For Danube Capital R&A Zrt. (1134 Budapest, Kassák Lajos u. 18., hereinafter the Company, service provider or data controller), the protection of personal data provided by its customers or other interested parties (interested parties) is of paramount importance as well as, ensuring the right of these data subjects to self-determination in accordance with legal regulations in relation to the services provided.
The Company ensures the security of the personal data of its customers and other stakeholders, including visitors to the website, in full compliance with the relevant legislation in force, and ensures the security of personal data provided by stakeholders or from other legal sources – in particular unauthorized access, alteration, transmission, disclosure, cancellation or destruction, and protection against accidental destruction and damage – and takes the necessary technical and organizational measures and establish the procedural rules necessary to give effect to the relevant legal provisions and other recommendations.
When using corporate services, personal data provided by customers or other stakeholders or otherwise handled by the Company are also considered as bank secrets or securities secrets. The Company reserves the right to unilaterally change this prospectus at any time. It notifies its customers, the users of the published data, of any changes in due time.
In the following, the Company briefly describes the data management principles applied in relation to the visitors of its website, presents the expectations it has set for itself as a data controller, and how it complies with them.
The Company’s data management principles in connection with the website are also in accordance with the applicable data protection legislation, in particular with the following:
- 2011 CXII. Act – on the Right to Information Self-Determination and Freedom of Information (Infotv.);
- EU Regulation 2016/679 (GDPR) – on the protection of individuals about the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46 (General Data Protection Regulation)
- Act V of 2013 – on the Civil Code (Civil Code);
- XLVIII of 2008 Act – on the Basic Conditions and Certain Restrictions of Economic Advertising (Grt.).
- 1996. XX. Act – on the Methods of Identifications Replacing the Personal Identification Marks and the Use of Identification Codes
- Concepts, principles, legal basis of data management
The terms used in the prospectus are capitalized in the text and have the following meanings:
Data controller: Organization as defined in section 2.2 of the Prospectus.
Data Management: any operation or set of operations performed on Personal Data or data files in an automated or non-automated manner.
Recipient: the person, public authority, or any other body to whom or with whom the Personal Data is communicated by the Data Controller, regardless of whether the Recipient is a third party other than the Data Controller or the Data Subject. Public authorities that may have access to personal data in the framework of an individual investigation in accordance with Union or Member State law shall not be considered as recipients.
Data subject: The Data Controller’s customers and other persons related to Danube Capital during the provision of the service, if they are identified or identifiable natural persons and the Data Controller handles any information that qualifies as Personal Data about them. A natural person may be identified who, directly or indirectly, in particular by means of an identifier such as a name, date of birth, online identifier (eg IP address) or a natural, physiological, genetic, mental, economic, cultural or social identity identifiable by one or more factors.
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals about the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation).
Special Personal Data: personal data referring to racial or ethnic origin, political opinion, religious or philosophical beliefs or trade union membership, as well as genetic and biometric data for the unique identification of natural persons, health data and personal data relating to the sexual life or sexual orientation.
Personal Data: any information about the Data Subject that allows the Data Subject to be identified directly or indirectly.
Terms not specifically defined in the prospectus and not indicated in capital letters have the meaning defined in the GDPR.
- Data controller and contact details
|Data controller||contact details|
|Name of data controller||Danube Capital R&A Zrt. (“Data controller”)|
|Headquarters||1134 Budapest, Kassák Lajos u. 18.|
|Contact||Email address: email@example.com|
|Registration authority||Metropolitan Court of Registration|
|Registration number (company registration number)||01-10-140292|
- Principles and legal basis of data management
Personal data may only be processed for a specific purpose, to exercise a right and fulfil an obligation. At all stages of data management, the purpose of data management must be appropriate, and the recording and processing of data must be fair and lawful. Only personal data that is necessary for the realization of the purpose of data processing and suitable for the achievement of the purpose may be processed. Personal data may only be processed to the extent and for the time necessary to achieve the purpose. Personal data retains this quality during data processing as long as its connection with the data subject can be restored. The relationship with the data subject can be restored if the Company has the technical conditions necessary for the restoration. During the data processing, the accuracy, completeness and, if necessary, the up-to-dateness of the data must be ensured, as well as that the Data Subject can be identified only for the time necessary for the purpose of the data processing.
Personal data can be processed if:
- the data subject has consented to the use of his or her personal data for one or more specific purposes.
- the processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to the conclusion of the contract.
- the data processing is necessary to fulfil the legal obligation of the data controller.
- the processing is necessary to protect the vital interests of the data subject or of another natural person.
- in the public interest or in the exercise of a public authority conferred on the controller.
- the processing is necessary for the protection of the legitimate interests of the controller or of a third party, unless those interests take precedence over the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular when a child is affected.
The data subject shall be informed in a clear, comprehensible, and detailed manner of the data to be processed and of all facts relating to the processing of his or her data, in particular the purpose and legal basis of the processing, the person authorized to process and process the data, the duration of the processing and the data.
The data subject has the right to withdraw his or her consent at any time. Withdrawal of consent shall not affect the lawfulness of the data processing prior to withdrawal. The data subject must be informed before consent is given. Withdrawal of consent should be as simple as giving it.
If the personal data was collected based on the consent of the data subject, the Company shall- unless otherwise provided by law-
(a) use it for the purpose of fulfilling a legal obligation incumbent on it, or
(b) for the purpose of enforcing a legitimate interest of one’s own or a third party, where the exercise of that interest is proportionate to the restriction of the right to the protection of personal data,
without further consent or after the withdrawal of the data subject’s consent.
- Logging of the www.danubecapital.hu server
- When you visit the www.danubecapital.hu website, the web server automatically logs the user’s activity.
The purpose of data management: during the visit of the website, the service provider records the visitor data in order to check the operation of the service, personalized service and prevent abuse.
Legal basis for data management: the consent of the data subject and the CVIII of 2001 on certain issues related to information society services. Act 13 / A. § (3).
The range of data managed: date, time, IP address of the user’s computer, data related to the user’s computer’s browser and the address of the visited pages.
Duration of data management: 30 days from the date of viewing the website.
Data processor: The Company may use a data processor to perform this activity. The name, registered office and description of the activity performed shall be published in an announcement at any time, containing the names of the processers.
The Company does not link the data generated during the analysis of the log files with other information, nor does it seek to identify the user.
IP addresses can be used to geographically locate a visitor using a particular computer. The address of the visited pages, as well as the date and time data are not suitable for the identification of the data subject per se, but in combination with other data (e.g. provided during registration) they are suitable for drawing conclusions about the user. about the third-party logging data management:
The html code of the portal contains links to and from an external server independent of the Company. The external service provider’s server is directly connected to the user’s computer. We would like to draw the attention of our visitors to the fact that the providers of these links are able to collect user data (e.g. IP address, browser, operating system data, page address visited and time of visit) due to direct connection to their server, direct communication with the user’s browser.
Any personalized content for the user is served by the third-party server. The connection between the Company and the server of the external service provider only covers the insertion of the latter’s code, so no personal data is transferred or forwarded.
The data management for the purpose of web auditing and the recording of the website visitor data by the web server is the data management prevalent on the Internet, so the user accepts them by using the Internet and visiting web pages.
The data controllers listed below can provide detailed information on the management of data by third-party servers. As an external service provider, the Google Analytics server assists in the independent measurement and auditing of the traffic and other web analytics data of the www.danubecapital.hu website. For more information on managing your measurement data, visit http://www.google.com/intl/hu/policies/ or Google Tag Manager: https://support.google.com/tagmanager/answer/6102821?
- A www. danubecapital.hu website’s own cookie management
In order to provide customized service, the service provider receives a small data packet on the user’s computer, the so-called places a cookie and reads it back at a later visit. If the browser returns a previously saved cookie, the cookie provider has the option to link the user’s current visit to the previous ones, but only for their own content. The purpose of data management: to identify and differentiate between users, to identify the current session of users, to store the data provided during it, and to prevent data loss.
Legal basis for data processing: consent of the data subject
The scope of the managed data: identification number, date, time.
Duration of data management: until the end of the session.
Cookies can usually be managed in browsers’ Tools / Settings menu under Privacy / History / Custom Settings, under the name cookie, cookie or trace.
- Third-party cookie management at www. danubecapital.hu website
Some service partners use a small data packet on the user’s computer, called a cookie is placed and read back when you use the Internet. If the browser returns a previously saved cookie, the cookie provider has the option to link the user’s current visit to previous ones, for websites that use the third-party cookie. When visiting the www.danubecapital.hu website, Google Analytics manages cookies in order to operate its web analytics system. In order to track users and display personalized recommendations, the following providers handle cookies, provided that the visitor expressly consents to this using a statement placed on the website: Google AdWords and Facebook.
With the help of Remarketing, Google AdWords and Facebook partner providers can use their personalized ads to access other websites independent of the Company to those who have previously visited the danubecapital.hu website. Learn more about Google Analytics data management at google.com/analytics.
The document “How Google uses your information when you use a partner site or application” is available at the following link: http://www.google.com/intl/hu/policies/privacy/partners/
- The purpose of the use of the camera recording the recorded image and sound recording and the rules of the related data management
The purpose of capturing recorded camera footage is to protect personal and property and to protect business, payment, banking and securities secrets. A fixed camera recording is indicated by a warning sign (camera pictogram sign) and a description at the entrance. By entering the room, customers consent to data management. Act CXXXIII of 2005 on the rules for the protection of persons and property and the rules of private investigators the provisions of law shall apply.
- The electronic access control system
The purpose of the operation of the electronic access system is to check the legitimacy of access, the security of persons and property, and the protection of business, payment, banking and securities secrets. The information on the electronic access system is used as a guide at the time of entry. By using the access control system, the customers consent to the data management. CXXXIII of 2005 on the rules for the protection of persons and property and the rules of private investigators the provisions of law shall apply. The purpose of the operation of the electronic access control system is to check the legitimacy of access, the security of persons and property, and the protection of business.
The information on the electronic access system is used as a guide at the time of entry. By using the access control system, the customers consent to the data management. CXXXIII of 2005 on the rules for the protection of persons and property and the rules of private investigators the provisions of law shall apply.
- Electronic contact of the Company with the Clients
The Company categorizes the e-mails received from the Clients or other stakeholders based on their content and assigns them to the given organizational unit for administration. With respect to the personal data contained in the received e-mails, the Company assumes that the sending party has voluntarily and informedly provided the contents to the Company. The Company, together with the sender’s name and e-mail address, as well as other personal data voluntarily provided, will normally delete it no later than five years after the disclosure, in some cases a shorter or longer period may be specified by law.
- Data management related to advertising activities
A Grt. Pursuant to Section 6 (1), for the purpose of direct business acquisition, advertising may be communicated to a natural person as the addressee of an advertisement directly (such as, in particular, by electronic mail or other equivalent means of individual communication, with the exception of postal mail) only if the recipient of the advertisement clearly and explicitly agreed in advance.
The Company keeps a register of the personal data of the persons making the consent statement, taking into account the provisions of the consent statement and the related legal regulations (Grt., Kktv.). The data contained in this register relating to the recipient of the advertisement may be processed only in accordance with the statement of consent, until it is withdrawn, and may be disclosed to third parties only with the prior consent of the person concerned.
The Company is entitled to provide the Data Subject’s name, postal address, telephone number and e-mail address to other legal entities belonging to the Company in accordance with the provisions of the applicable legislation in force at the time, in order for them to offer their own services directly to the Data Subject. is entitled to send to the Data Subject the advertising material containing the offer of the legal entity belonging to the Company. The Data Subject may authorize the Company and consent to the Company informing the Data Subject about its own or any of the Company’s services of its affiliated company and for this purpose manage the data of the Data Subject. The Data Subject has the right at any time to request the Company not to send him / her advertising material for direct business purposes, the Data Subject may at any time withdraw his / her consent to the sending of advertisements and the processing of his data for this purpose free of charge. The Data Subject may file a claim through the contact details published on the Company’s website. In this case, the Data Subject can no longer be searched for advertising purposes.
- Other data processing
We inform our clients about the data processing not listed in this prospectus. they may contact the data controller for the purpose of transmitting, communicating, transferring or making available documents. The Company shall provide personal data to the authorities, provided that the authority has indicated the exact purpose and scope of the data, only to the extent and to the extent strictly necessary to achieve the purpose of the request.
- The way personal data is stored, the security of data management
The Company’s computer systems and other data storage locations are located at its headquarters, on the servers located at its data processors. The Company selects and operates the IT tools used for the management of personal data during the provision of the service in such a way that the managed data:
(a) accessible to those entitled to it (availability);
b) its authenticity and authentication are ensured (authenticity of data management);
(c) its integrity can be demonstrated (data integrity);
(d) be protected against unauthorized access (data confidentiality).
The Company shall protect the data by appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction, damage or inaccessibility due to changes in the technology used. In order to protect the electronically managed data files in its various registers, the Company shall ensure, by means of an appropriate technical solution, that the stored data, unless permitted by law, cannot be directly linked and assigned to the data subject. In view of the current state of the art, the Company ensures the protection of the security of data management with technical, organizational and organizational measures that provide a level of protection appropriate to the risks related to data management.
The Company retains it during data management
(a) confidentiality: it protects the information so that only those who have access to it can access it;
(b) integrity: protects the accuracy and completeness of the information and the method of processing;
(c) availability: ensuring that, when the authorized user needs it, he has effective access to the information required and the means to do so.
The Company’s and its partners ’IT systems and networks are all protected from computer-assisted fraud, espionage, sabotage, vandalism, fire and flood, as well as computer viruses, computer hacking, and denial-of-service attacks. The operator ensures security with server-level and application-level protection procedures. We inform users that electronic messages transmitted over the Internet, regardless of protocol (e-mail, web, ftp, etc.), are vulnerable to network threats that lead to unfair activity, contract disputes, or the disclosure or modification of information. To protect against such threats, the controller shall take all precautionary measures required of him. It monitors systems to record any security incidents and provide evidence of any security incidents. System monitoring also makes it possible to check the effectiveness of the precautions taken.
- Duration of retention of personal data
The Company is obliged to delete all personal data related to its customers, former customers or non-concluded contracts, for the processing of which the purpose of data processing has ceased, or for the processing of which the customer’s consent is not available, or for the processing of which there is no legal basis. Data processing purposes and certain statutory provisions sometimes result in different retention periods. In some cases, the retention period is the general limitation period in civil law, which is sometimes shorter (eg retention of sound recordings of a bank complaint) or longer (eg money laundering prevention, accounting documents) sets a retention or deletion period. The purpose of the data management of the retention of personal data – unless otherwise provided – is to prove that the Company has acted lawfully, also taking into account that the Company is obliged to prove that the data processing complies with the law during court enforcement. The financial institution may handle customer data and personal data forming bank secrets related to the non-concluded service contract as long as a claim can be enforced in connection with the failure to conclude the contract. From the point of view of claim enforcement, unless otherwise provided by law, the general limitation period specified in the Civil Code shall apply.
Any request or complaint regarding the handling / processing of the personal data of the data subject must be submitted to the Company in writing.
Before examining the obligation to comply with the request or complaint, the Company may request the data subject to:
(a) the type of personal data to which access is requested;
b) a determination of the circumstances in which the Company collected the data; and
(c) credible proof of identity; and
(d) in the case of a request for rectification, erasure, restriction or objection, a statement of the reasons why the personal data are inaccurate, incomplete or not processed in accordance with the relevant legislation or these Rules.
(e) in the case of a complaint, a precise definition of the subject of the complaint and of the action complained of, if the complaint relates to the rejection of an application, a reference to the rejected application.
The data subject may request information on the processing of his / her personal data, as well as request the correction or, with the exception of mandatory data processing, the deletion or blocking of his / her personal data in the manner indicated in the data collection or through his / her customer service.
Data subjects whose personal data are treated by the Company as data controllers are entitled to the following rights under the GDPR and the data subject is entitled to submit an application to the Company in connection with these rights. The data subject is entitled to exercise the following rights in relation to his / her personal data at any time and to notify the Company thereof in the form of a request.
If the rights specified below or the request specified in the application are not provided by the Company, it is entitled to submit a complaint to the Company in order to enforce the rights of the data subject in accordance with the conditions set forth in these regulations.
All data subjects are entitled to receive feedback on the handling of their data managed by or on behalf of the Company. When handling your data, if possible, the feedback will include:
(a) the legitimate purposes of the processing;
(b) the categories of personal data concerned;
(c) the categories of recipients of the personal data concerned;
(d) where possible, the period for which the personal data will be stored, if this is not possible for the purposes of determining that period;
e) the source of the personal data, if the personal data were not collected from the Data Subject;
(f) the fact of automated decision-making, including profiling, as well as information on the logic used and the significance of such data management and the consequences for the data subject; and
g) Appropriate guarantees in case of transfer of data to a country providing an Inadequate Level of Protection or under a Compliance Decision.
In addition to the feedback, the Company shall, upon the request of the data subject, provide the following information to the data subject:
(a) information on the data subject’s right to request the rectification or erasure of his or her personal data at any time, on any restrictions on the processing of his or her personal data and on the right to object to the processing of his or her personal data; and
(b) the possibility of submitting a complaint to the NAIH; and
(c) the possibility of judicial review; and
(d) where applicable, the possibility of claiming compensation for breaches of binding corporate rules.
The Company shall provide the information in writing in a comprehensible form as soon as possible after the submission of the application, but no later than within 30 days. This information shall be free of charge if the person requesting the information has not yet submitted a request for information on the same area to the controller in the current year. In other cases, the Company. may reimburse costs in accordance with the applicable legal requirements.
Right to rectification
The data subject is entitled to request the correction of inaccurate data concerning him from the Company. Subject to the purpose of data management, the data subject is entitled to request the Company to supplement the incomplete personal data concerning him / her, inter alia by means of an additional statement.
Right of cancellation
The data subject shall have the right to request the deletion of personal data concerning him or her if:
(a) your personal data are no longer required for the legitimate purpose for which they were collected or otherwise processed;
(b) the data subject withdraws his or her consent and the processing has no other legitimate purpose;
(c) the data subject has successfully objected to the processing of his or her personal data;
(d) the personal data of the data subject have been unlawfully processed; obsession
(e) the personal data of the data subject must be deleted in order to fulfill a legal obligation.
Instead of deleting, the Company will block personal data if the data subject so requests or if the available information suggests that the deletion would harm the data subject’s legitimate interests. Personal data blocked in this way can only be processed for as long as the purpose of data processing, which precluded the deletion of personal data, exists. The Company will flag the personal data it manages if the data subject disputes its correctness or accuracy, but the inaccuracy or inaccuracy of the disputed personal data cannot be clearly established. The Company shall notify the data subject of the rectification, blocking, marking and deletion, as well as all those to whom the data has previously been transmitted for data management purposes. It shall withhold notification if it does not harm the legitimate interests of the data subject with regard to the purpose of the processing. If the Company does not comply with the relevant request for rectification, blocking or cancellation, it shall notify the factual and legal reasons for rejecting the request for rectification, blocking or cancellation in writing within 30 days of receipt of the request.
Right to restrict
The data subject shall have the right to request a restriction on the processing of personal data concerning him or her if:
a) the data subject disputes the accuracy of his / her data for the period necessary for the Company to verify the accuracy of the data;
(b) in the event of unlawful processing;
c) the Company no longer needs the data for any legitimate purpose, but requests them in order to submit, enforce or defend the legal claims concerned; obsession
d) against the processing of the data subject’s personal data until the existence of a legitimate interest of the Company has been established.
Restrictions on the processing of the personal data of the data subject may affect the services provided by the Company. In some cases, requesting the deletion or restriction of personal data, as well as refusing to use the service and bearing the legal consequences of the withdrawal for the data subject (eg obligation to pay fines or damages). only with the consent of the data subject or to bring, assert or defend legal claims, or by any other natural or legal person.
to protect its rights. The Company must notify the data subject before lifting the restriction on data processing.
The Company shall inform all recipients to whom the personal data has been communicated of the rectification, erasure or restriction of the processing of personal data, unless this proves impossible or requires a disproportionate effort. At the request of the data subject, the Company shall provide information on these addressees.
Right to data portability
The data subject is entitled to receive the personal data provided by him to the Company in a structured, widely used, machine-readable format if:
(a) the processing is based on the consent of the data subject; obsession
(b) the processing is based on the performance of a contract with the data subject; and data management is automated.
Right to protest
The data subject has the right to protest at any time against the processing of his / her personal data in the public interest, in the exercise of a public authority and in order to enforce the legitimate interest of the Company or a third party, for reasons related to his / her situation, unless the processing is required by law.
The data subject is also entitled to object to the processing of his or her personal data on the basis of a legitimate interest, unless the Company proves that the processing is based on compelling legitimate reasons that give him or her a legitimate interest in processing the data or enforcing the Company’s legal claims. related.
The Company shall examine the protest within the shortest time from the submission of the application, but not later than within 15 days, make a decision on the merits of the application and inform the applicant of its decision in writing. If the protest is justified, the Company shall terminate the data processing, including further data collection and data transfer, and block the data, as well as notify the protester and the measures taken on the basis of the protest to all persons to whom the personal data are obliged to take measures to enforce the right to protest. If the data subject does not agree with the decision of the data controller, or if the data controller does not respond to the protest within 15 days, the data subject may apply to a court within 30 days from the notification of the decision or the last day of the 15-day time limit for notification.
Compensation and damages
The Company will indemnify the damage caused to others by the illegal handling of the data of the data subject or by violating the data security requirements. In the event of a violation of the data subject’s right to privacy, the data subject may claim damages (Section 2:52 of the Civil Code). The data controller is also liable to the data subject for the damage caused by the data processor. The data controller is released from liability if the damage was caused by an unavoidable cause outside the scope of data processing. The controller shall not reimburse the damage and no damages may be claimed to the extent that the damage was caused by the intentional or grossly negligent conduct of the data subject caused by the victim or the violation of the right to privacy.
The data subject may file a complaint if, in his or her opinion, the Company has breached its data management obligations. In this area of activity, the Company acts in accordance with the provisions of the laws on customer protection and the Complaint Handling Regulations.
Right to apply to the courts
In case of violation of the rights of the data subject – within 30 (thirty) days from the notification of the decision or if the Company fails to comply with the deadline prescribed by law, it may file a lawsuit against the data controller. The court is acting out of turn in the case. The trial falls within the jurisdiction of the tribunal. The lawsuit may also be brought before the court of the place of residence or stay, at the option of the person concerned.
Data protection authority procedure
Complaints can be lodged with the National Data Protection and Freedom of Information Authority:
Name: National Data Protection and Freedom of Information Authority
Headquarters: 1125 Budapest, Szilágyi Erzsébet avenue 22 / C.
Mailing address: 1530 Budapest, Pf .: 5.
Phone: 06-1-391-1400Fax: 06-1-391-1410
What is cookie?
In order to provide a customized service, the website uses a small data package on the user’s computer, the so-called places a cookie and reads it back at a later visit. Cookies are small data files that a browser places on a user’s computer or device. Among other things, they collect information, memorize the visitor’s custom settings, and generally make the website easier for users to use. Cookies do not in themselves collect data stored on your computer or in files. Please read the information below carefully for more information on how we collect information when you use the Website.
What type of cookies are there?
Session cookie: these cookies are temporarily activated while browsing. That is, from the moment the user opens the browser window until the moment he closes it. As soon as the browser closes, all session cookies are deleted.
Persistent cookie: these cookies remain on the user’s device for the period specified in the cookie. They are activated each time a user visits a website.
How to delete / disable cookies?
You can find information about the cookie settings of the most popular browsers here:
How to withdraw consent?