Privacy policy

Dear New Client, 

We are in business relationship with you because you communicated with one of the following companies: Blue Orange Investment & Trust Zrt. (seat: 1173 Budapest, Csomafalva utca 2. 24/A. ajtó), Szitu Kft. (seat: 1097 Budapest, Nádasdy utca 10. 5. em. 505.), Credit Consilium Kft. (seat: 2011 Budakalász, Tanító utca 38. 6. lház. 2. em. 88. ajtó), Ingatlan-Galéria Kft. (seat: 1145 Budapest, Bosnyák utca 14-18. A. lház. 2. em. 204. ajtó) (one or more of these companies respectively or jointly: Sales company or Sales companies) as realtors or real estate consultants concerning the purchase of real properties published on the metrodom.hu website (hereinafter: Website) by the project companies that are offering the real properties for sale (project companies hereinafter jointly: Metrodom). 

This privacy policy (hereinafter: Policy) is considered as binding by the Sales company that you contacted and by MTDM Management Kft. that contributes to the sales process (seat: 1139 Budapest, Teve utca 33-41. C. ép. 1. ajtó) and Metrodom (MTDM Management Kft. and Metrodom are joint data controllers; hereinafter jointly: Data controllers) and they state that their data processing activities are in compliance with this policy and the applicable laws.

The Sales companies act as a realtor concerning the sale of the real properties and concerning the business activity of Metrodom. MTDM Management Kft. acts as a contact point concerning the sale and purchase contracts concluded or to be concluded concerning the real properties offered by Metrodom (hereinafter: Contract).

The purpose of this Policy is to describe – among others – the principles and purposes of the data processing and other rights and obligations in line with the applicable laws that set out the purpose of the processing of your personal data, the storage period and the methods of the processing and also your enforcement rights and remedies concerning the data processing.

The security and adequate processing of your personal data submitted to us is extremely important for us, therefore please read this Policy carefully and attentively. Should you have any questions or remarks concerning this Policy, then please do not hesitate to contact us before accepting the Policy at the e-mail address info@metrodom.hu and our colleagues are ready to assist you.

II. Terms and definitions
Please find below a summary of the most important terms used in this Policy.

1. Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Personal data may be – among others – the data indicated in the purchase and sale agreement (e.g.: name, address, tax no, mother’s name, personal identification no).

2. Data subject: each and every identified or identifiable natural person who enters into business relationship with the Data controllers in the course of which the Data subject provides his/her personal data detailed in this Policy.

Data subjects may be the purchasers in the course of the conclusion of the real estate purchase and sale agreement.

3. Data processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data processing may be for example when we register your data in our database and when we modify your registered data in case of notification about data change.

4. Website: www.metrodom.hu.

5. Data controllers: controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

In this Policy, Metrodom (seller companies) – which are listed in annex no.1. - and MTDM Management Kft. are considered as data controllers, they are entitled to make decisions concerning the personal data of the Data subjects. 

MTDM Management Kft.
Seat and mailing address: 1139 Budapest, Teve utca 33-41. C. ép. 1. ajtó 
Company reg. no.: 01-09-957503 
Tax no: 23196627-2-41
Repr. by.: Kricsfalussy Tamás managing director (1139 Budapest, Teve utca 33-41. C. ép. 1. ajtó)
E-mail: info@metrodom.hu
Phone no: 06-1-919-3333

6. Activities of the data processor: any activities on personal data concerning data processing actions that are carried out on behalf of the Data controller.

7. Data processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Data processors in accordance with the present Policy, the Sales companies as realtors (real estate consultants):

If your realtor is Szilvia Lipták:
Blue Orange Investment & Trust Zrt.
Seat and mailing address: 1173 Budapest, Csomafalva utca 2. 24/A. ajtó
Company registry number: 01-10-140229
Tax number: 26700944-2-42
Repr. by: Munkácsy Szelina managing director
E-mail: liptak.szilvia@metrodom.hu
Phone: 06-30-685-2200

If your realtor is Barbara Sziráki:
Szitu Kft.
Seat and mailing address: 1097 Budapest, Nádasdy utca 10. 5. em. 505.
Company registry number: 01-09-278228
Tax number: 12694004-2-43
Repr. by: Sziráki Barbara managing director
E-mail: sziraki.barbara@metrodom.hu
Phone: 06-30-575-1400

If your realtor is Tibor Kaiser:
Credit Consilium Kft.
Seat and mailing address: 2011 Budakalász, Tanító utca 38. 6. lház. 2. em. 88. ajtó 
Company registry number: 13-09-186430
Tax number: 25319958-2-13
Repr. by: Kaiser Tibor managing director
E-mail: kaiser.tibor@metrodom.hu
Phone: 06-30-753-2440

If your realtor is Zsuzsa Tukovits:
Ingatlan-Galéria Kft.
Seat and mailing address: 1145 Budapest, Bosnyák utca 14-18. A. lház. 2. em. 204. ajtó
Company registry number: 01-09-734387
Tax number: 13422840-2-42
Repr. by: Tukovits Zsuzsanna managing director
E-mail: tukovits.zsuzsa@metrodom.hu
Phone: 06-30-411-0036

8. Supervising authority: National Data Protection and Freedom of Information Authority (Nemzeti Adatvédelmi és Információszabadság Hatóság, address: 1055 Budapest, Falk Miska u. 9-11.; e-mail: ugyfelszolgalat@naih.hu; Website: http://naih.hu; phone: +36 (1) 391-1400).

9. Inytv.: Act no. CXLI of 1997 on the real estate registry.

10. Pmt.: Act no. LIII of 2017 on the prevention and combatting of money laundering and financing of terrorism.

11. Grt.: Act no. XLVIII of 2008 on the basic conditions and certain limitations of advertising.

12. GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Commission on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

13. Szt.: Act no. C of 2000 on accountancy.

14. VAT act: Act no. CXXVII of 2007 on value-added tax. 

15. Recipient: natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. The third parties detailed in Chapter „Data transfers” of this Privacy policy to whom personal data is transferred by the Data controllers.

16. Contract: A sale and purchase contract concluded by the Data subject and one of Metrodom’s affiliated project companies regarding the real properties offered by Metrodom for sale (including sale and purchase pre-contracts, as well).

III. Joint data processing
1. Metrodom and MTDM Management Kft. are considered as joint data controllers considering that the data processing purposes and methods set out in this Privacy policy have been determined by them jointly. The purpose of the cooperation of the Data controllers and their joint data processing activities is the arrangement of the preparation of the Contract to be concluded by the Data subject.

2. Data controllers distributed their joint liability concerning the rights and obligations deriving from this Policy among themselves in their separate joint data controller agreement. The most important stipulations of this agreement are summarized in this chapter. 

3. The Data subject is entitled to exercise the rights deriving from the laws or from this Policy concerning the data processing in relation to any of the Data controllers. An exception to the above is when some of the rights and obligations pertains specifically to one of the data controllers according to this Policy. We kindly ask to contact to MTDM Management Kft. in case of data protection question or request via the following addresses: 1139 Budapest, Teve utca 33-41. C. ép. 1. ajtó; info@metrodom.hu.

4. Data controllers state that they are jointly and severally entitled to exercise their rights and obliged to fulfil their obligations deriving from this Policy, unless otherwise stipulated in this Policy. 

5. The Data Controllers maintain two electronic databases (B.M.B.Y. and Salesforce) for the registration of Data Subjects (as customers). 

IV. Data processing principles
Please find below a summary of the data processing principles that Data controllers undertake to fully comply with throughout storage period.

• Lawfulness, fairness and transparency: Regarding the data processing purposes, the Data controllers collect the personal data directly from the Data subject. The processing of the Data subject’s personal data takes place in a lawful and fair manner that is transparent for the Data subject. Data controllers make the Policy, as amended from time to time, available free of any charge or obligation, continuously, in such way that it is accessible for the public on the Website and in the business premise under 1139 Budapest, Teve utca 33-41. C. ép. 1. for review. 
• Purpose limitation: Data controllers process the personal data only for the clear and lawful purposes detailed in the Policy. Processing of the submitted personal data for other purposes require that Data controllers comprehensively inform the Data subject about this in advance. For the comprehensibility of the specific data processing purposes Data controllers provide information in this Policy about the purpose, storage period and legal ground of the processing of the specific personal data. 
• Storage limitation: Data controllers provide the storage of the personal data of the Data subject in such way that enable the identification of the data subjects only for the period of time necessary for the fulfilment of the purposes of the processing. Pursuant to Article 6(1) Item a) GDPR the personal data processed on the basis of the explicit and voluntary consent of the Data subject will be kept by the Data controllers until the revocation of  the consent by the Data subject, until his/her request for deletion. In other cases, in the present Policy it is determined that for each purpose of data processing after what period of time the data will be deleted.
• Data minimisation: Data controllers intend to restrict the scope of data to the most relevant and crucial personal data concerning each data processing purpose. These are personal data that are necessary for the specific data processing purposes as follows. 
• Accuracy: Data controllers intend to ensure that the personal data recorded concerning the data processing purposes are up-to-date and accurate and Data controllers take all reasonable steps for this purpose. The Data subjects can contribute to the up-to-date nature of the data by reporting changes in the data or correcting the submitted data. The Data controllers intend to ensure that the personal data are up-to-date, thus at the time of the delivery process they record the occurrent changed data of the Data subjects (purchasers).
• Data security principle/ integrity and confidentiality: Data controllers consider data security as being extremely important, therefore they take all necessary, expected and state-of-the-art technical and organizational measures and steps. Data controllers store the submitted personal data primarily electronically and also in hard copy where the recording took place on paper. In order to prevent or remedy data breaches, the Data controllers:
a) prevent unauthorized access to the personal data and the unauthorized entry of data, data modification and erasure;
b) ensure the data recovery in the case of an incidental loss of data;
c) if data are recorded on paper documents, then the data shall be stored in such places closed to the public where unauthorized persons cannot access the data.
• Accountability: Data controllers are responsible for and be able to demonstrate compliance with the above principles.

V. Contracting process
The purpose of the Data controllers is to summarize the steps of the contracting process in this chapter. 

a) The contracting process commences upon the enquiry of the Data subject. The enquiry may take place on the phone, in e-mail, by booking an appointment through the “Interested” link on the Website or at public events organized by the Data controllers or with their participation (open day, flat exhibition, etc.) by means of registration form filled out by the Data subject. In their reply the Data controllers call the attention of the Data subject to the fact that certain personal data (name, e-mail address, phone number) are recorded to ensure their availability in the database.

b) The second step of the contracting process is that the Data controllers contact the Data subject at one of his/her contact details for further discussion. 

c) Prior to the conclusion of the Contract the Data controllers require the Data subject to inform them about his/her personal data detailed in this Policy for the purpose of contracting and for the carrying out of the customer due diligence measures regulated in § 6 of Pmt. with a view to the established legal relationship.

VI. Data processing purposes and data processing process
In this chapter the data processing purposes and cases are described where the personal data of the Data subject are actually processed in practice. Data controllers act jointly with joint and severe liability concerning the following data processing activities with common infrastructure, unless otherwise contained in this Policy. 

1. Sending offer, keeping contact with the interested persons:
The persons who are interested in Metrodom-flats have an opportunity to contact to the Data controllers set out in the previous chapter.

The purpose of the data processing is to keep contact and discuss with the Data controllers related to the flats offered for purchase, sending offer to the data subject.

Data subjects are the persons who contact the Data Controllers and request an offer from them.

During keeping the contact with each other, the Data controllers process the persons’ name, e-mail address, phone number.

The legal ground of the data processing is the legitimate interests pursued by the Data Controllers [GDPR article 6. section (1) f)]. (The Data Controllers have prepared a balance of interests test in a separate document.)

Storage period: until the withdrawal of the consent, and/or (in order to the higher level client service) if Contract has not been concluded, after 3 years from the first contact the Data subject’s data shall be deleted.

The Sales company determined in the present Policy acts as data processor who assists with its realtor activity in the conclusion of the Contract and keeps the contact with the Data subject.

2. Preparation of the Contract:
The Data subject may initiate the contracting steps in accordance with the steps detailed in the chapter „Contracting process” and the Contract shall be concluded as detailed therein. 

The legal ground of the data processing is Article 6 section (1) b) GDPR, i.e. the steps towards contracting at the request of the Data subject.

Possible consequences of not providing data: the parties are unable to prepare the contract.

Data subject may be the purchaser, the holder of right of use, legal representative.

The Data controllers process those data that are necessary for the preparation of the conclusion of contract: natural identification data (name, birth name, mother’s name, place and date of birth, address, tax number, number of identity card/ passport, personal identification no), data of the real estate (name of city, topographical number), nationality, other data in case of bank loan; contact data; contact address, data of sold real estate, etc. (Among others, section 32 of Inytv. prescribes some of the data necessary for the Contract.)

If Contract has not been concluded, the personal data of the Data subject shall be deleted, in case of conclusion of the Contract the next section shall be applicable concerning the storage period.

The Sales company determined in the present Policy acts as data processor who assists with its realtor activity in the conclusion of the Contract and keeps the contact with the Data subject.

3. Conclusion of the Contract:
If the Data subject as purchaser and Metrodom as seller conclude a Contract, the Data controllers process the personal data that the Contract contains (see: previous section) for the conclusion and the performance of the Contract.

The legal ground of the data processing is Article 6 section (1) b) GDPR, data processing is necessary for the performance of a contract.

Possible consequences of not providing data: the parties cannot conclude a contract.

The parties concerned may be the buyer, the beneficial owner, the legal representative.

Storage period: related to the Contracts the seller is obliged to warranty based on the Gov. Decree no 181 of 2003 (XI.5.) on compulsory warranty related to residential building construction, which duration is determined by law in 10 years in some aspects. The Data controllers process the Contracts for 10 years (if the warranty period recommences, this period recommences also).

The Sales company determined in the present Policy acts as data processor who assists with its realtor activity in the conclusion of the Contract and keeps the contact with the Data subject.

4. Invoices:
The Data controllers process the name, tax no, address of the Data subject based on article 6, section (1) c) of GDPR, for compliance with a legal obligation, in order to issue invoice in the framework of the relevant case, and the e-mail address of the Data subject in order to send in electric form the invoices and receipts issued by the seller company, as e-mail attachment in PDF format. The content of the invoice is prescribed in section 169 d) and e) of VAT act.

Data Subject is the debtor of the invoice, who is obliged to pay.

The purpose of the data processing is to issue invoice. The storage period of the invoice and the data therein is 8 years pursuant to section 169 (1) and (2) of Szt.

5. Customer due diligence: 
The purpose of the data processing, in line with § 7 Pmt. is the customer due diligence. Data controllers process the following personal data for the fulfilment of their legal obligations upon the creation of the business relationship described in § 6(1) Pmt. pursuant to Article 6(1) Item c) GDPR. Data subject is the customer within the meaning of the Pmt. Data controllers perform the following data process pursuant to § 7 Pmt.

Data Controllers record the following data during the identification process:
i. in the case of natural persons: given name and surname; birth name; place and date of birth; maiden name of mother; home address (or temporary residence in lack thereof); nationality; type and number of identification document.

ii. in the case of legal persons: name; short name; seat; address of the Hungarian branch in the case of a foreign undertaking; company registry number for entities registered in the court registry, in the case of other entities the number of the founding decision (registration, establishment) or its registry number; tax number, main business activity; names and positions of the signatories; identification data of the delivery proxies (§ 7(2) Item b) Pmt.).

Data controllers retain the above data from the start of legal obligation for 8 years from the termination of the business relationship between the Data subject and Metrodom. 

Pursuant to Article 7(3) of Pmt., Data Controllers are obliged to require the presentation of the following documents to verify the identity of the data subject or are entitled to carry out a data search from public records:

aa) in the case of Hungarian citizens, their official identity card and official proof of address (if their place of residence is in Hungary),
ab) in the case of foreign nationals, their travel document or identity card, provided that it entitles them to reside in Hungary, their document certifying their right of residence, or their document certifying their right of residence, their official certificate of residence in Hungary, if their place of residence is in Hungary.

The Data Controller shall make a copy of these documents, including all personal data contained therein, with the exception of the page of the official address card which contain the personal identification number, or record and keep a record of the results of a data search carried out from the public register in respect of the above data.

Pursuant to section 8 (1) of Pmt. in case that the client is natural person, he/she is required to provide a written statement whether he is acting in the name or on behalf of the beneficial owner. The Data controller must obtain to request the following data concerning the beneficial owner: surname and forename, surname and forename by birth, nationality, place and date of birth, address, or habitual residence in the absence thereof.

In addition, the Data controller must obtain to request the customer to provide a statement declaring whether the beneficial owner is a prominent public figure and that under which point of paragraph (2) of Article 4 of the Pmt. he/ she is qualified as a prominent public figure.

6. Client relations: 
The purpose of the Data controllers concerning the data processing for client relations is to ensure the following: data collection prior or after the contracting, necessary for the creation, preparation, fulfilment and execution of the Contract, notifications, administration and the communication (especially technical discussions, credit administration, administration concerning the authorities and public utility service providers) among the Data controllers or Recipients and the Data subject concerning the business relationship between the Data subject and the Data controllers.

Data subject is a customer of the Data Controllers with whom they have a contractual relationship.  

The scope of personal data processed for client communication: name; home address; notification address; e-mail address; phone number.

The processing of the above personal data is the legitimate interests pursued by the Data Controllers [GDPR article 6. section (1) f)]. (The Data Controllers have prepared a balance of interests test in a separate document.)

The storage period of these data is in conformity with the storage period of the Contract.

7. Guarantee administration:
The seller must warrant based on law. If the Data subject notifies the Data controller about request for guarantee repair works, the following personal data are recorded: name, e-mail address, phone number, flat data (address, unit number), address (if the owner does not live in the flat that is involved in the request), the tenant’s contact data (if tenant lives in the flat).

Data subject is the owner of the property concerned by the notification or the tenant if necessary.

Legal ground of the data processing: legitimate interests pursued by the Data Controllers [GDPR article 6. section (1) f)]. (The Data Controllers have prepared a balance of interests test in a separate document.)

Source of data processing: if the processing of the tenant's data is necessary, it is provided by the owner of the apartment to the Data Controllers.

Metrodom processes the data and documents related to the guarantee request at least until the limitation period in accordance with the Civil Code (~5 years), but until the period set out in the Gov. Decree 181 of 2003 on compulsory warranty related to residential building construction.

8. Database processed for newsletter sending: 
The Data subject, pursuant to § 6 Grt. may consent in an explicit statement that the Data controllers contact the Data subject directly in electronic newsletters for advertising purposes and with a catalogue after the conclusion of the Contract. Data controllers may send newsletters only to those Data subjects who provided the additional consent. The specific consent may be given in person at a meeting with a Sales company or by e-mail with sending the declaration.

The purpose of the Data controllers concerning the sending of the newsletter and the catalogue is to inform the Data subjects about the services and new investments of the Metrodom brand and to promote and represent them. The Data subject may revoke the specific consent at any time without restriction or reasoning, free of charge by sending an e-mail (to the address where the newsletter was sent) or a postal mail to the address of MTDM Management Kft./ Sales company about this. After the receipt of the revocation, Data controllers are not entitled to send more newsletters. Personal data to be given concerning the newsletter as a specific data processing purpose: name; e-mail address; mailing address.

A data subject is a person who requests a newsletter.

The Data subject provides a specific consent for data processing purpose, therefore the legal ground for this data processing is Article 6 (1) Item a) GDPR and will last until the revocation of the consent.

Regarding this data processing purpose, only the Sales companies are entitled to carry out the processing among the Data controllers.

9. Measure for client satisfaction: 
MTDM Management Kft. may contact to its clients (purchasers, persons who are interested in Metrodom-flats or projects) for client satisfaction measures in order to review the level of its services and the opinions of the clients. It may contact to the Data subject by phone, in person or in electronic way. If the Data subject does not wish to take part in the measures, he/she may object to it or may ignore the request. He/ she may also ask not to be contacted again. 

Legal ground of the data processing: legitimate interests pursued by the Data Controllers [GDPR article 6. section (1) f)]. (The Data Controllers have prepared a balance of interests test in a separate document.)

Processed data: name, phone number, e-mail address, which are used for contacting the person to ask questions. The replies shall not be recorded, the replies shall be anonymized during the processing.

10. Pictures, videos and audio recordings recorded at events:
Taking photos/ videos:
Purpose of processing: taking photographs and video recordings.
Processed data: image, audio and video recordings.
Data subject: event participants.
Legal ground: consent of the data subject [Article 6(1)(a) GDPR].
(Withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal.)
Duration of processing: until withdrawal of consent, maximum 10 years.
Disclosing photos/ videos:
Purpose of processing: use and publication of photos and videos on the Metrodom brand's social media platforms (e.g. Facebook).
Processed data: image, audio and video recordings.
Data subject: event participants.
Legal ground: consent of the data subject [Article 6(1)(a) GDPR].
(Withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal.)
Duration of processing: until withdrawal of consent, maximum until the relevant social media site is operational.

11. Social media:
Purpose of the data processing: to provide information to the data subjects through the Metrodom brand's social media pages (Facebook, Instagram, LinkedIn, Youtube) about the services, projects, events, programs of the Metrodom brand, and to promote the Metrodom brand and projects. On these pages, data subjects have the opportunity to comment, express their opinions, etc. on Metrodom's activities.

Data processed: name, comment, follow, message, rating. 

Data subject: person who is active on the site.

Legal ground of the data processing: legitimate interests pursued by the Data Controllers [GDPR article 6. section (1) f)]. (The Data Controllers have prepared a balance of interests test in a separate document.)

Duration of data processing: until deletion at the request of the data subject, but at the latest until the site is operational.

The operators of social media sites generally carry out data processing as independent data controllers in accordance with their own privacy policy, while in some cases data processing is carried out jointly with the Data Controller.

The operator of Facebook and Instagram is Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, D2 Dublin Ireland).

YouTube is a part of Google, the privacy policy of the Google applies to it. 

The data processing activity of LinkedIn is performed by LinkedIn Corporation (legal department címe: 1000 W. Maude Avenue Sunnyvale, CA 94085 USA).

The privacy policies of social networking sites are available at the links below: https://www.facebook.com/policy.php

https://www.instagram.com/terms/accept/?hl=hu

https://help.instagram.com/519522125107875/?maybe_redirect_pol=0

https://policies.google.com/privacy?hl=hu

https://www.linkedin.com/legal/privacy-policy?trk=lithograph_footer-privacy-policy

Social networking sites use cookies, more information is available on the social networking website.

With regard to the data (name, photo, comment, rating) that the Data Subject wishes to disclose, he/she can exercise his/her rights directly with the data controller of the social networking site or contact MTDM Management Ltd.

The processing of data for statistical purposes in the use of Meta products is carried out jointly by MTDM Management Ltd. and Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin Ireland. Detailed information about Site Analytics is available under the following link: https://www.facebook.com/legal/terms/page_controller_addendum

LinkedIn provides the Data Controller with anonymised statistical data on the users and visitors of its LinkedIn page for the company profile. These are aggregated statistics that are generated by certain activities and recorded by LinkedIn when users and visitors interact with the company page and content.

VII. Data transfer, recipients
Data controllers may transfer Personal data based on the consent of the Data subject concerning this Policy and only in the extent and for the persons detailed in this chapter. 

1. Data controllers are entitled to transfer the Personal data (name, address, phone number, e-mail address) of the persons interested in bank loan based on their consent to MBH Bank Nyrt.  (reg. no: 01-10- 040952; eat: 1056 Budapest, Váci u. 38.) or to OTP Bank Nyrt. in order that the bank contacts to them to offer financial products and services (bank loan). 

2. Data controllers are entitled to transfer the Personal data – based on the legitimate interest of Metrodom and the purchaser - during the contracting process in which the Data subject is involved, to the credit institute chosen for the financing of the purchase price to ensure the smooth arrangement of the fulfilment of the Contract by the Data subject with the inclusion of the bank or other external resources. This includes especially the data transfers necessary for credit administration, for the requesting of the Home Founding Allowance for Families (CSOK) and for other banking services. 

Data controllers may transfer the following personal data concerning the data transfer detailed in this paragraph to the credit institute as third persons: name; birth name; maiden name of mother; place and date of birth; home address; personal identification number; ID card number; tax identification number; bank account number; notification address; e-mail address; the real property chosen by the Data subject.

3. Metrodom generally takes out loan for the construction of residential buildings. For the drawdown of the loan, it transfers the purchase and sale agreements, the preliminary agreements that contain the clients’ personal data to the financing bank [e.g. MBH Bank Nyrt.; OTP Bank Nyrt. (reg. no.: 01-10-041585; seat: 1051 Budapest, Nádor u.16.)] based on the Metrodom’s legitimate interest.

4. Data controllers are entitled to transfer the record of delivery, the document “Declaration about personal data” signed by the data subject, including his/her personal data therein (name, address, phone no, e-mail address) - based on the consent of the data subject - to third persons that are entitled to manage the condominium house in which the Data subject purchases the real property. The purpose of the data transfer is to facilitate to keep the contact and account with the person managing the house.

5. Data controllers are entitled to transfer all the personal data determined in subsection 2-3. of section VI. for the arrangement of the legal tasks concerning the preparation of the Contract to the Szabó, Kocsis and Hunya Law Firm (seat: 1095 Budapest, Mester utca 83/A. IX. em. 4. a.) representing both parties in the transaction.

6. Data controllers are entitled to transfer the personal data of the Data subject detailed in this paragraph to the Sales companies detailed in Section 2 of this Policy that do not qualify as land-agency in respect to the Data subject. They have access to the personal data by having access to the joint database. The purpose of this access to the database is to give information to the Sales companies if the client (person interested in flats) has contacted to any Sales company before, thus the Data controllers may give a high quality, comfort and client-centered service for the clients.

The scope of transferred personal data if no Contract is concluded: name, phone number, e-mail. The scope of transferred personal data if Contract is concluded: all the data enlisted theirin.

7. On behalf of MTDM Management Kft. the below construction companies (hereinafter: Construction Companies) are responsible for the guarantee works and participate at the technical acceptance and delivery procedure of the real estate property. Thus, MTDM Management Kft. transfers the necessary personal data of the purchasers to the Construction Companies. In some cases, Construction Companies are entitled to transfer the following personal data of the client to their subcontractor who performs the guarantee repair works: name, phone number, address of the flat. This data transfer is necessary to ensure a quick, smooth and client-centered performance of the guarantee works.

Construction companies:
a) Metrodom Kivitelező Kft. (seat: 1139 Budapest, Teve utca 33-41. C. ép. 1. ajtó; company reg. no: 01-09-996502; repr. by: Kiss Gábor managing director)
b) Metrodom Építő Kft. (seat: 1139 Budapest, Teve utca 33-41. C. ép. 1. ajtó; company reg. no: 01-09-289262; repr. by: Kiss Gábor managing director)
c) CATALDO CONSTRUCTION Kft. (seat: 1095 Budapest, Mester utca 83/C földszint; company reg. no: 01-09-422308; repr. by: Kigyósi ndrás managing director)


8. C.O.P.M. Kft. (seat: 1139 Budapest, Teve utca 33-41. C. ép. 1. ajtó; company reg. no: 01-09-718029; repr. by: Yuval Kishon managing director) – on behalf of MTDM Management Kft. – performs technical management tasks. Thus, C.O.P.M. Kft. as data processor processes the following personal data handed over by MTDM Management Kft. in order to contact and discuss with the Client: name, phone number, e-mail, number of the flat, and it has the plan and the purchase and sale agreement (in case of amendment for technical reasons). C.O.P.M. Kft. is entitled to transfer the client’s contact data (name, phone number, e-mail) and the data related to the flat (number of flat, plan) to its partner for construction in order to contact and discuss with the client in connection with product orders. The data transfer is necessary to ensure the quick and smooth management of the works.

9. In this Policy we inform you that during the construction in connection with and in favour of the building in and the operation of smart homes, Smartbuild Kft. (reg. no: 01-09-946898; seat: 1162 Budapest, Diófa utca 111.; repr. by: Vas Gergely Balázs managing director; e-mail: info@smartbuild.hu) acts solely. The smarthome system has an integrated camera and microphone system in the flat that gives an opportunity to transfer live image and voice. These personal data are not processed by the Data Controllers. Smartbuild Kft. has exclusive and full access to the smart home system. The client contacts directly to Smartbuild Kft. after moving in the flat. The privacy policy of Smartbuild Kft. is available under “Privacy Policy” at https://smartbuild.hu/.

10. The Data controllers maintain two electronic joint database (B.M.B.Y. and Salesforce) to register the Data subjects (as clients). b.m.b.y software systems ltd. (székhely: Izrael, HaYetsira St 13, High-Tech Park, Yoqneam Elite 20692; e-mail: info@bmby.com; +972-3-5617003) is  , Sfdc Ireland Limited (cégjegyzékszáma: 394272, székhely: 3rd and 4th Floor, 1 Central Park Block G, Central Park, Leopardstown, 18 Dublin, Ireland) is responsible for the IT technical operation of the Salesforce as data processor.

In case of data transfer to third country (e.g. Israel) is , the data transfer is lawful and no permission is needed, if the European Commission declared in adequacy decision that the target country ensures an adequate level of protection or applies adequate guarantees. The Commission has issued an adequacy decision in connection with Israel as well, you can find more details under the following link: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en; https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32011D0061.

11. The website is operated by the following company: 
Service provider: Araminta Kft.
Company registry number: 01-09-334258
Seat: 1136 Budapest, Hollán Ernő utca 38. A. ép. III. em. 2
Repr. by: Kricsfalussy Lászlóné managing director
E-mail: marta@jacoby.hu

12. Hosting service provider: NGROUP Kft.
Company registry number: 01-09-999285
Seat: 1134 Budapest, Lehel utca 9. A. ép. 2. em. 3. ajtó
Repr. by: Bakos Ádám managing director
E-mail: bakos.adam@netpeople.hu

VIII. Recording of technical information (cookies) on the Website
During the use of the Website, beyond the personal data of the Data subject, certain information concerning the computer of the Data subject (cookies) are recorded that are generated during the use of the Website and that are recorded upon the opening and closing of the Website (logging). The purpose of this is to create statistics concerning the visitor numbers and use of the Website and the development of the IT system of the Website. In connection with the application of cookies you can find a pop-up window when you visit the Website. The Data subjects can delete the cookies from their own computers anytime (through the appropriate menu items of the browser) or may set the browser (mostly through the “Help” function) to ban cookies. 

You can find more details related to cookies on the Website.

IX. Data protection officer
Szabó, Kocsis and Hunya Law Firm 
address: 1095 Budapest, Mester utca 83/A. IX. em. 4. a.
e-mail: iroda@szkiroda.hu;
phone: 06-1-878-0802

X. Right enforcement and remedies
Please find below the rights of the Data subject that can be exercised in relation to the Data controllers. Data controllers are jointly and severally responsible for fulfilling the below detailed obligations, i.e. the Data subject may exercise his/her rights in relation to any of the data controllers, except when one specific data controller acts concerning a certain data processing activity.

General rules for exercising rights by the Data subjects:
Data controllers provide the requested information without undue delay but within one month from the receipt of the request at the latest. If necessary, with a view to the complexity and number of the requests, this deadline may be extended with an additional period of two months. Data controllers shall inform the Data subject on the deadline extension and the reasons for the delay within one month from the receipt of the request. 

If the Data controllers fail to take measures based on the request of the Data subject, then the Data subject shall be informed without undue delay but within one month from the receipt of the request at the latest on the reasons for the lack of measures and on the right of the Data subject to file a complaint with the Supervising authority or to file a lawsuit with the competent court.

Data controllers provide a copy of the personal data being the subject-matter of the data processing to the Data subject at his/her request. Data controllers may charge a reasonable administrative fee for further copies requested by the Data subject. 

If the Data controllers have reasonable doubts for the identification of the person submitting request, they may require more information to identify the person.

1. Communication with the Data controller: 
The Data subject and the Data controllers can communicate via phone, e-mail or postal mail. Data controllers’ e-mail address for this purpose: info@metrodom.hu; mailing address: 1139 Budapest, Teve utca 33-41. C. ép. 1. ajtó. 

2. Access to personal data:
The Data subject is entitled to request information from the Data controllers whether his/her personal data is processed and if yes, then the Data subject has a right to access the processed personal data in the following extent.

Concerning the access, the information relating to the data processing that is provided by the Data controllers include especially the following:
a) data processing purposes;
b) processed personal data;
c) recipients of the data transfer;
d) foreseeable storage period or if it is not possible to establish same, then the aspects for the determination of the storage period;
e) rights of the Data subject (the data subject may request the Controller to rectify, erase or restrict the processing of personal data concerning him or her and may object to the processing of such personal data);
f) right to file a complaint with the Supervising authority;
g) source of the data collected by the Data controllers and legal ground of the processing;
h) the existence of automated decision-making, including profiling, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

3. Rectification: 
The Data subject is entitled to inform the Data controllers on the changes of his/her personal data (in e-mail or postal mail as detailed above). Data controllers register the change within 8 days from the receipt of the notification. If the Data subject fails to report any changes to his/her personal data without delay, then the Data subject shall be liable for the consequences of this omission. If the submitted personal data is false and the correct data is available to the Data controllers, then Data controllers amend the data automatically. 

4. Erasure: 
The Data subject is entitled to request the deletion of the personal data pertaining to the Data subject from the Data controllers without delay and the Data controllers are obliged to delete the personal data pertaining to the Data subject without delay, especially if one of the below reasons is given: 
a) the personal data are not required anymore for the purpose for which they were collected or processed; 
b) the Data subject has withdrawn the consent given for the data processing and the data processing does not have any other legal ground (the withdrawal does not have a retrospective effect on the lawfulness of the data processing); 
c) the Data subject challenges the data processing based on legitimate interest;
d) the Data controllers processed the personal data unlawfully; 
e) the personal data shall be deleted for the fulfilment of a legal obligation set out in the laws of the European Union or of a member state;
f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of GDPR.

Even if one of the above circumstances is given, Data controllers are not obliged to delete the processed personal data if the data processing is required for one of the following:
a) exercising the right of freedom of expression and information;
b) for compliance with a legal obligation which requires processing by European Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest;
c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) of GDPR;
d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as the deletion is likely to render impossible or seriously impair the achievement of the objectives of that processing;
e) for the establishment, exercise or defence of legal claims.

5. Objection to the data processing: 
The Data subject is entitled to object the processing of his/her personal data based on a legitimate interest on grounds relating to his or her particular situation. The Data controllers shall no longer process the personal data unless they demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

6. Right to restriction of the data processing: 
The Data subject shall have the right to obtain from the Data controllers restriction of processing where one of the following applies.
a) the accuracy of the personal data is contested by the Data subject, for a period enabling the Data controllers to verify the accuracy of the personal data;
b) the processing is unlawful and the Data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the Data controllers no longer need the personal data for the purposes of the processing, but they are required by the Data subject for the establishment, exercise or defence of legal claims;
d) the Data subject has objected to processing, pending the verification whether the legitimate grounds of the Data controllers override those of the Data subject.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the Data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. The Data subject who has obtained restriction of processing, shall be informed by the Data controllers before the restriction of processing is lifted.

7. Right to data portability: 
Regarding personal data processed on the basis of the consent of the Data subject or for the fulfilment of the Contract the Data subject shall have the right to receive the personal data concerning him/her, which s/he has provided to the Data controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Data controllers. This right may be exercised only concerning personal data that are processed on the legal grounds of consent or the fulfilment of a contract and pertain only to digital data.

8. Complaint to the Supervising authority: 
The Data subject is entitled to file a complaint with the Supervising authority with reference to the breach of laws concerning the processing of his/her personal data or if there is an imminent risk thereto. The investigation of the Supervising authority is free of charge and the expenses of the investigation are advanced and covered by the Supervising authority. No one should be subject to retaliation due to a complaint filed with the Supervising authority. The Supervising authority may disclose the person of the complainant if the investigation could not be carried out without this. If the complainant requests so, the Supervising authority is not entitled to disclose his/her person even if this leads to the frustration of the investigation. Authority’s contact information: address: 1055 Budapest, Falk Miska u. 9-11.; e-mail: ugyfelszolgalat@naih.hu; phone: +36 (1) 391-1400.

9. Judicial route: 
The Data subject may turn to the courts against the Data controllers if his/her rights are breached. The lawsuit belongs to the competence of the regional courts. As a main rule the lawsuit shall be heard by the regional court with geographical jurisdiction over the case according to the seat of the data controller but the Data subject can also opt for the regional court with geographical jurisdiction based on his/her home address or temporary residence. The geographical jurisdiction of the courts can be checked on the court website with the search application “Court search” at www.birosag.hu . The regional court handle the matters with urgency.

10. Damages and non-pecuniary restitution: If, through the unlawful processing of the personal data of the Data subject or through breaching the data security requirements, the Data controllers:
a) cause damages to the Data subject or to third persons, then they shall be liable for the compensation (compensation of damages);
b) breach the personality rights of the Data subject, then the Data subject can claim non-pecuniary restitution from the Data controllers.
The Data controllers shall be set free from their liability for the compensation of damages and non-pecuniary restitution, if they prove that the damages or the breach of the personality rights of the Data subject was caused by an unavertable cause outside of the scope of the data processing. The damages are not to be compensated and no non-pecuniary restitution can be claimed if the breach resulting from the damages or the breach of personality rights resulted from the wilful or grossly negligent conduct of the Data subject (injured person).

XI. Data security
The Data controllers ensure the security of data processing, therefore they implement all the necessary and proper technical and organizational measures. They ensure the confidentiality (e.g. making public, unauthorized access), integrity (changing, amending, deletion) and availability (accessibility, restorable).

The Data controllers perform the above requirements – among others – as follows:
• they ensure that the devices and electronic systems use for data management cannot be access by unauthorized persons;
• they store the electronic data in a closed and password protected IT system;
• they introduced special measures to store sensitive/ special data;
• they prevent the possibility of unauthorized input of personal data into the data management system and the unauthorized access, modification or deletion of personal data stored in it, as well as the use of data management systems by unauthorized persons via data transmission device,
• they ensure the confidentiality of data through internal policies, instructions and properly designed access systems: the employee is obliged to use the data in his/her possession only and exclusively for the purpose of data management and only to the extent necessary, so that person whose data management is not necessary for his/her work do not have access to it;
• they only forward personal data if they have appropriate legal basis;
• they process personal data only for as long as necessary;
• in the event of a breakdown, we ensure the data management system can be restored, furthermore we provide the possibility of restoring data files (backup) and the protection against viruses;
• the level of IT compliance is regularly reviewed and - if necessary - improved.

XII. Miscellaneous stipulations
1. In the case of a Data subject under 16 years of age, the submission of his/her personal data require the consent of his/her legal guardians (parents).

2. The Data controllers maintain the right to modify this Policy unilaterally at any time.

3. This Policy is governed by the Hungarian laws. 

4. You can find the Policy at http://metrodom.hu/adatvedelem.

5. You can be informed about the last update of the Policy in the last section.

13.02.2024, Budapest

Annex no.1. – Seller companies

The following companies operating under Metrodom brand are project companies that have been in contact with buyers through the sale of real estate.

Project companies are considered as data controllers as sellers.

The company from which you purchased your property is the data controller in relation to you.

Company name

Seat

Registration no.

General manager

Metrodom Beat Final Kft.

3012 Nagykökényes, Szabadság út 37.

10-09-039174

 Ujj Ágnes

Metrodom Beat Start Kft.

3012 Nagykökényes, Szabadság út 37.

10-09-038976

 Ujj Ágnes

Metrodom Bosnyák 14-18 Kft.

3012 Nagykökényes, Szabadság út 37.

10-09-036853

 Ujj Ágnes

Metrodom CH-Ikaro Kft.

3012 Nagykökényes, Szabadság út 37.

10-09-035566

Birszki Tímea

Metrodom CH-Jago Kft.

3012 Nagykökényes, Szabadság út 37.

10-09-035567

Birszki Tímea

Metrodom CH-Kleo Kft.

3012 Nagykökényes, Szabadság út 37.

10-09-035568

Birszki Tímea

Metrodom CH-Leno Kft.

3012 Nagykökényes, Szabadság út 37.

10-09-035691

Birszki Tímea

Metrodom CH-Maya Kft.

3013 Nagykökényes, Szabadság út 37.

10-09-036376

Birszki Tímea

Metrodom Corner Kft.

3012 Nagykökényes, Szabadság út 37.

10-09-035601

Birszki Tímea

Metrodom Duna Alfa Kft.

3012 Nagykökényes, Szabadság út 37. 

10-09-037891

Ujj Ágnes

Metrodom Duna Bravo Kft.

3012 Nagykökényes, Szabadság út 37. 

10-09-038716

Ujj Ágnes

Metrodom Duna Centrum Kft.

3012 Nagykökényes, Szabadság út 37. 

10-09-038717

 Ujj Ágnes

Metrodom Duna Delta Kft.

3012 Nagykökényes, Szabadság út 37. 

10-09-038718

 Ujj Ágnes

Metrodom Fogadó Kft.

3012 Nagykökényes, Szabadság út 37.

10-09-035602

Birszki Tímea

Metrodom Gém Kft.

3012 Nagykökényes, Szabadság út 37.

10-09-035603

Birszki Tímea

Metrodom Green Acer Kft.

3012 Nagykökényes, Szabadság út 37.

10-09-037512

 Ujj Ágnes

Metrodom Green Betula Kft.

3012 Nagykökényes, Szabadság út 37.

10-09-037263

 Ujj Ágnes

Metrodom Invest Kft.

3012 Nagykökényes, Szabadság út 37.

10-09-035499

Birszki Tímea

Metrodom Lőportár 9 Kft.

1139 Budapest, Teve utca 33-41. C. ép. 1 ajtó

01-09-375534

Birszki Tímea

Metrodom NEXT Kft.

3011 Nagykökényes, Szabadság u. 37.

10-09-036415

Birszki Tímea

Metrodom Premio Kft.

3011 Nagykökényes, Szabadság u. 37.

10-09-039173

 Ujj Ágnes

Metrodom Real Estate Kft.

3012 Nagykökényes, Szabadság u. 37.

10-09-035500

Birszki Tímea

Metrodom River Kft.

3012 Nagykökényes, Szabadság u. 37.

10-09-036826

Ujj Ágnes

Metrodom UP Beta Kft.

3012 Nagykökényes, Szabadság út 37.

10-09-035605

Birszki Tímea

Metrodom UP Gamma Kft.

3012 Nagykökényes, Szabadság út 37.

10-09-035606

Birszki Tímea

Metrodom Zöldmező Kft.

3012 Nagykökényes, Szabadság út 37.

10-09-035604

 Ujj Ágnes

Nanette City Home Kft.

3012 Nagykökényes, Szabadság u. 37.

10-09-029459

Rákosy Zoltán

 

The contact details of the representatives of the above companies are the same as the address of the company's seat.

***