Privacy Notice

Effective as of: 25 May 2018

 

Infogroup Management Beruházó és Szolgáltató Korlátolt Felelősségű Társaság (hereinafter: Company, Employer or Controller) as the management company of Infogroup Csoport[1] (hereinafter: Infogroup Csoport or Group) sets out the principles and practices relating to processing of personal data below, in accordance with the provisions of the General Data Protection Regulation[2] (hereinafter: GDPR or Regulation). The Company decides to strive to unify – as far as possible and in relation to the special features of each member company – the data processing done by Infogroup Csoport, in general and in respect to its processes, as follows. Present Privacy Notice (hereinafter: Privacy Notice or Notice) lays down rules on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

Controller: Infogroup Management Beruházó és Szolgáltató Korlátolt Felelősségű Társaság, head office: 1115 Budapest, Bartók Béla út 105-113., Cg.01-09-263918. Email: adatvedelem@infogroup.hu

  1. Scope

        1.1   Personal scope

The Notice generally covers all members of Infogroup Csoport, all senior managers and employees of Infogroup Csoport, and all other third parties (e.g. trustees) in other work-related legal relationship with Infogroup Csoport who have a contractual relationship with any member of Infogroup Csoport on basis of which any member company of Infogroup Group processes personal data in connection therewith.

Persons subject to the Notice shall comply with it.

       1.2   Territorial scope

The following rules shall apply to the processing by the Company of personal data of data subjects who are in the European Union.

       1.3  Temporal scope

The Notice enters into force on 25 May 2018 and shall remain in force until its withdrawal by the Company as management company.

 

  1. Fundamental principles

2.1   In the Notice and in its general data management practices the Company shall at all times take into account the rules and obligations concerning the processing of personal data processed by it on the basis of employment relationship with its employees or any other work-related legal relationship with the Company[3] (hereinafter: employee or employment relationship).

2.2   The Company undertakes to process personal data lawfully, fairly and in a transparent manner in relation to the data subject (lawfulness, fairness and transparency).

2.3  The Company acknowledges that personal data may only be collected for specified, explicit and legitimate purposes and undertakes not to further process these in a manner that is incompatible with those purposes (purpose limitation).

2.4   The Company undertakes to process personal data that is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimisation).

2.5  The Company undertakes to keep the personal data accurate and, where necessary, up to date and to take every reasonable step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (accuracy).

2.6   The Company undertakes to keep personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (storage limitation).

2.7    The Company undertakes to process personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (integrity and confidentiality).

2.8   The Company undertakes to comply with and is able to demonstrate compliance with the above principles (accountability).

  1.  Data processing in connection with employment relationship

3.1   General principles

The Company strives to act in accordance with the principles of necessity and proportionality in its data processing in relation to employment relationship.

The Company basically distinguishes between three phases of data processing in relation to employment relationship:

  • data processing prior to the establishment of the employment relationship (recruitment),
  • data processing during the employment relationship, and
  • data processing following the termination of the employment relationship.

3.2   The employee may only be required to provide information that does not infringe his or her right to privacy and is relevant to the establishment, performance or termination of the employment relationship.

3.3   Recruitment procedure (job application process)

If you apply for a position advertised by the Company, please send your application file to the following email address: hr@infogroup.hu. The Company seeks to provide information on the relevant data protection provisions to the applicant through this Notice. The Company expressly asks the applicant to familiarize themselves, as a first step, with the data protection provisions of the recruitment process and to comply with them during the application.

In particular, please do not include the following data in your application, as they are subject to different data processing rules: data concerning racial or ethnic origin, political opinion, religion or beliefs, trade union membership, genetic and biometric data for unique identification, data concerning health status and sex life or sexual orientation.

There will be no medical fitness examination during the recruitment process.

Categories of data subjects: Applicants for a position advertised by the Company or those sending their application to the Company for employment purposes without an advertised position.
Scope of personal data processed: Name, address, email address, telephone number, previous jobs, studies, data concerning qualifications and skills, languages spoken and, where applicable, personal data communicated by motivation letter.
Legal grounds for processing data: Consent of the applicant or in order to establish an employment relationship (employment contract).
The purpose of the processing: To apply for the position; to establish an employment relationship.
Duration of data processing: The application file will be deleted / destroyed on the last day of the calendar semester following the submission of the application file.
Potential recipients: The person responsible for personnel management within the Company and within the Group.
Information on the rights of data subjects: See Chapter 10: Rights of data subjects

(Please, read carefully!)

 

The Company processes the application file sent to it only in connection with the position applied for. The Company will respond to your application in all cases. If, in the event of an unsuccessful application, you would like our Company to contact you in the future about similar positions, please let us know expressly after receiving our feedback. In this case, we will store your application file for 1 year from its reception.

In case the applicant fails to provide data or withdraws their consent, they will no longer be able to participate in the tender.

  1. Conclusion and performance of contract
Categories of data subjects: Potential contractual partners; contractual partners following the conclusion of contract.
Scope of personal data processed: Name, email address, company name (if applicable), fixed and mobile phone numbers of the data subject, in the case of private tenants (e.g. when renting a parking space) place and date of birth, mother’s name, ID number, tax identification number.
Legal grounds for processing data: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
The purpose of the processing: Entering into and performance of contracts.
Duration of data processing: During the term of the contract and thereafter

–       the period of time within which it may be necessary for the establishment, exercise or defence of legal claims against the Group, or

–       on the basis of compliance with a legal obligation (retention period).

Potential recipients: The Company may disclose the personal data of the data subjects to the members of the Group.
Information on the rights of data subjects: See Chapter 10: Rights of data subjects

(Please, read carefully!)

 

  1. Sending marketing materials and newsletters
Categories of data subjects: 1.     Professional newsletter database:

Office real estate professionals and senior executives of agencies operating in the Hungarian market, journalists and relevant employees of professional platforms.

 

2.     Tenant newsletter database:

This will be sent to managers and contact persons competent in office leasing issues of potential companies in terms of leasing buildings.

Scope of personal data processed: Name, email address, company name (if applicable), fixed and / or mobile phone number of the data subject.
Legal grounds for processing data: The express written consent of the data subject e.g. during the conclusion of the contract, the Company provides the opportunity to expressly consent to the sending of newsletters.

In addition, the Group also provides the opportunity to subscribe to the newsletter on some of its websites.

The purpose of the processing: Sending newsletters with the following content:

 

1. Professional newsletter:

Providing information about company news concerning the Group, the current events of the constructions of Bartók Court, the latest news about the leasing, informing the real estate market experts about it.

 

2.     Tenant newsletter:

Compared to the Professional Newsletter, it is more general, can include any interesting, attention-grabbing news concerning Bartók Court. The aim is to promote leasing by generating direct interest. Within 2 weeks of sending out the newsletter, as a kind of follow-up, subscribers to the newsletter will be contacted by phone and asked for their opinion on the content sent.

 

You can unsubscribe from the newsletter by clicking on the link provided by email or by sending a letter to the email addressadatvedelem@infogroup.hu, and also in the course of a telephone inquiry. In this case, the Group will no longer send marketing content or newsletters.

Duration of data processing: Until withdrawal of consent.
Potential recipients: The Group can disclose the personal data of the data subjects to the employees responsible for marketing activities of the members of the Group.
Information on the rights of data subjects: See Chapter 10: Rights of data subjects

(Please, read carefully!)

 

  1. Organizing events
Categories of data subjects: Business partners, co-investors, banks, contractors who are interested in the events organized by the Group.
Scope of personal data processed: Name, email address, company name (if applicable), fixed and / or mobile phone number of the data subject.
Legal grounds for processing data: Express written consent of the data subject.
The purpose of the processing: Inviting to the Group’s events those who have a close partnership, business or investor relationship with the Group.
Duration of data processing: Until withdrawal of consent.
Potential recipients: The Group can disclose the personal data of the data subjects to the employees responsible for marketing activities of the members of the Group.
Information on the rights of data subjects: See Chapter 10: Rights of data subjects

(Please, read carefully!)

  • Press list
Categories of data subjects: Partners from the professional online media who, on their websites, cover the activities of the Group as activities belonging to their profile.
Scope of personal data processed: Name, email address, company name (if applicable), fixed and / or mobile phone number of the data subject.
Legal grounds for processing data: Express written consent of the data subject.
The purpose of the processing: To provide the real estate industry with relevant news about the Group.
Duration of data processing: Until withdrawal of consent.
Potential recipients: The Group can disclose the personal data of the data subjects to the employees responsible for marketing activities of the members of the Group.
Information on the rights of data subjects: See Chapter 10: Rights of data subjects

(Please, read carefully!)

 

  • Social media
Categories of data subjects: Employees, senior executives.
Scope of personal data processed: Name and picture of the data subject.
Legal grounds for processing data: Consent of the data subject.
The purpose of the processing: To keep in contact with the Company’s followers through social media, to present the charitable and other social activities and programs of the Group.
Duration of data processing: Until withdrawal of consent.
Potential recipients: The Group can disclose the personal data of the data subjects to the employees responsible for marketing activities of the members of the Group.
Information on the rights of data subjects: See Chapter 10: Rights of data subjects

(Please, read carefully!)

 

  1. Processors

The list of the Company’s data processors – with the indication of their functions – is annexed to this Notice and is available at the following link: http://infogroup.hu/en/data-protection/

 

.

  1. Rights of data subjects

10.1   If you feel that the Company’s data processing is unlawful or you wish to make a comment or remark in this regard, please indicate your request or complaint to the Company’s data protection officer, who will strive to deal with the problem as soon as possible.

10.2   The above applications can be submitted

10.2.1   electronically, by sending them to the following email address: adatvedelem@infogroup.hu;

10.2.2.   by post to the Company’s address (1419 Budapest. P.O. Box 235.);

10.2.3.   in person to the Data Protection Officer or, in their absence, to the person responsible for personnel management.

10.3   The Company should compensate any damage which a data subject may suffer as a result of the unlawful handling of the data of the data subject or the violation of the data security requirements.

10.4   The data subject may request from the Company access to and rectification or erasure of personal data or restriction of processing concerning the data subject and may object to processing as well as exercise the right to data portability.

10.5   Right of access by the data subject

10.5.1   The data subject shall have the right to obtain from the Company confirmation as to whether or not personal data concerning them are being processed. Where that is the case, the data subject shall have the right to access the personal data.

10.6   The data subject’s right to rectification

10.6.1   The data subject shall have the right to obtain from the Company without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

10.7   The data subject’s right to erasure

10.7.1   The data subject shall have the right to obtain from the Company the erasure of personal data concerning them without undue delay and the Company shall have the obligation to erase personal data without undue delay where:

10.7.1.1   the personal data are no longer necessary;

10.7.1.2   the data subject objects to the processing and there are no overriding legitimate grounds for the processing;

10.7.1.3   the personal data have been unlawfully processed, or

10.7.1.4   the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Company is subject.

10.8   Right to restriction of processing

10.8.1   The data subject shall have the right to obtain from the Company restriction of processing where:

10.8.1.1   the accuracy of the personal data is contested by the data subject, for a period enabling the Company to verify the accuracy of the personal data;

10.8.1.2   the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

10.8.1.3   the Company no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or

10.8.1.4   the data subject has objected to processing pending the verification whether the legitimate grounds of the Company override those of the data subject.

10.9   Notification obligation regarding rectification or erasure of personal data or restriction of processing

10.9.1   The Company shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The Company shall inform the data subject about those recipients if the data subject requests it.

10.10   Right to data portability

10.10.1 The data subject shall have the right to receive the personal data concerning them, which they have provided to the Company, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Company, where:

10.10.1.1   the processing is based on a contract (e.g. employment contract) pursuant to point (b) of Article 6(1); and

10.10.1.2   the processing is carried out by automated means.

10.10.2   In exercising his or her right to data portability, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

10.11   Right to object

10.11.1   The data subject shall have the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on point (f) (legitimate interest) of Article 6(1), including profiling based on those provisions. The Company shall no longer process the personal data unless the Company demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

10.12   Automated individual decision-making, profiling

10.12.1   The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. However, this shall not apply if the decision:

10.12.1.1   is authorised by Union or Member State law to which the Company is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests;

10.12.1.2   is necessary for entering into, or performance of, a contract between the data subject and the Company. In the latter case, the data subject has the right to obtain human intervention on the part of the Company, to express their point of view and to contest the decision.

10.13   The detailed rules of the rights of the data subject can be found in § 14-19 of the Privacy Act.

10.14   The Company shall provide information on action taken on a request to the data subject within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests, but the Company shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay.

10.15   If the Company does not take action on the request of the data subject, it shall inform the data subject within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with the National Authority for Data Protection and Freedom of Information (NAIH) and seeking a judicial remedy.

10.16   Where the data subject makes the request by electronic form means, the information shall be provided by electronic means, unless otherwise requested by the data subject.

10.17   Information provided and any communication and any actions taken under this Notice is provided free of charge by the Company. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the Company may either:

10.17.1   charge a reasonable fee, or

10.17.2   refuse to act on the request.

10.18   Where the Company has reasonable doubts concerning the identity of the natural person making the request, it may request the provision of additional information necessary to confirm the identity of the data subject.

 

  1. Remedies

11.1   The data subject may file a complaint against the Company’s data processing with the National Authority for Data Protection and Freedom of Information at the following contact details:

H-1125 Budapest, Szilágyi Erzsébet fasor 22/c

Tel.: +36 (1) 391 1400

Fax: +36 (1) 391 1410

Email: ugyfelszolgalat@naih.hu

11.2   In the event of prejudiced rights, the data subject may bring an action against the Company before the court. In such a case the court shall act out of turn.

 

  • Final provisions

The Policy will enter into force on 25 May 2018 and is published on the Company’s website (www.infogroup/adatvedelem).

 

[1] Infogroup Cégcsoport means all companies and all their present and future affiliates, of which dr. István Székely and / or Ádám Székely and / or dr. Attila Székely is a member of and / or all companies directly or indirectly controlled by one of them.

[2] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC

[3] trustee under a special-order contract etc.