Privacy policy


1. The data controller:

Name: GEOS Invest Hungária Korlátolt Felelősségű Társaság (hereinafter: Controller, GEOS Group Hungary, or Company)
Registered seat: 1053 Budapest, Ferenciek tere 7-8. 5. lház. 1. em 2.
Registration number: 01-09-303695
Court in charge of records: Court of Register of the Metropolitan Court of Budapest
Tax number: 24693309-2-41
E-mail: sales@geosgrouphunary.hu


2. The purpose, legal basis and method of data processing, the scope of the data processed, the duration of data processing, the scope of persons entitled to have access to the data:

2.1. Recruitment, selection

The purpose of the data processing: name, telephone number, e-mail address, professional experience, resume.
The scope of the data processed: név, telefonszám, e-mail cím, szakmai tapasztalat, önéletrajz.
The legal basis of the data processing: your consent pursuant to point a) of Article 6 (1) of the GDPR.
The duration of the data processing: GEOS Group Hungary processe the data provided by you until the given position is filled.
The method of data processing: in paper-based form and electronically.
The scope of persons entitled to have access to the data: the specialists of the Controller in charge of recruitment and selection tasks.
The purpose of the data processing: in case of those not applying to a specific vacancy the keeping of records on applications for future employment received by GEOS Group Hungary and the selection of the suitable employee from among such persons.
The scope of the data processed: name, telephone number, e-mail address, professional experience, resume.
The legal basis of the data processing: pursuant to point a) of Article 6 (1) of the GDPR, your consent.
The duration of the data processing: GEOS Group Hungary processes the data provided by you until the given position is filled.
The method of data processing: in paper-based form and electronically.
The scope of persons entitled to have access to the data the specialists of the Controller in charge of recruitment and selection.

2.2. Data processing for sales-related purposes

The purpose of the data processing: contacting data subjects for the purpose of the sale or lease of the properties.
The scope of the data processed: the personal data to be provided on the website: name, e-mail address, telephone number, remark; database: name, telephone number, e-mail address, place and date of birth, country of citizenship; data appearing in the background database: where/what advertising medium did the data subject learn about the activities of the Controller from, which property did the data subject like, what preferences does the data subject have concerning the property, the fact of an offer made. Follow-up tracking of the client in the CRM system.
The legal basis of the data processing: consent pursuant to point a) of Article 6 (1) of the GDPR.
The duration of data processing: until the revocation of the consent.
The method of data processing: in paper-based form and electronically.
The scope of persons entitled to have access to the data: the employees of the Controller in charge of sales activities.

2.3.Data processing related to concluding contracts

The purpose of the data processing: the leasing out or selling of properties, or concluding contracts for other purposes.
The legal basis of the data processing: Necessary for the performance of contracts pursuant to point b) of Article 6 (1) of the GDPR.
The duration of data processing: until the revocation of the consent.
The method of data processing: 5 years after the expiry or termination of the contract.
The method of data processing: in paper-based form and electronically.
The scope of persons entitled to have access to the data: the employees of the Controller in charge of sales activities.
Transmitting data to third countries: Since GEOS Group is an international group of companies engaged in international activities, we may share your personal data with the parent company of GEOS Group in the interest of the purpose specified in Section 2.3 hereof. Therefore, we may also transmit your personal data to a county (Ukraine) whose laws and data protection requirements may differ from the laws and data protection requirements in your country. In such cases, the transmission of data shall always take place by ensuring compliance with the provisions in Articles 44-49 of the GDPR.

2.4. Data processing related to newsletters

The purpose of the data processing: the sending of electronic newsletters by GEOS Group Hungary to interested parties with current information concerning the Company, as well as its services and offers.
The scope of the data processed: name, user name, e-mail address.
The legal basis of the data processing: consent pursuant to point a) of Article 6 (1) of the GDPR.
The duration of data processing: until the user unsubscribes from the newsletter.
The method of data processing: electronically.
The scope of persons entitled to have access to the data: the employees of the Controller in charge of marketing and sales activities.

2.5. Data processing related to sound recording

The purpose of the data processing: sound recording.
The scope of the data processed: sound recording and identification number, which is the given calendar day + the last three digits of the data subject’s telephone number.
The legal basis of the data processing: compliance with obligation based on Section 17/B of Act CLV of 1997 on Consumer Protection.
The duration of data processing: in case of calls received by our sales staff, 5 years after the recording of the call.
The method of data processing: in paper-based form and electronically.
The scope of persons entitled to have access to the data: the employees of the Controller in charge of investigating complaints.

2.6. Data processing related to the handling of complaints

The purpose of the data processing: recording, investigating and evaluating complaints.
Scope of the data processed: the client’s name, address, correspondence address, the place, time and manner of complaint submission, the detailed description of the client’s complaint; in case of data recorded over the phone, the unique identification number of the call; the documents and other evidence presented by the client, as well as a list thereof; the signature of the person recording the complaint, as well as the signature of the client if the complaint was made in person; the place and time where the written record was drawn up; e-mail address telephone number for maintaining contact with the client; the data of the authorised agent; the data of witnesses.
The legal basis of the data processing: consent pursuant to point a) of Article 6 (1) of the GDPR, as well as the legal basis specified in Section 17/A-C of the Act on Consumer Protection.
The duration of data processing: pursuant to Sections 17/A (7) and 17/B (3) of the Act on Consumer Protection, the Company shall keep the written record taken of the complaint, a copy of the reply provided, and the sound recording with a unique identification number for a period of five years.
The method of data processing: in paper-based form and electronically.
The scope of persons entitled to have access to the data: the employees of the Controller in charge of investigating complaints.

2.7. Data processing related to the website

Anyone may access the Controller’s website without disclosing their identity and personal data, and may obtain information from the home page and the pages linked to it freely and without any restriction. Entering to and exiting from the website is facilitated for visitors by “cookies”, i.e. small data packages saved on and retrieved from the visitors’ devices. Cookies ensure the proper operation of the website, more efficient service, as well as statistical-type, anonymous data collection.

Visitors can delete cookies from their devices, and they are automatically deleted upon exiting the browser, and visitors may also set up their browsers in such a way that no cookies are accepted. Visitors can still use the website even if otherwise the browser is manually set to refuse cookies.

The purpose of the data processing: examining patterns of visiting the website.
The scope of the data processed: the visitor’s internet protocol (IP) address, the data and time of the visit, the data of the web pages visited, the name of the browser software used.
The legal basis of the data processing: consent pursuant to point a) of Article 6 (1) of the GDPR.
The duration of data processing: 6 months.
The method of data processing: in paper-based form and electronically.
The scope of persons entitled to have access to the data: the employees of the Controller in charge of marketing activities.


3. Information on the use of Processors:

Based on a contract for the provision of services: DotRoll Számítástechnikai Kft.
Registered seat: 1148 Budapest, Fogarasi út 3-5.
Registration number: 01-09-882068
Court in charge of records: Court of Register of the Metropolitan Court of Budapest
Tax number: 13962982-2-42
The Processor may process the data specified in Section 2 until the end of the term also specified in Section 2, and it shall provide server service on the basis of a contract concluded with the Controller.
Based on a contract for the provision of services: SMX Általános Szolgáltató Kft.
Registered seat: 1078 Budapest, Hernád u. 54.
Registration number: 01-09-067305
Court in charge of records: Court of Register of the Metropolitan Court of Budapest
Tax number: 10361186-2-42

The Processor may process the data specified in Section 2 until the end of the term also specified in Section 2, and it shall develop the website on the basis of a contract concluded with the Controller.

Based on a contract for the provision of services: OPENNETWORKS Kereskedelmi és Szolgáltató Kft.
Registered seat: H-1117 Budapest, Fehérvári út 50-52. 2. em.
Registration number: 01-09-723926
Court in charge of records: Court of Register of the Metropolitan Court of Budapest
Tax number: 13213343-2-43

The Processor may process the data specified in Section 2 until the end of the term also specified in Section 2, and it shall perform sound recording services and store the recordings made.


4. Information on data security:

The storage of data, the security of the data processing

- The Controller shall, with the participation of the Processor, take all necessary technical and organisational measures:
a) to ensure the proper operation of the application(s);
b) to ensure that the authorised users can access the functions of the application and the data in accordance with their respective levels of authorisation;
c) to provide for the saving and archiving of the data;

- and further, the Controller shall comply with the procedural rules necessary for the enforcement of the requirements included in the provisions of data protection law specified in Section 6. The Controller shall subject the files stored to virus checking and other security filtering, by way of the Processor.

- The Controller shall take such technical and organisational measures as necessary to ensure the safety of the data protection activity that provides an adequate level of protection for the risks in connection with the data processing, and shall select and operate the IT assets used in such a way that:
a) the data processed shall be accessible to authorised parties (availability);
b) the authenticity and certified status of the data processed shall be ensured (authenticity of data processing);
c) the data processed can be proved to be unchanged (data integrity); and
d) the data processed shall be protected against unauthorised access (confidentiality).



5. The rights and legal remedies available to data subjects:

1. The right to receive information

Using the available contact information, you may request information from the Controller, request the rectification or deletion of your data, or the restriction of the data processing. At your request, the Controller shall provide information on the data processed by it, the purpose, legal basis and duration of the data processing, the name, address (registered seat) of the Controller, the name, address (registered seat) of the processor and its activities related to the data processing, the contact information of the data protection officer, information on who received your personal data and for what purpose, your rights related to data processing, as well as the measures taken by the Controller. The Controller shall be required to provide such information as soon as possible after the request is submitted, but not later than 1 month, in writing, in an easily comprehensible way. The above period may be extended by two further months where necessary, taking into account the complexity and number of the requests. If a request is manifestly unfounded or excessive, particularly if it is repetitive, the Controller may charge a reasonable fee or refuse to act on the basis of the request.

2. The right to withdraw consent

In cases of consent provided under point a) of Article 6 (1) and point a) of Article 9 (1), data subjects may withdraw their consent to the data processing at any time, without affecting the lawfulness of the data processing based on consent before its withdrawal.

3. The right of access

You are entitled to obtain from the Controller confirmation as to whether or not your personal data are being processed.
Under the right of access, you are entitled to obtain access from the Controller to your personal data being processed and to the following information:

• the purpose of the data processing;
• the categories of personal data concerned;
• the duration of the data processing;
• information on who receive or have received your personal data, and for what purpose;
• your rights related to the data processing;
• the right to lodge a complaint with a supervisory authority.

At your request, the Controller shall provide a copy of the personal data, provided that this does not right adversely affect the rights or freedoms of others. The Controller may charge you the expenses of any further copies requested by you.


4. The right to rectification (correction) and erasure of the data

Using the available contact information, you may request in writing the rectification (correction) of your personal data, as well as the supplementation of any missing personal data.
Using the available contact information, you may request in writing the erasure (deleting) of your personal data, if the purpose of the data processing ended, in cases provided under point a) of Article 6 (1) and point a) of Article 9 (1) (consent), if withdrawing consent to the data processing, in case of data processing based on point e) (public interest or official authority) and point f) (legitimate interests) of Article 6 (1), if objecting to the data processing, if the period available for the storage of the data has expired, or when ordered by the court or other authority.
Notice of the correction or deletion shall be sent by to you, as well as to all parties to whom the data has been transmitted. The notification may be dispensed with if, with a view to the purpose of the data processing, this does not violate your rightful interest.
The Controller shall not delete the personal data if such data are necessary for compliance with a legal obligation by the Controller, or for the establishment, exercise or defence of legal claims.

5. The right to the restriction of data processing

Using the available contact information, you may request in writing that the Controller restrict the processing of your personal data, if:
• you contest the accuracy of the personal data (in this case the restriction shall be for the period enabling the Company to verify the accuracy of such data);
• the data processing is unlawful, but you oppose the erasure of the personal data and requests the restriction of their use instead;
• the purpose of the data processing ended, but you need the data for the establishment, exercise or defence of legal claims.

The restriction of the data processing shall last until necessary on the basis of the reasons identified by you. In this case, we shall only process the personal data, with the exception of storage, with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. The Controller shall inform you before the restriction of data processing imposed at your request is lifted.

6. The right to data portability

In case of data processing based on point a) of Article 6 (1) and point a) of Article 9 (1) (consent) or point b) of Article 6 (1) (contract), and where data processing is carried out by automatic means, using the available contact information, you may request in writing that you receive your personal data in a structured, commonly used and machine-readable format and that those data be transmitted to another data controller. You also have the right, wherever technically feasible, to request that your data be directly transmitted between the data controllers.

7. The right to object

In case of data processing based on point e) of Article 6 (1) (public interest or official authority) and f) (legitimate interest), using the available contact information, you may object in writing against the processing of your personal data (including profiling), in which case the Controller shall no longer process your data and shall delete the same. The Controller may continue to process your personal data, if justified by compelling legitimate grounds, or where necessary for the establishment, exercise or defence of legal claims.
Using the available contact information, you may object in writing against the processing of your personal data for direct marketing purposes (including profiling), in which case the Controller shall no longer process your data and shall delete the same.

8. Relevant provisions of law:

In case of an infringement of your rights, or in case you do not agree with the decision of the Controller, you may lodge a complaint to the National Authority for Data Protection and Freedom of Information.

Name: National Authority for Data Protection and Freedom of Information
Registered seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/C
Mailing address: 1530 Budapest, P.O. Box 5.
Phone number: (+36-1) 391-1400
Fax: (+36-1) 391-1410
E-mail: ugyfelszolgalat@naih.hu
In case of an infringement of your rights, or when you do not agree with the decision of the Controller, you may, within 30 days of the communication of the above, bring an action directly before the courts of jurisdiction on the basis of the registered seat of the Controller or your place of permanent or temporary residence. The court shall act in such cases in expedited proceedings.

If you have any comments or objection in connection with the processing of your personal data, or you wish to receive information on the processing of your data, please use the contact information specified in Section 1 above.


6. Relevant provisions of law:

- Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or GDPR);
- Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (Information Act);
- Act V of 2013 on the Civil Code;
- Act CLV of 1997 on Consumer Protection.