Privacy statement

1. GENERAL INFORMATION, THE DATA CONTROLLER AND ITS CONTACT DETAILS

1.1 GENERAL INFORMATION

This Data Protection Notice is SomeDeal Ltd. applies to the data processing carried out during its real estate brokerage activity, and sets out its principles, objectives and rules. SomeDeal Kft. has two main profiles: network development and provision of real estate brokerage services – in particular, but not exclusively, real estate sales, real estate rental, property search for purchase or lease – to natural or legal persons associated with it. Further detailed information on the real estate brokerage services provided by SomeDeal Kft. is available on the itthome.hu website. In view of the applicable legislation, the Data Subjects must be informed of all facts and circumstances related to the data processing before the start of data processing, which we comply with as follows.

1.2 GOVERNING LEGISLATION

This Data Management Notice has been prepared in accordance with the European Union and Hungarian laws, in accordance with which the Data Controller carries out its activities.

Governing legislation:
– The European Union General Data Protection Regulation applies (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation 95/46/EC; hereinafter referred to as GDPR).
– Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: Infotv.)
– Act LIII of 2017 on the Prevention and Combating of Money Laundering and the Financing of Terrorism (hereinafter: Pmt.)
– Act C of 2000 on Accounting (hereinafter: Act)
– Act XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activities (hereinafter: Advertising Act)
– Act CLV of 1997 on Consumer Protection (hereinafter: Consumer Protection Act)
– Act V of 2013 on the Civil Code (hereinafter: Civil Code)

1.3 DATA PROCESSOR

Name of the Data Controller: SomeDeal Kft.
Headquarters: 1027 Budapest, Varsányi Irén 8.
Company registration number: 01-09-186613
Tax number: 24865511-2-41
Email address: somedeal@somedeal.eu
Phone number: +36 1 781 5495
Website: https://somedeal.eu/
Data Protection Officer: Vince Lajtos
Data Protection Officer contact: vince.lajtos@somedeal.eu

2. THE PARTIES CONCERNED

2.1 STAKEHOLDERS

When providing real estate brokerage services, the Data Controller processes personal data in accordance with the GDPR, in particular, but not exclusively, in relation to the following natural persons (hereinafter: Data Subjects): principal, advertiser, inquirer, bidder, contact person or natural person authorized to act on behalf of the foregoing. The scope of this Privacy Policy does not extend to data that does not concern natural persons or that cannot be associated with natural persons.

2.2 SCOPE OF DATA PROCESSED

The Data Controller processes the following data of the Data Subjects when providing real estate brokerage services:
– data necessary for identification: the Data Subject's family name and first name, birth family name and first name, place and time of birth, mother's birth name, permanent address, or, in the absence thereof, place of residence.
– data necessary for contact: name, address, telephone number and e-mail address of the Data Subject.
– data related to the customer due diligence obligation: the Data Subject's family name and first name, birth family name and first name, place and date of birth, mother's birth name, permanent address, or, failing that, place of residence, citizenship, personal identification document, number of official identification document proving address. If the customer is not a natural person, the Data Controller processes the name, position, data suitable for identifying the delivery agent, and data relating to the nature and extent of the ownership interest.
– data necessary for the performance of the contract: the Data Subject's family name and first name, family name and first name at birth, place and date of birth, mother's birth name, permanent address, or, failing that, place of residence, citizenship, as well as other personal data that the Data Controller becomes aware of during the performance of the legal relationship.
– data included in the power of attorney
– data recorded during a telephone conversation: telephone conversations between the Data Subject and the Data Controllers may be recorded by the Data Controllers if necessary due to the nature of the call. The recording is always made with the consent of the Data Subject.
– data necessary for complaint handling: the name, address, contact details of the Data Subject, and other data recorded in the complaint.
– data related to real estate: the address of the real estate, its geographical number, its floor area, other essential characteristics related to the sale, and information related to the price (sales price or rental fee).

3. PRINCIPLES, PURPOSE, LEGAL BASIS OF DATA PROCESSING

3.1 PRINCIPLES OF DATA MANAGEMENT

The data of the Data Subjects may only be processed lawfully, fairly and transparently. In view of this, the Data Controller must strive to ensure that the processed data are accurate, complete and up-to-date. The Data Controller shall ensure the appropriate security of the processed data and the enforcement of the rights of the Data Subjects, and shall take all necessary measures to ensure that the data processing is lawful at all stages.

3.2 PURPOSE OF DATA PROCESSING

The primary purpose of data processing is to provide real estate brokerage services and other related business activities. Within this framework, the purpose of data processing is to:
– Identification of affected parties
– Customer due diligence in accordance with legal requirements
– Contacting, maintaining contact and coordinating with Data Subjects
– Fulfillment and implementation of the agreement between the Data Controller and the Data Subjects, as well as the provision of all other related services
– Use of cookies to ensure efficient operation of the website and to develop a user-friendly website
– Fulfillment of accounting obligations
– Complaints handling, consumer protection
– Handling phone calls
– Enforcement of claims in case of breach of contract

3.3 LEGAL BASIS FOR DATA PROCESSING

The Data Controller may process the Data Subjects' data for multiple purposes, so there may be multiple legal bases for data processing. The main legal bases are as follows:

3.3.1 Consent of the data subject – GDPR Article 6. Paragraph 1, point a)

The Data Controller primarily processes the data of the Data Subjects on the basis of consent. The Data Subject's consent is always voluntary, specific and adequately informed and is given by means of a clear expression of will. The Data Subject gives his consent to the processing of his data when he uses or initiates the real estate brokerage services. This consent can be withdrawn at any time, without restriction, by notification addressed to the Data Controller. However, the withdrawal of consent does not affect the lawfulness of the data processing prior to its withdrawal.

3.3.2 Performance of a contract – GDPR Article 6, paragraph 1, point b)

If the Data Subject and the Data Controller conclude a contract, the Data Subject shall provide the data necessary for the performance of the contract. The conclusion of the contract may only be voluntary, so the Data Controller shall process the data based on the performance of the contract and the consent of the Data Subject. If the Data Subject does not consent to the processing of any of his/her data, which is otherwise a mandatory part of the contract by law, the contract shall not be concluded.

3.3.3 Legal obligation – GDPR Article 6, paragraph 1, point c)

In the following cases, the Data Controller has a legal obligation to process certain data. In particular, but not exclusively, in the case of the laws set out in point 1.2 (Act LIII of 2017 on the Prevention and Combating of Money Laundering and the Financing of Terrorism; Act C of 2000 on Accounting; Act XLVIII of 2008 on the Basic Conditions and Certain Limitations of Economic Advertising; Act CLV of 1997 on Consumer Protection)

3.3.4 Legitimate interest of the controller or a third party – GDPR Article 6. Paragraph 1, point f0)

If it is necessary for the legitimate interests of the Data Controller or a third party to be enforced - and the individual assessment is justified on the basis of the balancing of interests test - the Data Controller uses the data for the purpose of enforcing this interest. During the balancing of interests, the Data Controller must examine whether the identified interests truly justify the data processing and examine whether the data processing can be implemented on another legal basis. The Data Controller primarily uses the data in the successful conduct of the real estate service activity and in the interests of the success of the mediation.

3.3.5 Certain data processing

– The Data Controller processes the data necessary for identification in the case of clients to fulfill a legal obligation, and in the case of viewers and interested parties on the basis of legitimate interest.
– The data necessary for contact is processed by the Data Controller on the legal basis of consent in the case of viewers and interested parties, while in the case of advertisers on the basis of legitimate interest.
– The Data Controller processes data related to customer due diligence obligations based on the fulfillment of legal obligations.
– The Data Controller processes the data necessary for the performance of the contract on a contractual legal basis.
– The data included in the authorization is processed by the Data Controller on the legal basis of fulfilling a legal obligation.
– The data recorded during the telephone conversation is processed by the Data Controller on the legal basis of fulfilling a legal obligation and with the consent of the data subject.
– The Data Controller processes data necessary for complaint handling based on legal obligation and the consent of the data subject.
– Data related to real estate is processed by the Data Controller with the consent of the data subject and on a contractual basis.
– The Data Controller processes the data on the website on the legal basis of the data subject's consent.

4. DURATION OF DATA PROCESSING

The duration of data processing may not exceed the necessary and lawful extent, so the data will be deleted as follows:
– in the case of data processing based on legitimate interest, after the purpose has been achieved;
– in the case of data processing based on consent, after the withdrawal of the Data Subject's consent;
– the Data Subject objects to the data processing;
– in the case of data processing based on a legal obligation, the specified period has expired (the data specified in the Personal Data Protection Act and the Personal Data Protection Act are deleted after eight years, while in the Personal Data Protection Act after five years);
– it becomes certain that the data processing is unlawful.

5. RIGHTS OF DATA SUBJECTS AND THEIR EXERCISE, LEGAL REMEDY

5.1 INFORMATION, ACCESSIBILITY

The Data Subject has the right to receive information regarding the processing of his/her data in a transparent, understandable and easily accessible form, in clear and plain language. He/she has the right to contact the Data Controller at any time during the processing of his/her data and request information and clarification regarding the processing of his/her data.

5.2 CORRECTION

The Data Subject has the right at any time to request the correction of the processed data and, in case of deficiencies, to request their completion.

5.3 DELETION, WITHDRAWAL OF CONTRIBUTION

The Data Controller is obliged to delete the processed data upon the request of the Data Subject, if the data processing is based on the consent of the Data Subject. If the data processing is required by a legal obligation, the Data Controller will refuse the deletion.

5.4 LIMITATION

The Data Subject has the right to request that the Data Controller restrict data processing in the following cases:
– The data subject disputes the accuracy of the personal data, in which case the restriction applies for a period of time that allows the Data Controllers to verify the accuracy of the personal data;
– The processing is unlawful and the Data Subject opposes the erasure of the data and instead requests the restriction of their use;
– The Data Controller no longer needs the personal data for the purposes of data processing, but the Data Subject requires them for the establishment, exercise or defense of legal claims;
– The Data Subject has objected to the processing; in this case, the restriction applies for the period until it is determined whether the legitimate grounds of the Data Controller override the legitimate grounds of the Data Subject.

5.5 PROTEST

The Data Subject has the right to object at any time, on grounds relating to his or her particular situation, to processing of personal data concerning him or her based on legitimate interests, public interest or official authority, including profiling based on those provisions. In such a case, the Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject, or for the establishment, exercise or defence of legal claims.

5.6 DATA PORTABILITY

The Data Subject shall have the right to receive the personal data concerning him or her in a structured, commonly used and machine-readable format and shall have the right to transmit those data to another Data Controller, provided that the processing is carried out by automated means. The Data Subject shall have the right, where technically feasible, to request the direct transmission of the personal data to another Data Controller.

5.7 HANDLING OF DATA SUBJECT REQUESTS

The Data Subject may submit a request to exercise his/her rights to the Data Controller orally or in writing. The Data Controller shall examine the request immediately and shall make a decision on the fulfillment or rejection of the request within 30 days. In all cases, the Data Controller shall inform the Data Subject of the content of the decision, including its justification, and, where applicable, the necessary measures shall be taken. If the Data Controller rejects the request, it shall inform the Data Subject of his/her legal remedies.

5.8 LEGAL REMEDY

The Data Subject may file a complaint directly with the National Data Protection and Freedom of Information Authority (address: 1055 Budapest,
Falk Miksa utca 9-11.; phone: +36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu; website: www.naih.hu) and can also go directly to court. You can file a lawsuit against the data controller before the competent court of your place of residence, or in the absence thereof, the court of your place of residence, for violation of the rules governing the processing of personal data. If the court in question grants your request, it obliges the data controller to provide information, correct, block, delete the data, annul the decision made by automated data processing, take into account the data subject's right to object, and provide the data requested by the data recipient.

6. OTHER INFORMATION

6.1. Interpretative provisions

– Data subject: any natural person identified or identifiable on the basis of any information;
– Identifiable natural person: a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
– Personal data: any information relating to the Data Subject;
– Consent: a voluntary, definite and clearly stated indication of the Data Subject's will based on adequate information, by which the Data Subject, by a statement or by another conduct which clearly expresses his/her will, signifies agreement to the processing of personal data relating to him/her;
– Data controller: the natural or legal person or organization without legal personality who, within the framework set out in law or in a binding legal act of the European Union, independently or jointly with others determines the purposes of data processing, makes and implements decisions relating to data processing (including the means used), or has them implemented by the data processor;
– Joint Data Controller: the Data Controller who – within the framework set out in law or in a binding legal act of the European Union – determines the purposes and means of data processing jointly with one or more other Data Controllers, makes and implements decisions relating to data processing (including the means used) jointly with one or more other Data Controllers or has them implemented by the data processor;
– Data processing: any operation or set of operations performed on data, regardless of the procedure used, including in particular collection, recording, recording, organization, storage, alteration, use, retrieval, transmission, disclosure, alignment or combination, blocking, erasure and destruction, as well as preventing further use of the data, taking photographs, audio or video recordings and recording physical characteristics suitable for identifying a person (e.g. fingerprints or palm prints, DNA samples, iris images);
– Data transfer: making data available to a specific third party;
– Indirect data transfer: the transfer of personal data to a Data Controller or data processor carrying out data processing in a third country or within the framework of an international organization, through the transfer of personal data to another Data Controller or data processor carrying out data processing in a third country or within the framework of an international organization;
– Disclosure: making the data accessible to anyone;
– Data deletion: making data unrecognizable in such a way that its recovery is no longer possible;
– Restriction of data processing: blocking of stored data by marking it for the purpose of restricting further processing of the data;
– Data destruction: complete physical destruction of the data medium containing the data;
– Data processing: all data processing operations performed by a data processor acting on behalf of or on the instructions of the Data Controller;
– Data Processor: the natural or legal person or an organization without legal personality who processes personal data on behalf of or under the instructions of the Data Controller, within the framework and under the conditions specified by law or a binding legal act of the European Union;
– Data controller: the body performing public tasks that produced the data of public interest that must be published electronically, or in the course of whose operations this data was generated;
– Data provider: the body performing a public task which – if the data controller does not publish the data itself – publishes the data provided to it by the data controller on a website;
– Data set: the set of data managed in a register;
– Third party: a natural or legal person or an organization without legal personality who is not the same as the Data Subject, the Data Controller, the Data Processor or the persons who carry out operations related to the processing of personal data under the direct control of the Data Controller or the Data Processor;
– EEA state: a Member State of the European Union and another state party to the Agreement on the European Economic Area, as well as a state whose citizen enjoys the same legal status as a citizen of a state party to the Agreement on the European Economic Area under an international treaty concluded between the European Union and its Member States and a state not party to the Agreement on the European Economic Area;
– Third country: any state that is not an EEA state;
– Data protection incident: a breach of data security that results in the accidental or unlawful destruction, loss, alteration, unauthorized transmission or disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise processed;
– Profiling: any processing of personal data – by automated means – aimed at evaluating, analysing or predicting personal characteristics of the Data Subject, in particular characteristics relating to his/her performance at work, economic situation, health, personal preferences or interests, reliability, behaviour, location or movements;
– Recipient: the natural or legal person, or an organization without legal personality, to whom or to whom the Data Controller or the data processor makes personal data available;
– Pseudonymization: processing of personal data in a way that makes it impossible to determine which Data Subject the personal data relates to, without the use of additional information stored separately from the personal data, and ensures, by taking technical and organizational measures, that it cannot be linked to an identified or identifiable natural person.

2025.03.20.
SomeDeal Ltd.