Data processing information related to the www.mammut.hu website which is under the right of disposal of Mammut Management Kft.
Mammut Management Kft., as the beneficiary of the www.mammut.hu website acts as controller in respect of the personal data related to this website. If you visit our website, your personal data will be processed on the basis of short text files related to the operation of the website, called cookies, and also in other cases depending on your activities at the website (e.g. communication, subscription to newsletters). We give you the following information about the processing of your personal data.
Data of the Controller
Company name: Mammut Management Kft. Registered seat: 1024 Budapest, Lövőház utca 2-6., Hungary Registration number: 01 09 304362 Phone number: +36 1 345 8000 e-mail: firstname.lastname@example.org
hereinafter the Controller or Mammut Kft.
Major laws related to the operation of this website and used during data processing:
Regulation (EU) 2016/679 of the European Parliament and of the Council is about the protection of natural persons with regard to the processing of personal data and on the free movement of such data.1
Act V of 2013 on the Civil Code;
Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (hereinafter the Info Act);
Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society (hereinafter the ECSI Act);
Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (hereinafter the CAA Act);
Act VI of 1998 on the ratification of Strasbourg Convention of 28 January 1981 for the Protection of Individuals with regard to Automatic Processing of Personal Data
Data to be Processed
In connection with the procession of personal data through the “Write us”, “For Prospective Tenants” and “Newsletter” functions available at this website, the Controller provides specific data protection information. This information is about the automatic processing of personal data through the software solutions used in connection with the operation of the website.
This information does not cover the processing of personal data in connection with the social media applications/sites accessible from this website and managed by the Controller, since the Controller does not process (that is, does not collect, store or process) any personal data through these social media applications/sites. Personal data processing through the said social media sites is performed in line with the data processing rules of the given site or provider; further information about these is available at the sites of each provider specified below.
Session ID, cookies
Upon logging in, the website sends a session ID, that is, a code to identify your computer, further, short text or numerical identification files (cookies) are stored in your computer when browsing on the website.
Two types of cookies are used during the operation of the website: temporary (or process) cookies and permanent cookies (stored for a longer time). Temporary cookies and permanent cookies are intended to ensure the identification of the computer device (e.g. desktop computer, laptop). Data processed during this include the identification cookie and the activity on the website related to the identifier (e.g. time of opening, leaving/closing the website, operations on the website, websites open from here). Please note that neither the session ID nor any other cookies are suitable for personal identification by the Controller, as they identify not the user (the person visiting the website) but browser software and the device used by him/her.
Cookie name Lifespan Description PHPSESSID session PHP data storage identifier, set when using PHP session() method cookie-consent-status 1 year Remember decision on use of optional Cookies:
Saves your decision to either accept or decline the use of optional Cookies. No personal data is collected in this Cookie.
Cookie name Description Consent Google Analytics Further information about cookies placed by Google: https://policies.google.com/technologies/types Google AdWords Further information about cookies placed by Google: https://policies.google.com/technologies/types Further information about cookies used by Facebook: https://www.facebook.com/policies/cookies/# Google Maps Further information about cookies placed by Google: https://policies.google.com/technologies/types
Third-party codes/cookies used on the website (statistics, remarketing)
On our website, the third-party-codes/cookies of Google LLC. as third-party provider are used, for statistical purposes. Please note that this service provider may store anonymous data related to visiting the website (for statistical purposes) and data related to your browser settings and your activity on the website (e.g. the content viewed by the person using the browser and its time). The said codes are unsuitable for personal identification by the provider or the Controller, as they do not include the visitor’s personal data, only identify your browsing software.
The website also runs third-party codes for remarketing purposes. Remarketing is an advertisement method that enables the individual identification of the visitors of our site, more specifically, the browser used by them, through the above-mentioned cookies. Remarketing codes help trace the viewing/opening/pulling down of menus of the website by the user of a device and his/her activity on other websites (pages opened, viewing/opening/pulling down menus within the sites, routes between the websites, that is, the website from which the visitor reached the website and the website opened from there, further, the time of last previous visit to the website). In other words, when the browser returns a cookie saved previously, the providers handling it can link the user’s current visit to previous visits, but only for their own content.
Cookies applied for remarketing purposes do not enable personal identification by the provider or the Controller, as they do not identify the user but the software and device used by him or her.
The remarketing codes (cookies) of the following third-party providers run on this website: Google LLC. and Facebook Inc.
You have the right to disable or customize the cookies used by Google. Further information about data processing by Google can be found on the following website: https://www.google.com/intl/en_en/policies/privacy
Further information about cookies placed by Google: https://policies.google.com/technologies/types
For further information if you have any questions, please visit: email@example.com
You have the right to disable or limit the cookies used by Facebook on your device. Further information about data processing by Facebook can be found on the following website: https://www.facebook.com/policies/cookies/
Further information about cookies used by Facebook:
For further information if you have any questions, please visit: https://www.facebook.com/privacy/explanation (through message panels on this website, you can contact and request information from the Facebook affiliate in Ireland)
Edge: Settings/Special settings/Privacy and services/Enable cookies menu;
Chrome: Settings/Show advance settings/Content settings/cookies/all cookies and site data/Remove all.)
Processing related to social networks
Facebook plugins This website includes the Facebook plugins as a built-in application.
When opening the above page, the plugin links your browser to the Facebook server. In this way, Facebook processes data about the fact that the browser identified by your IP address has visited our site. Also, you can link the content of our sites to your Facebook profile. In this case, Facebook may link your visit to our site to your Facebook profile. Please note that for the above data, Facebook does not carry out independent data processing; further information about this is available in the privacy statement of Facebook: http://www.facebook.com/policy.php
Use of Youtube videos For the controller’s advertisements and to play its videos, the website uses the embedded functions of Youtube. When you start playing an imbedded Youtube video, a program consisting of a short sequence of numbers or characters (cookie) is deployed on your device, which collects information about your user habits. Please note that in this respect, Youtube (or its owner, Google) perform independent data processing. The collected information are used, for example, to prepare statistics in order to facilitate user-friendly operation and prevent any misuse. For further information about the privacy measures of Youtube, please visit: https://www.google.com/intl/en/policies/privacy/
Legal basis and purpose of data management
Data processing is based on your consent which you can give by clicking the “OK” button in the highlighted text. This also means consent to the processing of personal data by means of cookies.
By clicking on “OK”, you consent for the Controller to use third-party codes from external providers (e.g. Google, Facebook) in relation to this website, necessary to collect the data and information specified in this document, and consent to such processing of your personal data.
Purposes of the processing;
In case of the session ID, the cookie contains the work process identifier, which is essential for the visitor to be able to use the different functions, including remembering previous steps and text entered.
For further cookies:
- ensuring optimal website operation;
- customizing user experience;
- identification of you as user (that is, the browser you use),
- preparation of statistics for system diagnostics and load compensation purposes.
In case of cookies for statistical purposes, collection of viewing information which primarily help the Controller collect information about the number of visitors of its website and the time they spend there. The software recognizes the visitor’s IP address and thus can monitor whether the visitor is a repeat or a new customer.
The cookie information collected from the website help better understand website use habits, and analyze the information to further the development and improvement of the services offered by the website. The Controller handles all user-related data and facts in confidence and only uses them for the development of its services.
In the case of codes intended for remarketing (cookies), the purpose of processing is to monitor the visitors’ usage habits, interests and preferences in relation to this site and other websites in order to be able to offer them customized advertising messages (which may be related to the Controller and also to third-party providers using the code or their other business partners).
Period of processing
In case of the session ID used by the Controller
Expiry: the cookie is deleted at the end of the work process, when the browser is closed
Further information about cookies placed by Google: https://policies.google.com/technologies/types
Further information about cookies used by Facebook: https://www.facebook.com/policies/cookies/#
Cases of transfer and forwarding of processed personal data
For the operation of its website at www.mammut.hu, the Controller uses the services of a contracted partner (processor) which operates the website by using its own hosting, and the data generated during use are stored on the devices of this partner. Processor’s data:
Company name: LUMISYS Kft. registered seat: 1011 Budapest, Hunyadi János út 5. 1. em. 12., Hungary Contact details: Telephone: +36 1 612-5532
In respect of the cookies used by Google, the following company is engaged as third-party provider:
Company name: Google LLC. Address: 1600 Amphitheatre Parkway Mountain View, CA 94043 United States Telephone: +1 650 253 0000
Google LLC. is a registered member of the privacy shield treaty signed by the United States of America and the European Commission, so the data forwarded to it is assumed to be covered by the same level of protection as in the EU and as such, it is not subject to any further conditions.
In respect of the cookies used by Facebook, the following company is engaged as third-party provider:
Company name: Facebook Inc. Address: 1601 Willow Road, Menlo Park, California 94025 Telephone: +1 650 543 4800
Facebook Inc. is a registered member of the privacy shield treaty signed by the United States of America and the European Commission, so the data forwarded to it is assumed to be covered by the same level of protection as in the EU and as such, it is not subject to any further conditions.
Forwarding data to third (non-EU) countries
The Controller does not forward data to countries outside the EU. In relation to the use of third-party codes and cookies, data may also be transferred to Google and Facebook servers (including overseas servers). At the same time, as a result of the privacy shield treaty, data protection equivalent to the EU levels should be assumed in case of both Google LLC and Facebook Inc., and thus data forwarding is not subject to any further conditions.
Protection of processed personal data
When elaborating the technical and procedural rules of processing operations, the Controller lays a great emphasis on ensuring proper physical and information technology protection for your data. The applied measures are primarily intended to avoid and prevent unauthorized access to, unauthorized alteration, forwarding, disclosure, deletion of or damage to the processed data. The Controller selects the means and measures used in processing in view of this. Further, the Controller ensures that only authorized persons may access the processed data and the authenticity of the processed data and that they are not altered.
Data subject’s rights related to processing
In relation to the processing of your personal data by the Controller, you are entitled to:
- receive proper and transparent information, including feedback from the Controller whether your personal data are being processed;
- ask to correct your incorrect personal data;
- ask to delete your processed personal data if processing is exclusively based on your consent or if the data are no longer needed for the purpose of their collection or if processing is illegitimate;
- exercise your right to data portability, in other words, to receive your personal data in a widely used machine-readable form, forward or ask to forward them to other controllers, provided that processing is automatized and is based on contract or consent, further, that exercising such rights does not prejudice the legitimate rights or freedoms of others;
- ask to limit the processing of your personal data (for example, in cases where the accuracy of your processed data is disputed or processing may be illegitimate until the clarification of such circumstances);
- protest against the processing of your personal data (for example, when processing is based on the enforcement of the legitimate interests of the controller or a third party), further, to withdraw your consent at any time,
- to turn to the supervisory authorities or courts in case of processing thought to be illegitimate.
Data subjects’ rights
access to personal data: the data subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, to access the following information:
- categories of processed personal data,
- purposes of the processing,
- recipients to whom your personal data has been or will be disclosed,
- envisaged period for which the personal data will be stored, or the criteria used to determine the period,
- the source of the data if not collected from the data subject,
- rights to turn to the supervisory authority (complaint),
- if automated decision-making or profiling is performed during processing, its fact, logic, or expected consequences to you.
right to correct: the data subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her, or to have incomplete data completed, including by means of providing a supplementary statement.
right to delete personal data: the data subject shall have the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay and the Controller shall have the obligation to erase personal data without undue delay if:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; or
- the data subject withdraws consent, and where there is no other legal ground for the processing; or
- the data subject objects to the processing and there are no overriding legitimate grounds for the processing; or
- the personal data have been unlawfully processed; or
- the personal data have to be erased for compliance with a legal obligation to which the Controller is subject;
- the collection of personal data is needed in relation to the offer of information society services (e.g. on-line marketing, online gambling).
There could be important reasons and interests that enable the processing of the data subject’s data even if he or she has protested against it (such as exercising the right of the freedom of expression and information, or if needed for the submission, enforcement or protection of legal claims).
Right to restriction of processing: The data subject shall have the right to obtain from the Controller restriction of processing if:
- the accuracy of the personal data is contested by the subject (in this case, limitation is for a period enabling the Controller to verify the accuracy of the personal data); or
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; or
- the Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims; or
- the data subject has objected to processing (in this case, restriction applies until it is verified whether the legitimate grounds of the Controller override those of the data subject);
During the limitation period, no processing other than data storage can be performed, except for cases of important public interest or the protection of the rights of persons.
Right to data portability: the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller. The subject shall have this right of processing based on his or her consent or on a contract, and is automated. The exercising of this right shall not adversely affect the rights and freedoms of others.
Right to protest: if processing is based on legitimate interest to be enforced by the controller, the data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her. In such cases, the Controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Right to judicial remedy
If you believe that your rights have been injured by the processing of your personal data by the Controller, and your questions and comments regarding this have not been answered or have not been answered in time or properly, you are entitled to lodge a complaint to the competent supervisory authority.
Data of the competent supervisory authority:
Name: Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH) [National Authority for Data Protection and Freedom] Address: 1125. Budapest, Szilágyi Erzsébet fasor 22c, Hungary e-mail: firstname.lastname@example.org Telephone: +36 1 391 1400
Further, you are entitled to turn to the courts with jurisdiction at your residence if you believe that the Controller processes your personal data in violation of the provisions of the relevant laws or the compulsory legal act of the European Union.
If you plan to turn to the supervisory authority or court, please first contact the Controller as it is in possession of the information necessary to respond to your questions or request for judicial remedy.
Our company is committed to complying with the principles of legitimate, transparent or fair data processing; therefore, in situations considered to violate your rights, we shall take immediate action to clarify any questions and remedy the established violation, and we shall inform you within a maximum of 1 month of the relevant actions taken and answer your questions about processing made to the Controller.
- GDPR is available in English at the following website: https://eur-lex.europa.eu/legal-content/EN/TXT/ELI/?eliuri=eli:reg:2016:679:oj The terms in this data processing information have the meaning defined in Article 4, Definitions of the GDPR.