General Data Processing and Data Protection Notice for the use of the our websites.
I. Aim and scope of the notice
The aim of the present notice is that the operators of the website as controllers (hereinafter referred to as: Controllers) inform the visitors and users of the website about the data processing related to the website.
The Controllers respect the safety of the data of the website visitors and users, and regard the provisions of the present data processing notice (“Notice”) as being compulsory for them. The Controllers engage themselves to process the Personal data that were obtained while operating the website available at the web addresses defined in Chapter III (hereinafter referred to as: “Website”) in accordance with the provisions of the present Notice and the relevant laws.
The aim of the present Notice is to define the order of Processing related to the operation of the Website and to ensure the rule of law in the Processing and the regulation of Processing related to that as well as the realisation of the data safety requirements. The Notice applies to Processing at the Website and the cases of Processing when you contact the Controllers via the Website or using the Website.
The Notice was written in accordance with the effective data protection laws (Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR); Act CXII of 2011 on information self-determination and freedom of information).
The Controllers are entitled to unilaterally modify the present Notice and the information on the use of the Website from time to time because of the various updates, without prior notice.
II. Addresses of the Website and identity of the Controllers
In the case of the websites available at the following domain names:
The aim and rules of the data processing are defined by All4buildings Kft. (hereinafter referred to as Controller).
Controller: All4buildings Kft. (seat: 2040 Budaörs, Őszirózsa utca 7., company register number: 13-09-194516)
The address of the Controller: email@example.com
Data management: the performance of technical tasks related to the data processing operations, irrespectively of the methods and tools used for the operations and the place of use, provided that the technical task is performed on the data;
Processor: a natural or legal person or an organisation without legal personality who or which manages personal data on the basis of a contact – including contracts concluded based on legal provisions;
Processing: irrespectively of the applied procedure, any operation or set of operations which are performed on the personal data, such as (but not exclusively): collection, gathering, recording, organisation, storage, alteration, use, retrieval, transmission, disclosure, alignment or combination, blocking, erasure or destruction as well as the prevention of further use of the personal data, capture of photographs, audio or video recordings or the recording of physical properties enabling the identification of the person (e.g. fingerprint, palm prints, DNA sample);
Controller: a natural or legal person or an organisation without legal personality which, alone or jointly with others, determines the purpose of the processing of the personal data, makes and implements the decisions regarding Processing (including the applied means) or makes the Processor do so;
Data transfer: the disclosure of the personal data for a specific third party;
Data subject: a natural person who is specified, or is identified or – directly or indirectly – identifiable based on personal data;
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
Privacy Act: Act CXII of 2011 on information self-determination and freedom of information;
Third party: a natural or legal person or an organisation without legal personality other than the data subject, the Controller or the Processor;
Authority: the Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság; NAIH) which was created in accordance with the provisions of the Fundamental Law for the protection of the information self-determination right, the freedom of information and the personal data and for the rightful availability of the data that are of public interest or are public because of public interest, the task of which authority is the control and help of the exercise of these rights.
Consent: a freely given, specific, informed and unambiguous indication of the Data subject’s wishes by which the data subject signifies agreement to the – comprehensive or partial – processing of the personal data related to him or her;
Personal data: any data or information based on which a natural person (Data subject) becomes indirectly or directly identifiable;
Service: the service(s) operated and provided by the Controllers that is (are) available on the Website.
IV. Principles of processing
The Controllers process the Personal data in accordance with the principles of good faith, integrity and transparency, and the provisions of the effective laws and the present Notice.
The Controllers use the Personal data that are indispensable to the use of the Website on the basis of the Data subject’s consent, exclusively in connection with a purpose.
The Controllers only process the Personal data for the purpose determined in the present Notice and the relevant laws. The scope of the processed Personal data is proportional to the purpose of Processing and may not exceed that.
In all cases when the Controllers wish to use the Personal data for a purpose other than the original purpose of data collection, they inform the Data subject about this in advance, obtain the Data subject’s prior explicit written consent and provide an opportunity to ban the use.
The Controllers do not check the Personal data provided by the Website visitors and users; only the person entering the data is liable for their correctness.
The Controllers ensure the safety of the Personal data, do the technical and organisational measures and create the procedure rules ensuring that the recorded, stored or processed data are protected, and preventing the accidental loss, unlawful destruction, unauthorized access, use, alteration or dissemination of the data. The Controllers ask every third party who receives Personal data from the Controllers to fulfil this obligation.
V. Purpose of Processing
The Controllers process data for the following purposes: provision of online content; identification of the Website visitors and users; contact maintenance with them; identification of the Services that can be used by them; preparation of statistics and analyses; protection of the rights of the visitors and users; exercise of the Controllers’ legitimate interests; technical improvement of the IT system.
Furthermore, the Controllers use the Personal data for the achievement of the following purposes:
effective provision of the Service,
identification of the registered users,
settlement of disputes related to the use of the Service,
informing registered users about the operation of the Service (for example technical messages, information about the modification of the Service, etc.),
solving operational problems,
search for new employees,
search for calls for tenders,
direct marketing; the Controllers only perform this activity on the basis of a prior consent to data processing of this kind, during the specified period or until the consent is revoked,
sending of electronic newsletters that promote the Controllers’ services, promotions and professional materials, blog notifications, other advertisement messages, business policy-related letters or any digital attachment or downloadable file included in the above (hereinafter jointly referred to as: “Newsletter”) if the Data subject has given explicit consent to this, during the specified period or until the consent is revoked. Upon subscribing to the newsletter, the Data subject explicitly consents to the reception of messages with direct marketing purposes. The processing of the personal data is based on the voluntary consent of the Data subject being familiar with the present notification.
VI. Legal basis of Processing
The legal basis for processing the Personal data is the Data subject’s voluntary, informed, prior Consent. The Data subject has to right to revoke his or her Consent anytime. The revocation does not affect the legality of the Processing before the revocation.
By providing the specific Personal data while using the Website, you declare that you have become familiar with the present Notice in its version being effective when the data was provided, and you give your voluntary, explicit consent to the use of the Personal data provided by you or the Personal data generated about you. You may provide Personal data in accordance with the relevant data protection laws, and you warrant that you have an appropriate and informed Consent for the provision of the information.
The Controllers record the IP address of the Website visitors upon accessing the Website without the Data subject’s separately indicated Consent, in connection with the provision of the Service, considering the Controllers’ legitimate interest, for the rightful provision of the Service.
The legal basis for Processing during or related to content provision can be, beside the Data subject’s voluntary consent, the Controllers’ significant legitimate interest and the provision of the basic rights of information and expression of opinion, within the framework defined in the laws.
If the Controllers’ significant legitimate interest is the legal basis for Processing, the Controllers perform and can perform in the future the interest balance test in accordance with the relevant GDPR provisions; this test shows that the Controllers’ legitimate interest in Processing is stronger than the Data subject’s rights and liberties related to Processing. If it is requested, the Controllers inform the Data subject about the content of the present paragraph as described in the present Notice.
VII. Term of Processing
The Controllers process the Data subject’s data until the Processing purposes mentioned above are realized or until the Data subject revokes his or her consent or until the erasure at the Data subject’s request.
The data that are automatically and technically recorded during the operation of the system are stored in the system for a period necessary for the operation of the system. The Controllers ensure that these automatically recorded data cannot be linked to other Personal data – except for the legally prescribed cases.
If a court or authority orders the erasure of the Personal data with a binding force, the Controllers perform the erasure. The Controllers – informing the Data subject – restrict the use of the Personal data if the Data subject requests this or if the available information implies that the erasure would violate the Data subject’s legitimate interest. The Controllers do not erase the Personal data until the Processing purpose that prevented the erasure of the Personal data exits.
You may allow or ban cookies anytime by setting or modifying the computer browser programme, and you can request in the browser settings that a pop-up window be shown before cookies are used.
the storage of user sessions,
the collection of statistics,
the storage of user settings,
the storage of consents related to cookies.
You can allow or ban cookies by modifying the browser settings. As the options differ in each browser, please use the Help menu of your browser for further information.
IX. Hiring of Processors and the transfer of data
If the Processing is carried out by others in the name of the Controllers, the Controllers only employ Processors who or which offer sufficient guarantee to perform the technical and organisational measures ensuring the observance of the GDPR requirements for Processing and the protection of the Data subjects’ rights. The Processor may not employ other processors without the Controllers’ prior written authorization with one-time or general validity.
The Controllers list the Processor(s) and sub-processor(s) acting on behalf of the Controllers in the present Notice, if there are any.
The Controllers are entitled and obliged to transfer all Personal data that are stored legitimately and are available to them to the competent courts and authorities, the transfer of which Personal data is the Controllers’ obligation determined by a law or an order of a court or authority. The Controllers may not be held liable for a data transfer of this kind and its consequences.
The Controllers do not transfer your data to a third country.
X. Purpose and term of Processing
In connection with the Service, the purpose of the processing performed by the Controllers is the following:
The Controllers process the personal data when the purpose of processing exists, so primarily when the legal relationship with the specific User exists (when this period ends, the data provided by the Data subject User about this User are erased), or until the User requests the erasure of his or her data or revokes his or her consent.
XI. Communication with the Controllers
The visitor has the opportunity to contact the Controllers directly on the Website (for example for offers; applications). The visitor can provide the relevant data necessary for communication by filling in a form. Before the submission of the data, however, the Controllers call attention on the form to the data processing rules that the Data subject User has accepted by using the Website. The data provided on the form are stored for a maximum of 1 year. The data uploaded as attachments are stored on the Website server for 30 days and are automatically deleted afterwards. The data submitted based on the application form are stored for a maximum of 6 months.
The purpose of processing: ensuring the start of communication with the Controllers
The scope of the processed data: name, email address, phone number, subject of communication, message, attachment
The legal basis for processing: the data subject’s consent according to Article 6 point (1) a) of the GDPR.
Deadline of the data storage: one year from the recording of data, until the case is settled (the goal is achieved)
Method of data storage: electronic
XII. Data safety
We take the necessary measures on our Website to protect the Personal data and / or sensitive data sent from your computer, especially measures against unauthorized access, alteration, transfer, disclosure, erasure, destruction, accidental destruction or damage and the inaccessibility of data due to the change of the applied technique. In order to protect the data that are processed electronically in the different records, we use an appropriate technical solution to ensure that the data stored in the records cannot be directly linked to the data subject – except in the cases permitted by laws.
We inform you that we use data networks with appropriate firewall and password protection. However, we would like to emphasize that the data transfer via Internet cannot be perfectly safe and flawless. You are responsible for the safety of passwords, IDs or other special access methods, except when the damage occurred because the Controllers processed the Data subject’s data illegally or did not observe the data safety requirements.
XIII. The Data subject’s rights and the opportunities for exercising rights
The Data subject may request information about the processing of his or her personal data or the rectification and erasure of the personal data – except for the processing prescribed by law – using the Controllers’ contact details listed in the present notice.
The leader of the organisational unit having jurisdiction and competence answers the Data subject’s request regarding the processing of his or her personal data no later than within 15 days from receipt – or within 5 days if the right to object is exercised – in writing, in a comprehensive manner.
The leader of the organisational unit processing the data rectifies the incorrect data – if the necessary data and the documents verifying them are available – or takes measures for the erasure of the processed personal data if the causes defined in the GDPR or the Privacy Act exist.
The leader of the data processing organisational unit suspends the processing for the period during which the Data subject’s objection against the processing of his or her personal data is evaluated – but no longer than 5 days –, examines the well-foundedness of the objection, makes a decision and informs the requesting party about the decision.
The Controllers compensate for the damage caused to others by the illegal processing of the Data subject’s data or by the violation of the data safety requirements, and pay a compensation for grievance if personal rights were violated by the Controllers or the processor employed by them. The Controllers call the Data subject’s attention to the fact that the Controllers are relieved of the liability for the damage and the obligation to pay the compensation for grievance if they prove that the damage or the violation of the Data subject’s personal rights occurred due to an unavoidable event outside the scope of processing. Similarly, they do not compensate for the damage arising from the incidental behaviour or gross negligence of the injured party.
Revocation of consent
If the Data subject has given consent to the processing of the personal data, he or she can revoke it anytime with future effect. The consent can be revoked using the Controllers’ contact details indicated on the website.
The Data subject can exercise his or her rights anytime, according to the provisions of the GDPR and the Privacy Act.
The Data subject has the right to request the information from the Controllers’ responsible person whether his or her personal data are being processed; if they are, the Data subject is entitled to gain access to the personal data and the information defined in Article 15 point (1) of the GDPR.
The Data subject in entitled to immediately demand from the Controllers’ responsible person the rectification of the incorrect personal data related to the Data subject and the supplementation of the missing personal data.
The Data subject is entitled to demand that the Operators immediately erase the Data subject’s personal data if a case described in Article 17 point (1) of the GDPR exits.
The Data subject is entitled to demand the restriction of processing from the Controllers’ responsible person – if a case described in Article 18 point (1) of the GDPR exists.
The Data subject is entitled to receive the personal data concerning him or her that were given to the Controller by the Data subject in a structured, commonly used, machine-readable format. The Data subject is also entitled to transfer these data to another controller without the interference of the controller for whom the personal data were made available.
We would like to request and recommend that the Data subjects contact the Controllers using the contact details indicated in the present Notice if they have any questions, comments or complaints regarding the Processing before they seek legal remedy from an authority or court.
The Data subject has the right to contact the Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság) if his or her rights regarding his or her Personal data are violated. Hungary, 1125 Budapest, Szilágyi Erzsébet fasor 22/c., telephone: +36 (1) 391-1400, fax: +36 (1) 391-1410, email address: firstname.lastname@example.org).
The Data subject is also entitled to apply to a court if his or her rights are violated. The regional court is competent in evaluating the lawsuit. The lawsuit can also be initiated – at the Data subject’s choice – at the regional court based on the Data subject’s domicile or place of residence.
XIV. Modifications of the Data Protection Notice
The Controllers reserve the right of modification at all times in order to ensure that the present Data Processing Notice always complies with the effective legal requirements.
Please do not hesitate to contact us if you have any questions or comments regarding the present Data Protection Notice.