140-en
dolgozunk a Portfolio Csoportnál
Naponta 120
cikket biztosan írunk
40
elemző írja a Portfolio-t
1500
résztvevő volt az Agrárszektor 2023-on
10
szerkesztő dolgozik a Pénzcentrumnál
25 éve
piacvezető a Portfolio
500 ezren
követnek a Facebookon
11
Junior Primánk van
1500
csészényi kávét iszunk meg havonta
FŐOLDAL Data protection and privacy policy

Net Média Publisher and Internet Content Provider Private Limited Company’s
Data protection and privacy policy

I. Objective and extent of the Policy


1.1 The aim of present Policy is to record the data protection and management principles applied by Net Média Publisher and Internet Content Provider Private Limited Company (8-10 Polgár Street, Budapest, 1033, Hungary, hereinafter referred to as Company) and the data protection and management policy which the Company as data manager undertakes to comply with.


1.2 The aim of present Policy is to ensure that the rights and fundamental liberties, especially the right to privacy of each individual shall be respected during the computer processing of their personal data, concerning every field of the services provided by the Company, at every location, without regard to the individual's nationality or residence.


1.3 When formulating the present rules the Company has paid special attention to Act 2016/679 of the European Parliament and Council (General Data Protection Regulation or GPDR), Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information ("Privacy act"), Act V of 2013 on the Civil Code, Act XLVII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities, Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society services, Act C of 2000 on Accounting (as regards the issuance and storage of invoices), Act CXIX of 1995 on the Use of Name and Address Information Serving the Purposes of Research and Direct Marketing, Act VI of 1998 on the protection of individuals with regard to the computer processing of personal data, the agreement established in Strasbourg on the date of 28th January 1981 and the provisions of the "ONLINE PRIVACY ALLIANCE".


1.4 Unless otherwise stated, present Policy does not apply to those services and data management that are connected to the promotions, prize games, services, other campaigns and content published by third parties that advertise or appear on the websites listed below in present Policy.
Unless otherwise stated, present Policy does not apply to websites and also to the services and the data management of service providers that are accessible by links embedded on the websites listed below in present Policy. In case of such services, the third party’s own data protection principles apply and the Data Manager is not liable for such data management.

II. Definition of terms


2.1 Database: the total data processed within one database.


2.2 Data management: regardless of the method applied, any operation or sum of operations of personal data belong in this category, thus especially the collection, recording, organization, storage, alteration, use, query, forwarding, public disclosure, alignment, combination, blocking, deletion, destruction of personal data, or preventing the further use of data.


2.3 Data Manager: the entity, who, alone or in association with others, determines the aims and means of data management.
Concerning services mentioned in this Policy, the entity which qualifies as Data Manager is Net Média Publisher and Internet Content Provider Private Limited Company (8-10 Polgár Street, Budapest, 1033, Hungary; company registration number: 01-10-044439 (at the Court of Registration of the Metropolitan Court of Budapest); tax identification number 12527052-2-41; hereinafter referred to as Data Manager).
The Data Manager is a company registered in Hungary.
The Data Manager is the organiser of conferences and other events, the operator of websites and the publisher of intermittent publications belonging to is portfolio. The Data Manager primarily provides digital media services and relating to this main activity it provides the services available on its Websites.


2.4 Personal Data or data: any data or information which makes a specific natural entity – directly or indirectly – identifiable.


2.5 Data Processor: the provider that manages Personal Data on behalf of the Data Manager. Concerning the Services referenced in present Policy, Data Processors are the entities listed in 9.1 of present Policy.


2.6 Website(s): websites operated by the Data Manager (portfolio.hu, penzcentrum.hu, agrarszektor.hu, trader.portfolio.hu) and the social media platforms connected to the Websites.


2.7 Publication(s): Portfolio Ingatlanmagazin, Portfolio Ingatlanmagazin - Az 50 legbefolyásosabb személy a magyar ingatlanpiacon, Agrárszektor Évkönyv - Az 50 legbefolyásosabb személy a magyar agráriumban and other intermittent publications published by the Company


2.8 Service(s): events and prize games organised by the Data Manager, online and offline publications, intermittent publications published by the Data Manager, job opening posted by the Data Manager and all services provided by the Data Manager that are available on the Websites, at the events and in Publications.


2.9 User: the natural entity, who registers for the use of any of the Services provided by International Property Network Inc. and provides their data listed in section III within present framework.


2.10 Employee: the natural entity, who is employed by the Data Manger or performs work for the Data Manager and is in a legal relation with the Data Manager


2.11 Potential Employee: the natural entity, who applies for a job opening posted by the Data Manager


2.12 External Service Providers: third party service providers used by the Data Manager – directly or indirectly – for the organisation of events, prize games the operation of websites, the publication of Publications and the provision of Services available through Websites and Publications. Personal Data is forwarded or may be forwarded to External Service Providers and External Service Providers may forward Personal Data to the Data Manager. Service providers that have access to the services’ websites and may collect data on Users which is, in itself or combined with other data, can be used to identify Users, also qualify as External Service Providers, even if they don’t have a relation with the Data Manager.


2.13 Policy: the Data Manager’s present Data protection and privacy policy.


2.14 Data Termination: the complete physical destruction of the media containing the data.


2.15 Data Forwarding: the data is made available to a specific third party.


2.16 Deletion of Data: making the data unrecognisable in a manner that their recovery in not possible.


2.17 Automatized Database: the set of data undergoing automatic processing.


2.18 Computer Processing: includes the following operations, if carried out partly or completely by automatized devices: the storage of data, the logical or arithmetical operations performed on the data, the alteration of the data, its deletion, retrieval and dissemination.


2.19 System: the total of technical solutions which operate the internet pages and services of the Data Manager and its partners.

III. The scope of Personal Data managed


3.1 If the User visits one of the Websites, the Data Manager’s System will automatically record the User’s IP address.


3.2 Based on the User’s voluntary consent, the Data Managers may also record the following data related to the use of Services through the Websites: name, address, place of residence, telephone number, e-mail address, portrait (picture), User ID number recorded by the Data Manager, content of the phone conversation between the User and the Data Manager.


3.3 If the User sends a message to or calls the Data Manager, the Data Manager records the User’s address, email address, telephone number and the time and date of the call and manages these data for the time and depth required to provide the requested Service.


3.4 The Data Manager manages the following data related to the speakers and participants of the events organised by the Data Manager: professional title, e-mail address, position, telephone number, secondary telephone number, name of the legal entity the speaker/participant is affiliated with, sectoral and activity interest, memberships that entitle the speaker/participant for discounts, professional CV of speakers.


3.5 The Data Manager manages the following data related to the prize games it may organise: name, date of birth, address, e-mail address, telephone number, occupation, membership of a pension fund and the name of the pension fund and other Personal Data listed in the prize game’s policy.


3.6 The Data Manager manages the following data related to its webshop Services: name, address, place of residence, telephone number, e-mail address, in addition to the Personal Data related to the name and address provided by the User for the issuance of the invoice, to the purchased product and to the chosen payment method.


3.7 The Data Manager may manage the name, telephone number and e-mail address of the legal or authorized representative and the point of contact of the parties in contract with the Data Manager.


3.8 Regardless of the above, it may occur that a service provider technically connected to the provision of Services manages data on one of the Websites without informing the Data Manger. Such activity does not qualify as Data Management carried out by the Data Manager. The Data Manager does everything in its power to avoid and filter out such ways of Data Management.

IV. The scope of additional data managed by the Data Manager


4.1 In favour of customisable Service, the Data Manager places a small data package (called "cookie") on the computer of the User. The purpose of the cookie is to ensure for the page to operate on a standard as high as possible in order to increase user experience. The User is able to delete the cookie from their own computer and may set their browser to disable the application of cookies. By disabling the application of cookies, the User acknowledges that the operation of the webpage is not fully functional.


4.2 During the provision of customisable Services, the Data Manager manages the following Personal Data though the usage of cookies: demographical data (based on the data referenced in points 3.2 and/or 3.4 of present Policy) and information related to personal interest, habits and preferences (based on browsing history).


4.3 Data to be recorded during the operation of the Systems: those data of the login computer of the User which generate during the use of the Service and which are recorded by the system of the Data Manager as automatic results of technical processes. This data includes the User’s IP address, the operating system and browser used by the User, data of the websites that direct the User to the Data Manager’s Websites and also the date of visits and time spent on the Data Manager’s Websites. The automatically recorded data is recorded by the System when the User signs in and sign outs, without requiring specific consent or other action from the User. Only the Data Manager has access to this data.

V. Legal grounds, aim and method of data management


5.1 The aim of the Data Manager’s Data Management:


a) providing online content
b) contact related the Company’s business activities
c) identification of the User, contact with the User
d) identification of User privileges (Services available to the User)
e) provision of Services available through the Company’s Websites
f) display of personalised content and advertisements,
g) facilitation of the personalisation of advertisements and Services used by the Users, use of convenience functions
h) management and handling of unique User requests
i) compilation of statistics and analyses
j) contact for the purpose of solicitation of business, marketing (for example newsletter, eDM, etc.)
k) providing storage for content generated by the User (for example comments posted in forums)
l) in unique cases the organisation and management of prize games, the notification of winners and providing winners with the prize
m) in the case of webshop Services, the creation of contracts between the involved parties, the definition and modification of contracts, monitoring the fulfilment of contracts, delivery of ordered products, providing ordered services, invoicing of purchase price and enforcing claims related to the purchase, documentation of appropriate fulfilment, fulfilment of accounting obligations
n) keeping records and sending reports on the Data Manager’s Employees as mandated by the law
o) recruitment and selection of the Data Manager’s Potential Employees
p) technical development of the IT system
q) protection of the User’s rights
r) legal enforcement of the Data Manager’s legitimate interests
s) facilitation of the signing and settlement of contracts related to the Data Manager’s business activities


The Data Manager may use the data made accessible by the Users during the use of Services to create user groups and publish targeted content/advertisements for the user groups on the Data Manager’s Websites.
The Data Manager may use the provided Personal Data for any of the purposes listed above.
The Data Manager may not use the provided Personal Data for purposes different from those described in these sections


5.2 If the Data Management takes place based on the User’s voluntary and informed statement, their statement contains the User’s explicit consent to the Personal Data they provided during the use of the Websites and the Personal Data generated on them being used. If during the Data Management the User’s Personal Data is forwarded, the statement extends to this fact. In case of Data Management based on the User’s consent, the User is entitled to withdraw consent at any point but that does not affect the legality of the Data Management taken place prior to the withdrawal.
Upon entering the Websites, the Data Manager may record the User’s IP address without the specific content of the User, in line with the Data Manager’s legitimate interests and the legitimate provision of Services (for example to screen for misuse or illegal content).
The legal basis of Data Management during the provision of content services is to ensure the fundamental right to information and expression, within the legal framework.
The legal basis of Data Management during the provision of other services may be the User’s voluntary consent, the signing and settlement of contracts created by the User, the legal provision that apply to the Data Manager and the facilitation of the Data Manager’s marketing/sales activities. By registering on the Websites or by using the Services, the User as costumer consents to their Personal Data given during the registration and/or the using process being stored, managed and used in accordance with the legal provisions in force at all times for the delivery of orders.
The Data Manager manages Personal Data from the invoices issued by the Manager in accordance with the act on accounting.


5.3 Data Forwarding to Data Processors listed in present Policy may be done without the User’s specific consent.
The transfer of Personal Data to third parties or authorities – unless the law states otherwise – may only occur based on the decision of authorities or on the User’s prior, explicit consent.


5.4 The User shall take responsibility for ensuring that they legally obtained the consent of any natural entity whose Personal Data they provided or made accessible during the use of Services (for example during the publishing of content generated by the User). The User is solely responsible for content upload or shared by them to the Services.


5.5 By providing their e-mail address or Personal Data during registration, every User takes responsibility for ensuring that:


a./ the data and consent given are given by the User and are accurate,
b./ only they will use the Service based on the data provided.
Regarding this responsibility, all responsibilities regarding the entries made using a specified e-mail address and/or data are to be worn by the User who registered the e-mail address and data. If during registration the User has given the data of a third party for the use of the Service, the User is liable and the Company is entitled to seek damages from the User. In such case the Data Manager should provide all the help it can for the acting authorities with the aim of identifying the wrong-doer.


5.6 The Data Manager may conduct research activities and create anonymous statistics (hereinafter referred to as Research Activities) using the data managed by the Data Manager with the aim of further development of products, evaluation, improvement and extension of services. When conducting Research Activities the Data Manager may only use data in an anonymous way where unique Users cannot be identified. The Company is entitled to use the anonymous research results, created by Research Activities, for the development of services and the introduction of new services, for the sending of online and traditional advertisements targeting specific Users and to sell anonymous research results to third parties. The User explicitly consents to Data Management with the aims mentioned above.

VI. Principles and methods of Data Management


6.1 The Data Manager may only manage Personal Data in line with the principles of good faith, fairness and transparency, complying with current legislation and the provisions of this Policy.


6.2 The Personal Data essential for using the Services provided by the Data Manager may only be used by the Data Manager based on the consent of the User and only in a purpose-bound manner.


6.3 The Data Manager shall use Personal Data only for purposes stated in present Policy and relevant legislation. The Personal Data shall be proportionate to the purpose of their storage and shall not be expanded beyond it.


6.4 In every case where the Data Manager intends to use Personal Data for purposes outside of the original data recording’s purposes, the Data Manager must inform the User and ask for its prior, explicit consent, in addition to providing the possibility to prohibit the use of its Personal Data.


6.5 The Data Manager shall not inspect the Personal Data provided. The person providing the data shall be exclusively responsible for the compliance of the data provided.


6.6 The Personal Data of a natural entity under the age of 16 shall only be managed with the consent of the legal adult exercising parental control. The Data Manager shall not inspect the legitimacy of the consenting person and the content of the statement. The User and the person exercising parental control shall be exclusively responsible for the compliance of the content. In the absence of consent the Data Manager shall not manage and collect data of persons under the age of 16, with the exception of the IP address recorded automatically during the use of the Service.


6.7 The Data Manager shall not forward the Personal Data managed to third parties, except for the Data Processors defined in present Policy and, in certain cases defined in present Policy, the External Service Providers.
The use of the Personal Data which takes place in a statistically summarized form and shall not contain the name or any other data suitable for identification of the concerned User in any form, forms an exception from under the provision included in present section, thus shall neither qualify as Data Protection, nor as Data Forwarding.
The Data Manager in certain cases - official judicial or police inquiries, legal proceedings, copyright- , property- or other infringements, or harm to the interests of the Data Manager, etc. or endangerment regarding the provision of their Services due to the well-founded suspicion of these - shall make the available Personal Data of the concerned User accessible to third parties.


6.8 The System of the Data Manager may collect data about the activity of the Users which shall not be connected with other data provided by the Users upon registration or with data generated upon using other webpages or services.


6.9 The concerned User and everyone to whom the data has been forwarded earlier for the purpose of Data Management, has to be notified about the correction, blocking or deletion of the managed Personal Data. The notification can be omitted if it does not violate the legitimate interests of the concerned party regarding the purpose of Data Management.


6.10 The Data Manager undertakes to ensure the security of Personal Data, furthermore, shall take all technical and organizational measures and establish the rules of procedure which ensure for the collected, stored and managed Personal Data to be protected, i.e. prevents their termination, unauthorized use and unauthorized alteration. The Data Manager also commits itself to notify every third party to whom the Personal Data shall potentially be forwarded or transferred by them, to fulfil their obligations in this regard.


6.11 With regards to the relevant provisions of GDPR, the Data Manager appoints a Data Protection Officer. The Data Protection Officer’s name is Balázs Bence (e-mail address: bence@portfolio.hu, telephone number: +36 1 327 4080).

VII. The term of Data Management

7.1 In case of e-mails sent by the User, if the User is not registered, the Data Manager shall delete the User’s e-mail address 90 days after closing the issue referred in the e-mail, except for unique cases where the Data Manager’s legitimate interest justifies the further management of the Personal Data until this legitimate interest ceases to exist.


7.2 The management of the Personal Data provided by the User shall persist until the User unsubscribes from the Service - with the user name provided - or requests the Deletion of Data. In this case the Personal Data shall be deleted from the Data Manager’s system.
The Personal Data provided by the User - even in cases where the User does not unsubscribe from the Service or upon deleting their registration, they only terminated the option of entry and the comments and uploaded content remains stored - can be managed by the Data Manager until the User explicitly asks for the termination of the Data Management in writing. The request of the User regarding the termination of Data Management without unsubscribing from the Service does not affect their rights regarding the use of the Service; however, it may occur that due to the absence of Personal Data, they may not utilize certain Services.
The Personal Data of the participants of the events and prize games organised by the Data Manager shall be managed by the Data Manager until the end of given event or prize game, except for when the User consents to Data Management with other purposes.
Personal Data shall be managed for marketing purposes and for the purpose of direct solicitation as long as the User does not request the deletion of their data.


7.3 In case of the use of illegal, misleading Personal Data or in case of crime or attack against the System committed by the User, the Data Manager is entitled to immediately delete the data of the User at the same time of the termination of their registration, meanwhile - in case of suspicion of crime or suspicion of the violation of civil liability - is entitled to preserve the data for the period of the procedure to be performed.


7.4 The Personal Data to be automatically, technically recorded during the operation of the System, shall be stored in the System from their creation until the end of the duration necessary for the System to operate. The Data Manager shall ensure that these automatically recorded data shall not be linked with other Personal Data - except in cases where it is made obligatory by the law. If the User terminated their consent regarding the management of their Personal Data or had unsubscribed from the Service, their person - excluding investigative Services and their experts - will not be identifiable.


7.5 If the court or authority lawfully orders the deletion of Personal Data, the Data Manager shall execute the deletion. Instead of deletion, the Data Manager may – at the same time informing the User – restrict the use of Personal Data if the User requests so or if based on information available it is assumable that the deletion would harm the User’s legitimate interest. The Data Manager shall not delete the Personal Data as long as the Data Management purpose which ruled out the deletion of Personal Data persists.

VIII. The User’s rights, options for their enforcement


8.1 The User may ask any of the Data Managers to inform them whether they manage the User’s Personal Data and if they do, the User may ask for access to the Personal Data managed by the Data Manager.
The Personal Data provided by the User during the use of given Services can be viewed in the settings section of the login system of Services and on the profile pages related to certain Services.
Nevertheless, the User may request information about the management of their Personal Data in a written form, by a registered letter or by a registered mail with return receipt requested, or by an e-mail sent to adatvedelem@portfolio.hu. The Data Manager shall answer questions in connection with Data Management within 5 business days from receipt. The request for information shall be considered authentic by the Data Manager if the User is clearly identifiable based on the request sent. The request for information sent via e-mail shall only be considered authentic by the Data Manager if it has been sent from the registered e-mail address of the User, but this shall not rule out that the Data Manager may use a different method to identify the User before answering questions.
The request for information may include the data of the User managed by the Data Manager, their sources, the purpose of Data Management, its legal basis, its duration, the names and addresses of the relevant Data Managers, the activities related to Data Management and furthermore, in case of the forwarding of Personal Data, the past or future recipients of the data of the User and the purpose of the receipt.


8.2 The User may ask for the correction or modification of the Personal Data managed by the Data Manager. Taking into account the purpose of the Data Management, the User may ask for the supplementation of deficient Personal Data.
The Personal Data provided by the User during the use of given Services can be modified in the settings section of the login system of Services and on the profile pages related to certain Services. Upon completion of a modification request related to Personal Data the previous (deleted) data shall not be restored.

8.3 The User may ask for the deletion of the Personal Data managed by the Data Manager.
The request can be denied (i) to enforce the freedom of expression and the right of information, or (ii) if the management of the Personal Data is allowed by the law, or (iii) to present, validate or protect legal claims.
The User shall be informed by the Data Manager about the refusal of the deletion request in every case with a reason for the refusal. Upon completion of a deletion request related to Personal Data the previous (deleted) data shall not be restored.
Subscriptions to the newsletters of the Data Manager may be cancelled by using the unsubscribe link. In case of the cancellation of a subscription the Data Manager shall delete the User’s Personal Data from the newsletter database.


8.4 The User may ask for the restriction of the management of their Personal if the User debates the accuracy of the managed Personal Data. In this case the restriction applies for the period which makes it possible for the Data Manager to check the Personal Data’s accuracy. The Data Manager shall mark the managed Personal Data if the User debates its correctness or accuracy but the Personal Data’s incorrectness or inaccuracy cannot be obviously determined. The Data Manager shall answer the restriction request within 5 business days from receipt.
The User may also ask for the restriction of the management of their Personal Data if the Data Management is illicit but the User opposes the deletion of the managed Personal Data.
The User may also ask for the restriction of the management of their Personal Data if the purpose of the Data Management has been fulfilled but the User requires the Personal Data’s management by the Data Manager for presenting, validating or protecting legal claims.

8.5 The User, may ask the Data Manager to hand over and/or forward the Personal Data provided by the User and stored automatically by the Data Manager. This data shall be handed over or forwarded in an articulated, widely used format that can be read on a computer.

8.6 The User, may protest the management of their Personal Data (i) if the management of Personal Data is only necessary for the fulfilment of the Data Manager’s legal obligation or the enforcement of the Data Manager’s or a third party’s legitimate interest, (ii) if the purpose of the Data Management is direct solicitation, the creation of an opinion poll or scientific research or (iii) if the Data Management is in public interest. The Data Manager shall investigate the legality of the User’s protest and if the grounds for protest are established, the Data Manager shall cease the Data Management and block the managed Personal Data, furthermore the Data Manager shall notify everyone to whom the Personal Data protested has been forwarded about the protest and the measures taken based on the protest.

IX. Data processing


9.1 The Data Manager uses the services of the following Data Processors for the fulfilment of its Data Management duties.
For the sending of larger amounts of direct online inquiries the Data Manager uses an external Data Processor. The Data Processor used is Wanadis Kft. (1112 Budapest, Budaörsi út 153.), which is entitled to access the e-mail addresses in the newsletter database. Based on the existing contract with the Data Processor, the Data Processor may solely use the Personal Data handed over for the execution of its task (sending newsletters) and after sending the newsletters it shall destroy the Personal Data handed over.
For the sending of transaction newsletters the Data Manager uses an external Data Processor. The Data Processor used is the Postmarkapp service of Wildbit (225 Chestnut Street, Philadelphia, PA 19106.), which is entitled to access the list of subjects (e-mail addresses) of the newsletter. The Data Processor may solely use the Personal Data handed over for the execution of its task (sending newsletters). Further information is available on the Data Processor’s website: https://postmarkapp.com/privacy-policy.
For keeping in touch with the participants of events organised by the Data Manager, the Data Manager uses an external Data Processor. The Data Processor used is the Whova service of Whova Inc. (6540 Lusk Blvd. Suite C214, San Diego, CA 92121), which is entitled to access the following data: first name, last name, e-mail address, position, date and time of registration. The Data Processor only has access to the User’s Personal Data if the User specifically requests the use of this service and the User explicitly consents to sharing their Personal Data with the Data Processor.
For the sending of push notifications the Data Manager uses an external Data Processor. The Data Processor used is OneSignal (2194 Esperanca Avenue, Santa Clara, CA 95054), which, through the subscription banner placed on the Websites and based on the User’s consent, is entitled to access the following data: browser ID, IP address. Further information is available on the Data Processor’s website: https://onesignal.com/privacy_policy

The Data Manager’s servers are held in the server rooms of Magyar Telekom:

Magyar Telekom
Address: 55 Krisztina Boulevard, 1013 Budapest
Company registration number: CG 01-10-041928
https://www.telekom.hu/rolunk/adatvedelem

Magyar Posta Zrt.
Address: 2-6 Dunavirág Street, 1138 Budapest
Company registration number: CG 01-10-042463

For the recording and storage of the Data Manager’s phone calls the Data Manager uses an external Data Processor. The Data Processor used is Opennetworks Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság.
Address: 50-52 Fehérvári Road, 1117 Budapest
Company registration number: 01-09-723926,

9.2 Data Processors shall not make decisions on their own, they are only entitled to act based on the contract signed with the Data Manager and the instructions given by the Data Manager.

9.3 The Data Manager shall check the Data Processors’ work.

9.4 When conducting Research Activities the Data Manager may use the services of additional Data Processors for processing, analysing and evaluating data.

9.5 The Data Processors are entitled to the use of services of additional Data Processors solely with the permission of the Data Manager.

X. External Service Providers


10.1 In many cases the Data Manager uses External Service Providers for the provision of Services. The Data Manager cooperates with External Service Providers.
In the systems of the External Service Providers the External Service Providers’ own data protection principles apply. The Data Manager shall do everything in its power to ensure that the External Service Providers manage the Personal Data forwarded to them in accordance with the law and that they only use Personal Data for the purposes established by the User on in present Policy.

10.2 Related to the Services websites the Data Manager cooperates with External Service Providers in the fields of web analytics and ad servers.
These External Service Providers are entitled to access the User’s IP address. In addition, they ensure the personalisation and assessment of Services by using cookies in many cases and by using web beacons, clicktags and other click meters in some cases.
The cookies placed by these External Service Providers may be deleted by the User at any point and Users can also opt to disable the application of cookies in their browsers. The identification of a cookie placed by the External Service Provider may be done based on the domain connected to given cookie. It is not possible to disable web beacons, clicktags and other click meters.
These External Service Providers manage the Personal Data forwarded to them in line with their own data protection principles.

The following External Service Providers in the fields of web analytics and ad servers are in cooperation with the Data Manager:
Google Analytics (https://policies.google.com/privacy)
Google AdExchange (https://policies.google.com/technologies/ads)
Google Doubleclick for Publishers (https://policies.google.com/technologies/ads)
Gemius AdOcean (http://privacypolicy.gemius.com/)
Gemius Prism (http://privacypolicy.gemius.com/)
TEN Media (https://video.vid4u.org/TEN_Cookie_tájékoztató_2018_publisher.pdf)
Netadclick
Hoppex (http://hoppex.hu/adatvedelem/)
Project Agora (http://www.projectagora.com/privacy-policy/project-agora-platform/)

10.3 The Data Manager is in contract with External Service Providers providing payment services, in order to ensure the provision of payable services. The payment service providers are entitled to access Personal Data (such as name, bank card number, bank account number, etc.) and they manage this data in line with their own data protection principles, on which further information is available on the website of each payment service provider.

The following payment service providers are in cooperation with the Data Manager:
SimplePay
OTP bank
CIB bank
Payment Gateway
Voxinfo Kft. (SMS payment)

10.4 The Data Manager uses the services of courier services for the facilitation of webshop Services and for the delivery of products ordered from the Data Manager. In regard to the Personal Data made available to the courier, they perform data management duties. The External Service Providers taking part in the fulfilments of contacts manage the Personal Data (such as name, address, telephone number, e-mail address, etc.) made available to them in line with their own data protection principles, on which further information is available on the website of each payment service provider.
The following courier service providers are in cooperation with the Data Manager:
GLS General Logistics Systems Hungary Csomag-Logisztika Kft (address: GLS 2 Európa Street, 2351 Alsónémedi)

10.4 There are External Service Providers the Data Managers are not in contract with or purposely don’t cooperate with in given data management process, but regardless have access to Websites and Services – with the User’s cooperation (i e. by connecting the User’s private account to the Services) or without it – and thus collect data on the User or on the User’s activities on the Service’s Website. In certain cases this data – in itself or connected with data collected by External Service Providers – may be used to identify Users. The following External Service Providers are considered as such, but not exclusively: Facebook Ireland Inc., Google LLC, Instagram LLC., Pinterest Ltd., Infogram Software Inc, PayPalHoldings Inc., Playbuzz Ltd., Twitter International Company., Viber Media LLC, Vimeo Ltd., Yahoo! EMEA Ltd., YouTube LLC.
These External Service Providers manage the Personal Data forwarded to them in line with their own data protection principles.

XI. Possibility of Data Forwarding


11.1 The Data Manager is eligible and obliged to forward any available dully stored Personal Data to the competent authority, to which Data Forwarding they are bound by legislation or effective administrative obligation. In case of such Data Forwarding and concerning its consequences the Data Manager shall not be liable.

11.2 The Data Manager, with the specific consent of the User, is entitled to forward the Personal Data marked in the consent form to a third party marked in the consent form for a purpose and term marked in the consent form. The third party shall manage the forwarded data in line with their own data protection principles.

11.3 The Data Manager shall keep records in order to verify the lawfulness of Data Forwarding, and to inform the User.

XII. Data Management concerning the Data Manger’s Employees, Potential Employees and visitors of the Data Manager’s premises

12.1 The Data Manager manages the following Personal Data of its Employees: name, birth name, tax ID number, social security number, mother’s name, time and date of birth, national ID number, nationality, permanent address, mailing address, bank account number, educational attainment, number of related certificate, name of spouse, birth name of spouse, tax ID number of spouse, name of children, tax ID number of children, social security number of children, name of mother of children, time and date of children’s birth, children’s disabilities.

12.2 The purpose of the Data Management concerning the Employees is the fulfilment of the Data Manager’s statutory obligations.

12.3 The term of the Data Management concerning the Employees is determined by the prescriptive legislation.

12.4 The legal basis of the Data Management concerning the Potential Employees is the voluntary and informed consent of the concerned party. The purpose of the Data Management is the recruitment and selection of the Data Manager’s Potential Employees.

12.5 By sending their CV and other documents necessary for the job application to the Data Manager, the Potential Employee consents to the Data Manager storing and managing their provided Personal Data until the Potential Employee revokes their consent but no longer than 2 years after the fulfilment of the position in question. The Data Manager is entitled to use the Personal Data provided by the Potential Employee in their CV and other documents necessary for the job application in future scenarios which could facilitate the Potential Employee’s employment by the Data Manger or the establishment of other legal working relations with the Data Manager if the Data Manager believes that the Potential Employee is a suitable candidate. In this scenario, the aim of using Personal Data is to establish whether the Potential Employee is a suitable candidate and to make direct contact with the Potential Employee possible.

12.6 The Data Manager may install and operate CCTV cameras in its offices and premises with the aim of protection of property or work contract fulfilment. The camera’s recording may be viewed and used by the Data Manager with the aim of protection of property or work contract fulfilment. The recording must be deleted within 72 hours unless they are used as described in this section.

XIII. Amendment of the Privacy Policy

13.1 The Company reserves the right to change the present Privacy Policy by a unilateral decision at any time.

13.2 The User accepts the effective provisions of the Privacy Policy at the following login; furthermore it is not necessary to request the consent of the individual Users.

XIV. Options for legal enforcement


14.1 The Data Manager’s employees can be contacted regarding any Data Management issue by writing an e-mail to adatvedelem@portfolio.hu or by calling +36 1 327 4080.

14.2 The User may directly request the help of the National Data Protection and Freedom of Information Authority (22/C Szilágyi Erzsébet alley, Budapest, 1125; tel.: +36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu; website: www.naih.hu) regarding any issues related to Data Management.

14.3 The User may practice their options for legal enforcement in court. The judgement is in the jurisdiction of the court. The legal proceedings can be started at the court of address or the court of residence. Upon the User’s request the Data Manager shall inform the User about the options and means of remedies.

Budapest, 18 May 2018