Data protection guide

I. The legal background and purpose of the data protection and the data controller

In developing these rules, the 2011 Act CXII on Informational Self-determination and Freedom of Information and the provisions of Act no. VI of 1998 on the protection of personal data in information systems was specifically considered, as well as Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, signed at Strasbourg on 28 January 1981.

Hungarian law applies to questions related to data protection, and in the event of any dispute arising out of data protection the courts of Hungary have jurisdiction.

Hungarian law applies to questions related to data protection, and in the event of any dispute arising out of data protection the courts of Hungary have jurisdiction

• Name: INVESTOR’2005 Befektetési és Marketing Tanácsadó Korlátolt Felelősségű Társaság
• Residence: 2500 Esztergom, Vörösmarthy utca 13.
• Company registration number: Cg. 11-09-023842
• Phone: 06-30-335-6518
• Mail: info@portobello.hu
• Website:  www.portobello.hu
• Tax Number: 13527402-2-11
• Statistical symbol:
• Contact person: Executive Director Dr. Mateisz Renáta

II. Definitions of terms relating to personal data

• Personal data: data that may be linked to a specific natural person (hereinafter referred to as "the data subject"), related data, deductible data, conclusion on the person concerned. Personal data will retain this quality while handling data as long as its connection can be restored with the affected person;
• Data management: the collection, retrieval, and storage, processing, utilization (including forwarding and disclosure) and deletion of personal data, irrespective of the process used. Changes in the data as data management and the prevention of their further use;
• Data processing: data management operations and technical tasks, irrespective of the method and tool used to implement the operations and the location of the application;
• Transfer of data: providing data to a specific third party;
• Disclosure: making data accessible to anyone;
• Data controller: a natural or legal person or an organization without legal personality, who or which determines the purpose of the processing of personal data, makes and executes data management decisions, or entrusts execution with a data processor. In the case of mandatory data handling, the purpose and conditions of the data management and data controller are defined by law or municipal decree providing data management;
• Data processor: means a natural or legal person or an organization without legal personality who is processing personal data on behalf of a data controller;
• Data deletion: making data unrecognizable in such a way that their recovery is not possible;
• Automated data set: Automated data set;
• Machine Processing: Includes the following actions when implemented in whole or in part by automated means: data storage, data logic or arithmetic operations, data modification, deletion, retrieval, and dissemination.
• User: the natural person who registers for the use of his data management services, and in this context, gives the data requested by the data controller for the registration referred to in these regulationst.

III. Privacy Policy

• Data must be obtained and processed only in a fair and legitimate manner;
• Data should only be stored for specific and legitimate purposes and should not be used otherwise;
Data must be appropriate to the purpose of storage, and must comply with this objective, should not be excessive;
• Personal data must be correct, complete and updated as necessary;
• Data storage mode must be one which permits identification of data subjects for no longer than necessary for the purpose of storage possible;
• Appropriate security measures should be taken to protect personal data stored in automated data files to prevent accidental or unlawful destruction or accidental loss or unauthorized access, alteration, or dissemination.

IV. Additional guarantees protecting data subjects

Every data subject has the right

• to get known in reasonable interval and without delay or cost whether his/her personal data are stored in an automated file and to be informed in a comprehensible manner;
• to correct, where appropriate, or delete the data the easiest and fastest way possible and feasible;
• to raise the objection if his / her request for correction, deletion of data is not met;
• to request information from the data controller or processor in the extent of: processing, purpose, legal basis, date of use of the data, name, address, subject of the controller and information to whom and for what reason the personal data are provided. The request of the data subjects is the data controller obliged to respond not later than 30 days from the date of receipt of their requests. In case of violation of the rights of the data subjects by the data controller, the persons concerned may bring the case to court. The data controller is obliged to compensate for any damage caused to others by unlawful handling of the data concerned or breach of the technical data protection requirements. The data controller is also responsible for the damage caused by the data processor. The controller is exempted from liability if the damage was caused due to wilful or grossly negligent misconduct of the person concerned.

Personal data can only be handled if

1. the person concerned agrees or
2. It is governed by a decree of the local government according to the law or, according to the mandate of the law, within a certain circle. Act in the public interest - the scope of data explicit indication - order the disclosure of personal data. In all other cases, disclosure is required by the consent of the person concerned, and in case of special data, written consent. In case of doubt, it must be presumed that the party concerned has not given his/her consent. The consent of the person concerned shall be deemed to be given in respect of the information which he has communicated or made available for disclosure during the public service of the person concerned.

The provisions on data handling and the protection of the personal data of visitors apply only to natural persons, given that personal data can only be interpreted in relation to natural persons (pursuant to Act CXII of 2011 on Informational Self-determination and Freedom of Information). Policy is only binding on natural persons' personal data.

Data management purpose limitation:

Personal data can only be handled for a specific purpose, in order to exercise the right and to fulfil obligations. At all stages of data management, it must meet this goal.
Only personal data that are essential for achieving the purpose of data management can be used to reach the goal and only to the extent and for the time necessary to attain it.
The Data Manager can send system messages to the users in connection with the operation of the website or in connection with the provision of the service. By signing up, the user agrees that the data he/she voluntarily uses will be processed by Data Manager and used in his/her advertising activity as a statutory processed data format.

Data security:

In the data processing or activity of the data processor, the data processor is obliged to ensure the security of the data, and must also undertake the technical and organizational measures and develop the procedural rules necessary to enforce the data protection law and other data and confidentiality rules. Data shall be protected, in particular, against unauthorized access, alteration, disclosure or deletion, or damage or destruction.

V. Privacy Policy

INVESTOR'2005 Kft. undertakes to publish a clear and unambiguous statement (privacy statement) prior to the recording and handling of any data of its users, informing them about the method, purpose and principles of data collection. In addition, INVESTOR'2005 Kft. draws the user's attention to the volunteering of the data supply. The data subject shall be informed of the purpose of the data management and about who will manage and process their data. All employees and executives of the company are entitled to be familiar with data managed by INVESTOR'2005 Kft. Information on data management is also provided by the data acquisition legislation.
In all cases where the INVESTOR'2005 Kft. intends to use provided personal data for purposes different from the purpose of the original data collection, it is obligated to inform the user and to obtain its prior express consent or to allow it to prohibit its use. INVESTOR'2005 Kft. When collecting, recording and managing data, he/she will comply with all data privacy restrictions and inform them about the subject matter of the action via e-mail at the request of the persons concerned. The Company undertakes not to impose sanctions on such users who object to the voluntary provision of personal data.

INVESTOR'2005 Kft. undertakes to ensure the security of the data, to take the technical and organizational measures and to establish the procedural rules that ensure that the recorded, stored or managed data are protected or prevent their destruction, unauthorized use and unauthorized alteration.
The set of data on the residence of a natural person is the data that includes: name, address, postal address, tel. number, fax. number, e-mail address. Data that are modified in such a way that it can not be attributed to the person concerned are not considered as personal data.

INVESTOR'2005 Kft. defines, as a general principle, that whenever personal information from visitors to the website is requested, person is free to choose to provide the requested information after reading and interpreting the required information text. However, it should be noted that if someone does not provide his/her personal information, sometimes he/she may not be able to use the service that required to provide personal information.
If we are to register our users on the site of INVESTOR'2005 Kft., we will always indicate which data, for what purpose and under what conditions, to be given "mandatory". Mandatory term in this case does not refer to the compulsory nature of the data collection, but to the fact that there are cases where the registration can not be completed without completing the process, so leaving some fields intact or failing to fill may lead to the refusal of the registration. We will not disclose any personal information we provide to our visitors, unless authorized, under any circumstances.
If the authorized authorities request the provider to provide personal data in the manner prescribed by law (eg suspicion of a criminal offense or a seizure decision), the requested and available information will be provided by INVESTOR'2005 Kft.
If our users provide us with personal information, we will take all the necessary steps to ensure the security of these data - both in network communication (ie online data management) and in data storage, guarding (ie offline data management).
INVESTOR'2005 Kft. ensures that visitors can access, update and complete their personal information via the communication channels and under the same circumstances that have made their personal information available to us earlier. In this way, we want to ensure that our personal information is always updated and complete. If any of our users request their personal data be deleted from our system, we will do so immediately. The duration of the data processing is from registration to data erasure.

VI. Rules applied by the INVESTOR'2005 Kft. during the data collection

To use some of our services, our users must complete a registration questionnaire. The information generated during the registration is treated with utmost care, strict confidentiality, and unauthorized access to them. We ask our users to provide the information that help us to provide services at the highest possible level, to obtain statistical data, or to ensure that services provided will be paid. With your help, we can further develop our services according to users' expectations.
Personal data is only used for user-pre-approved purposes and without prior written consent of the user (except under statutory exceptions) they cannot be handed over to third parties.
Public communication channels, that are part of our services (such as forums), are used by all users at their own risk. The copyright of different posts is for a particular user, but INVESTOR'2005 Kft. has the right to quote or copy them without restriction. Comments may be printed, downloaded or distributed by third parties for personal use only and may only be used with the written consent of INVESTOR'2005 Kft. We would like to draw your attention to the fact that the comments on public communication channels are governed by various laws applicable to public communications. Information that is unique to accessing users of communication services is handled with the utmost care, strict confidentiality, unauthorized access to them, not handed over to third parties - except for statutory exceptions.

If our users believe that we have violated their right to protect their personal data, they may also apply to your claim to the court or request assistance from the National Privacy and Information Authority (1125 Budapest, Szilágyi Erzsébet fasor 22/c, www.naih.hu).
The court in this matter acts regardless on order. The case falls under the authority of the NAIH. The trial may take place at the option of the user at his place of residence.
Detailed legal provisions on remedies and the data controller's obligations are set out in Act CXII of 2011 on Informational Self-determination and Freedom of Information.

According to the amendment of the 2016 CLVI. law , from 1st September 2021, all accommodation service providers are obliged to record identification documents (e.g. ID cards, passports)  of all guests using the document reader upon check-in. The system is protect the rights, security and property of the data subject and others. In the absence of presenting the document, the accommodation provider will refuse the accommodation service.

Privacy Identification Number: NAIH 109181/2016.