GENERAL DATA MANAGEMENT INFORMATION

Hiteltszeretnék.hu Kft.

1. INTRODUCTION

The Data Controller respects your personal rights, which is why he prepared the following Data Management Information, which is also available on the Data Controller’s official website.

1.1 Personal scope of the information
This data management information sheet applies to all natural persons whose data is managed by the Data Controller, with the exception of data management related to the employment relationship.

1.2 Material scope of the prospectus
This data management information sheet covers the vast majority of the Data Manager’s data management activities, however, the Data Manager reserves the right to issue separate data management information for a smaller number of data subjects in special cases.

2. DATA OF THE DATA CONTROLLER
Data controller: Hiteltszeretnék.hu Kft.
Address: 2112 Veresegyház, Erkel Ferenc utca 3/A
Company registration number: 13-09-212252
Represented by: János Fekete
Tax number: 29202885-1-13
Name of data protection officer: János Fekete

Contact information of the data protection officer: janos.fekete@creditexperts.hu

3. LAWS, PRINCIPLES

3.1 During data management, the Data Controller is bound by the following legislation

GDPR (General Data Protection Regulation) – REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and 95/46/ on the repeal of the EC Regulation)
Data Protection Act – CXII of 2011 on the right to information self-determination and freedom of information. law and the legislation issued for its implementation
CVIII of 2001 on certain issues of electronic commercial services and services related to the information society. law;
Act V of 2013 on the Civil Code;
CL of 2017 on the taxation system. law and legislation issued for its implementation;
Act C of 2000 on accounting and the legislation issued for its implementation;
XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activity. law;
CXXXIII of 2005 on the rules for the protection of persons and property, as well as private investigative activities. law.
Act C of 2003 on electronic communications § 155
DIRECTIVE 2002/58/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (July 12, 2002) on the management, processing and protection of personal data in the electronic communications sector (“Electronic Communications Data Protection Directive”)
3.2 The Data Controller follows the following basic principles during data management

The Data Controller only processes personal data for the purpose and for the period specified here. The Data Controller only manages personal data that is essential for the realization of the purpose of data management and suitable for achieving the purpose.
During the data management, personal data that came to the attention of the Data Controller can only be seen by the persons on behalf of the Data Controller or in an employment relationship with the Data Controller, who have tasks related to the given data management.

4. DEFINITIONS

“personal data”: Any information relating to the natural person (data subject) (e.g. name, number, location data, online identifier or data relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person);
“special data”: These include personal data referring to racial or ethnic origin, political opinion, religious or worldview beliefs or trade union membership, as well as genetic and biometric data aimed at the unique identification of natural persons, health data and the sexual life or sexual orientation of natural persons relevant personal data;

“health data”: personal data relating to the physical or mental state of health of a natural person, including data relating to the health services provided to the natural person, which carries information about the natural person’s state of health;

“data subject”: identifiable natural person to whom the given personal data applies. (Such as: a website visitor, a person who subscribes to the newsletter, a person who applies for a job advertisement)
“data processing”: performing technical tasks related to data management operations;
“data processor”: the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller (on behalf of, at the instruction of, and based on the decision of the data controller);
“profiling” means any form of automated processing of personal data in which personal data is used to assess certain personal characteristics of a natural person, in particular work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movement used to analyze or predict related characteristics;
“third party”: the natural or legal person, public authority, agency or any other body that is not the same as the data subject, the data controller, the data processor or the persons who, under the direct control of the data controller or data processor, are authorized to process personal data they got;
“consent of the data subject”: the voluntary, specific and clear declaration of the will of the data subject based on adequate information, with which the data subject indicates by means of a statement or an act clearly expressing the confirmation that he gives his consent to the processing of personal data concerning him;
5. DATA MANAGEMENT ACTIVITIES

5.1 Viewing the website

5.1.1 Automatically recorded data

If you view our website (www.hiteltszeretnek.hu or www.hiteltszeretnek.com), certain data of your device (e.g. laptop, PC, phone, tablet) are automatically recorded. Such data is the IP address, the time and date of the visit, the pages visited, the website from which the visit took place, the type of browser used, the type of operating system, and the domain name and address of the Internet service provider. The recorded data is automatically logged by the web server serving the website when you view the website without any special declaration or action from you. The system automatically generates statistical data from this data. We only use this information in an aggregated and processed (aggregated) form, to correct possible errors in our services, to improve their quality, and for statistical purposes.

Purpose of data management: Checking the operation of the service and creating statistics. In case of abuse, the data can also be used to determine the source of the abuse in cooperation with the visitors’ internet service provider and the authorities.

Legal basis for data management: CVIII of 2001 on certain issues of electronic commercial services and services related to the information society. Act 13/A. (3) of §
Duration of data management: 180 days from the date of viewing the website.
5.1.2 Cookies and similar technologies

What is a cookie?

A cookie is a small text file that is stored on the hard drive of the computer or mobile device for the expiration time set in the cookie and is activated (reports back to the web server) on subsequent visits. The websites use cookies with the purpose of recording information related to the visit (pages visited, time spent on the pages, browsing data, exits, etc.), as well as personal settings, but these data cannot be linked to the person of the visitor. This tool helps you create a user-friendly website to enhance your visitors’ online experience.

How can I enable or disable cookies?

Most internet browsers automatically accept cookies, but visitors have the option to delete or reject them. Since every browser is different, you can set your cookie preferences individually using your browser’s toolbar. If you do not wish to allow any cookies from our website, you can change your web browser settings so that you are notified of cookies being sent, or you can simply reject all cookies. However, you can also delete the cookies stored on your computer or mobile device at any time. For more information on settings, see your browser’s Help. Please note that if you decide to disable cookies, you will have to opt out of certain website functions.

Legal basis for data management: Your consent
Purposes of data management:

1. Enhancing the user experience by storing personal settings

During your visit to the website, the system uses standard cookies to identify you as a unique user, to remember your language settings and to remember your login status.
2. Anonymous statistical journal

On each visit, the analysis software of the website stores nameless (anonymous) normal cookies, which can be used to find out how many people have visited the page and what content and information they are interested in. We store all analysis information without name (or other personal data) and use it for our technical and marketing purposes. This way we can find out, for example, how many visitors the page has per month. However, we do not know the names of our visitors. For the purpose presented above, we use the analytical tools of the following service providers and the cookies associated with them:
o “Google Analytics”: You can access the provider’s data protection policies and regulations by clicking on the following links:

https://policies.google.com/privacy?hl=en
https://support.google.com/analytics/answer/6004245?hl=en
https://www.google.com/safetycenter/everyone/start/
Duration of data management:
We distinguish between two types of cookies: “session cookies” and “permanent cookies”. In the case of both types of cookies, they are stored in the browser until the user deletes them.

“Session cookies” are only temporarily stored by the computer, notebook or mobile device, until you leave the given website; these cookies help the system to remember information so that you do not have to enter or fill in that information repeatedly. The validity period of session cookies is limited to the user’s current session, their purpose is to prevent data loss (for example, when filling out a longer form). This type of cookie is automatically deleted from the visitor’s computer at the end of the session or by closing the browser.
“Persistent cookies” are stored on the computer, notebook or mobile device even after leaving the website. With the help of these cookies, the website recognizes you as a returning visitor. Persistent cookies are suitable for identifying you through the server-side identifier – user association, so in all cases where user authentication is essential – e.g. online store, netbank, webmail – necessary conditions for correct operation. Persistent cookies do not carry personal data by themselves and are only suitable for identifying the user together with the association stored in the server’s database. The risk of such cookies is that they do not actually identify the user, but the browser, so it may happen that someone in a public place, e.g. enters an online store in an internet cafe or library and does not exit when leaving, then another person using the same computer may gain unauthorized access to the given web store in the name of the original user.
5.1.3 Social network cookies

In some cases, you will also find the functions of social networks on our website. These functions have an operating principle that is capable of reading cookies and, in some cases, placing cookies of social networks on your device. These cookies can enable the sending of personalized advertisements.

As a data controller, we do not have access to these cookies and the data they collect, however we would like to inform you about these elements and ask for your permission to use them.

Based on the above, social cookies from the following service providers may appear on the website:

Facebook – You can access the provider’s data protection policies and regulations by clicking on the following links:
o https://www.facebook.com/policies/cookies/

o https://www.facebook.com/about/privacy/update

5.1.4 References and Links

Our website may also contain links that are not operated by the Data Controller and serve only to inform visitors. The Data Controller has no influence on the content and security of the websites operated by the partner companies, so it is not responsible for them. Please review the data management information of the pages you visit before entering your data in any form on that page.
5.2 Facebook

We are available on Facebook at facebook.com/hiteltszeretnek.
Facebook users can subscribe to the news feed published on the message wall on facebook.com/hiteltszeretnek by clicking on the “like” link on the page, and unsubscribe by clicking on the “dislike” link on the same page, or the message you can use the wall settings to delete unwanted messages appearing on the message wall.

Legal basis for data management: Your consent.

Purpose of data management: Informing you about current information, products, news concerning us, as well as sending educational articles and materials.

Duration of data management: Our news will only appear on your news feed for as long as you want it to.

You can get information about the data management of the Facebook page from the data protection guidelines and regulations on the Facebook website at https://www.facebook.com/about/privacy/update.

5.3 Contact

You can contact us at any of our contact points (via a form on the website, by e-mail, via Facebook, by phone, by post, in person). In such a case, we assume your consent to the processing of the personal data shared with us.

The purpose of data management: maintaining contact with the requester and answering or solving the question/request.

Legal basis for data management: your consent

Categories of personal data handled: name, e-mail address, telephone number

Duration of data management: Messages and personal data received in this way will be deleted after the given request, question or complaint has been answered. However, if it is necessary for tax law or accounting reasons, or perhaps from the point of view of protecting the rights and interests of the Data Controller or the requester, they will be archived and stored for the necessary period of time, which is examined individually in each case.
5.4 Request for quotation on the web

Description of data management: Preparation and sending of offers for the use of Intermediary Financial products, contact
The purpose of data management is to register the personal data necessary to prepare the offers
Legal basis for data management: your consent (GDPR Article 6 (1) point a)
Personal data categories of the treated person: name, e-mail address, telephone number
Duration of data management: data management lasts until you withdraw your consent.
Method of withdrawing consent: by email: janos.fekete@creditexperts.hu

5.5 Preparation and mediation of financial offers on behalf of subcontractors (data processors) of the data controller

Description of data management: Preparation of offers for the use of Intermediary Financial products
The purpose of data management is to register the personal data necessary to prepare the offers

Personal data categories handled: name, birth name, place and time of birth, mother’s birth name, type and number of identification document, tax identification number, e-mail address, telephone number, mailing address

Legal basis for data management:

legitimate interest legal basis (the legitimate interest of the Data Controller and you, Article 6 (1) point f) GDPR), In this case, we will inform you about the new data management purpose and the legal basis during the first contact. We would like to inform you that you can object to such data management at any time, after which the data management will be terminated.
legal basis for legal obligation regarding data management (GDPR Article 6 (1) point c)), in the case of mediation based on Section 69. 5 HPT.
Personal data categories of the treated person: name, birth name, place and time of birth, mother’s birth name, type and number of identification document, tax identification number, e-mail address, telephone number, mailing address
Duration of data management: In the case of legitimate interest, data management lasts until you request the deletion of your personal data. You can do this by writing a letter to janos.fekete@creditexperts.hu. 3 years in the case of a legal obligation.
5.6 Transfer of data to the client of the data controller for the purpose of preparing and mediating financial offers.

Client name: Benks Kft

Client’s address: 1023, Budapest, Lajos utca 28-32.

Description of data management: Mediation to Banks for the use of Mediated Financial products
Purpose of data management: recording of personal data necessary for the mediation of credit / housing savings products

Legal basis for data management:

Description of data management: where appropriate, we provide information about our products and services to you, as our prospective customer, by sending a newsletter or occasionally sending advertising materials.

Purpose of data management: marketing activity for your information

Legal basis for data management:

Legal basis for consent (GDPR Article 6 (1) point a) if you consent to sending the newsletter or other marketing information to you. We inform you that you can withdraw your consent at any time. Categories of personal data handled: name, e-mail address

Duration of data management: Consent in case of legal basis: data management lasts until you withdraw your consent

5.8 Automated decision-making and profiling

The Data Controller does not perform automated decision-making and/or profiling.

6. YOUR RIGHTS

In connection with data management, you are entitled to the rights detailed below. If you want to exercise your rights, contact us at one of the following contact details:

address: Hiteltszeretnék.hu Kft., 2112 Veresegyház, Erkel Ferenc utca 3/A
e-mail address: janos.fekete@creditexperts.hu
Identification

In any case, we need to identify your identity before fulfilling your request. If we cannot identify you, unfortunately we cannot fulfill your request.

Answering the request

After identification, we provide information about the request in writing, electronically, or – at your request – orally. Please note that if you submitted your request electronically, we will respond electronically. Of course, in this case too, you have the option to request another method.

Administrative deadline

We will inform you about the measures taken following your request within 1 (one) month of receipt of the request at the latest. If necessary, taking into account the complexity of the application and the number of applications, this deadline can be extended by another 2 (two) months, which we will inform you of within the one-month administrative deadline.

We are also obliged to inform you of the failure to take action within the one-month administrative deadline. You can file a complaint against this with the NAIH and use your right to appeal in court.
Administration fee

The requested information and measures are free of charge. An exception is the case if the request is clearly unfounded or – especially due to its repetitive nature – excessive. In this case, we may charge a fee or refuse to fulfill the request.

6.1 You can withdraw your consent

In the case of data processing based on your consent, you can withdraw your consent at any time (GDPR Article 7). In such a case, after receiving the notification, without undue delay, your personal data in connection with the given data management.

6.2 You can request information (access).

You can request information on whether your personal data is being processed (GDPR Article 15), and if so:

What is its purpose?
What kind of data is being handled exactly?
To whom do we transmit this data?
How long do we store this data?
What rights and remedies do you have in this regard?
Who did we get your data from?
Do we make automated decisions about you using your personal data? In such cases, you can also request information about the logic (method) we apply, the importance of such data management, and the expected consequences.
If you have found that your data has been forwarded to an international organization or a third country (non-EU member state), you can request a demonstration of what guarantees the proper handling of your personal data.
You can request a copy of your personal data. (Additional copies may be charged based on administrative costs.)
6.3 You can request a correction

You can request that we correct or complete your inaccurate or incomplete personal data (GDPR Article 16).

6.4 You can request the deletion of your personal data

You can request that we delete your personal data (GDPR Article 17) if:

The personal data are no longer needed for the purpose for which they were processed;
In the case of data processing based solely on your consent;
If it is determined that personal data is being processed illegally;
It is required by EU or national legislation;
We cannot delete personal data if it is necessary:

for the purpose of exercising the right to freedom of expression and information;
fulfillment of the obligation according to the EU or Member State law applicable to the data controller requiring the processing of personal data, or in the public interest;
based on the public interest in the field of public health
for the purpose of archiving in the public interest, for scientific and historical research purposes, or for statistical purposes, if deletion would likely make this data management impossible or seriously jeopardize it; obsession
for the presentation, enforcement and defense of legal claims.
6.5 You can request that we limit data processing

You can request that we restrict data processing (GDPR Article 18) if one of the following is true:
You dispute the accuracy of the personal data, in which case the limitation applies to the period that allows us to verify the accuracy of the personal data
The data processing is unlawful, but you object to the deletion of the data and instead request the restriction of its use;
We no longer need the personal data for the purpose of data management, but you require it to submit, enforce or defend legal claims;
You have objected to data processing; in this case, the restriction applies to the period until it is determined whether the Data Controller’s legitimate reasons take precedence over your legitimate reasons.
In the case of restrictions, personal data may only be processed with your consent, with the exception of storage, or to submit, assert or defend legal claims, or to protect the rights of another natural or legal person, or in the important public interest of the Union or a member state.

We will inform you in advance about the possible lifting of the restriction.
6.6 You can ask us to transfer your personal data (right to data portability)

You have the right to receive your personal data that we manage in a machine-readable format (GDPR Article 20), and you also have the right to transfer this data to another data controller – or at your request – if the data processing is based solely on your consent or with you, or is based on a contract concluded on your behalf and is done in an automated manner.

6.7 You can object to the processing of your personal data

You can object to the processing of your personal data (GDPR Article 21) if:

Data management for the execution of tasks in the public interest, including profiling based on this;
Data management is necessary to enforce the legitimate interests of the data controller or a third party, including profiling based on this;
In the above cases, personal data will be deleted, unless their processing is justified by compelling legitimate reasons that take precedence over your interests, rights and freedoms, or that are related to the presentation, enforcement or defense of legal claims.

You can also object to the processing of your personal data if:

The data is processed for the purpose of obtaining direct business (in this context, you can also object to profiling); In this case, the personal data will be deleted
Personal data is processed for scientific and historical research purposes or for statistical purposes. In this case, the personal data will be deleted unless the data management is necessary for the performance of a task carried out in the public interest.
6.8 Rights related to automated decision-making including profiling

You have the right not to be subject to the scope of a decision based solely on automated data management, including profiling (Article 22 GDPR), which would have a legal effect on you or similarly significantly affect you.

The above does not apply if the decision:

necessary to enter into a contract or to fulfill a contract with you;
it is made possible by EU or member state law, which also establishes appropriate measures for the protection of your rights and freedoms, as well as your legitimate interests;
or based on your express consent.
Except for the legal obligation, in these cases too human intervention in the process, you can express your point of view and submit an objection to the decision.
6.9 Remedies

6.9.1 You can file a complaint with the NAIH

If you believe that the processing of your personal data is contrary to the provisions of the Data Protection Regulation, you are entitled to file a complaint with the National Data Protection and Information Security Authority (NAIH).

president: dr. Attila Péterfalvi
mailing address: 1363 Budapest, Pf.: 9.
address: 1055 Budapest, Falk Miksa utca 9-11
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
web: https://naih.hu
e-mail: ugyfelszolgalat@naih.hu

6.9.2 You can go to court

If, in your opinion, the processing of your personal data is contrary to the provisions of the Data Protection Ordinance and thus your rights contained in the Data Protection Ordinance have been violated, you have the right to appeal to the court.

The adjudication of the lawsuit falls within the jurisdiction of the court. At the choice of the data subject, the lawsuit can also be initiated before the court of the data subject’s place of residence or residence. A person who otherwise does not have legal capacity can be a party to the lawsuit. The Authority may intervene in the lawsuit in order to win the case for the person concerned.

In addition to the provisions of the Data Protection Ordinance, Act V of 2013 on the Civil Code, Book Two, Part Three, XII. The provisions contained in its title (§ 2:51 – § 2:54) as well as other legal provisions relating to court proceedings shall govern.
6.9.3 Compensation and damages

If the Data Controller causes damage or violates the privacy rights of the data subject by unlawful processing of the data subject, damages may be demanded from the Data Controller. The data controller shall be released from responsibility for the damage caused and from the obligation to pay compensation if it proves that the damage or the violation of the privacy rights of the data subject was caused by an unavoidable cause outside the scope of data management.

7. DATA SECURITY

We will do our best to take into account the current state of science and technology, the costs of implementation, as well as the nature of data management, as well as the risks to the rights and freedoms of natural persons, to implement the appropriate technical and organizational measures in order to ensure a level appropriate to the level of risk we guarantee data security.

We always handle personal data confidentially, with limited access, encryption and the possible maximization of resilience, ensuring that it can be restored in the event of a problem. We regularly test our system to ensure security.
When determining the appropriate level of security, we take into account the risks arising from data management, which arise in particular from the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise managed.
We do our best to ensure that persons acting under our control and having access to personal data can only handle said data in accordance with our instructions, unless they are required to deviate from this by EU or member state law.

Veresegyház, 2018-07-22

Effective: from 22.07.2018