1. PURPOSE OF THE PRIVACY POLICY
Interhome Hungary (Intergarden Ltd., address: 7754 Bóly, Park utca 19., hereinafter referred to as the service provider or data controller), as data controller, acknowledges the content of this legal notice as binding upon itself.
It undertakes to ensure that all data processing related to its activities complies with the requirements set out in this policy, as well as with the applicable national legislation and the legal acts of the European Union.
This Privacy Policy applies to the following domains and their subdomains:
- interhomehungary.com
- interhomehungary.hu
- interhomehungary.nl
The data protection principles related to the data controller’s processing activities are continuously available at:
interhomehungary.com/adatkezelesi-tajekoztato
The data controller reserves the right to amend this policy at any time. Affected parties will be informed of any changes in due time.
If you have any questions regarding this notice, please contact us in writing and we will respond to your inquiry.
The data controller is committed to protecting the personal data of its clients and partners and considers it of utmost importance to respect its clients’ right to informational self-determination. The data controller treats personal data confidentially and takes all necessary security, technical, and organizational measures to guarantee the security of the data.
The data controller outlines its data processing practices below.
2. DETAILS OF THE DATA CONTROLLER
If you wish to contact the company, you may reach the data controller at the following contact details:
Email: andrea.pavkovics@interhomehungary.com
Phone: +36 70 434 0857
Name: Intergarden Ltd.
Registered office: 7754 Bóly, Park utca 19.
Tax number: 14611328-2-02
Registration number:
Mobile: +36 70 434 0857
Email: andrea.pavkovics@interhomehungary.com
2.1 DATA PROTECTION OFFICER
The data controller does not carry out any activities that would justify the appointment of a Data Protection Officer.
3. SCOPE OF PROCESSED PERSONAL DATA
3.1. TECHNICAL DATA
When processing personal data, the data controller selects and operates the IT tools used in the provision of services in such a way that the processed data:
- is accessible to those authorized (availability);
- its authenticity and verification are ensured (authenticity of data processing);
- its integrity can be verified (data integrity);
- is protected against unauthorized access (confidentiality of data).
The data controller protects data by appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction.
The data controller ensures the security of data processing through technical and organizational measures that provide a level of protection appropriate to the risks associated with the processing.
During data processing, the data controller preserves:
- confidentiality: ensuring that information is accessible only to those who are authorized;
- integrity: protecting the accuracy and completeness of the information and the method of processing;
- availability: ensuring that when an authorized user needs the information, it is actually accessible and the necessary tools are available.
3.2 COOKIES
3.2.1 PURPOSE OF COOKIES
Cookies collect information about visitors and their devices; they remember visitors’ individual settings, which may be used, for example, during online transactions so that they do not have to be re-entered; they facilitate the use of the website; provide a quality user experience; and participate in collecting certain visitor statistics.
For the purpose of providing customized services, a small data package, known as a cookie, is placed on the user’s computer and read back during subsequent visits. If the browser sends back a previously saved cookie, the service provider managing the cookie has the possibility to link the user’s current visit with previous visits, but exclusively in relation to its own content.
Some cookies do not contain personal information suitable for identifying individual users, while others contain a secret, randomly generated number that is stored on the user’s device and ensures the user’s identifiability.
3.2.2 STRICTLY NECESSARY, SESSION COOKIES
The purpose of these cookies is to enable visitors to browse the interhomehungary.com website fully and smoothly, use its functions, and access the services available there. The validity period of this type of cookie lasts until the end of the session (browsing); upon closing the browser, these cookies are automatically deleted from the computer or other device used for browsing.
3.2.3. COOKIES PLACED BY THIRD PARTIES (ANALYTICS)
The interhomehungary.com website and its subdomains use Google Analytics as third-party cookies. By using Google Analytics, a statistical service, the interhomehungary.com, interhomehungary.hu, and interhomehungary.nl websites collect information about how visitors use the websites. The data is used for the purpose of developing the website and improving the user experience. These cookies also remain on the visitor’s computer or other device used for browsing, in its browser, until they expire or until the visitor deletes them.
3.2.4. LEGAL BASIS FOR COOKIE PROCESSING
The legal basis for cookie processing is the consent of the website visitor, pursuant to Article 6 (1) (a) of the applicable Regulation.
If you do not accept the use of cookies, certain functions of the websites listed in section 3.2.3 will not be available during use, and some features may not function properly.
For more information on deleting cookies in commonly used browsers, please refer to the following links:
3.2.5. LIST OF COOKIES USED ON THE DATA CONTROLLER’S WEBSITES
| Name | Provider | Detailed Description | Expiry | Type |
| Cookies necessary for website operation | | The cookies are indispensable for the use of the website and enable the use of the website’s basic functions. In their absence, many functions of the site will not be available. | End of session | Does not collect personal information |
| Cookies that improve the user experience | | The cookies collect information about the use of the website and serve to improve the user experience. | End of session | Does not collect personal information |
| Session cookies | | The cookies store the visitor’s location, the browser language, and the currency of payment. | Maximum 2 hours or until the browser is closed. | |
| Last viewed product cookie | | Records the last viewed product. | 60 days | |
| Last viewed product category cookie | | Records the last viewed product category. | 60 days | |
| Cart cookie | | Stores the data of the product placed in the cart. | 360 days | |
| 1P_JAR | Google.com and Gstatic.com | The cookie is used to collect website statistics and to track the conversion rate. | 2 years | Does not collect personal information |
| CONSENT | interhomehungary.com, interhomehungary.hu, interhomehungary.nl | The cookie is used to store settings related to the acceptance of cookies. | 1 year | Does not collect personal information |
| viewedExitPopupWP | interhomehungary.com, interhomehungary.hu, interhomehungary.nl | The cookie is used to store the settings of the information displayed when leaving the websites. | 30 days | Does not collect personal information |
| NID | Google.com | These cookies allow our websites to remember the way the website operates or is displayed, for example the language you have set or information that modifies your region of residence. | 10 years | Does not collect personal information |
| _ga | Google.com | We use Google Analytics cookies to measure traffic on our website. A single text string is stored to identify the browser, the timestamp of interactions, and the browser/source page that directed the user to our website. | 2 years | Does not collect personal information |
| _gat | Google.com | We use Google Analytics cookies to measure traffic on our website. A single text string is stored to identify the browser, the timestamp of the interaction, and the browser/source page that led the user to our website. | 2 years | Does not collect personal information |
| _gid | Google.com | We use Google Analytics cookies to measure traffic on our website. A single text string is stored to identify the browser, the timestamp of the interaction, and the browser/source page that led the user to our website. | 2 years | Does not collect personal information |
4. GENERAL DATA PROCESSING PRINCIPLES, NAME OF DATA PROCESSING, PURPOSE, LEGAL BASIS AND RETENTION PERIOD
The data processing activities of the Data Controller are based on voluntary consent or statutory authorization. In the case of data processing based on voluntary consent, data subjects may withdraw their consent at any stage of the data processing.
In certain cases, the processing, storage and transfer of a specific set of provided data is required by law, of which our clients will be separately informed. We draw the attention of those providing data to the Data Controller that if they do not provide their own personal data, it is the responsibility of the data provider to obtain the consent of the data subject.
The data processing principles comply with the applicable data protection legislation, in particular with the following:
- Act CXII of 2011 – on the right to informational self-determination and freedom of information (Infotv.);
- Regulation (EU) 2016/679 of the European Parliament and of the Council (27 April 2016) – on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation 95/46/EC (General Data Protection Regulation, GDPR);
- Act V of 2013 – on the Civil Code;
- Act C of 2000 – on Accounting;
- Act LIII of 2017 – on the prevention and combating of money laundering and terrorist financing;
- Act CCXXXVII of 2013 – on Credit Institutions and Financial Enterprises.
The Data Controller has prepared data maps, on the basis of which the scope of processed data, their purpose of use, legal basis and retention period have been determined.
4.1 DATA RELATED TO ONLINE ORDERS
It is possible to order services through the website. The personal data requested during the ordering process are:
- Name (mandatory field)
- Email address (mandatory field)
- Telephone number (optional field, may be provided for call-back purposes)
In the case of certain services, such as website maintenance, additional personal data may also be provided.
Purpose of data processing, intended use of the processed data:
The data are used for the fulfillment of the order.
Legal basis for data processing:
Contractual engagement.
Retention period:
Duration of the business relationship or until a request for deletion.
4.2 DATA RELATED TO ONLINE ADMINISTRATION
Personal data requested during contact:
- Name (mandatory field)
- Email address (mandatory field)
- Telephone number (optional field, may be provided for call-back purposes)
Purpose of data processing, intended use of the processed data:
The data are used for establishing contact and fulfilling the order.
Legal basis for data processing:
Voluntary consent.
Retention period:
Duration of the business relationship or until a request for deletion.
4.3 DATA RELATED TO TELEPHONE ADMINISTRATION
Personal data requested during contact:
- Name (mandatory field)
- Telephone number (optional field, may be provided for call-back purposes)
Purpose of data processing, intended use of the processed data:
The data are used for establishing contact and fulfilling the order.
Legal basis for data processing:
Voluntary consent.
Retention period:
Duration of the business relationship or until a request for deletion.
4.4 DATA RELATED TO NEWSLETTER / eDM
Personal data requested during newsletter subscription:
- Name (mandatory field)
- Telephone number (optional field, may be provided for call-back purposes)
Subscription to the newsletter is possible after ознакомing and accepting the Privacy Policy. Acceptance of the Privacy Policy takes place by ticking a mandatory, pre-unchecked checkbox.
After subscribing, the subscriber receives an email notification about the subscription, which must be confirmed. The subscription becomes effective only after this confirmation.
During the entire process, the customer has the possibility to unsubscribe at any time. The option to unsubscribe is included in every email in the form of a link, which can be accessed easily with a single click.
Since the newsletter contains the name of the company and the website address, it qualifies as advertising and eDM.
Purpose of data processing, intended use of the processed data:
The data are used to send newsletters containing advertising. The newsletter includes the website address, therefore it qualifies as advertising.
Legal basis for data processing:
Voluntary consent.
Retention period:
Until unsubscribing.
4.5 CUSTOMER CONTACT DATA
I store the following personal data and contact details of company executives and contact persons of clients:
- Name
- Email address
- Telephone number
Purpose of data processing, intended use of the processed data:
The data are used for establishing and maintaining contact.
Legal basis for data processing:
Legitimate interest.
Retention period:
Duration of the business relationship or until a request for deletion.
4.6 PERSONAL DATA PROVIDED DURING REGISTRATION
Registration is possible in the webshop module of the website, which facilitates the use of further services by eliminating the need to re-enter data. The personal data processed during registration are:
- Name
- Email address
- Address
- Telephone number
- Purchase information (product, date, etc.)
Purpose of data processing, intended use of the processed data:
Billing.
Legal basis for data processing:
Voluntary consent.
Retention period:
Until withdrawal of consent.
4.7. PERSONAL DATA PROVIDED DURING PURCHASE
If you wish to place an order in the webshop module, the provision and processing of personal data during the purchase are indispensable for the performance of the contract.
- Name
- Email address
- Address
- Telephone number
- Purchase information (product, date, etc.)
Purpose of data processing, intended use of the processed data:
Performance of a contractual engagement.
Legal basis for data processing:
Contractual engagement.
Retention period:
Based on legal requirements: current year + 5 years.
4.8 DATA RELATED TO INVOICING
The Data Controller concludes a contract with clients regarding the ordered services, during which the following data are stored:
Purpose of data processing, intended use of the processed data:
Invoicing.
Legal basis for data processing:
Legal obligation.
Retention period:
Based on legal requirements: current year + 5 years.
4.9. WARRANTY ADMINISTRATION
If you initiate a warranty claim, the provision and processing of personal data are indispensable for handling the case.
- Name
- Email address
- Telephone number
- Complaint
Purpose of data processing, intended use of the processed data:
Warranty administration.
Legal basis for data processing:
Voluntary consent.
Retention period:
Based on the Consumer Protection Act: current year + 5 years.
4.10 HANDLING OF CONSUMER PROTECTION COMPLAINTS
If you submit a consumer protection complaint, the provision and processing of personal data are indispensable for handling the case.
- Name
- Email address
- Telephone number
- Complaint
Purpose of data processing, intended use of the processed data:
Handling of consumer protection complaints.
Legal basis for data processing:
Voluntary consent.
Retention period:
Based on the Consumer Protection Act: current year + 5 years.
5. PLACE OF PHYSICAL STORAGE OF DATA
Your personal data (i.e. data that can be associated with you personally) may be processed by us in the following ways:
- On the one hand, technical data related to the computer you use, your browser program, your internet address and the pages you visit are automatically generated in our computer system in connection with maintaining the internet connection.
- On the other hand, you may also provide your name, contact details or other information if you wish to establish personal contact with us while using the website.
During the operation of the system, the following data are technically recorded: data of the data subject’s computer used for logging in, which are recorded by the systems of the webfolio.hu and fotofolio.hu domains and their subdomains as an automatic result of technical processes.
The data recorded automatically are logged by the system upon entry and exit without any separate declaration or action by the data subject.
These data cannot be linked with other personal user data, except in cases where this is required by law. Access to the data is granted exclusively to the webfolio.hu and fotofolio.hu domains and their subdomains.
6. DATA TRANSFER, DATA PROCESSING, AND PERSONS ENTITLED TO ACCESS THE DATA
Within the framework of its business activities, the Data Controller uses the following data processors:
Hosting service provider:
Websupport Magyarország Kft.
Address: 1132 Budapest, Victor Hugo Street 18–22, Hungary
Customer service (working days 8:00–16:00): +36 22 78 76 74
Email: support@websupport.hu
Scope of data accessed:
Content of the websites available under the domains and subdomains of interhomehungary.com, interhomehungary.hu and interhomehungary.nl, as well as emails received at email addresses based on these domains.
Invoicing:
Számlázz.hu – KBOSS.hu Kft.
Address: 1031 Budapest, Záhony Street 7/C, Hungary
Email: info@szamlazz.hu
Tel: +36 30 35 44789 (automated information)
Scope of data accessed:
Issued invoices.
Accounting:
Solti Kft.
Address: 7700 Mohács, Bocskai Street 13, Hungary
Email: soltigyorgyikft@gmail.com
Scope of data accessed:
Issued invoices.
Google Analytics:
Google Inc., Mountain View, California, USA
Scope of data accessed:
Anonymized, non-personally identifiable IP addresses of visitors to the webfolio.hu and fotofolio.hu websites.
Facebook page:
Facebook Inc.
Menlo Park, California, USA
Privacy Policy: https://www.facebook.com/about/privacy/update
Scope of data accessed:
Username and comments.
6.1 TRANSFER OF DATA TO A THIRD COUNTRY
Data transfers to the United States of America take place, for which an adequacy decision was adopted on July 12, 2016 (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en).
The adequacy decision is also applicable to the data controllers Mailchimp (https://mailchimp.com/legal/privacy/), Google (https://policies.google.com/privacy/frameworks) and Facebook (https://www.facebook.com/about/privacyshield).
7. RIGHTS OF THE DATA SUBJECT AND LEGAL REMEDIES
The data subject may request information regarding the processing of their personal data, and may request the correction of their personal data, as well as – except in the case of mandatory data processing – deletion or withdrawal, and may exercise their right to data portability and to object in the manner indicated at the time of data collection or via the contact details of the Data Controller provided above.
7.1 RIGHT TO INFORMATION
The Data Controller shall take appropriate measures to provide data subjects with all information referred to in Articles 13 and 14 of the GDPR and all information pursuant to Articles 15–22 and 34 of the GDPR relating to the processing of personal data in a concise, transparent, intelligible and easily accessible form, using clear and plain language.
7.2 RIGHT OF ACCESS OF THE DATA SUBJECT
The data subject shall have the right to obtain confirmation from the Data Controller as to whether or not personal data concerning them are being processed, and, where that is the case, access to the personal data and the following information:
- the purposes of the data processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- the planned period for which the personal data will be stored;
- the right to request rectification, erasure or restriction of processing of personal data and to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- information as to the source of the data;
- the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
The Data Controller shall provide the requested information within a maximum of one month from the submission of the request.
7.3 RIGHT TO RECTIFICATION
The data subject may request the correction of inaccurate personal data concerning them processed by the Data Controller and the completion of incomplete data.
7.4 RIGHT TO ERASURE
The data subject shall have the right to obtain from the Data Controller the erasure of personal data concerning them without undue delay where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject withdraws the consent on which the processing is based and there is no other legal ground for the processing;
- the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
- the personal data have been unlawfully processed;
- the personal data must be erased for compliance with a legal obligation under Union or Member State law applicable to the Data Controller;
- the personal data were collected in relation to the offer of information society services.
The erasure of data may not be initiated if the processing is necessary:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation under Union or Member State law applicable to the Data Controller, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
- for reasons of public interest in the area of public health, or for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes;
- for the establishment, exercise or defence of legal claims.
7.5 RIGHT TO RESTRICTION OF PROCESSING
At the request of the data subject, the Data Controller shall restrict processing if one of the following conditions applies:
- the data subject contests the accuracy of the personal data; in this case, the restriction applies for a period enabling the verification of the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the data and requests the restriction of their use instead;
- the Data Controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims;
- the data subject has objected to processing; in this case, the restriction applies for the period until it is determined whether the legitimate grounds of the Data Controller override those of the data subject.
Where processing has been restricted, such personal data shall, with the exception of storage, be processed only with the consent of the data subject or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for important public interest of the Union or of a Member State.
7.6 RIGHT TO DATA PORTABILITY
The data subject shall have the right to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used and machine-readable format, and to transmit those data to another data controller.
7.7 RIGHT TO OBJECT
The data subject shall have the right to object at any time, on grounds relating to their particular situation, to the processing of their personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller, or for the purposes of the legitimate interests pursued by the Data Controller or by a third party, including profiling based on those provisions.
In the event of objection, the Data Controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.
7.8 AUTOMATED DECISION-MAKING IN INDIVIDUAL CASES, INCLUDING PROFILING
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
7.9 RIGHT TO WITHDRAW CONSENT
The data subject shall have the right to withdraw their consent at any time.
7.10 RIGHT TO SEEK JUDICIAL REMEDY
In the event of a violation of their rights, the data subject may bring a claim before a court against the Data Controller. The court shall act in the case as a matter of priority.
7.11 DATA PROTECTION AUTHORITY PROCEDURE
Complaints may be submitted to the National Authority for Data Protection and Freedom of Information:
Name: National Authority for Data Protection and Freedom of Information
Registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/C., Hungary
Postal address: 1530 Budapest, P.O. Box 5, Hungary
Telephone: +36 1 391 1400
Fax: +36 1 391 1410
Email: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu
8. OTHER PROVISIONS
Information on data processing activities not listed in this notice will be provided at the time of data collection.
We inform our clients that courts, prosecutors, investigative authorities, misdemeanor authorities, administrative authorities, the National Authority for Data Protection and Freedom of Information, the Hungarian National Bank, or other bodies authorized by law may contact the Data Controller for the purpose of providing information, disclosing or transferring data, or making documents available.
The Data Controller shall provide personal data to authorities only to the extent and in such scope as is strictly necessary to achieve the purpose of the request, provided that the authority has specified the exact purpose and the scope of the requested data.
(This Privacy Notice was prepared based on the recommendation of the Budapest Chamber of Commerce and Industry.)
