The Property Forum application’s Data Protection and Privacy Policy

The Property Forum application’s Data Protection and Privacy Policy

1. The purpose and scope of this Policy

1.1 The purpose of this Policy is to set out the data protection and data management principles related to the use and operation of the Property Forum Event Application (hereinafter referred to as the "Application") developed and operated by International Property Network Zártkörűen Működő Részvény Társaság (1033 Budapest, Polgár u. 8-10., hereinafter referred to as the "Company"), which the Company, as the Data Controller of the Application, acknowledges as binding.

1.2 This Policy sets out the principles for the processing of Personal Data provided by Users when using the Application. The principles, rights and obligations relating to the Company's other data processing are set out in the Company's Data Protection and Privacy Policy (available here: https://www.property-forum.eu/data_protection_and_privacy_policy). For any matters not covered by this Policy, the provisions of the Company's Data Protection and Privacy Policy, available at the above address, shall prevail.

1.3 In drafting the provisions of this Policy, the Company has taken particular account of the provisions of Regulation 2016/679 of the European Parliament and of the Council ("General Data Protection Regulation" or "GDPR"), the General Data Protection Regulation of the European Parliament and of the Council of 2011 on the right to information self-determination and freedom of information, the General Data Protection Regulation of the European Parliament and of the Council of 2011 on the right to information and freedom of information, and the General Data Protection Regulation of the European Union of 2011 on the right to information. CXII of 2013 ("Infotv."), Act V of 2013 on the Civil Code ("Civil Code") and Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Commercial Advertising Activities ("Grtv.").  CXIX of 1998, and the provisions of Act VI of 1998 on the proclamation of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, signed in Strasbourg on 28 January 1981, and the recommendations of the ONLINE PRIVACY ALLIANCE.

1.4 Unless otherwise stated, the scope of this Policy does not extend to services and Data Processing related to services and other campaigns of third parties other than the Data Controller, advertising on or otherwise appearing on certain websites referred to in this Policy, or to the content published by them. Likewise, unless otherwise indicated, the services and Data Processing of websites, service providers to which the websites covered by this Policy contain a link do not fall within the scope of this Policy. Such services shall be governed by the provisions of the privacy policy of the third party service provider and the Data Controller shall not be liable for any such processing.

2. Definitions

2.1 Database: the total data processed within one database.

2.2 Data Processing: regardless of the method applied, any operation or sum of operations of personal data belong in this category, thus especially the collection, recording, organization, storage, alteration, use, query, forwarding, public disclosure, alignment, combination, blocking, deletion, destruction of personal data, or preventing the further use of data.

2.3 Data Controller: the entity, who, alone or in association with others, determines the purposes and means of data management. As stated above, concerning the services mentioned in this Policy, the entity which qualifies as Data Controller is International Property Network Inc.

2.4 Personal Data or data: any data or information which makes a specific natural person – directly or indirectly – identifiable.

2.5 Data Processor: the provider that processes Personal Data on behalf of the Data Controller. Concerning the Services referenced in the present Policy, Data Processors are the entities listed in Section 6 of the present Policy.

2.6 Application: the Property Forum Event Application developed and operated by the Data Controller and all related interfaces.

2.7 Service(s): events organised by the Data Controller, online publications operated by the Data Controller, job opening posted by the Data Controller and all services provided by the Data Controller that are available on the Websites, at the events and in publications.

2.8 User: the natural person, who registers for the use of any of the Services provided by the Data Controller and provides their data listed in Section 3 of the present Policy.

2.9 Employee: the natural person, who applies for a job opening posted by the Data Controller.

2.10 External Service Providers: third party service providers used by the Data Controller – directly or indirectly – for the organisation of events, the operation of websites and the provision of Services available through Websites and publications. Personal Data is forwarded or may be forwarded to External Service Providers and External Service Providers may forward Personal Data to the Data Controller. Service providers that have access to the Services’ websites and may collect data on Users which is, in itself or combined with other data, can be used to identify Users, also qualify as External Service Providers, even if they don’t have a relationship with the Data Controller.

2.11 Policy: the Data Controller’s present Data Protection and Privacy Policy.

2.12 Data Termination: the complete physical destruction of the media containing the data.

2.13 Data Forwarding: the data is made available to a specific third party.

2.14 Deletion of Data: making the data unrecognisable in a manner that their recovery in not possible.

2.15 Automatized Database: the set of data undergoing automatic processing.

2.16 Computer Processing: includes the following operations, if carried out partly or completely by automatized devices: the storage of data, the logical or arithmetical operations performed on the data, the alteration of the data, its deletion, retrieval and dissemination.

2.17 System: the set of technical solutions operating the Data Controller's Application and the services available through it.

3. Scope of the processed Personal Data

3.1 Personal Data processed with the consent of the User:

a) User's name (title + surname + first name)

b) User's place of work

c) User's job title

d) Photo uploaded by the User

e) User's telephone number

f) User's e-mail address

g) User's interests

h) Event tickets purchased by the User

i) User's contacts within the Application

3.2 Personal Data processed in order to comply with the legal obligations applicable to the Data Controller:

a) User's billing address

b) User's tax number/tax identification number.

4. Additional data processed by the Data Controller

4.1 When the User uses the Application, the Application automatically records the User's IP address.

4.2 During the operation of the systems, the following data may be technically recorded: the data of the User's logon computer generated during the use of the Service and recorded by the Data Controller's system as an automatic result of technical processes. This includes the type of operating system and browser program used by the User, as well as the time and duration of the visit. The automatically recorded data is automatically logged by the system upon logging in or out without any specific declaration or action by the User. Access to the data is limited to the Data Controller.

5. Purpose and legal basis for Data Processing

5.1 Purpose of the Data Processing carried out by the Data Controller:

a) maintaining contact and providing information in connection with the Company's events

b) registration for the Company's events

c) identification of the User, contacting the User

d) identification of the User's rights (the Events and Services that the User may attend)

e) ensuring that Users can contact and communicate with each other

f) informing the User if a friend of theirs wishes to attend an event organised by the Data Controller. informing a friend of the User if the User intends to attend an event organised by the Data Controller

g) to provide statistics and analyses

h) in individual cases, organising and conducting prize draws, contacting the winners and providing them with the prizes

i) facilitating the conclusion and performance of contracts within the scope of the Data Controller's activities

(j) ensuring the fulfilment of the accounting and tax record-keeping and reporting obligations of the Data Controller

The Data Controller shall not use the Personal Data provided for purposes other than those described in these points.

5.2 Legal basis for Data Processing:

a) Article 6(1)(a): Data Processing pursuant to points 5.1(a)(e)(f) and (h),

b) Article 6(1)(b): Data Processing pursuant to points 5.1(b), (c)(d)(i),

c) Article 6(1)(c). Data Processing pursuant to point 5.1(j)

d) Article 89: Data Processing pursuant to point 5.1(g).

5.3 The processing of Personal Data is based on the voluntary and duly informed declaration of the Users, including express consent of the Users to the use of their Personal Data provided by them during the use of the site and the Personal Data generated about them. Where the processing of Users' data involves the transfer of their personal data, the Policy should cover this fact. In the case of Data Processing based on consent, the User has the right to withdraw their consent at any time, without prejudice to the lawfulness of the Data Processing prior to the withdrawal.

5.4 Transfers of data to the Data Processors specified in this Policy may be made without the User's specific consent. Unless otherwise provided by law, the disclosure of personal data to third parties or public authorities shall only be possible on the basis of a decision by a public authority or with the prior express consent of the User.

Each user of the Application who participates in an event can see the names, workplaces and positions of other participants of the event in the Application during the event. By registering for the Application and the Event, the User gives their consent to this.

The services provided by the Application includes "virtual business card exchange". During this Service, the User may request a virtual business card exchange with another user of the Application via the Application. The User who has requested a virtual card exchange with another User also agrees, by making a nomination, that the other User concerned may see the telephone number and e-mail address that they provided during registration, if the nomination is accepted. In addition to the above, with the User's consent, the other User who has requested a virtual card exchange will receive a push notification from the Application after the virtual card exchange if the User registers for any future event organised by the Company. The User may disable this feature in the Application.

The other User concerned will receive a push message from the Application about the request for a virtual card exchange, in which the System will ask them to accept the virtual card exchange. If the user concerned accepts the virtual card exchange, they also give their consent to the person nominating them to see the telephone number and e-mail address they provided during registration. In addition to the above, with the consent of the other User concerned, the User will receive a push notification from the Application following the virtual card exchange if another User registers for any future event organised by the Company. The other User may disable this feature in the Application.

5.5 Any User who provides an e-mail address and the Personal Data provided during registration is also responsible for making sure that the data and consents provided are their own and accurate and that they are the sole user of the service by using the data provided.

With regard to this assumption of responsibility, any and all liability in connection with accessing and using the Service via an e-mail address and/or data provided shall be borne solely by the User who registered the e-mail address and provided the data. If the User has provided third party data during registration for the use of the Service, the User shall be liable for such data and the Company shall be entitled to claim damages from the User. In such a case, the Company shall provide all reasonable assistance to the competent authorities in order to establish the identity of the offending person.

5.5.The Data Controller may conduct research and compile anonymous statistics in connection with the data processed by it for the purpose of further development of its products, evaluation, improvement and expansion of the Services (hereinafter referred to as Research Activity). In the course of the Research Activity, the Data Controller shall use the data only in an anonymous manner, and the individual User cannot be identified from them. The Company shall be entitled to use the anonymous research results generated during the Research Activity for the purpose of improving the Services or introducing new Services, or to sell the anonymous research results to third parties. The User gives their express consent to the processing for such purposes.

6. Principles and methods of Data Processing

6.1 The Data Controller shall process Personal Data in accordance with the principles of good faith and fairness and transparency, as well as in accordance with the applicable laws and the provisions of this Policy.

6.2 The Data Controller shall use Personal Data that are indispensable for the use of the Services on the basis of the consent of the User concerned and only for the purposes for which they are intended.

6.3 The Controller shall process Personal Data only for the purposes set out in this Policy and in the applicable laws. The scope of the Personal Data processed shall be proportionate to the purpose of the Processing and shall not go beyond that purpose.

6.4 In all cases where the Data Controller intends to use the Personal Data for a purpose other than that for which it was originally collected, the Data Controller shall inform the User thereof and obtain their prior explicit consent or provide the User with the opportunity to object to such use.

6.5 The Data Controller does not verify the Personal Data provided. The person providing the Personal Data is solely responsible for the correctness of the Personal Data provided.

6.6 The Personal Data of a person under the age of 16 may be processed only with the consent of the person who is the legal guardian of the person concerned. The Data Controller is not able to verify the eligibility of the person giving consent or the content of the consent, so the User or the person who is the legal guardian of the person concerned guarantees that the consent is in accordance with the law. In the absence of a declaration of consent, the Data Controller shall not process or collect Personal Data relating to a data subject under the age of 16, with the exception of the IP address used when using the Service, which is automatically recorded due to the nature of the Internet services.

6.7 The Data Controller will not transfer Personal Data processed by it to third parties other than the Data Processors specified in this Policy and, in certain cases referred to in this Policy, to External Service Providers.

An exception to the provisions of this clause is the use of data in aggregate statistical form, which shall not include any other form of data that can identify the User concerned and shall therefore not constitute Processing or transfer of data.

In certain cases, the Data Controller may make available to third parties the Personal Data of the User concerned, which are accessible to third parties, in response to a formal judicial or police request, legal proceedings for infringement or reasonable suspicion of infringement of copyright, property rights or other rights, or for the purpose of prejudicing the interests of the Data Controller, endangering the provision of the Services, etc.

6.8 The Data Controller's system may collect data on the activity of Users, which cannot be linked to other data provided by Users at the time of registration, nor to data generated by the use of other websites or services.

6.9 The Data Controller shall notify the User concerned of the rectification, restriction or deletion of the Personal Data processed by it, as well as all those to whom the Personal Data was previously transmitted for the purposes of the Processing. The notification may be omitted if this does not prejudice the legitimate interests of the data subject in relation to the purposes of the processing.

6.10 The Data Controller shall ensure the security of Personal Data, take technical and organisational measures and establish procedural rules to ensure that the Personal Data recorded, stored or processed are protected and to prevent their accidental loss, unlawful destruction, unauthorised access, unauthorised use and unauthorised alteration or unauthorised disclosure. To comply with this obligation, the Data Controller shall invite all third parties to whom it transfers Personal Data.

7. Duration of Data Processing

7.1 Automatically recorded IP addresses are stored by the Data Controller for a maximum of 7 days after their recording.

7.2 The processing of Personal Data provided by the User in connection with the processing pursuant to Section 5.2 a) shall continue until the User unsubscribes from the relevant Service - with the relevant user name - or otherwise requests the deletion / anonymisation of the Personal Data. In this case, the Personal Data will be anonymised in the Data Controller's systems.

7.3 The Personal Data provided by the User - even if the User has terminated the access by cancelling their registration - and the messages and content stored in the User profile will be retained, but will be managed by the System under an "Anonymous" User profile and will be displayed as such in the Application of other users.

7.4 In the event of unlawful or fraudulent use of Personal Data or in the event of a criminal offence or attack against the System committed by the User, the Data Controller shall be entitled to delete the Personal Data immediately upon termination of the User's registration, but shall also be entitled to retain the Personal Data for the duration of the proceedings in the event of suspected criminal offences or civil liability.

7.5 Data that are automatically, technically recorded during the operation of the system will be stored in the system for a period of time from the moment they are generated that is reasonable to ensure the operation of the system. The Data Controller shall ensure that these automatically recorded data cannot be linked to other Personal Data, except in cases required by law. If the User has withdrawn their consent to the processing of their Personal Data or has unsubscribed from the Service, their identity will no longer be identifiable from the technical data, except for investigative authorities or their experts.

7.6 If a court or public authority has issued a final order for the erasure of the Personal Data, the erasure shall be carried out by the Data Controller. Instead of deletion, the Data Controller shall, after informing the User, restrict the use of the Personal Data if the User so requests or if, on the basis of the information available to it, it is likely that deletion would harm the legitimate interests of the User. The Data Controller shall not delete the Personal Data as long as the processing purpose which precluded the deletion of the Personal Data is still valid.

8. Rights of the User and how to enforce them

8.1 The User may request that the Data Controller inform them whether it processes the User's Personal Data and, if so, provide them with access to the Personal Data processed by the Data Controller.

The Personal Data provided by the User can be viewed in the settings of the access control system of the Application or on the profile pages of each User. Notwithstanding the foregoing, the User may request information on the processing of Personal Data at any time in writing, by registered or certified mail sent to the address of the Data Controller or by e-mail to dataprotection AT property-forum DOT eu. The Data Controller will consider a request for information sent by letter as authentic if the User can be clearly identified from the request sent. A request for information sent by e-mail shall be considered authentic by the Data Controller only if it is sent from the registered e-mail address of the User, but this does not preclude the Data Controller from identifying the User in another way before providing the information. The request for information may cover the data of the User processed by the Controller, their source, the purpose, legal basis and duration of the processing, the name and address of any Data Processors, the activities related to the processing and, in case of transfer of Personal Data, who has received or is receiving the User's data and for what purpose.

8.2 The User may request the rectification or modification of their Personal Data processed by the Data Controller. Taking into account the purposes of the Processing, the User may request the completion of incomplete Personal Data. The Personal Data provided by the User in connection with the use of the Application may be modified in the settings of the access control system of the Application or on the profile pages of each User. Once a request to modify Personal Data has been fulfilled, the previous (deleted) data can no longer be restored.

8.3 The User may request the erasure of their Personal Data processed by the Data Controller.

The erasure may be refused (i) for the exercise of the right to freedom of expression and information, or (ii) if the processing of Personal Data is authorised by law; and (iii) for the establishment, exercise or defence of legal claims.

8.4 The User may request the Data Controller to restrict the processing of their Personal Data if the User disputes the accuracy of the Personal Data processed. In this case, the restriction shall apply for the period of time that allows the Data Controller to verify the accuracy of the Personal Data. The Data Controller shall flag the Personal Data it processes if the User contests its accuracy or correctness but the incorrectness or inaccuracy of the contested Personal Data cannot be clearly established.

The User may request that the Data Controller restrict the processing of their Personal Data even if the processing is unlawful, but the User opposes the erasure of the processed Personal Data and instead requests the restriction of its use. The User may also request that the Controller restrict the processing of their Personal Data where the purpose of the processing has been achieved but the User requires the Data Controller to process the Personal Data in order to establish, exercise or defend legal claims.

8.5 The User may request that the Personal Data provided by the User and processed by the Data Controller in an automated way by the User be transferred to the Data Controller in a structured, commonly used, machine-readable format and/or transferred to another Data Controller.

8.6 The User may object to the processing of their Personal Data (i) if the processing of the Personal Data is necessary solely for compliance with a legal obligation to which the Data Controller is subject or for the purposes of the legitimate interests pursued by the Data Controller or a third party; (ii) if the processing is for direct marketing, public opinion polling or scientific research; or (iii) if the processing is carried out for the performance of a task carried out in the public interest. The Data Controller shall examine the lawfulness of the User's objection and, if the objection is justified, shall terminate the processing and block the Personal Data processed and shall notify the objection and the action taken on it to all those to whom the Personal Data concerned by the objection have been disclosed.

In any case, the Data Controller shall inform the User of the refusal of a request for erasure, indicating the reasons for the refusal. Once the request for erasure of personal data has been complied with, the previous (erased) data can no longer be restored.

9. Data processing

9.1 The Data Controller uses the following Data Processors to carry out its activities.

The Data Controller uses Google Ireland Ltd (Gordon House, Barrow Street, Dublin 4. Ireland) as an external Data Processor to enable the sending of chat messages between Users within the Application.

The Data Controller uses an external data processor to send push notifications. The Data Processor Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4. Ireland) will have access to the following data via the sign-up areas on the website, with the user's consent: browser ID, IP address.

The Data Controller's servers are located in Magyar Telekom's server rooms:

Magyar Telekom Plc. (Headquarters: 1013 Budapest, Krisztina krt. 55., Company registration number: Cg 01-10-041928)

9.2 The Data Processors do not take independent decisions, they are entitled to act only in accordance with the contract concluded with the Data Controller and the instructions received.

9.3 The Data Controller shall monitor the work of the Data Processors.

9.4 The Company may engage additional Processors for the processing, analysis and evaluation of data in the course of its research activities.

9.5 Data Processors may only use additional Data Processors with the consent of the Data Controller.

10. External Service Providers

10.1 The Data Controller makes use of External Service Providers in connection with the provision of the Services in a number of cases.

The Personal Data processed in the systems of the External Service Providers shall be governed by the provisions of the External Service Providers' own privacy policies. The Data Controller shall use its best efforts to ensure that the External Service Provider processes the Personal Data transferred to it in accordance with the law and uses it only for the purposes specified by the User or set out in this Policy.

10.2 External Service Providers facilitating registration or login

In connection with the provision of the Services, the Data Controller may cooperate with Third Party Service Providers that provide registration and access facilitation applications to Users. In the context of this cooperation, certain Personal Data (e.g. IP address, e-mail, registration name) may be transferred by these External Service Providers to the Data Controller and/or the Data Processor. These External Service Providers collect, process and transfer Personal Data in accordance with their own privacy policies. External Service Providers that cooperate with the Data Controller to facilitate registration or login are LinkedIn Corporation (Sunnyvale, California, USA), Google Ireland Ltd.

10.3 Third Party Payment Providers

The Data Controller contracts with Third Party Payment Providers in connection with the provision of the purchase of participation tickets within the Application. The Third Party Payment Providers will process the Personal Data (e.g. name, credit card number, bank account number, etc.) provided to them in accordance with the provisions of their respective privacy policies, more information on which is available on the website of the relevant Third Party Payment Provider.

The Third Party Payment Service Provider cooperating with the Data Controller:

SimplePay (OTP Bank, 1051 Budapest, Nádor u. 16., Cg. 01-10- 041585)

11. Possibility of data transfer

11.1 The Data Controller is entitled and obliged to transfer to the competent authorities any Personal Data at its disposal and stored by it in accordance with the law, which Personal Data it is obliged to transfer by law or by a final and binding administrative decision. The Data Controller shall not be held liable for such transfers and the consequences thereof.

11.2 The Data Controller is entitled, subject to the express consent of the User, to transfer the Personal Data specified in the consent for the purposes and for the duration specified in the consent to the third party specified in the consent. The processing of the transferred data shall be governed by the third party's Data Processing provisions.

11.3 The Data Controller shall keep records of the transfers for the purposes of monitoring the lawfulness of the transfers and providing information to the User.

12. Amendments to the Privacy Policy

12.1 The Data Controller reserves the right to amend this Policy at any time by unilateral decision.

12.2 The User accepts the current provisions of this Policy by logging in to the Data Controller's Application and no further consent of the User is required.

13. Options for legal enforcement

13.1 The Data Controller's staff can be contacted with any questions or comments related to data management at dataprotection AT property-forum DOT eu  and at the following telephone number: +361-327-4080.

13.2 The User may lodge a complaint about the Data Management directly to the National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; phone: +36-1-391-1400; e-mail: dataprotection AT property-forum DOT eu; website: www.naih.hu).

13.3 In case of infringement of the User's rights, the User may take legal action. The court of law has jurisdiction to decide on the case. The lawsuit may also be brought before the court of the place of residence or domicile of the data subject, at the data subject's option. Upon request, the Data Controller shall inform the User of the possibilities and means of legal remedy.

Budapest, 27 February 2023

ABOUT US

Property Forum is a leading event hub in the CEE real estate industry with over 10 years of experience. We organise conferences, business breakfasts and workshops focused on real estate, in London, Vienna, Warsaw, Budapest, Bucharest, Bratislava, Prague, Zagreb and Sofia, amongst other locations.
Please send press releases to
newsdesk AT property-forum DOT eu
MORE >

CONTACT

NEWSLETTER

Sign up today for the latest news

I have read the Privacy Policy of International Property Network Inc. and I consent to International Property Network Inc. sending me newsletters and managing my personal data provided for this purpose.

 

Property Forum © 2017 – 2024 | Terms & conditions | Privacy policy