The Aerogate Residence 1 Limited Liability Company (hereinafter referred to as the “Controller” or “We“) has created the following privacy notice to ensure the lawfulness of its internal data processing and to safeguard the rights of data subjects.
Data Controller: Aerogate Residence 1 Limited Liability Company
Data Controller’s company registration number: Cg. 01-09-441348
Registered office of the Data Controller: 1062 Budapest, Andrássy út 99. 2. floor. Door 6A.
E-mail address of the Data Controller: buvar1@gmail.com
Data Controller’s representative: Attila Zoltán Búvár, Managing Director
The Data Controller processes personal data in accordance with all applicable laws, but primarily in accordance with the provisions of the following laws:
Act CXII of 2011 on the right to self-determination in information and freedom of information (hereinafter: “Info. tv.”);
Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “Regulation” or “GDPR”).
The Data Controller shall treat personal data as confidential and shall take all technical and organisational measures related to data storage and data processing to ensure the security of data.
Concepts
The conceptual framework of this Data Processing Notice is consistent with the interpretative definitions set out in Article 4 of the Regulation, supplemented in certain respects by the interpretative provisions of Section 3 of the Infotv.
When this notice refers to data or data processing, it refers to personal data and the processing thereof.
The Data Controller uses cookies on its website (the “Website”) at https://aerogate.hu in order to maintain and improve the services of the Website and to enhance the user experience.
What is a cookie?
Cookies are small text files placed on the user’s device by the browser to identify and collect information. A cookie consists of a unique set of numbers and is used primarily to distinguish between computers and other devices that download a web page. Cookies have a variety of functions, including collecting information, remembering user preferences, allowing the website owner to learn about user habits to enhance the user experience.
For what purposes does the website use cookies?
The Data Controller uses cookies for the following purposes:
– to ensure the proper and high-quality functioning of the website and to facilitate the management of the pages,
– To improve the user experience and to implement certain features of the website,
– to understand how visitors interact with the website (e.g.: number of visitors, bounce rate)
– to collect information on how users use the website, which parts of the website they visit most, in order to provide better user experience,
– placing targeted advertising.
What cookies does the website use?
Strictly necessary cookies:
The Data Controller uses strictly necessary cookies to ensure the proper functioning of the website page and its sub-pages, also during navigation between pages and to remember the login details of the data subject.
As stated above, the essential cookies are necessary to allow users to use the website’s functions without disturbance, including the recording of actions taken on the pages you have viewed during a visit. The validity period of the cookies is limited to your current visit and they will be automatically deleted from your computer at the end of your session or when you close your browser. Without the use of these cookies, we cannot guarantee you proper use of the website.
Functional, analytical, performance and advertising cookies
The Data Controller provides up-to-date and detailed information on non-essential cookies via the website’s cookie manager. These are non-essential cookies used by the Data Controller only with the consent of the users to improve the user experience and to help perform certain functions of the website, analyse the use of the website and display targeted advertising.
In order to analyze the use of the website, the Data Controller uses so-called Google Analytics cookies, a detailed description of which is available at the following link:
https://support.google.com/analytics/answer/6004245
The Data Controller uses Google Analytics cookies for the purpose of statistical analysis of website traffic and visitor usage habits, which ultimately serves to improve the website and the user experience.
Analytical cookies collect information about the visiting habits of website users anonymously. The use of analytical cookies is only possible with the user’s consent, which you can withdraw at any time.
What is the legal basis for data processing by cookies?
The Data Controller uses cookies that are essential for the use of the website on the basis of its legitimate interest pursuant to Article 6(1)(f) of the GDPR. The legal basis for the use of other cookies is the consent of the data subject pursuant to Article 6(1)(a) of the GDPR, which can be given via the cookie manager.
How can you control and disable cookies?
In addition to the website’s cookie manager, all modern browsers allow you to change your cookie settings. Most browsers automatically accept cookies by default, but these can usually be changed to prevent automatic acceptance and offer you the choice of whether or not to accept cookies each time.
Since cookies are designed to facilitate and enable the usability and processes of the website, preventing or deleting cookies may result in users being unable to use the full functionality of the website or the website functioning differently than intended in their browser.
You can find out about cookie settings for the most popular browsers at the following links:
Google Chrome:
https://support.google.com/accounts/answer/61416
Firefox:
https://support.mozilla.org/hu/kb/sutik-informacio-amelyet-weboldalak-tarolnak-szami
Microsoft Edge:
https://support.microsoft.com/hu-hu/help/4468242/microsoft-edge-browsing-data- and-privacy
Microsoft Internet Explorer:
https://support.microsoft.com/hu-hu/help/17442/windows-internet-explorer-delete- manage-cookies
Opera:
https://help.opera.com/en/latest/web-preferences/#cookies
Safari:
https://support.apple.com/hu-hu/guide/safari/sfri11471/mac
2. Data processing related to communication, responding to enquiries
In today’s fast-paced world, the Data Controller primarily communicates with interested parties, partners and customers electronically, but anyone can contact them with questions by post. Anyone can contact the Data Controller directly by e-mail, whether it is a request for a quote, a request for information, technical questions, or any other topic, or even by post.
When communicating with the data subject on any matter, the Data Controller shall handle emails and letters as described in this notice.
Due to the nature of its activities, the Data Controller is also involved in property development and the sale and purchase of its own properties, in connection with which data subjects may also contact it with requests for quotations.
Purpose of data processing
Communication, responding to enquiries and requests for quotations from interested parties. The Data Controller processes the data provided by the data subject exclusively for the purpose of communicating with them and handling matters related to the content of the message.
Personal data processed
Name, e-mail address, postal address in the case of postal correspondence, and any other information that the data subject considers relevant to the matter initiated by them.
Legal basis for data processing
The legal basis for the processing of personal data is the Data Controller’s legitimate interest, pursuant to Article 6(1)(f) of the Regulation, to process the personal data necessary to respond to any enquiries, questions or requests for offers addressed to it.
Source of personal data
The data subject.
Access to personal data
Personal data will not be transferred to third parties. The data will only be processed by those employees of the Data Controller whose duties include responding to enquiries and preparing requests for quotations.
Data processor(s):
Coimbra ITS Kft. (registered office: 1037 Budapest, Hunor u. 62. A lh. fszt. 2, company registration number: Cg.01-09-877628 ) – the Data Controller’s e-mail service provider.
The data processor may only process the personal data of the data subject for the purposes specified by the Data Controller and set out in the contract, in accordance with the Data Controller’s instructions, and has no independent decision-making authority with regard to data processing. The data processor has undertaken confidentiality obligations and contractual guarantees regarding the preservation of personal data obtained in the course of performing its tasks.
Transfer of personal data to a third country or international organisation
The Data Controller does not transfer personal data to third countries or international organisations.
Duration of personal data processing
The Data Controller processes personal data obtained during communication until the communication is finally concluded. However, if any kind of contract (obligation) is concluded between the Data Controller and the data subject, the Data Controller shall process the personal data obtained during communication in connection with the contract in question, in accordance with the provisions of the data processing information relating to the performance of contracts.
Automated decision-making and profiling
Neither of these occurs during data processing.
Consequences of failure to provide personal data
The provision of personal data is a condition for responding to messages and thus for communication between the data subject and the Data Controller.
3. Data processing related to the performance of contracts and the processing of contact details
The Data Controller may enter into contracts with other legal entities, which may be natural persons or legal persons.
In the event that the Data Controller enters into a contract with a natural person, a sole trader, it processes the personal data necessary for the identification of that person and for maintaining contact with them, as well as other personal data related to the performance of the contract.
If the Data Controller enters into a contract with legal entities, it is necessary to process the contact details of the partner’s contact person in order to enable the parties to maintain contact with each other during the cooperation and to maintain and deepen the cooperation.
Purpose of data processing
The purpose of data processing is to conclude and perform the contract concluded between the Data Controller and the contracting partner, including maintaining contact in relation to the contract, thereby establishing and maintaining a business relationship.
Personal data processed
Given that a sole trader is considered a natural person, in the case of a contract concluded with a natural person, the source of the personal data is the data subject. In general, in the case of a natural person or sole trader as a contracting party, the following data will be processed:
In the case of a sales contract, the Data Controller processes the data required by Act C of 2021 and other legislation as mandatory content of the sales contract.
In the case of legal entities, the Data Controller processes the name of the representative and the name, telephone number, e-mail address and position of the contact person.
Legal basis for data processing
In the case of natural persons, the legal basis for data processing is Article 6(1)(b) of the Regulation, i.e. the performance of a contract concluded with the data subject.
If the contact person does not have a direct contractual relationship with the Data Controller, i.e. the data subject is an employee or other representative of the contracting partner, the legal basis for data processing is the legitimate interest of the Data Controller pursuant to Article 6(1)(f) of the Regulation. The legitimate interest of the Data Controller is to establish and maintain a business relationship with the company represented by the data subject in order to perform the contract as efficiently as possible. Maintaining contact is therefore necessary for the purpose of establishing economic cooperation and performing the contract(s) concluded between the organisations. The Data Controller shall not process the personal data of the data subject for any other purpose without a legal basis for doing so.
Source of personal data
If the Data Controller enters into a contract with a natural person or sole trader, the source of the personal data is the data subject. In the case of a contract with a legal entity, the source of the contact details is the contracting party.
Access to personal data
Personal data shall be processed by the Data Controller exclusively by those employees whose job description includes this task.
Transfer of personal data to a third country or international organisation
The Data Controller does not transfer personal data to third countries or international organisations.
Duration of personal data processing
The Data Controller shall process the personal data of data subjects after the performance of the contract until the expiry of the general limitation period specified in the Civil Code, with the proviso that if the contract qualifies as an accounting document directly or indirectly supporting the accounting records, the Data Controller shall be obliged to retain it in a readable form for at least 8 years, in accordance with Section 169 (2) of Act C of 2000 on Accounting, in a manner that allows it to be retrieved on the basis of references in the accounting records. The Data Controller shall retain sales contracts and related documentation without any time limit.
The Data Controller shall no longer process the contact details for the contact purposes specified in this section if it is informed that the contact person’s employment relationship with the contracting partner has ended.
Automated decision-making and profiling
Neither of these occurs during data processing.
Consequences of failure to provide personal data
The provision of personal data is essential for the conclusion and performance of the contract.
4. Issuing and retaining invoices
Purpose of data processing
The purpose of data processing by the Data Controller is to issue and retain invoices
Personal data processed
The Data Controller’s customers may be legal entities, natural persons and sole traders. In the latter case, the following data are considered personal data and are processed on the basis of the following.
The data specified in Section 169 of the VAT Act, but at least:
Legal basis for data processing
The legal basis for data processing in the course of issuing invoices is Article 6(1)(c) of the Regulation, i.e. compliance with a legal obligation as described above.
Source of personal data
The source of personal data is the data subject.
Access to personal data
Personal data is processed by the Data Controller exclusively by those employees whose duties include invoicing.
Data processor responsible for accounting: TEMPLAR CONSULT Limited Liability Company (registered office: 1023 Budapest, Bécsi út 3-5. 3.em. 25., company registration number: Cg.01-09-320217)
Transfer of personal data to third countries or international organisations
The Data Controller does not transfer personal data to third countries or international organisations.
Duration of personal data processing
The Data Controller shall process the personal data of the data subject for at least 8 years from the date of issue, in accordance with Section 169(2) of Act C of 2000 on Accounting.
Automated decision-making and profiling
Neither of these occurs during data processing.
Consequences of failure to provide personal data
All data processing is based on legislation and is mandatory.
5. Claims management
Purpose of data processing
In the event of non-performance of contracts concluded by the Data Controller, the Data Controller may enforce and collect its overdue claims arising therefrom by making use of the options provided by law.
During the claim management process, the Data Controller shall first notify the non-performing contracting party in writing of the overdue claims. If the deadline specified in the payment reminder has passed without result, i.e. the claim has not been settled, the Data Controller shall enforce its claims by means of a payment order or directly through civil litigation. If the Data Controller has a claim based on an enforceable document, it may also enforce its claims directly through enforcement proceedings.
Personal data processed
During the course of claim management, the Data Controller processes the following personal data of the data subjects (obligors), indicating the precise purpose of the data processing and the precise legal provision prescribing the scope of the data for each item of data.
In the case of private individuals and sole traders:
In the case of a legal entity:
Legal basis for data processing
Data processing is in the legitimate interest of the Data Controller, which in this case specifically means the enforcement and collection of the resulting overdue claim in the event of non-performance of the contract concluded by the Data Controller, thus the legal basis is Article 6(1)(f) of the Regulation.
Source of personal data
The data subject, or, if we do not have sufficient information to take the necessary actions, public registers and authorities.
Access to personal data
Personal data shall be processed exclusively by those employees of the Data Controller whose duties include the administration of the enforcement and collection of claims in the event of non-performance of the contract.
The Data Controller may use legal representation in the course of claim management. In such cases, we will transfer the personal and other data necessary for the performance of their tasks to them. The lawyer is considered an independent data controller in the performance of their tasks.
The order for payment procedure is initiated before a notary public, using a standard form. The notary public, as well as the competent court in the event of an objection or direct civil proceedings, shall process personal data as an independent data controller.
In the enforcement proceedings, the enforcement officer may become aware of personal data in accordance with the provisions of the Vht. In the course of performing his or her duties, the enforcement officer is considered an independent data controller.
Transfer of personal data to third countries or international organisations
The Data Controller shall not transfer personal data to third countries or international organisations.
Duration of personal data processing
We process personal data related to claims until the claims are settled or until the statute of limitations expires.
Automated decision-making and profiling
Neither of these occurs during data processing.
6. Complaint handling, consumer protection
In accordance with consumer protection regulations, the Data Controller provides consumers with the opportunity to submit complaints regarding the Data Controller’s services.
Complaints are handled in accordance with the provisions of Act CLV of 1997 on consumer protection (hereinafter: “Fgytv.”).
In the case of a verbal complaint, if the service user does not agree with the immediate handling of the complaint, or if it is not possible to investigate the complaint immediately, the Data Controller shall immediately record the complaint and its position on it in accordance with Section 17/A(3) of the Fgytv.
Purpose of data processing
The purpose of data processing is to handle complaints submitted by service users in accordance with the provisions of the Fgytv.
Personal data processed
Pursuant to Section 17/A(5) of the Fgytv, in the event of a consumer complaint:
If the complaint or request is submitted by electronic message, the Data Controller shall process the email address of the data subject as specified in this notice.
Legal basis for data processing
The legal basis for data processing is the fulfilment of a legal obligation pursuant to Article 6(1)(c) of the Regulation, which in this case means the provisions of Sections 17/A(5) and 17/B(3) of the Fgytv.
Source of personal data
The data subject.
Access to personal data
Personal data is processed exclusively by those employees of the Data Controller who are involved in handling the complaint.
We do not use a data processor for data processing.
Transfer of personal data to third countries or international organisations
We do not transfer personal data to third countries or international organisations.
Duration of personal data processing
The Data Controller is required to retain documents related to complaints for 3 years in the case of data processed pursuant to Section 17/A(7) of the Fgytv. and for 5 years in the case of data processed pursuant to Section 17/B(3).
Automated decision-making and profiling
Neither occurs during data processing.
Consequences of failure to provide personal data
The processing of all data in the above categories is based on legislation and is mandatory.
7. Compliance with customer due diligence obligations
In the course of its core activities, the Data Controller performs activities related to real estate transactions in accordance with Section 3(17) of the Pmt. In this regard, it is subject to customer due diligence obligations. This includes customer identification and identity verification.
The Data Controller is obliged to comply with the above obligation when establishing a business relationship and in other cases specified in Section 6(1) of the Pmt.
During customer due diligence, the Data Controller obtains personal data, which it processes in accordance with the provisions of the Pmt.
Purpose of data processing
The purpose of personal data processing is to fulfil the legal obligations applicable to the Data Controller under the Pmt., i.e. to perform customer due diligence in accordance with the provisions of the Pmt.
Personal data processed
In order to fulfil its legal obligations under the Pmt., the Data Controller has standardised forms (identification data sheet, beneficial owner declaration, report on data, facts or circumstances indicating money laundering or terrorist financing). The Data Controller processes the personal data contained in these forms, as well as the personal data necessary for the verification of this data, as follows:
Within the scope of point b), the Data Controller shall, pursuant to Section 7(8) of the Pmt., for the purpose of verifying identity, make a copy of the document presented pursuant to paragraph (3) containing the data specified in paragraph (2), including all personal data indicated in the document, with the exception of the page certifying the personal identification number of the official identity card certifying the address.
Within the scope of point h), in the case of enhanced customer due diligence, the Data Controller shall, pursuant to Section 17(1) of the Pmt., require a certified copy of the document specified in Section 7(3) containing the data specified in Section 7(2) of the Pmt. for the purpose of identification and identity verification.
In the context of point (i), the notification must also include the data, facts and circumstances on which the notification is based, as well as any supporting documents, if available.
Legal basis for data processing
The legal basis for data processing during customer due diligence is Article 6(1)(c) of the Regulation, i.e. the fulfilment of legal obligations under Sections 6-17, 24/A-C and 27-37 of the Pmt.
Source of personal data
If the data subject is the source of the personal data, the Data Controller shall inform them directly of any changes to the scope of the data processed at the time of collection.
The source of personal data not originating from the data subject (i) the customer or their representative (e.g. data relating to the status of a close relative as a prominent public figure, or data relating to a delivery agent), and (ii) a publicly accessible register or other register from which the Data Controller is entitled to request data under the law.
Access to personal data
Personal data shall be processed by the Data Controller exclusively by those employees whose job description includes such tasks.
In order to comply with its legal obligation under Section 25 of the Pmt., pursuant to Article 6(1)(c) of the Regulation, the Data Controller shall immediately forward the data recorded and verified in accordance with Section 9 of the Pmt. concerning legal persons or organisations without legal personality that are customers or a fiduciary asset manager, shall immediately forward the data recorded and verified pursuant to Section 9 of the Pmt. to the central register established by law for the purpose of data storage, provided that the data are not included in this central register.
If data, facts or circumstances indicating money laundering, terrorist financing or the origin of the data from a criminal offence arise during customer due diligence, the Data Controller shall forward the relevant data to the authorities specified in Section 31 of the Pmt. The scope of the data transferred shall include the data recorded by the Data Controller pursuant to Sections 7-14/A of the Pmt., a detailed description of the circumstances giving rise to the report, and any additional data contained in the available documents supporting the data, facts and circumstances giving rise to the report. The legal basis for this data transfer is Article 6(1)(c) of the Regulation, i.e. the fulfilment of a legal obligation under Section 30 of the Pmt. applicable to the Data Controller.
Transfer of personal data to a third country or international organisation
The Data Controller does not transfer personal data to third countries or international organisations.
Duration of personal data processing
The Data Controller shall retain personal data obtained in the course of fulfilling its obligations under the Pmt. – including personal data contained in documents or copies thereof – in accordance with Section 56(2) and Section 57(2) of the Pmt. The Data Controller shall not transfer personal data to third countries or international organisations.
In the event that a request is received from the authorities specified in Section 58(1) of the Pmt. (e.g. court, investigating authority) in relation to the personal data processed, the Data Controller shall retain the personal data concerned by the request for the period specified in the request, but for no longer than ten years from the termination of the business relationship or the performance of the transaction order.
Automated decision-making and profiling
Neither of these occurs during data processing.
8. Newsletter
Purpose of data processing
The purpose of data processing is to send newsletters, through which the Data Controller informs interested parties and customers about the latest real estate offers, market information, promotions and other news relevant to the real estate market. The purpose of the newsletters is to assist potential buyers with personalised offers and content, as well as to inform them about the company’s services, events and other opportunities related to real estate services. During data processing, the Data Controller ensures the protection of personal data and uses it exclusively for sending newsletters and performing the administrative tasks necessary for this.
Personal data processed
Email address and name.
Legal basis for data processing
Article 6(1)(a) of the GDPR, i.e. personal data is processed on the basis of the data subject’s consent.
Source of personal data
The source of personal data is the data subject.
Recipients of personal data provided
The personal data provided by the data subject may only be accessed by those employees of the Data Controller whose job description includes the processing of personal data.
We use the following data processors for data processing:
Coimbra ITS Kft. (registered office: 1037 Budapest, Hunor u. 62. A lh. fszt. 2, company registration number: Cg.01-09-877628) – the Data Controller’s e-mail service provider.
Our data processors may only process personal data for the purposes specified by us and set out in the contract, in accordance with our instructions, and they have no independent decision-making authority with regard to data processing. Our data processors have undertaken confidentiality obligations and contractual guarantees regarding the preservation of personal data disclosed to them in the course of their duties.
Transfer of personal data to third countries or international organisations
The Data Controller does not transfer personal data to third countries or international organisations.
Duration of personal data processing
Data processing will continue until the data subject withdraws their consent. The data subject may unsubscribe from the newsletter at any time by clicking on the unsubscribe link in the newsletters or by sending a deletion request to info@aerogate.hu.
Automated decision-making and profiling.
Neither of these occurs during data processing.
Consequences of failure to provide personal data
The provision of personal data is voluntary, but without it, the data subject cannot subscribe to the Data Controller’s newsletter, and the Data Controller cannot send the newsletter to them.
Right to information
The data subject has the right to be informed about the processing of his or her personal data, which the Data Controller will fulfil by providing this notice.
Consent-based processing
Where the legal basis for a processing operation is the data subject’s consent, he or she has the right to withdraw his or her consent to the processing operation at any time. It is important to note, however, that the withdrawal of consent may only relate to data for which there is no other legal basis for the processing. If there is no other legal basis for the processing of the personal data concerned, the Controller will permanently and irretrievably erase the personal data following the withdrawal of consent. Withdrawal of consent under the Regulation shall not affect the lawfulness of the processing carried out based on consent prior to its withdrawal.
Right of access
At the request of the data subject, the Controller shall at any time inform the data subject whether his or her personal data are being processed and, if so, provide access to the personal data and the following information:
(a) the purposes of the processing.
(b) the categories of personal data concerned.
(c) the recipients or categories of recipients to whom or with which the controller has disclosed or will disclose the personal data, including in particular recipients in third countries or international organisations;
(d) the envisaged duration of the storage of the personal data or, where this is not possible, the criteria for determining that duration;
(e) the data subject’s right to obtain from the controller rectification, erasure or restriction of the processing of personal data concerning him or her and to object to the processing of such personal data;
(f) the right to lodge a complaint with a supervisory authority or to take legal action.
(g) where the data has not been collected directly from the data subject by the controller, any available information concerning the source of the data.
(h) where automated decision-making is carried out, the fact of such processing, including profiling, and, at least in those cases, the logic used, i.e. the significance of such processing and the likely consequences for the data subject.
The data subject is also entitled to receive a copy of his or her personal data upon request.
Right to rectify personal data
The data subject shall have the right at any time, upon request and without undue delay, to obtain from the Controller the rectification of inaccurate personal data relating to him or her. Taking into account the purposes of the processing, the data subject shall also have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
In the case of a request for rectification (amendment) of data, the data subject must substantiate the accuracy of the data requested to be amended and must also certify that the person entitled to the rectification is the person who requests the amendment. Only in this way can the Data Controller assess whether the new data is accurate and, if so, whether it can amend the previous data.
The Data Controller also draws the attention of the data subject to the need to notify changes to his/her personal data as soon as possible in order to facilitate lawful processing and the exercise of his/her rights.
Right to erasure
At the request of the data subject, the Controller shall, without undue delay, erase personal data relating to the data subject where one of the following grounds applies:
(a) the Controller no longer needs the personal data for the purposes for which they were collected or otherwise processed.
(b) in the case of processing based on consent, the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing.
(c) the data subject objects to the processing and there are no overriding legitimate grounds for the processing or objects to the processing for direct marketing purposes.
(d) the personal data are unlawfully processed by the Controller.
(e) the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the Controller is subject.
(f) personal data have been collected in connection with the provision of information society services.
Right to restriction of processing
The data subject shall have the right to obtain, at his or her request, the restriction of processing by the Controller where one of the following conditions is met:
(a) contests the accuracy of the personal data; in this case, the restriction shall be for a period which allows the Controller to verify the accuracy of the personal data.
(b) the processing is unlawful, and the data subject opposes the erasure of the data and requests instead the restriction of their use.
(c) the Controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or
(d) the data subject has objected to the processing; in this case, the restriction shall apply for a period until it is established whether the legitimate grounds of the Controller override the legitimate grounds of the data subject.
Right to object
Where the processing of personal data is based on the legitimate interests of the controller (Article 6(1)(f) of the Regulation) or is necessary for the performance of a task carried out in the exercise of official authority vested in the controller (Article 6(1)(e) of the Regulation), the data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data, including profiling based on those provisions.
Where the data subject’s personal data is processed by the Controller for direct marketing purposes (i.e. for sending information letters), the data subject has the right to object at any time to the processing of personal data concerning him or her for such purposes, including profiling, where it is related to direct marketing. If the data subject objects to the processing of his or her personal data for direct marketing purposes, the personal data may no longer be processed for those purposes.
Balancing test
Where the legal basis for the processing of personal data is the legitimate interest of the controller or a third party pursuant to Article 6(1)(f) of the Regulation, we will carry out a written “balancing test” in accordance with recital 47 and Article 5(2), which the data subject may request by sending an email to info@aerogate.hu.
Right to data portability
The data subject shall have the right to obtain the personal data concerning him or her that he or she has provided to the controller in a structured, commonly used, machine- readable format and the right to have those data transmitted by the controller to another controller where:
(a) the processing is based on the data subject’s consent or on a contract within the meaning of Article 6(1)(b) of the Regulation; and
(b) the processing is carried out by automated means.
The data subject may exercise the above rights by sending an e-mail to info@aerogate.hu, by post to the controller’s head office or by visiting the controller’s head office. The Data Controller shall start the examination and execution of the data subject’s request without undue delay upon receipt. The Controller shall inform the data subject of the action taken on the basis of the request within 1 month of receipt. If the controller is unable to comply with the request, it shall inform the data subject within 1 month of the reasons for the refusal and of his or her rights of appeal.
Within five years of the death of the data subject, the rights of the deceased under this information notice shall be exercisable during his or her lifetime by a person authorized by the data subject by means of an administrative arrangement or a declaration in a public or private document having full probative value made with the controller or, if the data subject has made several declarations with a controller, by a declaration made at a later date. Even if the data subject has not made a corresponding declaration, his or her close relative within the meaning of the Civil Code shall still be entitled to exercise the rights under Articles 16 (right of rectification) and 21 (right to object) of the Regulation and, where the processing was unlawful during the data subject’s lifetime or the purpose of the processing ceased to exist upon the death of the data subject, under Article 17 (right of access) of the Regulation. (right to erasure) and 18 (right to restriction of processing) of the Regulation within five years of the death of the data subject. The right to exercise the rights of the data subject under this paragraph shall be exercised by the next of kin who first exercises that right.
If you consider that the Controller is processing your personal data in breach of the requirements laid down by law or by a legally binding act of the European Union relating to the processing of personal data, you may also have recourse to the courts in order to exercise your right to judicial remedy. The court will rule on the case out of turn. The court will have jurisdiction to hear the case. You can choose to bring the case before the court of the place where you reside or are domiciled, or before the court where the Data Controller is established (Court Search: https://birosag.hu/birosag-kereso).
Anyone may initiate an investigation against the Data Controller by filing a complaint with the National Authority for Data Protection and Freedom of Information (NAIH) on the grounds that a violation of rights has occurred in connection with the processing of personal data, or that there is an imminent risk of such a violation, or that the Data Controller is restricting the exercise of their rights related to data processing or is refusing to comply with their request to exercise these rights. The report can be made using any of the following contact details:
National Authority for Data Protection and Freedom of Information (NAIH)
Postal address: 1363 Budapest, Pf. 9.
Address: 1055 Budapest, Falk Miksa utca 9-11.
Telephone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat@naih.hu
Budapest, 15 April 2025.
______________________
Aerogate Residence 1 Ltd.
Represented by: Attila Zoltán Búvár, managing director
We consider data protection important
I have read and accept the information in the privacy notice.
