PRIVACY POLICY

1. INTRODUCTION

 

This Privacy Policy (hereinafter referred to as the Policy) applies to the management of personal data related to the operation of the website of

Bonitás Befektetési Alapkezelő Zrt.

(hereinafter referred to as the Data Controller). The Data Controller pays increased attention to the protection of personal data, to compliance with mandatory legal provisions and to ensuring that the management of data is performed in a secure and fair manner.

Details of the Data Controller:

Company name:                                     Bonitás Befektetési Alapkezelő Zrt.

Mailing address:                                     1123 Budapest, Alkotás utca 53. B ép. 5. emelet

Email:                                                    info@bonitasktk.hu

Website:                                                 www.bonitasktk.hu

This Policy was created in accordance with the following applicable legislation:

1. Act CXII of 2011 on informational self-determination and freedom of information (hereinafter referred to as the Privacy Act);
2. Act CVIII of 2001 on certain issues of electronic commerce activities and information society services (hereinafter referred to as the Electronic Commerce Act);
3. Act XLVIII of 2008 on the essential conditions and certain limitations of business advertising activity (hereinafter referred to as the Business Advertising Act);
4. Act C of 2003 on electronic communications (hereinafter referred to as the Electronic Communications Act);
5. Act CXIX of 1995 on the use of name and address information serving the purposes of research and direct marketing;
6. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the Regulation).

This Policy regulates the data management related to www.bonitasktk.hu

This Policy is available at https://bonitasktk.hu/adatkezelesi-tajekoztato/

The Data Controller undertakes to comply with the provisions contained in this Policy and requests that, in particular, the visitors of the website accept and comply with the provisions contained in this Policy. The Data Controller reserves the right to amend this Policy, in which case the amendments of this Policy will become effective when published at https://bonitasktk.hu/adatkezelesi-tajekoztato/ .

 

2. DEFINITIONS

The terms used in this Policy have the following meaning:

 

data subject: any natural person identified or identifiable, directly or indirectly, on the basis of personal data;

personal data: information that may be connected to the data subject, in particular the data subject’s name, personal identification information or any knowledge of the data subject’s physical, physiological, mental, economic, cultural or social identity, including any inferences regarding the data subject that may be drawn from said information;

consent: the voluntary and unequivocal expression of the data subject’s will, based on appropriate information, by which the data subject unambiguously agrees to the processing of his or her personal data, either comprehensively or in relation to certain actions;

objection: the data subject’s statement in which the data subject opposes the management of his or her personal data and requests that data management be stopped and the managed data be deleted;

data controller: a natural or legal person or an organization without legal personality who, individually or together with others, determines the purpose of data management, makes the decisions related to data management, including the means, and implements said decisions or makes sure that the Data Processor implements said measures;

data management: any operation or set of operations carried out in relation to the data, regardless of the procedure applied, in particular the collection, recording, registering, organization, storage, alteration, use, querying, transmission, disclosure, coordination or linking, blocking, erasure or destruction of data, or the prevention of the further use of the data, including taking photos, recording sound or images or registering any physical characteristics that are suitable for identifying a person;

data transmission: making the data available to a specific third party;

disclosure: making the data publicly available;

data erasure: making the data unrecognizable in such a way that makes it impossible to restore;

data marking: assigning an identification mark to the data for the purpose of distinguishing it;

data blocking: assigning an identification mark to the data for the purpose of limiting its further management indefinitely or for a certain period;

data destruction: the complete physical destruction of the data carrier;

data processing: the performance of technical tasks related to data management operations, regardless of the method and means used for performing these operations or the place of application, provided that the technical tasks are performed on the data;

data processor: a natural or legal person or an organization without legal personality who is contractually applied to process the data, including contracts concluded under the legal provisions;

data set: the totality of the data managed in one register;

third person: a natural or legal person or an organization without legal personality who is not the same as the data subject, the Data Controller or the data processor;

privacy incident: illegal management or processing of personal data, in particular the unauthorized access to or the alteration, transmission, disclosure, deletion or destruction, or accidental destruction or damage of the data.

3. VISITING THE WEBSITE[1]

Clicking on the website (www.bonitasktk.hu) operated by Bonitás Befektetési Alapkezelő Zrt. is considered as a visit to the website.

 

3.1.  The purpose of data management

The Data Controller records visitor data in order to control the provision and efficiency of the services as well as to ensure that the services are provided in a personalized manner and misuse is prevented. The Data Controller will not link the data generated during the analysis of the log files with any other information, and will not seek to identify visitors.

3.2.  Legal basis for data management

The consent of the data subject as per Section 13/A Subsection (4) of the Electronic Commerce Act[2] and Article 6(1)(a) of the Regulation.

3.3.  Scope of data subjects:

The scope of data subjects covers the visitors of the Data Controller’s website (www.bonitasktk.hu).

3.4.  Scope of managed personal data

Name and email address.

 

3.5.  Duration of data management

Until lapse of interest, but not more than one year.

 

3.6.  Scope of those who have access to the data

The employees of Bonitás Befektetési Alapkezelő Zrt.

3.7.  The Data Controller is a business company as defined in section 1 of this Privacy Policy.

 

3.8.  The Data Processor

Bonafarm Zrt.

mailing address: 1123 Budapest, Alkotás utca 53.

email address: info@bonafarm.hu

website: www.bonafarmcsoport.hu/bonafarm-csoport/bonafarm-zrt/

as hosting provider, provider of outsourced IT services and server operator.

 

 

 

 

Data management by external service providers (in particular Google):

 

The html code of the portal might contain links to and from external servers that are not connected to Bonitás Befektetési Alapkezelő Zrt. The servers of external providers may be directly connected to the visitor’s computer. We would like to draw the attention of our visitors to the fact that the providers of these links are able to collect visitor data through the direct connection to their server and the direct communication with the visitor’s browser. Content, which may be personalized, is hosted by the servers of external providers. Since the servers of Bonitás Befektetési Alapkezelő Zrt. and the external providers are connected only for the purpose of inserting the codes of the latter, no personal data is transferred or forwarded. External providers use cookies, in particular the Google Adwords cookie and the Google Analytics cookie.

 

 

4. COOKIE MANAGEMENT[3]

4.1.  The purpose of data management

 

The Data Controller uses cookies during the visit to the www.bonitasktk.hu website. Cookies are information packages consisting of letters and numbers sent by the Data Controller’s website to the visitors’ browser in order to save certain settings, facilitate the use of the Data Controller’s website and help the Data Controller to collect relevant statistical information about the visitors. The cookies do not contain any personal data, and are not suitable for identifying individual users. The purpose of data management related to cookies is identifying and distinguishing visitors, identifying the current session, storing the information provided during the visit, preventing data loss and accessing browser settings.

Cookies may contain individual identification in the form of a confidential random sequence of numbers that are stored on the visitor’s device. Certain cookies are deleted when the browser is closed, while others may be stored on the visitor’s computer for a long time. Visitors can delete the cookies from their computer or disable them in the browser. Cookies can usually be managed by finding the section about cookies in the browser under Tools/Settings/Privacy Settings.

cookie_notice_accepted: Contains the list of cookies accepted by the user.

wp-settings-{X}: Required for using the functions.

wp-settings-time-{X}: Required for using the functions.

1P_JAR: Anonymous statistics

APISID: Anonymous statistics

CONSENT: Anonymous statistics

HSID, SID: Provision of user functions by third party.

NID: Anonymous statistics

SAPISID: Provision of user functions by third party.

SIDCC: Provision of user functions by third party.

SSID: Provision of user functions by third party.

DV: Anonymous

VISITOR_INFO1_LIVE: Anonymous statistics

PREF: Provision of user functions by third party.

NID: Provision of user functions by third party.

LOGIN_INFO: Provision of user functions by third party.

SAPISID: Provision of user functions by third party.

YSC: Provision of user functions by third party.

4.2.  Legal basis for data management

The consent of the data subject as per Section 5 Subsection (1)(a) of the Privacy Act, Article 155 Section (4) of the Electronic Communications Act,[4] Section 13/A Subsection (4) of the Electronic Commerce Actand[5] Article 6(1)(a) of the Regulation.

4.3.  Scope of data subjects:

 

The scope of data subjects covers those who visit the Data Controller’s website and consent to the use of cookies by clicking “I accept”.

 

4.4.  Scope of managed personal data

The following cookies used by Bonitás Befektetési Alapkezelő Zrt. do not store any personal data.

cookie_notice_accepted:

wp-settings-{X}:

wp-settings-time-{X}:

1P_JAR:

APISID:

CONSENT:

HSID, SID:

NID:

SAPISID:

SIDCC:

SSID:

DV:

VISITOR_INFO1_LIVE:

PREF:

NID:

LOGIN_INFO:

SAPISID:

YSC:

 

4.5.  Duration of data management

cookie_notice_accepted: 1 year

wp-settings-{X}: 1 year

wp-settings-time-{X}: 1 year

1P_JAR: 1 month

APISID: 2 years

CONSENT: 2 years

HSID, SID: 2 years

NID: 6 months

SAPISID: 2 years

SIDCC: 3 months

SSID: 2 years

DV: until signing out

VISITOR_INFO1_LIVE: 1 year

PREF: 10 years

NID: 182 days

LOGIN_INFO: 2 years

SAPISID: 2 years

YSC: Until the end of the session.

4.6.  Scope of those who have access to the data

 

The competent employees of the data controller and the data processors.

 

Google Adwords cookie: during the first visit to the Data Controller’s website, the visitor’s cookie ID is added to the remarketing list. In its products, Google uses cookies, such as the NID or the SID cookie, for purposes such as customizing the advertisements published in Google Search. Such cookies are used, among other things, for recording recent searches by visitors, past interactions with ads or search results, and visits to the advertisers’ websites. AdWords conversion tracking uses cookies. When the visitor clicks on an ad, AdWords saves cookies onto the visitor’s computer to track sales and other conversions related to the ad. Some of the most common uses cookies are customizing ads for the visitor, improving campaign performance reports and avoiding ads that the visitor has already viewed.

Google Analytics cookie: Google Analytics is Google’s analytics tool that helps website and application owners get a more accurate picture of visitor activities. The service may use cookies to collect information and report statistics about website usage without personally identifying the visitors. Primarily, Google Analytics uses the “__ga” cookie. In addition to reporting website usage statistics, Google Analytics and some of the advertising cookies described above can be used, among other things, for presenting more relevant ads in Google products, such as Google Search, and all across the internet.

If the visitor does not accept the use of cookies, certain features may not be available. Click the following links for more information on deleting cookies:

1. Internet Explorer:

https://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11

1. Firefox:

https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer

1. Chrome:

https://support.google.com/chrome/answer/95647?hl=en

 

4.7.  The Data Controller is the business company specified in Section 1 of this Privacy Policy.

4.8.  The Data Processor

Bonafarm Zrt.

mailing address: 1123 Budapest, Alkotás utca 53.

email address: info@bonafarm.hu

website: www.bonafarmcsoport.hu/bonafarm-csoport/bonafarm-zrt/

 

5. QUESTIONS AND SUGGESTIONS[6]

Visitors to the Data Controller’s website can submit questions and suggestions to the Data Controller by sending an electronic message via filling out the Contact form accessible via the link posted on the Data Controller’s website at https://bonitasktk.hu/contact/.

5.1.  The purpose of data management

The purpose of data management is to inform visitors by electronical means, to answer their questions and to consider their suggestions, as well as to provide more efficient consultation, to facilitate administration, to serve the needs of visitors as well as possible and to increase customer satisfaction by improving our products and our quality management system by considering suggestions and feedback provided by visitors and customers.

 

5.2.  Legal basis for data management

 

The consent of the data subject as per Section 5 Subsection (1)(a) of the Privacy Act[7] and Article 6(1)(a) of the Regulation.

After filling out the form, the visitor can submit the message to the Data Controller and consent to the data management by accepting the Privacy Policy through selecting the checkbox and clicking “Send message”. If the message is sent successfully, a pop-up window will open with a confirmation message.

 

5.3.  Scope of data subjects:

 

The scope of data subjects covers the visitors who fill out the form and send the electronic message.

 

5.4.  Scope of managed personal data

 

The form must be completed with the following personal data, required for[8]the following activities. Visitors who fill out the form and send the electronic message are responsible for the authenticity of the personal data provided.

Name: for making contact;

Email address: data required for liaising;

 

5.5.  Duration of data management

 

The data will be managed until the consent is withdrawn.[9] The Data Controller will keep a record of the persons who consented to the data management by filling out the form and sending the message. If the data subject withdraws his or her consent, the Data Controller will delete the data subject’s personal data from its register and from any existing database.

5.6.  Scope of those who have access to the data

 

The competent employees of the data controller and the data processor.

5.7.  The Data Controller is the business company specified in Section 1 of this Privacy Policy.

5.8.  The Data Processor

Bonafarm Zrt.

mailing address: 1123 Budapest, Alkotás utca 53.

email address: info@bonafarm.hu

website: www.bonafarmcsoport.hu/bonafarm-csoport/bonafarm-zrt/

 

6. SAFETY OF DATA MANAGEMENT

The Data Controller will store the personal data in the form required in the provisions contained in this Policy.

The Data Controller or, in its scope of activities, the Data Processor is required to ensure data security during data management or data processing and to implement all technical and organizational measures and procedural rules required for the enforcement of the Privacy Act and all other data privacy and confidentiality rules.

The Data Controller and the Data Processor will protect the data by implementing appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction, damage or inaccessibility due to technological changes.

In order to protect the data files that are managed by electronic means in its various records, the Data Controller shall ensure, by implementing appropriate technical solutions, that the stored data cannot be directly connected or correlated to the data subject.

The IT system and network of the Data Controller will be protected against computer-assisted fraud, espionage, sabotage, vandalism, fire or flood, computer viruses or computer intrusions. The operator will ensure security through server-level and application-level safety measures.

7. RIGHTS OF DATA SUBJECTS

9.1.    Under the Privacy Act

 

1. a) Information

At the request of the data subject, the Data Controller will provide information about which personal data of the data subject it manages, the source of this data, the purpose, legal basis, duration and activities related to the data management, the circumstances and effects of any privacy incident and the implemented prevention measures as well as the legal basis and recipient of data transmission.

The Data Controller is required to provide the information in writing in a comprehensible form as soon as possible, but no later than within 25 days after the request is submitted. This information is free of charge if the person requesting the information has not yet submitted a request for information for the same data set in the current year to the Data Controller. In all other cases, the Data Controller will request the payment of a fee.

1. b) Correction, blocking and deletion

The Data Controller will correct the personal data if it does not correspond to reality and if the personal data corresponding to reality is made available to the Data Controller.

The Data Controller will block the personal data at the request of the data subject or if, on the basis of the information available to the Data Controller, it is assumed that deleting the data would harm the legitimate interests of the data subject. Blocked personal data may only be managed as long as the purpose of the data management, which prevents the deletion of the personal data, exists.

The Data Controller will delete the personal data if:

1. the data management is illegal;
2. the data subject so requests;
3. the managed data is incomplete or incorrect and this condition cannot be legally remedied, provided that deletion is not prevented by law;
4. the purpose of the data management has ceased or the term for the storage of data specified by law has expired; or
5. a competent court or the National Authority for Data Protection and Freedom of Information so requires.

If the Data Controller fails to comply with the data subject’s request for correction, blocking or deletion, it is required to communicate, within 25 days of receipt of the request, in writing or, with the consent of the data subject, by electronic means, the factual reasons for rejecting the request for correction, blocking or deletion. If the request for correction, deletion or blocking is rejected, the Data Controller will inform the data subject of the possibility of legal redress and recourse to the Authority.

1. c) Objections

The data subject may object to the management of his or her personal data if

1. a) the management or transmission of personal data is necessary only for the fulfillment of a legal obligation of the Data Controller or for the enforcement of the legitimate interest of the Data Controller, a data recipient or a third party, unless the data management is required by law;
2. b) the use or transmission of personal data occurs for the purpose of direct business acquisition, public opinion polling or scientific research; or
3. c) in any other cases specified in the legislation.

The Data Controller is required to investigate the objection as soon as possible, but not later than within 15 days from the submission of the request, to assess the merits of the request and to inform the applicant about its decision in writing.

9.2.    Under the Regulation

 

1. a) Withdrawal of consent

In addition to those stated above, the data subject is entitled under the Regulation to withdraw his or her consent to the data management at any time. The data subject’s declaration of withdrawal is valid only with the clear indication of the data management in question.

1. b) Limitation

The data subject has the right to request the Data Controller to limit the data management in one of the following conditions:

1. the data subject disputes the accuracy of the personal data, in which case the limitation applies for the period of time that allows the Data Controller to verify the accuracy of the personal data;
2. the data management is illegal and the data subject opposes the deletion of the data, requesting instead that their use be limited;
3. the Data Controller has no more use of the personal data for the purpose of data management, but the data subject requests access to them for the purpose of submitting, enforcing or protecting legal claims; or
4. the data subject has objected to the data management, in which case the limitation applies for the period of time until it is determined whether the legitimate reasons of the Data Controller take precedence over the legitimate reasons of the data subject.

If one of the conditions listed above is met and the data management is subsequently limited, such personal data may be managed, with the exception of their storage, only with the consent of the data subject or for the purpose of submitting, enforcing or protecting legal claims or protecting the rights of another natural or legal person or in the important public interest of the European Union or one of its Member States.

The Data Controller is required to inform the data subject who submitted the request to limit data management in advance if the limitations of data management are lifted.

1. c) Transmission

The data subject has the right to receive his or her personal data provided to the Data Controller in a structured, widely used and machine-readable format, and to transfer such data to other data controllers without being prevented by the Data Controller if

1. the data management is based on consent or a contract, and
2. the data management is performed by automatic means.

In exercising the right to data portability as described above, the data subject has the right, if technically feasible, to request the direct transfer of personal data between data controllers.

9.3.  Means of enforcement

The data subject may exercise the data management rights discussed above by sending a message to the Data Controller’s email address or registered office, from the data subject’s identifiable email address or by post, in a letter signed by the data subject. The statement issued by the data subject about exercising his or her rights is valid only with the clear indication of the data management in question.

If the data subject does not agree with the decision made by the Data Controller, he or she may lodge a complaint within 30 days after being notified about the decision. Requests for remedy and complaints can be lodged at the National Authority for Data Protection and Freedom of Information:

Designation:            National Authority for Data Protection and Freedom of Information

E-mail:                     ugyfelszolgalat@naih.hu

Mailing address:      1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Telephone:               +36 (1) 391-1400

Website:        www.naih.hu

[1]If the company operating the website does not record the data of visitors, the provisions related to Chapter 3 above need not be included in the Privacy Policy.

[2]According to Section 13/A Subsection (4) of the Electronic Commerce Act, „Service providers shall be authorized to process data relating to the use of its services for reasons other than what is described in Subsection (3), such as in particular for improving its efficiency for providing the service, for the transmission of electronic communications or other targeted content to the recipient of the service, or for market research, only if the reason for processing is indicated in advance and subject to the prior consent of the recipient of the service.”

[3]If the company operating the website does not use cookies on the website, the provisions related to Chapter 4 above need not be included in the Privacy Policy.

[4]According to Article 155 Section (4) of the Electronic Communications Act, ”Information may be stored in an electronic communications terminal equipment and the information stored there may be accessed using an electronic communications network exclusively on the basis of the consent of the user or subscriber following his clear and full information.”

[5]According to Section 13/A Subsection (4) of the Electronic Commerce Act, „Service providers shall be authorized to process data relating to the use of its services for reasons other than what is described in Subsection (3), such as in particular for improving its efficiency for providing the service, for the transmission of electronic communications or other targeted content to the recipient of the service, or for market research, only if the reason for processing is indicated in advance and subject to the prior consent of the recipient of the service.”

[6]If the company operating the website does not provide such services, the provisions related to Chapter 5 above need not be included in the Privacy Policy.

[7]Under Section 5 Subsection (1)(a) of the Privacy Act, personal data may be processed “when the data subject has given his consent.”

[8]This is where the purposes of data management, such as the name and email address required for liaising and efficiently discuss questions and suggestions, must be indicated separately and accurately.

[9] According to Section 6 Subsection (5), “Advertisers, advertising service providers and publishers of advertising shall maintain records on the personal data of persons who provided the statement of consent referred to in Subsection (1) to the extent specified in the statement. The data contained in the aforesaid records – relating to the person to whom the advertisement is addressed – may be processed only for the purpose defined in the statement of consent, until withdrawn, and may be disclosed to third persons subject to the express prior consent of the person affected.”