Data processing information related to For Prospective Tenants menu
Data processing information related to the “For Prospective Tenants” menu of the www.mammut.hu website which is under the right of disposal of Mammut Management Kft.
Mammut Management Kft., as the beneficiary of the www.mammut.hu website acts as controller in respect of the personal data related to this website. If you visit our website and contact us by using the “For Prospective Tenants” menu at www.mammut.hu/kapcsolat in order to obtain information to prepare the contract to be concluded with the Controller or to make the necessary preparations, your personal data will be processed. We give you the following information about the processing of your personal data.
Data of the Controller
Company name: Mammut Management Kft. Registered seat: 1024 Budapest, Lövőház utca 2-6., Hungary Registration number: 01 09 304362 Phone number: +36 1 345 8000 e-mail: email@example.com
hereinafter the Controller or Mammut Kft.
Major laws applicable during data processing:
Regulation (EU) 2016/679 of the European Parliament and of the Council is about the protection of natural persons with regard to the processing of personal data and on the free movement of such data.1
Act V of 2013 on the Civil Code;
Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (hereinafter the Info Act);
Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society (hereinafter the ECSI Act);
Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (hereinafter the CAA Act);
Act VI of 1998 on the ratification of Strasbourg Convention of 28 January 1981 for the Protection of Individuals with regard to Automatic Processing of Personal Data
Data to be Processed
Upon the completion of the data sections or the “message” or “description” forms in the “For Prospective Tenants” menu on our website and their submission to us, data processing will include your following personal data:
- Name (given name and surname of the competent person)
- Email address
- Phone number
- and any further personal data given by you in the “message” or “description” field.
On our website, visitors can contact the Controller by using their own data. The Controller cannot check the accuracy of the personal data given when contacting it, nor the visitor’s personal identity. Please note that the use of the personal data of another person may entail civil and criminal liability.
Legal basis and purpose of data processing
If you contact us as explained above, the legal basis for data processing is the preparation of the contract to be made between the Controller and you (or the organization represented by you).
In this case, the purposes of processing include:
- your identification (name)
- collection of data necessary to contact you (email address, telephone number)
- collection of data necessary to provide more detailed information in response to questions about the Controller’s business services and operation (data in the “message” or “description” fields)
- collection of data necessary to make the preparations requested by you during the preparation of the contract (data in the “message” or “description” fields)
Your personal data can be accessed by the Controller’s managers or agents responsible for such tasks, for the above purposes.
Period of processing
In the interest and on the legal basis of contract preparation, the Controller shall process your personal data until contract conclusion. After contract conclusion, the rules of processing in the interest of contract fulfillment shall apply to the processing. If no contract is concluded after the preparations (for example, because the specified offer validity period elapsed without success), the Controller shall delete personal data without delay.
Cases of transfer and forwarding of processed personal data
In cases defined by law the Controller is entitled and obliged to forward your personal data processed by it to the competent regulatory authorities or to the body authorized to proceed, in order to enforce legal claims.
Protection of processed personal data
When elaborating the technical and procedural rules of processing operations, the Controller lays a great emphasis on ensuring proper physical and information technology protection for your data. The applied measures are primarily intended to avoid and prevent unauthorized access to, unauthorized alteration, forwarding, disclosure, deletion of or damage to the processed data. The Controller selects the means and measures used in processing in view of this. Further, the Controller ensures that only authorized persons may access the processed data and the authenticity of the processed data and that they are not altered.
Data subject’s rights related to processing
In relation to the processing of your personal data by the Controller, you are entitled to:
- receive proper and transparent information, including feedback from the Controller whether your personal data are being processed;
- ask to correct your incorrect personal data;
- ask to delete your processed personal data if processing is exclusively based on your consent or if the data are no longer needed for the purpose of their collection or if processing is illegitimate;
- exercise your right to data portability, in other words, to receive your personal data in a widely used machine-readable form, forward or ask to forward them to other controllers, provided that processing is automatized and is based on contract or consent, further, that exercising such rights does not prejudice the legitimate rights or freedoms of others;
- ask to limit the processing of your personal data (for example, in cases where the accuracy of your processed data is disputed or processing may be illegitimate until the clarification of such circumstances);
- protest against the processing of your personal data (for example, when processing is based on the enforcement of the legitimate interests of the controller or a third party), further, to withdraw your consent at any time,
- to turn to the supervisory authorities or courts in case of processing thought to be illegitimate.
Data subjects’ rights
access to personal data: the data subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, to access the following information:
- categories of processed personal data,
- purposes of the processing,
- recipients to whom your personal data has been or will be disclosed,
- envisaged period for which the personal data will be stored, or the criteria used to determine the period,
- the source of the data if not collected from the data subject,
- rights to turn to the supervisory authority (complaint),
- if automated decision-making or profiling is performed during processing, its fact, logic, or expected consequences to you.
right to correct: the data subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her, or to have incomplete data completed, including by means of providing a supplementary statement.
right to delete personal data: the data subject shall have the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay and the Controller shall have the obligation to erase personal data without undue delay if:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; or
- the data subject withdraws consent, and where there is no other legal ground for the processing; or
- the data subject objects to the processing and there are no overriding legitimate grounds for the processing; or
- the personal data have been unlawfully processed; or
- the personal data have to be erased for compliance with a legal obligation to which the Controller is subject;
- the collection of personal data is needed in relation to the offer of information society services (e.g. on-line marketing, online gambling).
There could be important reasons and interests that enable the processing of the data subject’s data even if he or she has protested against it (such as exercising the right of the freedom of expression and information, or if needed for the submission, enforcement or protection of legal claims).
Right to restriction of processing: The data subject shall have the right to obtain from the Controller restriction of processing if:
- the accuracy of the personal data is contested by the subject (in this case, limitation is for a period enabling the Controller to verify the accuracy of the personal data); or
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; or
- the Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims; or
- the data subject has objected to processing (in this case, restriction applies until it is verified whether the legitimate grounds of the Controller override those of the data subject);
During the limitation period, no processing other than data storage can be performed, except for cases of important public interest or the protection of the rights of persons.
Right to data portability: the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller. The subject shall have this right of processing based on his or her consent or on a contract, and is automated. The exercising of this right shall not adversely affect the rights and freedoms of others.
Right to protest: if processing is based on legitimate interest to be enforced by the controller, the data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her. In such cases, the Controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Right to judicial remedy
If you believe that your rights have been injured by the processing of your personal data by the Controller, and your questions and comments regarding this have not been answered or have not been answered in time or properly, you are entitled to lodge a complaint to the competent supervisory authority.
Data of the competent supervisory authority:
Name: Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH) [National Authority for Data Protection and Freedom] Address: 1125. Budapest, Szilágyi Erzsébet fasor 22c, Hungary e-mail: firstname.lastname@example.org Telephone: +36 1 391 1400
Further, you are entitled to turn to the courts with jurisdiction at your residence if you believe that the Controller processes your personal data in violation of the provisions of the relevant laws or the compulsory legal act of the European Union.
If you plan to turn to the supervisory authority or court, please first contact the Controller as it is in possession of the information necessary to respond to your questions or request for judicial remedy.
Our company is committed to complying with the principles of legitimate, transparent or fair data processing; therefore, in situations considered to violate your rights, we shall take immediate action to clarify any questions and remedy the established violation, and we shall inform you within a maximum of 1 month of the relevant actions taken and answer your questions about processing made to the Controller.
- GDPR is available in English at the following website: https://eur-lex.europa.eu/legal-content/EN/TXT/ELI/?eliuri=eli:reg:2016:679:oj The terms in this data processing information have the meaning defined in Article 4, Definitions of the GDPR.