Privacy policy

I. Introduction

LIVING I. Ingatlanfejlesztő Befektetési Alap (LIVING I. Property Development Investment Fund, hereinafter “LIVING I”), LIVING II. Ingatlanfejlesztő Befektetési Alap (LIVING II. Property Development Investment Fund, hereinafter “LIVING II”), V45 Ingatlanfejlesztő, Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság (V45 Property Development, Trading and Service Limited Liability Company, hereinafter “V45 Kft.”), and LIVING-Szabolcs Ingatlanfejlesztő Korlátolt Felelősségű Társaság (LIVING-Szabolcs Property Development Limited Liability Company, hereinafter “LIVING-Szabolcs Kft.”) (LIVING I, LIVING II, V45 Kft. and LIVING-Szabolcs Kft. are hereinafter collectively referred to as “Controller” or “LIVING”) issue this privacy notice (hereinafter “Privacy Notice”) to fulfil their obligation to provide prior information relating to the processing of personal data as required by Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter “GDPR”).Unless this Privacy Notice provides otherwise, the definition of Controller shall include LIVING I, LIVING II, V45 Kft and LIVING-Szabolcs Kft.

For the purposes of concluding contracts with legal entities covered by the LIVING concept, as well as in the course of performing the contracts concluded and using any related services, it is necessary that you provide personal data to LIVING. In line with the legal regulations in force, this Privacy Notice lays down the principles governing the purpose, duration and manner of processing your personal data, and your options to enforce your rights and seek remedy in connection with such data processing.

Please read this Privacy Notice, as the security of your personal data is of utmost importance for us. Should you have any questions or comments regarding the contents of this Privacy Notice, please contact the Controller using our contact details listed below before using the livinghomes.hu website, accepting this Privacy Notice and/or providing your personal data.

LIVING may amend this Privacy Notice at any time by a unilateral legal statement, without separate consent – subject to the provisions of the applicable laws – simultaneously with notifying the Data Subjects in advance if necessary. Having regard to the possibility of amendments, please visit the livinghomes.hu website regularly, or inquire at our customer service office in order to learn of any changes.

II. Definitions

Data Subject means any natural person directly or indirectly identifiable by reference to specific personal data.

Personal Data means any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing means any operation or set of operations which is performed on Personal Data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The Processing carried out by the Controller is different in respect of each legal basis; the Controller’s processing activities are described in detail in this Privacy Notice.

Controller: the personal data provided by the Data Subject will be processed by LIVING; in other words, only LIVING may make and execute – or have the Data Processors execute – any decisions relating to the Data Subject’ personal data, and LIVING as the Controller is alone entitled to determine the purposes and means of such processing. The details of the controllers are as follows:

Common data of LIVING

1. website: livinghomes.hu
2. email address: info(at)livinghomes(dot)hu
3. phone: +36 1 40 88 473
4. contact person’s name: Csendes Balázs
5. contact person’s phone number: +36 30 832 0824

Data of the individual controllers

LIVING I.
1. address: H-1095 Budapest, Máriássy utca 7.
2. Registration number with the Central Bank of Hungary: 1221-33
3. tax number: 18999266-2-43
4. statistical code: 18999266-6430-915-01
5. represented by: GLADIÁTOR Befektetési Alapkezelő Zártkörűen Működő Részvénytársaság (GLADIÁTOR Investment Fund Management Private Limited Company) (registered office: H-1095 Budapest, Máriássy utca 7.; company registration number: Cg.01-10-049232; acting as its representative independently: Sándor Gyárfás, Chief Executive Officer)

LIVING II.
1. address: H-1095 Budapest, Máriássy utca 7.
2. Registration number with the Central Bank of Hungary: 1221-42
3. tax number: 19086862-2-43
4. statistical code: 19086862-6430-915-01

V45 Kft.
1. address: H-1095 Budapest, Máriássy utca 7.
2. company registration number: 01-09-697075
3. tax number: 12657953-2-43
4. statistical code: 12657953-6810-113-01
5. represented by: János Gerő, managing director

LIVING-Szabolcs Kft.
1. address: H-1095 Budapest, Máriássy utca 7.
2. company registration number: 01-09-338783
3. tax number: 26678481-2-4
4. statistical code: 26678481-6810-113-01

Unless provided otherwise by this Privacy Notice, the legal entities covered by the LIVING concept shall determine the purposes and means of the processing specified in this Privacy Notice jointly, and therefore LIVING I, LIVING II, V45 Kft. and LIVING-Szabolcs Kft. will be considered joint controllers during the implementation of the processing activities. The joint controllers shall determine their respective responsibilities for compliance with their obligations related to the processing in a transparent manner, by means of an arrangement between them, in particular as regards the exercising of the rights of Data Subjects and their respective duties to provide the required information to Data Subjects.

By accepting this Privacy Notice, the Data Subjects acknowledge that the controllers have made the contents of their separate arrangement mentioned in this section available to them. Data Subjects may exercise their rights provided in this Privacy Notice in respect of and against each of the controllers.

It shall be an exception to the joint processing if a right or an obligation is expressly limited to one of the controllers according to the provisions of this Privacy Notice; such processing is for example the one carried out for the purpose of concluding Contracts and performing the Contracts concluded, as provided for in section 4.2 of this Privacy Notice. Having regard to the fact that the Data Subject may choose the appropriate property from among the properties for sale in several residential buildings available on the website, and that these residential buildings are developed by the controllers separately, independently of each other, the controllers shall proceed independently during the conclusion and the performance of the Contracts for the properties of a given residential building. In view of all this, the controllers agreed in the arrangement made between them that they shall be considered independent controllers only in respect of the processing performed for the purposes of the conclusion of Contracts and the performance of the Contracts concluded, and therefore, the processing activities performed in order to achieve this processing purpose and the related responsibilities of the controllers shall be treated separately in respect of each controller. Accordingly, if you wish to buy one of the properties of the residential building to be built under the name “Kassák Residence”, your personal data will only be processed by LIVING I as the controller; if you wish to one of the properties in the residential building to be built under the name “Metropolitan Garden”, your personal data will only be processed by LIVING II as the controller; if you wish to buy one of the properties in the residential building to be built under the name “Kassák Passage”, your personal data will only be processed by V45 Kft. as the controller; and if you wish to buy one of the properties in the residential building to be built under the name “Park West”, your personal data will only be processed by LIVING-Szabolcs Kft. as the controller regarding the processing activities carried out in order to conclude Contracts and to fulfil the Contracts concluded, as provided for in section 4.2 of this Privacy Notice. Data processing for the purpose of implementing the “LIVING” prize game specified in Section 4.4. of this Privacy Notice will also be exempt from joint processing.

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

Processing Operations by the Processor means performing technical tasks in connection with data processing operations, irrespective of the method and means used for executing the operations, as well as of the place of execution, provided that the technical task is performed on the data.

Processor means a natural or legal person, public authority, agency or other body which processes personal data related to the Data Subjects on behalf of the Controller, based on a written contract concluded with the Controller or based on another legal act; Processors do not make any decisions on their own in connection with the personal data and may only act based on the written contract concluded with the Controller or the other relevant legal act, and according to the instructions received. Processing Operations by the Processor will be carried out by the Controller, and the Controller will use the following contractual partners to carry out tasks in relation to the processing activities:

Contractual partner and its details Data it may access
activity it performs
Length of time it stores the data

Viza Ingatlanforgalmazó Korlátolt Felelősségű Társaság (Viza Real Estates Limited Liability Company)
H-1136 Budapest, Raoul Wallenberg utca 7. fszt.
company registration number: 01-09-882774

Keeps contact with Data Subjects interested in purchasing properties in the residential buildings to be built under the names Kassák Residence and Metropolitan Garden presented on the livinghomes.hu website, and in other Services, and presents the real properties and the Services to the Data Subjects for the purpose of building the Client Database.

Uses the personal data provided to the Controller.

Until the date of termination of the engagement contract.

Csiszér & Co. Szolgáltató Betéti Társaság
H-1145 Budapest, Újvidék utca 4. I. em. 2.
company registration number: 01-06-785598

Keeps contact with Data Subjects interested in purchasing properties in the residential buildings to be built under the names Metropolitan Garden, Park West and Kassák Passage presented on the livinghomes.hu website, and in other Services, and presents the real properties and the Services to the Data Subjects for the purpose of building the Client Database.

Until the date of termination of the engagement contract.

Anna Tőkés-Kukoricza, sole trader
H-2011 Budakalász, Liget utca 11
registration number: 52093184

Keeps contact with Data Subjects interested in purchasing properties in the residential buildings to be built under the names Metropolitan Garden, Park West and Kassák Passage presented on the livinghomes.hu website, and in other Services, and presents the real properties and the Services to the Data Subjects for the purpose of building the Client Database.

Until the date of termination of the engagement contract.

János Pál Turák, sole trader
H-1029 Budapest, Aranybulla utca 14.
registration number: 53464529

Keeps contact with Data Subjects interested in purchasing properties in the residential buildings to be built under the names Metropolitan Garden, Park West and Kassák Passage presented on the livinghomes.hu website, and in other Services, and presents the real properties and the Services to the Data Subjects for the purpose of building the Client Database.

Until the date of termination of the engagement contract.

WEBSTATION Számítástechnikai, Kereskedelmi és Szolgáltató Betéti Társaság (WEBSTATION Information Technology, Commercial and Services Partnership)
H-1034 Budapest, Kecske utca 23.
company registration number: 01-06-115421

Provides storage space for the Client Database and stores the personal data contained in the Client Database.

Until the date of termination of the services contract.

Linemedia Korlátolt Felelősségű Társaság
H-1141 Budapest, Komócsy utca 29-31. C. ép. 1. em. 1
company registration number: 01-09-940357

Performs advertising agency activities in connection with the website livinghomes.hu, in particular the operation and development of the website, involving access to the personal data listed in Section 4.3 below.

Until the date of termination of the engagement contract.

XAPT Solutions Korlátolt Felelősségű Társaság (XAPT Solutions Limited Liability Company)
H-1118 Budapest, Rétköz utca 5.
company registration number: 01-09-300717

Performs the development of the LIVING CRM system (keeping records of client relationships, processing the data of clients and the properties), which involves the posting of the leads received on the livinghomes.hu website. Supports client relations and the appropriate implementation of the contractual processes. In addition to the above, it also runs campaigns to support sales processes.
Has access to the personal data recorded by the Controller and included in the Client Database, to the to the extent necessary for the performance of its duties under the engagement contract.

Until the date of termination of the engagement contract.

Dialogue Creatives Korlátolt Felelősségű Társaság (Dialogue Creatives Limited Liability Company)
H-1126 Budapest, Beck Ö. Fülöp utca 12.
company registration number: 01-09-909776

Performs comprehensive advertising agency activities in connection with LIVING, which involves marketing activities carried out in respect of the livinghomes.hu website, including without limitation managing advertisements, consultancy and the production of advertising materials.
Has access to the personal data recorded by the Controller and included in the Client Database, to the to the extent necessary for the performance of its duties under the engagement contract.

Until the date of termination of the engagement contract.

Gross Marketing Product Korlátolt Felelősségű Társaság (Gross Marketing Product Limited Liability Company)
H-1033 Budapest, Kéve utca 14.
company registration number: 01-09-952492

Supports the client relationship management process and stores information related to current and potential clients, as well as the personal data stored in the Client Database.
Processes personal data on behalf of the Controller in its capacity as a Processor during the mediation of interested persons in the course of so-called lead-based campaigns, and V45 Kft. as an independent controller processes personal data on behalf of the organiser of the “LIVING” prize game during the performance of certain tasks related to the implementation and execution of the Game.

Until the date of termination of the engagement contract.

Boston Technologies Korlátolt Felelősségű Társaság (Boston Technologies Limited Liability Company)
H-1015 Budapest, Hattyú utca 18. 3. em. 5
company registration number: 01-09-902980

Acts in connection with the design, installation and programming of smart home systems in the properties of clients interested in smart home systems, during the sale of the properties listed on the livinghomes.hu website, in the course of which it has access to the personal data necessary for the installation of the smart homes, provided by clients, buyers and customers interested in smart home systems.

Until the date of termination of the contract for services.

Balázs Csendes, sole trader
H-1104 Budapest, Dóczy József utca 14.
registration number: 50992829

Keeps contact with Data Subjects interested in purchasing properties listed on the livinghomes.hu website, and in other Services, and presents the real properties and the Services to the Data Subjects for the purpose of building the Client Database.

Until the date of termination of the engagement contract.

The above contractual partners only act as Processors, which means that their rights and obligations relating to the use of personal data are determined by the Controller; therefore the Processors may not make decisions concerning the data processing, may not use personal data for their own purposes, and will store and retain the data in accordance with the Controller’s instructions. The detailed rules of processing by the Processors are included in the contracts concluded with the Processors or in the other relevant legal acts. The Controller assumes liability for the processing practices of the Processors to the extent required by law.

Transfer means making personal data available to a specified third party.

Authority means the National Authority for Data Protection and Freedom of Information (address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/c; website: http://naih.hu; email address: ugyfelszolgalat@naih.hu; phone: +36 1 391 1400).

GDPR (General Data Protection Regulation) means REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Privacy Act means Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information.

Personal Data Breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Properties: the properties offered for sale in the residential buildings listed on the livinghomes.hu website, which include condominium flats, storage rooms and parking spaces in a garage, and – in the case of certain residential buildings – retail units and offices.

Contract Conclusion means the conclusion of registration contracts, pre-contracts or real estate sale and purchase contracts by and between the Controller and the Data Subject regarding the newly built real properties offered for sale by the Controller.

Service: services related to Contract Conclusion by and between the Data Subject and a legal entity covered by the LIVING concept, and other services related to the Contract Conclusion and the sale of the Properties on offer, as requested by the Data Subject (e.g. newsletter service, implementation of the Game).

Game: Means the prize game “LIVING” organised by V45 Kft., the detailed rules of which are laid down in the effective game regulations published on the livinghomes.hu/nyereményjáték website.

Client Database: during the provision of the Service, after the Data Subject has read and accepted this Privacy Notice, the Controller will record and process the personal data provided by the Data Subject in its own data files.

Client relationship: a relationship maintained for the purpose of technical consultations, credit administration and dealing with utility providers in relation to the conclusion and performance of Contracts.

Cookie means a short file (data set) sent from a visited website to the Data Subject’s computer to store information about the Data Subject and about the connection between the Data Subject and their web server. Cookies are used to identify (recognise) the Data Subject’s computer, to ensure simpler browsing and to monitor browsing, as well as to analyse and evaluate the use patterns of visitors to the website and, thereby improve the user experience.

Website: This Privacy Notice regulates data processing in relation to the livinghomes.hu website.

Sales Office: the Controller’s offices for receiving clients in person.

How data are processed: :

The Controller will collect and process Personal Data in the course of providing the Service, when requesting data prior to Contract Conclusion and also in person, for the purpose of taking the steps necessary for Contract Conclusion or during Contract Conclusion, and also when any related services are used. By supplying their data in response to the preliminary request for data or when using the Services, Data Subjects consent to the processing of their Personal Data provided to the Controller in accordance with this Privacy Notice, provided that the Processing is based on the Data Subjects’ consent.

By contacting the Controller by phone or in person with the intention of concluding a contract, the Data Subjects voluntarily provide certain Personal Data of theirs to the Controller. Following this first contact, the name, email address and telephone number of the Data Subject will be recorded in the Client Database, and therefore the Controller may process these personal data at the Data Subject’s request already before the Data Subject’s acceptance of the Privacy Notice, for the purpose of taking the steps necessary for Contract Conclusion. At a personal meeting after that, the Controller will ask the Data Subject to declare that they have reviewed the content of this Privacy Notice, and the Controller will answer any questions that may arise in connection with the processing. Prior to Contract Conclusion, the Controller will request all of the Data Subject’s Personal Data necessary for Contract Conclusion by sending the Data Subject a separate data request form.

If the Data Subject, as a confirmation of their intention to participate in the Game, registers on the livinghomes.hu/nyereményjáték website and voluntarily provides their personal data essential for the successful implementation of the Game, the Data Subject’s name, email address, address/mailing address and phone number will be captured in the Client Database, and therefore the Controller will be entitled to process these personal data at the Data Subject’s request after provision of the Data Subject’s consent and acceptance of the Privacy Notice, for the purpose of implementing the Game.

The Controller will provide the opportunity for the Data Subject to review the Privacy Notice before obtaining the Data Subject’s consent and before the contracting process. To this end, the text of the Privacy Notice in force will be continuously and publicly available on the Website, free of charge and without any obligations. The Data Subject may also access the Privacy Notice in person at the registered office or Sales Office of the Controller in cases where Personal Data are collected directly from the Data Subject or if the Data Subject requests the Controller to show them the Privacy Notice in person. By providing your personal data you confirm that you have read the effective Privacy Notice and have expressly accepted its contents.

III. Principles of data processing

Regardless of the legal basis of processing, the Controller will comply with the following processing principles throughout the period of processing:

3.1 Lawfulness, fairness and transparency: The Controller will process personal data lawfully, fairly and in a transparent manner in relation to the Data Subject.

3.2 Purpose limitation: The Controller may only process personal data for the explicit and legitimate purpose specified in this Privacy Notice, and in order to exercise rights and fulfil obligations specified by law. If the Controller wishes to use any already provided personal data for a different purpose, the Controller will fully inform the Data Subject of this in advance – primarily by email; however, the personal data of the Data Subject may not be processed for any other purpose without the prior consent of the Data Subject, unless the Processing can be considered lawful and/or compatible with its initial purpose without the Data Subject’s consent. Data provided in hard copy will also be stored by the Controller digitally after digitisation, along with the data provided through the Website.

3.3 Data minimisation: The Controller may process personal data if they are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. Accordingly, the Controller will process personal data that are necessary for the conclusion of the Contract or the performance of a Contract already concluded, or for the performance of other Services, in accordance with the purposes of processing.

3.4 Data accuracy: Personal data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay. The Data Subjects may also contribute to the accuracy of the data by reporting any changes in the data or by rectifying the data they have provided.

3.5 Storage limitation: The Controller may keep personal data in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with the provisions of GDPR, subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of the data subject. In view of the above, the duration of Processing will be as follows: the processing of the Data Subject’s personal data may vary depending to the purpose of processing, but in any case, processing lasts from the date of disclosure of the data until the date of their deletion by the Controller.

3.6 Integrity and confidentiality: The Controller may process personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measure.

3.7 Principle of data security: To protect the personal data provided and to prevent threats, the Controller will take all reasonable and necessary precautions, technical and other organisational measures, and procedures in compliance with the data security requirement set out in the GDPR. The Controller will protect personal data by restricting access to them and therefore only the persons with a need-to-know in order to achieve the objectives specified in section IV below can access the data.

In order to prevent personal data breaches, the Controller will take the following precautions when storing personal data in its IT system or – if the personal data are recorded on paper – on paper:

i) preventing any unauthorised access to the personal data, as well as any unauthorised data entry, data modification and data deletion through the use of passwords and encryption;
ii) ensuring that the data in the Controller’s database cannot be interlinked or linked to the Data Subject;
iii) ensuring that data can be recovered in the case of data loss, in particular, providing for regular security backups and a separate and secure handling of copies, as well as the virus protection of files;
iv) ensuring physical protection of the files and the storage media;
v) if the data are recorded on paper, storing hard copy data in an area that is sealed off from the premises used by clients and inaccessible to unauthorised persons, and taking the necessary precautions to ensure physical security as well as fire and flood protection of paper records.

The Controller should notify the personal data breach to the authority Without undue delay and, where feasible, not later than 72 (seventy-two) hours after having become aware of it, unless the Controller is able to demonstrate that the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where such notification cannot be achieved within seventy-two (72) hours, the reasons for the delay should accompany the notification. The Processor will notify the Controller of any personal data breach without undue delay after becoming aware of it. The Controller should communicate to the Data subject a personal data breach, without undue delay, where that personal data breach is likely to result in a high risk to the rights and freedoms of the natural person.

The Controller will document any personal data breaches, indicating the facts relating to the personal data breach, its effects and the remedial action taken. The documentation will enable the Authority to verify compliance with the requirements of the GDPR.

3.8 Accountability: The Controller will be responsible for compliance with the above principles of processing set out in this section of the Privacy Notice, and it will ensure that it can prove its compliance with the principles of processing.

IV. The scope of the personal data processed and the purposes of processing

Unless this Privacy Notice provides otherwise, the controllers will act jointly, with joint and several liability, and they will develop a common infrastructure in respect of the following processing activities.

The Controller will process the Data Subject’s Personal Data for the following purposes:

4.1 For the purpose of building a preliminary Client Database relating to the conclusion of Contracts:

1) Purpose of processing: Based on the Data Subject’s enquiry and initiative, before the conclusion of the Contract and for the purpose of taking the steps necessary for that, the Data Subject provides certain Personal Data to the Controller during their first contact so that the Controller can enter them into its own records to ensure that they are available in its client database to facilitate communication and to send offers.

2) Legal basis for processing: The Data Subject’s request and voluntary data provision, prior to, and for the purpose of taking the measures necessary for, the conclusion of the Contract. The legal basis for processing is Article 6(1)(b) of the GDPR.

3) The scope of the Personal data processed: The Data Subject’s name, email address and telephone number, and information on what kind of real properties offered by the Controller the Data Subject is interested in (in particular the type, size, location and equipment of the real property sought by the Data Subject).

4) Duration of processing: If the Parties do not enter into a Contract within one (1) year from the provision of the Data Subject’s Personal Data, and the processing of Personal Data is not permitted for any other purpose, the Controller may no longer process the Personal Data for the processing purpose included in this section, and those Personal Data will be deleted from the Client Database.

5) Personal Data may be accessed by: The Controller’s executive officers, representatives, its employees in charge of the preparation of Contracts, its employees operating the Client Database and the Processors.

The controllers will act jointly in respect of the above-mentioned processing preceding the conclusion of Contracts.

4.2 For the purpose of concluding Contracts and the performance of the Contracts concluded:

1) Purpose of processing: LIVING I as the controller in respect of the sale of properties in the residential building to be built under the name “Kassák Residence”, LIVING II as the controller in respect of the sale of properties in the residential building to be built under the name “Metropolitan Garden”, V45 Kft. as the controller in respect of the sale of properties in the residential building to be built under the name “Kassák Passage”, and LIVING-Szabolcs Kft. as the controller in respect of the sale of properties in the residential building to be built under the name “Park West” (hereinafter the controllers will be separately referred to as “Contracting Controller”) will record and process in their own files – that is, their Client Database – the personal data provided by the Data Subject for the purpose of concluding a Contract during the contracting process, after the Data Subject has read and accepted this Privacy Notice, on a data request form used for the preliminary disclosure of data, filled in by the Data Subject. In order to build a database, the Contracting Controller will process the personal data provided by Data Subjects when communicating their intent for Contract Conclusion and their data provided during the contracting process, for the purpose of preparing the contracts between the Contracting Controller and the Data Subjects, the conclusion and performance of any registration contracts, pre-contracts of sale and contracts of sale concluded (hereinafter collectively referred to as: “Contract”), and the performance of the related subsequent administrative tasks (maintaining client relationships, sending notifications in relation to the Contract, performance of all administration tasks after the conclusion of the Contract and compliance with the data storage obligation). To achieve the purpose included in this section, the Contracting Controller may process your personal data on the following legal bases, taking into account the principles of data minimisation and storage limitation:

2) Legal bases for processing:

1. On the one hand, the legal basis of processing is the conclusion and performance of the Contract to which the Data Subject is a party, and the need for taking steps at the request of the Data Subject prior to entering into a contract, in accordance with Article 6(1)(b) of the GDPR, including the parties’ exercise of the rights and performance of the obligations arising from the Contract.

2. On the other hand, the legal basis is the need for compliance with a legal obligation to which the Contracting Controller is subject, in accordance with Article 6(1)(c) of the GDPR:

i) according to Section 32(1) of Act CXLI of 1997 on Real Estate Registration (“Land Register Act”), the contract of sale serving as a basis for registration and the application for registration must contain certain personal data (the client’s personal identification data, address and personal identification number, the identification of the property concerned – name of town and lot number – and the ownership share concerned by the registration); and
ii) the Personal Data to be included in the invoice to be issued according to Section 169 of Act CXXVII of 2007 on Value Added Tax (“VAT Act”); and
iii) in order to comply with the obligation of taking customer due diligence measures based on Section 7 of Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing (“Anti-Money Laundering Act”), during which Personal Data will be processed.

3) Range of personal data processed: first name and surname; first name and surname at birth; mother’s birth name; place and date of birth; address; personal identification number; nationality; personal identification document number or driving licence number or passport number; address card number; tax identification number; bank account number; mailing address; email address; phone number; if the Data Subject as a person intending to conclude a Contract is represented by another person acting based on a power of attorney, the personal data of the representative (first name and surname; first name and surname at birth; mother’s birth name; place and date of birth; address; personal identification number; nationality; personal identification document number or driving licence number or passport number; address card number; tax identification number); information on what kind of real properties offered by the Controller the Data Subject is interested in (in particular the type, size, location and equipment of the real property); relationship between the persons affected by the Contract Conclusion (in particular the relationship with the person exercising the right of representation, relationship with any further relatives who are signatories for the Contract Conclusion), the details of any previously sold real properties for claiming a duty allowance, and any other data made available by the Data Subject during the preparation for the Contract Conclusion that is essential for the performance of the Contract.

Providing the data is a precondition for preparing for the Contract Conclusion, as well as for concluding and performing the contract. The range of real properties preferred by you will be determined based on the data you have provided. Data processing will have no other consequences. You are not obliged to provide the data; however, in the absence thereof the Contracting Controller will be unable to identify the real properties you are looking for, or to prepare the Contract.

4) Duration of processing: The Contracting Controller will delete the Data after 5 (five) years from the date of recording, unless the Contracting Controller is required by law to store those data for a longer period. Examples of such requirements are Section 169 of Act C of 2000 (“Accounting Act”) and Section 57(1) of the Anti-Money Laundering Act, pursuant to which the Contracting Controller is required to retain personal data for eight (8) years from the termination of the relationship (or agency) with the Data Subject, and it is also required to retain the Contracts concluded for eight (8) years from their conclusion.

5) Personal Data may be accessed by: The Contracting Controller’s executive officer, its employees responsible for the preparation of contracts of sale and its employees operating the Client Database, as well as the Processors.

The controllers will act separately in respect of the above-mentioned processing carried out for the purpose of the conclusion and performance of Contracts.

4.3 For the purpose of sending newsletters and marketing materials:

1) Purpose of processing:
After expressing their interest in the Services, based on their separate consent, the Data Subjects may subscribe for a promotional or other newsletter service aimed at the sale of the newly built real properties offered for sale by the Controller, that is, the legal entities covered by the LIVING concept (hereinafter collectively referred to as “Newsletter Service”), or they may express their interest in receiving direct marketing or other marketing materials (hereinafter collectively referred to as “Direct Marketing”). By means of the Newsletter Service and by sending out Direct Marketing materials, the Controller, that is, the legal entities covered by the LIVING concept intend to directly contact the clients interested in purchasing the properties they wish to sell and clients interested in their other services, and to present the Properties and the services to clients interested in new developments, by phone or email.

2) Legal basis for processing: The prior, clear and express consent of the Data Subject pursuant to Section 6 (1) of Act XLVIII of 2008 on the Essential Conditions of and Certain Limitations to Business Advertising (“Advertising Act”) and Section 6 (1) (a) of the GDPR.

The Controller may only send newsletters and marketing materials to Data Subjects who have specifically consented to this. In respect of these data processing purposes, i.e. the Newsletter Service and contact through Direct Marketing materials, the Data Subject will make a separate declaration of consent in accordance with Chapter V below. In the context of these data processing purposes - in the event the Data Subject has given their consent - the Controller may send the Data Subject newsletters for advertising or other purposes, or any other marketing material. In this context the Controller aims to provide information about specific and personalised advertisements in line with the requirements indicated by the Data Subject by sending Direct Marketing materials after subscription by the Data Subject to this service, and also to send newsletters for advertising or other purposes to the Data Subject under the Newsletter Service, to provide information on and promote its Services and new investments if the Data Subject has subscribed to the Newsletter Service.

3) The scope of the Personal Data processed: Personal Data processed for the purpose of the Newsletter Service and Direct Marketing as processing purposes: first name and surname; email address; mailing address; phone number.

4) Duration of processing: The Data Subject may withdraw their consent given to this processing purpose at any time, free of charge, without restriction and explanation, by contacting the Controller at any of its contact details specified in this Privacy Notice (by sending a message with the appropriate content or by contacting the Controller in person), after which the Controller will no longer be entitled to send newsletters or advertising materials to the Data Subject, and therefore the Controller will retain the Personal Data from the date of recording until the date of deletion at the Data Subject’s request. In respect of the Newsletter Service and contact through Direct Marketing materials, the personal data of the Data Subject will be deleted automatically after four (4) years from the date the last newsletter or marketing material was sent out.

5) Personal Data may be accessed by: The Controller’s employees who operate the Client Database and proceed in connection with sending out newsletters and advertising materials, as well as the appropriately authorised Processor.

The controllers will act jointly in respect of the above-mentioned processing activities performed for the purpose of sending out Newsletters or advertising materials.

4.4 For the purpose of implementing the “LIVING” prize game:

1) Purpose of processing:
After showing their interest for the Services, the Data Subject has the opportunity to participate in the Game organised by V45 Kft. as a Controller constituting as independent controller for the implementation of the Game. On the basis of a separate consent provided by the Data Subject, the personal data provided upon participation in the Game will be processed for the purposes of database management for the Game, successful implementation of the Game, identification of the participants of the Game, establishment of entitlement to the prize, contacting and communication with the winner and, in connection with that, facilitating and execution of the dispatch/delivery of the prizes.

2) Legal basis for processing: The prior, clear and express consent of the Data Subject pursuant to Article 6 (1) (a) of the GDPR.

Participation in the Game will be subject to a separate declaration of consent made by the prospective player upon visiting the website in accordance with the provisions of Section B) of Chapter V below.

3) The scope of the Personal data processed: first name and surname; address/mailing address; email address; phone number.

4) Duration of processing: The Data Subject may withdraw their consent provided to this processing purpose at any time, free of charge, without restriction and explanation, by contacting V45 Kft. at any of its contact details specified in this Privacy Notice (by sending a message with the relevant content or by personal contact). This, however, will prevent the player from further participation in the Game by rendering communication impossible. In the event of withdrawal of consent, the Controller will store the personal data from the date of capture until deletion at the Data Subject’s request. In the absence of such withdrawal, personal data will be deleted automatically after 4 (four) months from the end of the prize game.

5) Personal Data may be accessed by: The Controller’s employees who operate the Client Database and arrange for the postal delivery/dispatch of the prizes, as well as the Processor authorised.

V45 Kft. will act as an independent controller in terms of processing for the purposes of the implementation of the Game as detailed above.

The Controller will maintain records on the one hand in respect of the purposes specified in Chapter IV of this Privacy Notice, of the Controller’s processing activities defined in this Privacy Notice in accordance with Article 30(1) of the GDPR; and on the other hand it will maintain records of the data transfers defined in Chapter VI below.

V. Consent to the processing of personal data

Consent is defined as any freely given, specific, informed and unambiguous indication of the Data Subject's wishes by which the Data Subject signifies their agreement to the processing of personal data relating to them in full or in respect of certain specific operations. The Data Subject may give their consent to the processing of their personal data as follows:

A) When registering on the livinghomes.hu Website, the Data Subjects become familiar with the effective Privacy Notice available on the website or at the registered office/Sales Office of the Controller, and they voluntarily provide their relevant data and, by actively checking the relevant box – or if the communication takes place in person, by signing a written declaration of consent – accept the provisions of the Privacy Notice; furthermore, the Data Subjects give their consent to the processing of their data for the purpose of sending them newsletters or advertising materials as mentioned in section 4.3 of the Privacy Notice, and they confirm the truthfulness and accuracy of the personal data provided. Therefore, the Data Subjects have the option to give separate consents so that they are only contacted by the Controller through advertising or other newsletters or marketing materials tailored to their needs, after the Data Subjects’ subscription to the Newsletter Service or to Direct Marketing materials. The declaration of consent made at the time of subscription must contain the name of the person giving the consent, the range of the data whose processing such person has consented to, and confirmation that the consent is freely given, specific and informed. The Data Subject has the possibility to unsubscribe from the Newsletter and Direct Marketing services on the Website at any time, without any consequences. The Data Subject’s consent can also be withdrawn in person, by signing a written declaration of consent.

B) When registering on the livinghomes.hu Website, the player becomes familiar with the game regulations available on the Website, the effective Privacy Notice, voluntarily provides certain personal data necessary for successful registration, reply to 2 (two) subsequent multiple-choice questions and, by ticking the relevant box, accepts the provisions of the game regulations and the Privacy Notice. The Data Subject thereby gives their consent to the processing of their data for the purpose of the implementation of the Game, and confirms the truthfulness and accuracy of the personal data provided. The provision of data for participation in the Game is voluntary. Those participating in the Game acknowledge and expressly consent to

(i) the processing of their personal data by V45 Kft. for the term of the Game and for 4 (four) months from its completion, for the sole purpose of the implementation of the Game, communication, administration, and prize delivery; and

(ii) expressly accepting all provisions of the game regulations in all respects through their participation. The Data Subject has the option to withdraw their consent at any time without any consequences.

The Controller will not check the correctness, truthfulness or accuracy of the personal data provided. The Data Subject providing the personal data is exclusively responsible for the correctness and accuracy of the data, and by providing their email address, they assume responsibility for ensuring that they will be the only person to use the service with the email address provided. As a result, any all liability in connection with logins with a specific email address will be borne exclusively by the Data Subject who provided this email address to the Controller and registered it on the Website.

VI. Data transfer and recipients

The Controller may transfer the personal data of the Data Subject to third parties engaged by the Controller,

provided that it has obtained the Data Subject’s freely given, specific, informed and unambiguous consent to this, provided by the Data Subject in advance and in writing – by accepting this Privacy Notice – by actively checking the appropriate box;

or if the Controller is authorised to transfer the data based on another legal basis included in this Privacy Notice (data transfer necessary for the performance of a Contract, compliance with a legal obligation imposed by a law).

In order to verify the lawfulness of transfer and to provide information to the Data Subject, the Controller will maintain a record on the transfers, which contain the time of transfer of personal data processed by it, the legal basis for the transfer and the other data specified in the law that requires processing. During data transfer, the Controller will not transfer any data to third parties other than the personal data freely given by the Data Subject.

1) The Controller may transfer personal data to the law firm representing both Parties and engaged by the Parties for carrying out the legal tasks related to the preparation, conclusion and performance of the Contract, but only for the purpose of and to the extent necessary for the conclusion and performance of the Contract.

2) The Controller may transfer personal data to the credit institution selected by the Data Subject in order to ensure the payment of the contractual purchase price without any problems, including without limitation the transfer of the data necessary for credit administration, for requesting Family Housing Allowance (Hungarian abbreviation: CSOK) and for using other banking services, but only for the purpose of and to the extent necessary for the conclusion and performance of the Contract.

3) The Controller may transfer personal data to the contractor engaged by it to carry out the general construction of the condominium, for the purpose of performing the technical delivery procedure affecting the Data Subject in accordance with the Contract, of holding technical consultations, reporting errors or performing warranty repairs, but only for the purpose of and to the extent necessary for the conclusion and performance of the Contract.

4) The Controller may transfer personal data under the project financing loan agreement to the financial institution financing the project for the purpose of securing the funding required for the construction of the residential buildings incorporating the individual Properties. The transfer as specified in this section is required for the purpose of contracting and to the extent necessary for the performance of such contract, and for the purpose of compliance by the credit institution financing the project with its statutory legal obligations.

5) LIVING I and LIVING II may transfer personal data – only for the sale of properties in the residential building to be built under the name “Kassák Residence” and “Metropolitan Garden” for the purpose of contracting and to the extent necessary for fulfilling such a contract – to the custodian of LIVING I and LIVING II in order to obtain the consent specified in Section 38(3) of Government Decree 78/2014. (III. 14.) on the investment and credit borrowing rules of investment funds.

6) The Controller may transfer personal data to the representative of the owners’ association of the condominium containing the real property acquired by the Data Subject, but only for the purpose of and to the extent necessary for the conclusion and performance of the Contract.

VII. Storage of cookies

During the use of the Website, in addition to the Data Subject’s personal data, the Data Subject’s computer data (Cookies) generated during the use of the Website and recorded (logged) by the Website upon visiting and leaving the Website are recorded by technical means. The Data Subject actively consents to the storing of Cookies by checking the checkbox displayed when opening the Website. These Cookies allow the identification of the location from where the Website is accessed as well as the searches made on the Website. These Cookies are used to prepare statistics regarding visits to and use of the Website and, in general, to improve the information technology system of the Website. Unless required by law, the Controller will not link these data to the Data Subject’s personal data, and they can only be accessed by the Controller and the staff of the system administrator operating the Website. The Data Subject can delete the Cookies from their own computer at any time (by using the relevant menu options in the browser), and can also disable Cookies in their browser (typically from the Help menu). At the same time, the Data Subject acknowledges that in the event of disabling the Cookies, some functions of the Website may not be available.

VIII. Personal data relating to children and third parties

In respect of online services related to the information society, the validity of the declaration of consent of underage Data Subjects aged 16 or over is not subject to the consent or subsequent approval of their guardian (parent), except for data processing for the purposes of the “LIVING” prize game as specified in Section 4.4 herein. Pursuant to the game regulations of the Game, only natural persons over the age of 18 with full capacity to act may participate in the Game.

Underage Data Subjects under the age of 16 may not provide their personal data unless they received a declaration of consent from their guardian (parent).

In the event of the use of the Website, the Controller will regard the guardian’s consent as given. By providing your personal data you represent and warrant that you are acting in awareness of the above, and your capacity is not limited in relation to the provision of personal data and information.

If you are not legally authorised to provide any personal data on your own, you must obtain the consent of the third parties concerned (e.g. guardian or other person on whose behalf you are acting) or secure another legal basis for the provision of the data. In this context you must consider whether the consent of any third party is necessary for providing the given personal data, and the Controller will not have any liability in this regard. The Controller may verify the existence of a proper legal basis for the processing of some personal data at any time, which means the Controller may ask for your power of attorney and/or the Data Subject’s appropriate consent to the processing of their personal data in connection with the case at hand, if you are acting on behalf of a third party.

We will take all reasonable measures to delete any information provided to us in an unauthorised manner, and prevent the disclosure of this information to anyone or use by us (either for advertising or other purposes). Please notify us immediately of any unauthorised disclosure by a children of their own personal data or by a third party of your own personal data.

IX. Data protection rights

The Data Subject may enforce the rights provided in this Chapter against any of the controllers.

9.1 Right to information and access:
From the time of the provision of their personal data until the deletion of the same, the Data Subject may request information at any time from the Controller concerning the scope of the data processed, the sources from which they were obtained, the purpose, legal basis and duration of processing, the circumstances and implications of potential personal data breaches, and the measures taken to eliminate them. The Controller provides information to the Data Subject in concise, transparent, intelligible and easily accessible form, using clear and plain language. The right of information can be exercised by writing to any of the Controller’s contact details (see in section II of the Privacy Notice). When requested by the Data Subject, the information may be provided orally, provided that the identity of the Data Subject is proven by other means.

The Controller provides the Data Subject with a copy of the personal data undergoing processing. For any further copies requested by the Data Subject, the Controller may charge a reasonable fee based on administrative costs.

The Controller may only refuse to provide information in the cases specified in the GDPR. The Controller will specify the legal provision serving as the grounds for refusal, and at the same time, it will inform the Data Subject of the possibility of filing a complaint with the Authority or the competent court.

9.2 Right to rectification:
The Data Subject may request the Controller to rectify any personal data processed relating to them and to complete any incomplete data. The Data Subject may inform the Controller of any changes in their personal data (by email or post as indicated above). The Controller will make the changes within 8 (eight) days from the receipt of the request. In the event the Data Subject fails to report any changes in their personal data without delay, the consequences thereof will be borne by the Data Subject. If any of the personal data provided is inaccurate, and the correct personal data is at the Controller’s disposal, the Controller will automatically correct the personal data in question. The Controller will notify of the rectification the Data Subject and all recipients to whom the data was transferred for processing. Notification is not required if it does not violate the legitimate interest of the Data Subject with regard to the purpose of processing.

9.3 Right of erasure (“right to be forgotten”):
The Data Subject may request the Controller to erase their personal data at any time. The Controller may only refuse erasure if processing is required by law or for the submission, enforcement and protection of legal claims.
The Controller must erase the personal data related to the Data Subject without undue delay where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the Data Subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing;
- the Data Subject objects to the processing and there are no overriding legitimate grounds for the processing;
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

Where the Controller has made the personal data public and is obliged pursuant to the previous paragraph, to erase the personal data, the Controller, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform the Controllers and Processors which are processing the personal data that the Data Subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

The erasure of data may not be requested if processing is necessary for the reasons specified in Article 17(3) of the GDPR, and the Data Subject will not have a right to erasure if the Processing is strictly necessary for the performance of the Contract.

9.4 Right to withdraw consent:
The Data Subject may withdraw their consent to the processing of their personal data at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. Obviously, the right to withdraw consent will not affect any Processing performed based on another legal basis.

9.5 Right to restriction of processing:
The Data Subject is entitled to obtain from the controller restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of the personal data;
- the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
- has objected to processing pending the verification whether the legitimate grounds of the Controller override those of the data subject.

Where processing has been restricted, such personal data will, with the exception of storage, only be processed with the Data Subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. A Data Subject who has obtained restriction of processing will be informed by the Controller before the restriction of processing is lifted.

No further processing operations can be performed during the restriction of Processing, and the Controller will ensure that the blocked data cannot be modified during the restriction of Processing.

9.6 Right to data portability:
In respect of the personal data processed based on the Data Subjects’ consent or for the purpose of the performance of Contracts, the Data Subjects have the right to receive the personal data concerning them, which they have provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller, without hindering the activities of the Controller. The Data Subjects’ right included in this section only applies to digitally processed personal data.

9.7 Right to object:
If processing is necessary for and based on the enforcement of the legitimate interests of the Controller or a third party, the Data Subjects will have the right to object, on grounds relating to their particular situation, at any time to the processing of personal data concerning them. In this case, the Controller may no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subjects or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, the Data Subjects may object at any time to the processing of personal data concerning them for such marketing. Where the Data Subjects object to processing for direct marketing purposes, the personal data may no longer be processed for such purposes.

The Data Subjects may object to the processing of their personal data if processing is necessary for the purpose of performing a legal obligation of the Controller or for enforcing the legitimate interests of the Controller, or if personal data are processed (used or transferred) for the purposes of direct marketing, public opinion polling or scientific research, and in other cases specified by law, unless the Controller is required by law to process the data. Objection is defined as a declaration made by the Data Subject objecting to the processing of their personal data and requesting the termination of processing, as well as the deletion of the data processed.

In the event of such objection, the Controller will investigate the cause of objection as soon as possible but within 15 (fifteen) days at the latest, and it will notify the Data Subject in writing of its decision (as to whether the objection is justified).

If the Data Subject’s objection is justified, the Controller must cease the processing of the Data Subject’s data, block the data concerned and notify of the objection and the ensuing measures all recipients to whom any of these data had previously been transferred and who must take measures in order to enforce the right to object.

If the Data Subject’s objection is not justified according to the Controller, and the Data Subject disagrees with that, the Data Subject may have recourse to the court within 30 (thirty) days from the date when the Controller’s decision is communicated. If the Controller fails to meet the 15-day (fifteen-day) response deadline, the Data Subject may have recourse to the court within 30 (thirty) days from the 15th (fifteenth) day after the deadline.

The Data Subject may not enforce the right to object if the legal basis of Processing is the performance of the Contract.

9.8 Prohibition on automated decision-making:
The Data Subjects will have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

No automated decision-making, including profiling, will be performed during the Controller’s processing carried out in respect of the Data Subjects.

9.9 Procedural rules for exercising data protection rights:
The Controller will provide information on action taken on a request to the Data Subject without undue delay and in any event within 1 (one) month of receipt of the request. That period may be extended by (2) two further months where necessary, taking into account the complexity and number of the requests. The Controller will inform the Data Subject of any such extension within 1 (one) month of receipt of the request, together with the reasons for the delay.

Where the Data Subject makes the request by electronic form means, the information will be provided by electronic means where possible, unless otherwise requested by the Data Subject. If the Controller does not take action on the request of the Data Subject, the Controller will inform the Data Subject without delay and at the latest within 1 (one) month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with an Authority and seeking a judicial remedy.

The requested information and any communication and any actions taken must be provided free of charge. Where requests from a Data Subject are manifestly unfounded or excessive, in particular because of their repetitive character, the Controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request. The Controller bears the burden of demonstrating the manifestly unfounded or excessive character of the request.

The Controller will communicate any rectification or erasure of personal data or restriction of processing carried out by it to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The Controller will inform the Data Subject about those recipients if the Data Subject requests it.

The Controller provides the Data Subject with a copy of the personal data undergoing processing. For any further copies requested by the Data Subject, the Controller may charge a reasonable fee based on administrative costs. The Controller may take reasonable steps to identify the Data Subjects.

9.10 Lodging a complaint:
The Data Subject may enforce their rights by filing a complaint or a report to the Controller’s contact details indicated above.

X. Legal remedies

10.1 Initiating a regulatory procedure:
The Data Subjects may lodge a complaint with the Authority if they consider that the processing of the personal data relating to them infringes the GDPR, their rights related to the processing of their personal data have been violated, or there is an imminent danger of such a violation. The regulatory investigation will be free of charge; the costs thereof will be advanced and borne by the Authority. Filing a notification to the Authority may not result in any discrimination against the notifier. The Authority may only disclose the identity of the notifier if the investigation cannot be carried out otherwise. If so requested by the notifier, the Authority may not disclose their identity even if the investigation cannot be carried out otherwise.

10.2 Enforcement of rights before a court:
In the event of any breach of their rights, the Data Subject may have recourse to court against the Controller. As a rule, the action will be brought to the regional court in whose jurisdiction the Controller’s registered office is located, or, at the Data Subject’s option, the regional court in whose jurisdiction the Data Subject’s home address or temporary residence is located. Such cases will be given priority by the regional court.

10.3 Compensation and restitution: Any person who has suffered material or non-material damage as a result of an infringement of the GDPR is entitled to receive compensation from the Controller or the Processor in accordance with the terms of the GDPR.
In the event the Controller, through the unlawful processing of the Data Subject’s data or the breaching of the data security requirement, violates the personality rights of the Data Subject, the latter may demand restitution from the Controller.
The Controller will be exempt from liability and from paying restitution if it proves that the damage or the violation of the Data Subject’s personality rights were brought about by unavoidable circumstances beyond its reasonable control, i.e. it is not in any way responsible for the event giving rise to the damage. No compensation will be paid and no restitution may be claimed where the damage or the violation of rights was caused by the gross negligence or wilful misconduct of the injured party or the Data Subject, respectively.

XI. Miscellaneous provisions

This Privacy Notice will enter into force on 5 September 2019. The Controller will publish the effective version of this Privacy Notice on the livinghomes.hu Website, and it will also be available in printed form at the registered office and the Sales Office of the Controller.

The Data Subject accepts the contents of the updated Privacy Notice by implication, by using the services offered by the Controller. This Privacy Notice applies only to processing by the Controller.

This Privacy Notice and any of its content elements are protected by copyright, and the related rights are owned by the Controller. The content of the Privacy Notice may only be used with the Controller’s prior written approval.

This Privacy Notice is governed by Hungarian law. Any matters not covered by this Privacy Notice will be primarily governed by the GDPR and the Hungarian laws.

Contact

Sales office

+36 1 80 80 882
sales(at)livinghomes(dot)hu

LIVING Showroom
H-1134 Budapest, Klapka u. 4-10.

Show on map

Newsletter

Get first-hand information

Inquiry now 0
back