EB Hungary Invest Limited Liability Company (registered office: 1107 Budapest, Fogadó street 4., company registration number: 01-09-725294, registration court: Metropolitan Court of Registration, tax number: 13240567-2-42)
(hereinafter: “Data Controller” or “We”)
Contact us for questions related to data processing:
postal address: 1475 Budapest, Pf. 80.
Email Inbox: adatkezeles@ebhinvest.hu
Phone: +36-1/220-6149
Website: ebhinvest.hu
has prepared the following data protection information in order to ensure the legality of its internal data processing procedures and the rights of data subjects.
The Data Controller processes personal data in accordance with all applicable laws, but primarily in accordance with the provisions of the following laws:
The Data Controller shall treat personal data as confidential and shall take all technical and organizational measures related to data storage and data processing to ensure the security of data.
Concepts
The conceptual framework of this Data Processing Notice is consistent with the interpretative definitions set out in Article 4 of the Regulation, supplemented in certain respects by the interpretative provisions of Section 3 of the Infotv.
When this notice refers to data or data processing, it refers to personal data and the processing thereof.
The Data Controller uses cookies on its website (hereinafter: website) available in order to maintain and develop the services of the website and to enhance the user experience.
What is a cookie?
Cookies are small text files placed on the user’s device by the browser to identify and collect information. A cookie consists of a unique string of numbers and is primarily used to distinguish between computers and other devices that download the website. Cookies have several functions, including collecting information, remembering user settings, and allowing the website owner to learn about user habits in order to enhance the user experience.
For what purposes does the website use cookies?
The Data Controller uses cookies for the following purposes:
to ensure the proper and high-quality functioning of the website, to facilitate the management of the pages,
to improve the user experience and perform certain functions of the website,
to understand how visitors interact with the website (e.g. examining the number of visitors and the bounce rate)
to collect information about how users use the website and which parts of it they visit most often to provide better user experience.
to place targeted advertisements.
What cookies does the website use?
Strictly necessary cookies:
The Data Controller uses strictly necessary cookies to ensure the proper functioning of the website and its subpages, including navigation between pages, and to remember the login details of the data subject.
In accordance with the above, strictly necessary cookies are required for users to be able to use the website’s functions without interruption, including remembering the actions you have taken on the pages you have viewed during a visit. The validity period of cookies applies only to your current visit; once the session is over or the browser is closed, these cookies are automatically deleted from your computer. Without the use of these cookies, we cannot guarantee that you will be able to use the website as intended.
Functional, analytical, performance and advertising cookies
The Data Controller provides up-to-date and detailed information on non-essential cookies via the website’s cookie manager. These are cookies that are not strictly necessary but help to improve the user experience and the performance of certain functions of the website, analyze the use of the website and display targeted advertisements. The Data Controller uses these cookies only with the consent of users.
The Data Controller uses Google Analytics cookies to analyze website usage. A detailed description of these cookies is available at the following link: https://support.google.com/analytics/answer/6004245
The Data Controller uses Google Analytics cookies for the purpose of statistical analysis of website traffic and visitor usage habits, which serves to improve the website and the user experience.
Analytical cookies collect information about the visiting habits of website users anonymously. The use of analytical cookies is only possible with the user’s consent, which you can withdraw at any time.
What is the legal basis for data processing by cookies?
The Data Controller uses cookies that are essential for the use of the website on the basis of its legitimate interest pursuant to Article 6(1)(f) of the GDPR. The legal basis for the use of other cookies is the consent of the data subject pursuant to Article 6(1)(a) of the GDPR, which can be given via the cookie manager.
How can you control and disable cookies?
In addition to the website’s cookie manager, all modern browsers allow you to change your cookie settings. Most browsers automatically accept cookies by default, but these can usually be changed to prevent automatic acceptance and offer you the choice of whether to accept cookies each time.
Since cookies are designed to facilitate and enable the usability and processes of the website, preventing or deleting cookies may result in users being unable to use the full functionality of the website or the website functioning differently than intended in their browser.
You can find out about cookie settings for the most popular browsers at the following links:
Google Chrome:
https://support.google.com/accounts/answer/61416
Firefox:
https://support.mozilla.org/hu/kb/sutik-informacio-amelyet-weboldalak-tarolnak-szami
Microsoft Edge:
https://support.microsoft.com/hu-hu/help/4468242/microsoft-edge-browsing-data-and-privacy
Microsoft Internet Explorer:
https://support.microsoft.com/hu-hu/help/17442/windows-internet-explorer-delete-manage-cookies
Opera:
https://help.opera.com/en/latest/web-preferences/#cookies
Safari:
https://support.apple.com/hu-hu/guide/safari/sfri11471/mac
In today’s fast-paced world, the Data Controller primarily communicates with interested parties, partners and customers electronically, but anyone can contact them with questions by post. Anyone can contact the Data Controller directly by e-mail, whether it is a request for a quote, a request for information, technical questions, or any other topic, or even by post.
When communicating with the data subject on any matter, the Data Controller shall handle emails and letters as described in this notice.
Due to the nature of its activities, the Data Controller is also involved in property development and the sale and purchase of its own properties, in connection with which data subjects may also contact it with requests for quotations.
Purpose of data processing
Communication, responding to enquiries and requests for quotations from interested parties. The Data Controller processes the data provided by the data subject exclusively for the purpose of communicating with them and handling matters related to the content of the message.
Personal data processed
Name, e-mail address, postal address in the case of postal correspondence, and any other information that the data subject considers relevant to the matter initiated by them.
Legal basis for data processing
The legal basis for the processing of personal data is the Data Controller’s legitimate interest, pursuant to Article 6(1)(f) of the Regulation, to process the personal data necessary to respond to any enquiries, questions or requests for offers addressed to it.
Source of personal data
The data subject.
Access to personal data
Personal data will not be transferred to third parties. The data will only be processed by those employees of the Data Controller whose duties include responding to enquiries and preparing requests for quotations.
Data processor(s):
Coimbra ITS Ltd. (registered office: 1037 Budapest, Hunor u. 62. A lh. fszt. 2, company registration number: Cg.01-09-877628 ) – the Data Controller’s e-mail service provider.
The data processor may only process the personal data of the data subject for the purposes specified by the Data Controller and set out in the contract, in accordance with the Data Controller’s instructions, and has no independent decision-making authority with regard to data processing. The data processor has undertaken confidentiality obligations and contractual guarantees regarding the preservation of personal data obtained in the course of performing its tasks.
Transfer of personal data to a third country or international organization
The Data Controller does not transfer personal data to third countries or international organizations.
Duration of personal data processing
The Data Controller processes personal data obtained during communication until the communication is finally concluded. However, if any kind of contract (obligation) is concluded between the Data Controller and the data subject, the Data Controller shall process the personal data obtained during communication in connection with the contract in question, in accordance with the provisions of the data processing information relating to the performance of contracts.
Automated decision-making and profiling
Neither of these occur during data processing.
Consequences of failure to provide personal data
The provision of personal data is a condition for responding to messages and thus for communication between the data subject and the Data Controller.
The Data Controller may enter contracts with other legal entities, which may be natural persons or legal persons.
In the event that the Data Controller enters into a contract with a natural person, a sole trader, it processes the personal data necessary for the identification of that person and for maintaining contact with them, as well as other personal data related to the performance of the contract.
If the Data Controller enters into a contract with legal entities, it is necessary to process the contact details of the partner’s contact person in order to enable the parties to maintain contact with each other during the cooperation and to maintain and deepen the cooperation.
Purpose of data processing
The purpose of data processing is to conclude and perform the contract concluded between the Data Controller and the contracting partner, including maintaining contact in relation to the contract, thereby establishing and maintaining a business relationship.
Personal data processed
Given that a sole trader is considered a natural person, in the case of a contract concluded with a natural person, the source of the personal data is the data subject. In general, in the case of a natural person or sole trader as a contracting party, the following data will be processed:
In the case of a sales contract, the Data Controller processes the data required by Act C of 2021 and other legislation as mandatory content of the sales contract.
In the case of legal entities, the Data Controller processes the name of the representative and the name, telephone number, e-mail address and position of the contact person.
Legal basis for data processing
In the case of natural people, the legal basis for data processing is Article 6(1)(b) of the Regulation, i.e. the performance of a contract concluded with the data subject.
If the contact person does not have a direct contractual relationship with the Data Controller, i.e. the data subject is an employee or other representative of the contracting partner, the legal basis for data processing is the legitimate interest of the Data Controller pursuant to Article 6(1)(f) of the Regulation. The legitimate interest of the Data Controller is to establish and maintain a business relationship with the company represented by the data subject in order to perform the contract as efficiently as possible. Maintaining contact is therefore necessary for the purpose of establishing economic cooperation and performing the contract(s) concluded between the organizations. The Data Controller shall not process the personal data of the data subject for any other purpose without a legal basis for doing so.
Source of personal data
If the Data Controller enters a contract with a natural person or sole trader, the source of the personal data is the data subject. In the case of a contract with a legal entity, the source of the contact details is the contract party.
Access to personal data
Personal data shall be processed by the Data Controller exclusively by those employees whose job description includes this task.
Transfer of personal data to a third country or international organization
The Data Controller does not transfer personal data to third countries or international organizations.
Duration of personal data processing
The Data Controller shall process the personal data of data subjects after the performance of the contract until the expiry of the general limitation period specified in the Civil Code, with the proviso that if the contract qualifies as an accounting document directly or indirectly supporting the accounting records, the Data Controller shall be obliged to retain it in a readable form for at least 8 years, in accordance with Section 169 (2) of Act C of 2000 on Accounting, in a manner that allows it to be retrieved on the basis of references in the accounting records. The Data Controller shall retain sales contracts and related documentation without any time limit.
The Data Controller shall no longer process the contact details for the contact purposes specified in this section if it is informed that the contact person’s employment relationship with the contracting partner has ended.
Automated decision-making and profiling
Neither of these occur during data processing.
Consequences of failure to provide personal data
The provision of personal data is essential for the conclusion and performance of the contract.
Purpose of data processing
The purpose of data processing by the Data Controller is to issue and retain invoices
Personal data processed
The Data Controller’s customers may be legal entities, natural persons and sole traders. In the latter case, the following data are considered personal data and are processed based on the following.
The data specified in Section 169 of the VAT Act, but at least:
Legal basis for data processing
The legal basis for data processing while issuing invoices is Article 6(1)(c) of the Regulation, i.e. compliance with a legal obligation as described above.
Source of personal data
The source of personal data is the data subject.
Access to personal data
Personal data is processed by the Data Controller exclusively by those employees whose duties include invoicing.
Data processor responsible for accounting: TEMPLAR CONSULT Limited Liability Company (registered office: 1023 Budapest, Bécsi út 3-5. 3.em. 25., company registration number: Cg.01-09-320217)
Transfer of personal data to third countries or international organizations
The Data Controller does not transfer personal data to third countries or international organizations.
Duration of personal data processing
The Data Controller shall process the personal data of the data subject for at least 8 years from the date of issue, in accordance with Section 169(2) of Act C of 2000 on Accounting.
Automated decision-making and profiling
Neither of these occur during data processing.
Consequences of failure to provide personal data
All data processing is based on legislation and is mandatory.
Purpose of data processing
In the event of non-performance of contracts concluded by the Data Controller, the Data Controller may enforce and collect its overdue claims arising therefrom by making use of the options provided by law.
During the claim management process, the Data Controller shall first notify the non-performing contracting party in writing of the overdue claims. If the deadline specified in the payment reminder has passed without result, i.e. the claim has not been settled, the Data Controller shall enforce its claims by means of a payment order or directly through civil litigation. If the Data Controller has a claim based on an enforceable document, it may also enforce its claims directly through enforcement proceedings.
Personal data processed
During the course of claim management, the Data Controller processes the following personal data of the data subjects (obligors), indicating the precise purpose of the data processing and the precise legal provision prescribing the scope of the data for each item of data.
In the case of private individuals and sole traders:
In the case of a legal entity:
Legal basis for data processing
Data processing is in the legitimate interest of the Data Controller, which in this case specifically means the enforcement and collection of the resulting overdue claim in the event of non-performance of the contract concluded by the Data Controller, thus the legal basis is Article 6(1)(f) of the Regulation.
Source of personal data
The data subject, or, if we do not have sufficient information to take the necessary actions, public registers and authorities.
Access to personal data
Personal data shall be processed exclusively by those employees of the Data Controller whose duties include the administration of the enforcement and collection of claims in the event of non-performance of the contract.
The Data Controller may use legal representation in the course of claim management. In such cases, we will transfer the personal and other data necessary for the performance of their tasks to them. The lawyer is considered an independent data controller in the performance of their tasks.
The order for payment procedure is initiated before a notary public, using a standard form. The notary public, as well as the competent court in the event of an objection or direct civil proceedings, shall process personal data as an independent data controller.
In the enforcement proceedings, the enforcement officer may become aware of personal data in accordance with the provisions of the Vht. In the course of performing his or her duties, the enforcement officer is considered an independent data controller.
Transfer of personal data to third countries or international organizations
The Data Controller shall not transfer personal data to third countries or international organizations.
Duration of personal data processing
We process personal data related to claims until the claims are settled or until the statute of limitations expires.
Automated decision-making and profiling
Neither of these occur during data processing.
In accordance with consumer protection regulations, the Data Controller provides consumers with the opportunity to submit complaints regarding Data Controller’s services.
Complaints are managed in accordance with the provisions of Act CLV of 1997 on consumer protection (hereinafter: “Fgytv.”).
In the case of a verbal complaint, if the service user does not agree with the immediate handling of the complaint, or if it is not possible to investigate the complaint immediately, the Data Controller shall immediately record the complaint and its position on it in accordance with Section 17/A(3) of the Fgytv.
Purpose of data processing
The purpose of data processing is to handle complaints submitted by service users in accordance with the provisions of the Fgytv.
Personal data processed
Pursuant to Section 17/A(5) of the Fgytv, in the event of a consumer complaint:
If the complaint or request is submitted by electronic message, the Data Controller shall process the email address of the data subject as specified in this notice.
Legal basis for data processing
The legal basis for data processing is the fulfilment of a legal obligation pursuant to Article 6(1)(c) of the Regulation, which in this case means the provisions of Sections 17/A(5) and 17/B(3) of the Fgytv.
Source of personal data
The data subject.
Access to personal data
Personal data is processed exclusively by those employees of the Data Controller who are involved in handling the complaint.
We do not use a data processor for data processing.
Transfer of personal data to third countries or international organizations
We do not transfer personal data to third countries or international organizations.
Duration of personal data processing
The Data Controller is required to retain documents related to complaints for 3 years in the case of data processed pursuant to Section 17/A(7) of the Fgytv. and for 5 years in the case of data processed pursuant to Section 17/B(3).
Automated decision-making and profiling
Neither occurs during data processing.
Consequences of failure to provide personal data
The processing of all data in the above categories is based on legislation and is mandatory.
In the course of its core activities, the Data Controller performs activities related to real estate transactions in accordance with Section 3(17) of the Pmt. In this regard, it is subject to customer due diligence obligations. This includes customer identification and identity verification.
The Data Controller is obliged to comply with the above obligation when establishing a business relationship and in other cases specified in Section 6(1) of the Pmt.
During customer due diligence, the Data Controller obtains personal data, which it processes in accordance with the provisions of the Pmt.
Purpose of data processing
The purpose of personal data processing is to fulfil the legal obligations applicable to the Data Controller under the Pmt., i.e. to perform customer due diligence in accordance with the provisions of the Pmt.
Personal data processed
In order to fulfil its legal obligations under the Pmt., the Data Controller has standardized forms (identification data sheet, beneficial owner declaration, report on data, facts or circumstances indicating money laundering or terrorist financing). The Data Controller processes the personal data contained in these forms, as well as the personal data necessary for the verification of this data, as follows:
Within the scope of point b), the Data Controller shall, pursuant to Section 7(8) of the Pmt., for the purpose of verifying identity, make a copy of the document presented pursuant to paragraph (3) containing the data specified in paragraph (2), including all personal data indicated in the document, with the exception of the page certifying the personal identification number of the official identity card certifying the address.
Within the scope of point h), in the case of enhanced customer due diligence, the Data Controller shall, pursuant to Section 17(1) of the Pmt., require a certified copy of the document specified in Section 7(3) containing the data specified in Section 7(2) of the Pmt. for the purpose of identification and identity verification.
In the context of point (i), the notification must also include the data, facts and circumstances on which the notification is based, as well as any supporting documents, if available.
Legal basis for data processing
The legal basis for data processing during customer due diligence is Article 6(1)(c) of the Regulation, i.e. the fulfilment of legal obligations under Sections 6-17, 24/A-C and 27-37 of the Pmt.
Source of personal data
If the data subject is the source of the personal data, the Data Controller shall inform them directly of any changes to the scope of the data processed at the time of collection.
The source of personal data not originating from the data subject (i) the customer or their representative (e.g. data relating to the status of a close relative as a prominent public figure, or data relating to a delivery agent), and (ii) a publicly accessible register or other register from which the Data Controller is entitled to request data under the law.
Access to personal data
Personal data shall be processed by the Data Controller exclusively by those employees whose job description includes such tasks.
In order to comply with its legal obligation under Section 25 of the Pmt., pursuant to Article 6(1)(c) of the Regulation, the Data Controller shall immediately forward the data recorded and verified in accordance with Section 9 of the Pmt. concerning legal persons or organizations without legal personality that are customers or a fiduciary asset manager, shall immediately forward the data recorded and verified pursuant to Section 9 of the Pmt. to the central register established by law for the purpose of data storage, provided that the data are not included in this central register.
If data, facts or circumstances indicating money laundering, terrorist financing or the origin of the data from a criminal offence arise during customer due diligence, the Data Controller shall forward the relevant data to the authorities specified in Section 31 of the Pmt. The scope of the data transferred shall include the data recorded by the Data Controller pursuant to Sections 7-14/A of the Pmt., a detailed description of the circumstances giving rise to the report, and any additional data contained in the available documents supporting the data, facts and circumstances giving rise to the report. The legal basis for this data transfer is Article 6(1)(c) of the Regulation, i.e. the fulfilment of a legal obligation under Section 30 of the Pmt. applicable to the Data Controller.
Transfer of personal data to a third country or international organization
The Data Controller does not transfer personal data to third countries or international organizations.
Duration of personal data processing
The Data Controller shall retain personal data obtained in the course of fulfilling its obligations under the Pmt. – including personal data contained in documents or copies thereof – in accordance with Section 56(2) and Section 57(2) of the Pmt. The Data Controller shall not transfer personal data to third countries or international organizations.
In the event that a request is received from the authorities specified in Section 58(1) of the Pmt. (e.g. court, investigating authority) in relation to the personal data processed, the Data Controller shall retain the personal data concerned by the request for the period specified in the request, but for no longer than ten years from the termination of the business relationship or the performance of the transaction order.
Automated decision-making and profiling
Neither of these occur during data processing.
Purpose of data processing
The purpose of data processing is to send newsletters, through which the Data Controller informs interested parties and customers about the latest real estate offers, market information, promotions and other news relevant to the real estate market. The purpose of the newsletters is to assist potential buyers with personalized offers and content, as well as to inform them about the company’s services, events and other opportunities related to real estate services. During data processing, the Data Controller ensures the protection of personal data and uses it exclusively for sending newsletters and performing the administrative tasks necessary for this.
Personal data processed
Email address and name.
Legal basis for data processing
Article 6(1)(a) of the GDPR, i.e. personal data is processed on the basis of the data subject’s consent.
Source of personal data
The source of personal data is the data subject.
Recipients of personal data provided
The personal data provided by the data subject may only be accessed by those employees of the Data Controller whose job description includes the processing of personal data.
We use the following data processors for data processing:
Coimbra ITS Ltd. (registered office: 1037 Budapest, Hunor u. 62. A lh. fszt. 2, company registration number: Cg.01-09-877628) – the Data Controller’s e-mail service provider.
Our data processors may only process personal data for the purposes specified by us and set out in the contract, in accordance with our instructions, and they have no independent decision-making authority with regard to data processing. Our data processors have undertaken confidentiality obligations and contractual guarantees regarding the preservation of personal data disclosed to them in the course of their duties.
Transfer of personal data to third countries or international organizations
The Data Controller does not transfer personal data to third countries or international organizations.
Duration of personal data processing
Data processing will continue until the data subject withdraws their consent. The data subject may unsubscribe from the newsletter at any time by clicking on the unsubscribe link in the newsletters or by sending a deletion request to jegcsap@aerogate.hu.
Automated decision-making and profiling
Neither of these occur during data processing.
Consequences of failure to provide personal data
The provision of personal data is voluntary, but without it, the data subject cannot subscribe to the Data Controller’s newsletter, and the Data Controller cannot send the newsletter to them.
Right to information
The data subject has the right to information regarding data processing, which the Data Controller fulfils by providing this information notice.
Data processing based on consent
If the legal basis for data processing is the consent of the data subject, the data subject is entitled to withdraw their consent to data processing at any time. However, it is important to note that the withdrawal of consent can only apply to data for which there is no other legal basis for processing. If there is no other legal basis for the processing of the personal data concerned, the Data Controller will permanently and irrevocably delete the personal data after the withdrawal of consent. The withdrawal of consent does not affect the lawfulness of data processing carried out on the basis of consent prior to withdrawal under the Regulation.
Right of access
At the request of the data subject, the Data Controller shall provide information at any time as to whether the personal data of the data subject is being processed and, if so, shall provide access to the personal data and the following information:
Upon request, the Data Controller shall provide the data subject with a copy of the personal data undergoing processing.
Right to rectify personal data
The data subject shall have the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
When requesting the correction (modification) of data, the data subject must substantiate the accuracy of the data to be modified and must also certify that the person requesting the modification of the data is indeed the person entitled to do so. Only in this way can the Data Controller assess whether the new data is true and, if so, whether the previous data can be modified.
The Data Controller also draws attention to the fact that the data subject should report any changes in their personal data as soon as possible, thereby facilitating lawful data processing and the enforcement of their rights.
Right to erasure
At the request of the data subject, the Data Controller shall delete the personal data concerning the data subject without undue delay if one of the following reasons applies:
Right to restriction of processing
The data subject shall have the right to obtain from the Data Controller restriction of processing where one of the following applies:
Right to object
Where the processing of personal data is based on the legitimate interests of the Data Controller (Article 6(1)(f) of the Regulation) or is necessary for the performance of a task carried out in the exercise of official authority vested in the Data Controller (Article 6(1)(e) of the Regulation), the data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her, including profiling based on those provisions.
If the data controller processes the data subject’s personal data for direct marketing purposes (e.g. sending information letters), the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. If the data subject objects to the processing of their personal data for direct marketing purposes, the personal data may no longer be processed for this purpose.
Balancing test
Where the legal basis for the processing of personal data is the legitimate interest of the controller or a third party pursuant to Article 6(1)(f) of the Regulation, we will carry out a written “balancing test” in accordance with recital 47 and Article 5(2), which the data subject may request by sending an email to jegcsap@aerogate.hu.
Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller, where:
PROCEDURE FOR EXERCISING THE RIGHTS OF THE DATA SUBJECT
The data subject may exercise the above rights by sending an email to jegcsap@aerogate.hu, by post to the Data Controller’s registered office, or in person at the Data Controller’s registered office. The Data Controller shall examine and comply with the data subject’s request without undue delay upon receipt. The Data Controller shall inform the data subject of the measures taken on the basis of the request within one month of its receipt. If the Data Controller is unable to comply with the request, it shall inform the data subject within one month of the reasons for the refusal and of their rights to legal remedy.
Within five years of the death of the data subject, the rights specified in this information notice to which the deceased was entitled during his or her lifetime may be exercised by an authorized person by means of an administrative provision or a statement made to the Data Controller in a public document or a private document with full probative force, if the data subject made more than one statement to a data controller, a statement made at a later date – may be exercised by an authorized person. If the data subject has not made a corresponding legal statement, his or her close relative under the Civil Code shall be entitled to exercise the rights set out in Article 16 (right to rectification) and 21 (right to object) of the Regulation, and – if the data processing was already unlawful during the data subject’s lifetime or the purpose of the data processing ceased to exist upon the data subject’s death – Articles 17 (right to erasure) and 18. (right to restriction of processing) of the Regulation, within five years of the death of the data subject. The close relative who first exercises this right shall be entitled to exercise the rights of the data subject under this paragraph.
If you believe that the Data Controller is processing your personal data in violation of the provisions of the legislation on the processing of personal data or the binding legal acts of the European Union, you may also turn to the court to enforce your right to judicial remedy. The court will hear the case as a matter of priority. The court has jurisdiction to hear the case. The case may be brought before the court of your place of residence or domicile, or the court of the Data Controller’s registered office, at your discretion (Court search engine: https://birosag.hu/birosag-kereso)).
Anyone may initiate an investigation against the Data Controller by filing a complaint with the National Authority for Data Protection and Freedom of Information (NAIH) on the grounds that a violation of rights has occurred in connection with the processing of personal data, or that there is an imminent risk of such a violation, or that the Data Controller is restricting the exercise of their rights related to data processing or is refusing to comply with their request to exercise these rights. The report can be made using any of the following contact details:
National Authority for Data Protection and Freedom of Information (NAIH)
Postal address: 1363 Budapest, Pf. 9.
Address: 1055 Budapest, Falk Miksa utca 9-11.
Telephone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat@naih.hu
URL: http://naih.hu
Budapest, 15 April 2025.
______________________
EB Hungary Invest Ltd.
Represented by: Róbert Erdei and Marcell Pintyőke together