PRIVACY STATEMENT


Introduction

GYÖNGYTÓ Ltd. (Company Registration Number: 10-09-025695; Tax Identification Number: 11174998-2-10; registered seat: residential area of Ecséd, 3013; topographical number: 2002; hereinafter referred to as Service Provider, Data Controller) hereby issues the following Privacy Statement.

As pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as GDPR), we publish the following statement.

This Privacy Statement is available on the following website:
https://vizifalu.com/en/adatvedelem/adatvedelem.pdf

Amendments to this Privacy Statement shall enter into force upon publication on the above-mentioned website.

The Data Controller and its contact information:

Name: GYÖNGYTÓ Service Provider and Commercial Limited Liability Company (GYÖNGYTÓ Szolgáltató és Kereskedelmi Korlátolt Felelősségű Társaság)

Registered seat: residential area of Ecséd, 3013, topographical number: 2002

Company registration number: 10-09-025695

Tax identification number: 11174998-2-10

E-mail: ecsedito@ecsedito.hu

Web: vizifalu.com

Phone: +36-30-565-8923

Contact information of the Data Protection Officer:

The Data Controller hereby declares that its operation does not fall under the cases defined in Section 1 of Article 37 of the GDPR, therefore no Data Protection Officer shall be designated.

Definitions:

1. „personal data”: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

2. „data processing”: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

3. „data controller”: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

4. „data processor”: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

5 „recipient”: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

6 „consent of the data subject”: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

7 „personal data breach”: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Principles of personal date processing

Personal data shall be:

  • processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);

  • collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);

  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);

  • accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);

  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);

  • processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

The controller shall be responsible for and be able to demonstrate compliance with the above detailed principles (‘accountability’).

Data processing

Reservation services

1. The fact of data processing, types of personal data processed and purpose of data processing:

Personal data Purpose of data processing
Name Communication
Phone number Communication
E-mail address Communication

2. Data subjects affected: All persons sending a message through the electronic form "APPOINTMENT REQUEST, LOCATION VIEW" available on the website.

3. Duration of data processing and deadline for data erasure: The data processing lasts until the erasure request of the data subject. Personal data are immediately erased with the erasure of the electronic message. As pursuant to Article 19 of the GDPR, the data subject is notified about the erasure of his/her personal data electronically by the data controller. In case the request of the data subject concerns his/her email address, the data controller shall also erase it after the notification of the data subject.

4. Identity of potential data controllers and recipients of personal data: Personal data may be processed by the data controller’s authorized colleagues, pursuant to the principles of this Privacy Statement.

5. The data subject’s rights regarding data processing:

  • The data subject may request access to, rectification and erasure of his/her personal data as well as restriction of the processing of his/her personal data; and

  • may object to the processing of such personal data; and

  • the data subject has the right to data portability and the right to withdraw his/her consent at all times.

6. Access to, erasure and modification of personal data; restriction of the processing of personal data; portability of personal data and objection to the processing of personal data may be initiated in the following ways:

  • by post: residential area of Ecséd, 3013, topographical number: 2002;

  • via email: ecsedito@ecsedito.hu;

  • over the phone: +36-30-565-8923

7. Legal basis for data processing: consent of the data subject; Subsection (a) of Section 1 of Article 6.

8. We inform you that

  • the data processing is based on your consent.

Use of cookies

System cookies

1. It is not required to ask data subjects for their consent to use “system cookies”, that is "secure cookies" and "technical or session cookies".

  • The fact of data processing, types of data affected: unique identifiers, dates, times and all types of data indispensable for the systemic operation of the website.

  • Data subjects affected: all data subjects who visit the website.

  • Purpose of data processing: identification of users and keeping track of visitors.

  • Duration of data processing, deadline for erasure of data:

Type of cookie Legal basis for data processing Duration of data processing
System / Session cookies

Balance_IDmp
Subsection 3 of Section 13/A of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services The period lasting until the end of the relevant visitor session
System / Tachnical cookie

cookie-consent-settings
Subsection 3 of Section 13/A of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services The period lasting for a year as of the creation of the cookie

2. Identity of potential data controllers entitled to access the data: The data controller does not process personal data with the use of cookies.

3. The data subject’s rights regarding data processing: The data subjects affected have the right to delete and block cookies in their browsers within Settings, usually under option ‘Privacy’.

4. Legal basis for data processing: The consent of the data subject is not required if the sole purpose of the use of cookies is the transmission of communications via an electronic communications network or the provision of an information society service expressly requested by the user.

Statistics sütik

Statistics cookies are third party cookies the use of which requires the prior consent of the data subjects affected.

1. The use of Google Analytics

The data controller uses Google Analytics, the web analyser service of Google Inc. (Google), on its website on condition that the user gives his/her prior consent. Google Analytics uses third party cookies, which are stored in the browser of the User, so as to support the analysis of the use of the website visited by the User.

Google Analytics is the analyser service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google").

The User can block the storage of cookies with the relevant settings of the browser, however, we would like to emphasize that in this case, not all functions of the website are entirely available. Furthermore, the User can prevent Google from processing data regarding the use of the website collected by cookies by the browser plug-in available vie the following link: https://tools.google.com/dlpage/gaoptout?hl=en

For further information and the Privacy Statement of Google, please visit the following website: https://policies.google.com/privacy?gl=en

Marketing cookies

Marketing cookies are third party cookies the use of which requires the prior consent of the data subjects affected.

1. The use of Google Adwords conversion tracking

The data controller uses the “Google Ads’ marketing programme and its conversion tracking service, which saves third party cookies in the browser, on condition that the User gives his/her prior consent.

Google conversion tracking is the analyser service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google").

If you do not wish to participate in conversion tracking, do not consent to the use of marketing cookies in the pop-up window under Settings (do not tick the Use of Marketing Cookies) upon the first visit of the website. You can reject these cookies at all times if you block the installation of the cookies or you can delete them.

For further information and the Privacy Statement of Google, please visit the following website: https://policies.google.com/privacy?gl=en

2. Use of Meta Ads-Manager

The data controller uses the Meta Ads-Manager marketing programme on its website as well as the advertising, retargeting and conversion tracking services of Facebook on condition that the User gives his/her prior consent. These programmes and services save third party cookies in your browser. Meta Ads is the analyser service of Meta Platforms Ireland Limited (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland).

If you do not wish to participate in conversion tracking, do not consent to the use of marketing cookies in the pop-up window under Settings (do not tick the Use of Marketing Cookies) upon the first visit of the website. You can reject these cookies at all times if you block the installation of the cookies or you can delete them.

For further information and the Privacy Statement of Meta Platforms Ireland Ltd., please visit the following website: https://www.facebook.com/privacy/policy

Complaint handling

1. The fact of data processing, types of personal data processed and purpose of data processing:

Personal data Purpose of data processing
First and surname Identification, communication
Phone number Communication
E-mail address Communication

2. Data subjects affected: All persons sending an electronic message or filing a complaint through the website.

3. Duration of data processing and deadline for data erasure: As pursuant to Subsection 7 of Section 17/A of Act CLV of 1997 on the Hungarian Authority for Consumer Protection, the copies of the complaint record, its transcript and the answers must be retained for 5 years.

4. Identity of potential data controllers entitled to access the data, recipients of personal data: Personal data may be processed by the data controller's sales and marketing staff, pursuant to the principles of this Privacy Statement.

5. The data subject’s rights regarding data processing:

The data subject may request access to, rectification and erasure of his/her personal data as well as restriction of the processing of his/her personal data, and may object to the processing of such personal data, and the data subject has the right to data portability and the right to withdraw his/her consent at all times.

6. Access to, erasure and modification of personal data; restriction of the processing of personal data; portability of personal data and objection to the processing of personal data may be initiated in the following ways:

  • by post: residential area of Ecséd, 3013, topographical number: 2002;

  • via email: ecsedito@ecsedito.hu;

  • over the phone: +36-30-565-8923

7. Legal basis for data processing: consent of the data subject; Subsection (a) of Section 1 of Article 6; Subsection 1 of Section 5 of the Privacy Act; and Subsection 7 of Section 17/A of Act CLV of 1997 on the Hungarian Authority for Consumer Protection.

8. We inform you that

  • provision of personal data is based on contractual obligation

  • you are obligated to provide your personal data so that we can handle your complaint

  • the consequence of failing to provide personal data is that we cannot handle your complaint.

Customer relations and other types of data processing

1. Should the data subject want to make inquires about the service provided by the data controller or have any kind of problems, he/she can contact the data controller as detailed on the website (phone, email, social networking sites etc.).

2. The data controller erases the inquirer’s personal data, including his/her name and email address as well as other voluntarily provided personal data received in emails, messages, over the phone, via Facebook etc. within 2 years of the provision of the personal data.

3. We provide information on data processing not listed in this Privacy Statement upon recording the data

4. In the event of a particular inquiry of an authority or other authorized bodies, the Service Provider is obligated to provide information, disclose and hand over data as well as to provide the required documents.

5. In this case, the Service Provider only discloses personal data to the extent that is necessary for fulfilling the purpose of the inquiry provided that the inquirer indicates the exact purpose of the inquiry and the scope of the data affected.

Rights of the data subject

1. Right of access by the data subject

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him/her are being processed, and, where that is the case, access to the personal data and the information listed in the Regulation.

2. Right to rectification

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him/her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

3. Right to erasure

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him/her without undue delay and the controller shall have the obligation to erase personal data without undue delay under certain conditions.

4. Right to be forgotten

Where the controller has made the personal data public and is obligated to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

5. Right to restriction of processing

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

  • the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;

  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

  • the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

  • the data subject has objected to data processing; in this case the restriction is effective for the period of time necessary to verify whether the legitimate grounds of the data controller override those of the data subject.

6. Right to data portability

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (...)

7. Right to object

The data subject shall have the right to object, on grounds relating to his/her particular situation, at any time to processing of personal data concerning him/her which is based on the above-mentioned points, including profiling based on those provisions.

8. Automated individual decision-making, including profiling

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him/her or similarly significantly affects him/her.

The previous paragraph shall not apply if the decision:

  • is necessary for entering into, or performance of, a contract between the data subject and a data controller;

  • is authorised by Union or Member State law to which the controller is subject, and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or

  • is based on the data subject's explicit consent.

Deadline for action

The controller shall, without undue delay, but in any case, within 1 month of the receipt of the request, inform the data subject of the action taken on the above requests.

In case it is necessary, it can be extended by 2 months. The data controller shall inform the data subject of the extension of the deadline, indicating the reasons for the delay, within 1 month from the receipt of the request.

In case the controller does not take action upon the data subject’s request, it will inform the data subject without undue delay, but within one month of the receipt of the request, of the reasons for the non-action and of the fact that you can file a complaint with a supervisory authority and obtain a judicial remedy.

Security of data processing

The data controller and the data processor shall take appropriate technical and organizational measures, taking account of the state of science and technology and the costs of implementation, as well as the nature, scope, circumstances and purposes of the processing and the varying likelihood and severity of the risk to individuals' rights and freedoms, to guarantee a level of data security appropriate to the degree of risk, including, inter alia, where appropriate:

  • Pseudonymization and encryption of personal information;

  • Ensuring the continued confidentiality, integrity, availability and resilience of systems and services used to process personal data;

  • In the event of a physical or technical incident, the ability to restore access to and availability of personal data in a timely manner;

  • A procedure for regular testing, assessment and evaluation of the effectiveness of the technical and organizational measures taken to ensure the security of data management.

Informing the data subject about a data protection incident

If the data protection incident is likely to pose a high risk to the rights and freedoms of natural persons, the controller shall inform the data subject of the data protection incident without undue delay.

The information provided to the data subject shall clearly and intelligibly describe the nature of the data protection incident and the name and contact details of the data protection officer or other contact persons who can provide further information; the likely consequences of the data protection incident must be described; a description of the measures taken or planned by the controller to remedy the data protection incident, including, where appropriate, measures to mitigate any adverse consequences arising from the data protection incident.

The data subject need not be informed if any of the following conditions are met:

  • The controller has implemented appropriate technical and organizational protection measures and these measures have been applied to the data affected by the data protection incident, in particular those measures, such as the use of encryption, which make the data incomprehensible to unauthorized persons.

  • Following the data protection incident, the controller has taken further measures to ensure that the high risk to the data subject's rights and freedoms not be likely to materialize any longer;

  • Provision of information would require disproportionate effort. In this case, the data subject shall be informed through publicly available information or a similar measure shall be taken to ensure that the data subject be informed in an equally effective manner

In case the data controller has not informed the data subject of the data protection incident, the supervisory authority, after examining whether the data protection incident is likely to pose a high risk, might command the data controller to inform the data subjects.

Complaints

The data subject may file a complaint about potential offences with the Hungarian National Authority for Data Protection and Freedom of Information.

Hungarian National Authority for Data Protection and Freedom of Information

9-11 Falk Miksa street, Budapest 1055

Postal address: Mailbox 9, Budapest, 1363

Phone: +36 -1-391-1400

Fax: +36-1-391-1410

E-mail: ugyfelszolgalat@naih.hu, dpo@naih.hu

Online administration service: https://naih.hu/online-ugyinditas

Closing remarks

This Privacy Statement is based on the following legislative acts:

- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

- Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter referred to as ‘Privacy Act’)

- Act CVIII of 2001 on certain aspects of electronic commerce services and information society services (especially Section 13/A)

- Act XLVII of 2008 on the Prohibition of Unfair Business-to-Consumer Commercial Practices

- Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (especially Section 6)

- Act XC of 2005 on Electronic Freedom of Information

- Act C of 2003 on Electronic Communications (especially Section 155)

- Opinion no. 16/2011 on EASA/IAB Best Practice Recommendation on Online Behavioural Advertising

- Recommendation of the Hungarian National Authority for Data Protection and Freedom of Information on the Data Protection Requirements of Prior Provision of Information

Ecséd, 7 July 2022.

Vízifalu

Eladó közvetlen vízparti ingatlanok, cölöpházak saját partrésszel egy varászlatos környezetben, csodaszép helyen, az ecsédi tó partján.

Amennyiben felkeltettük érdeklődését, forduljon hozzánk bizalommal a feltüntetett elérhetőségeinken!

Kapcsolat