients upon your request.
9.6 Right to data portability
(1) You are entitled to receive personal data applicable to you and made available to us, in an articulate, commonly used, machine-readable format, furthermore, you are entitled to forward these data to another data processor without obstruction from BASTION, if:
a) data handling is based on consent or a contractual agreement; and
b) data handling takes place through automated means.
(2) In exercising the right of data portability according to paragraph (1), you are entitled to – if technically possible – request the direct transmission of personal data between data controllers.
9.7 Right to object
(1) You have the right to object, on grounds relating to your own situation, to the handling of personal data based on a legitimate interest, including profiling. In such a case, we shall not further process your personal data, unless we demonstrate compelling legitimate grounds for handling that takes precedence over your interests, rights and freedoms or relates to the submission, validation and defense of legal claims.
(2) If the personal data is processed for the purposes of direct marketing, you have the right to object, at any time, to the handling of personal data relating to you in the interest of such.
(3) If you object to the handling of personal data for the purposes of direct marketing, the personal data can no longer be processed for this purpose.
(4) You may also exercise your right to object through automated means, based on technical specifications, relating to the use of information society services and notwithstanding Directive 2002/58/EC of the European Parliament.
(5) If the handling of personal data is for the purpose of scientific or historical research or for statistical purposes, you have the right to object, on grounds relating to your own situation, to the handling of personal data, unless the handling of data is necessary for the performance of tasks carried out in the public interest.
9.8 Right to lodge a complaint to the supervisory authority
You are entitled to lodge a complaint to a supervisory authority – particularly in your habitual residence, place of work or the Member State of the alleged infringement – if, according to your assessment, the handling of personal data related to you infringes your rights under the GDPR. The competent supervisory authority in Hungary is: National Authority on Data Protection and Freedom of Data (http://naih.hu/; 1530 Budapest, Pf.: 5.; Tel.: +36 1 391 1400; fax: +36 1 391 1410; e-mail: ugyfelszolgalat@naih.hu).
9.9 Right to an effective judicial remedy against a supervisory authority
(1) You are entitled to an effective judicial remedy against the supervisory authority’s legally binding decision applicable to you.
(2) You are entitled to an effective judicial remedy if the competent supervisory authority does not respond to the complaint, or does not inform you within three months on the progress or outcome of the proceedings related to the lodged complaint.
(3) Proceedings against a supervisory authority shall be brought before the courts of the Member State where the supervisory authority is established.
9.10 Right to effective judicial remedy against the data controller or processor
(1) You are entitled to an effective judicial remedy if, according to your assessment, the handling of personal data was improperly processed as per the GDPR and, as a result, infringes your rights under the GDPR.
(2) The proceeding must be initiated against the data controller or the data processor before the courts of the Member State where the data controller or data processor has its principal place of business. Such proceedings may be initiated before the courts of the Member State of the data subject’s usual place of residence. In Hungary, such a proceeding falls under the jurisdiction of the court. The subject may initiate the proceeding before the court applicable to the place of residence or domicile as the subject chooses. You can find out more about the jurisdiction and contact details of the court at the following website: www.birosag.hu.