Contact

Data processing regarding the website and sending newsletters

The purpose of the data protection information

The Biggeorge Fund Management Private Limited Company and the real estate investment funds established by it (hereinafter: Controller) process data when operating their websites according to this data protection information bulletin (hereinafter: Bulletin). The Controller hereby discloses its data processing principles and obliges itself to abide by them.

Data of the Controller

Company name: The Biggeorge Fund Management Private Limited Company and all real estate investment funds established by it listed as below on the date of issuing the present Bulletin. If a further real estate investment fund is established, the Bulletin shall be applicable to the business operations of the new investment fund without any further legal step:

• Biggeorge 4. Real Estate Development Real Estate Investment Fund
• Biggeorge 5. Real Estate Development Real Estate Investment Fund
• Biggeorge 7. Real Estate Development Real Estate Investment Fund
• Biggeorge 8. Real Estate Development Real Estate Investment Fund
• Biggeorge 10. Real Estate Development Real Estate Investment Fund
• Biggeorge 11. Real Estate Development Real Estate Investment Fund
• Biggeorge 12. Real Estate Development Real Estate Investment Fund
• Biggeorge 14. Real Estate Development Real Estate Investment Fund
• Biggeorge 15. Real Estate Development Real Estate Investment Fund

Registered seat: 1023 Budapest, Lajos u. 28-32.
Telephone number: +36 1 225-2525 E-mail: info@bgalapkezelo.hu

The Controller does not engage data protection officer.

Definitions

• personal data means any information relating to an identified or identifiable natural person (Data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
• processing means any operation or set of operations which is performed on Personal data or on sets of Personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
• controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal data; where the purposes and means of such Processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
• transfer: disclosure of the data to a specific third party;
• processor means a natural or legal person, public authority, agency or other body which processes Personal data on behalf of the Controller;
• recipient means a natural or legal person, public authority, agency or another body, to which the Personal data are disclosed, whether a third party or not. However, public authorities which may receive Personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
• data subject means a certain natural person identified or – directly or indirectly – identifiable on the basis of Personal data;
• consent of the Data subject means any freely given, specific, informed and unambiguous indication of the Data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal data relating to him or her;
• personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal data transmitted, stored or otherwise processed.

Principles of processing Personal data

Personal data shall be:

a) processed lawfully, fairly and in a transparent manner in relation to the Data subject (‘lawfulness, fairness and transparency’);

b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation’) pursuant to the laws;

c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);

d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that Personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);

e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the Personal data are processed; Personal data may be stored for longer periods insofar as the Personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with the laws subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the Data subject (‘storage limitation’);

f) processed in a manner that ensures appropriate security of the Personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

The Controller shall be responsible for and be able to demonstrate compliance with the above (‘accountability’).

Scope of data subjects

Natural persons visiting the website, subscribing to the newsletter, registered on the social media site and “liking” the website.

The scope of the Personal data processed

• family name and first name,
• e-mail,
• date of subscription
• telephone number
• type of the purported investment
• magnitude of the purported investment

The legal basis of processing: the consent of the Data subject (with the exception of those cookies that are needed for the operation of the website).

The Data Protection and Data Processing Policy and the present Data Processing Bulletin are placed under a separate heading on the website of the Controller.

As the website loads, the following information is displayed: “This site uses cookies for better performance and tailored content. The data protection bulletin – including the cookie policy – can be found under the Data protection heading”. By clicking the checkbox (“I accept this information”) next to the text displayed, the Data subject states that he/she has read the information, acknowledges and accepts it (including the use of cookies as well).

Subscription to the newsletter is also done by the Data subject clicking a checkbox (“I accept the data protection information bulletin, with special respect to the part on sending newsletters”). By clicking the checkbox, the Data subject gives his/her explicit and unambiguous consent to having newsletters sent. The Data subject may unsubscribe anytime from the newsletter by clicking the relevant checkbox, the opportunity to unsubscribe is provided on each newsletter by a direct link.

In the case of social media sites data processing is done on the social media site.

The purpose of Data processing: operating the website, monitoring visits, sending newsletter, marketing the website. The rules on the use of cookies are set out in the “Cookie-policy” annexed to this Bulletin.

The term of Data processing and the deadline for deleting data

Until the withdrawal of the consent of the Data subject. The Processor is entitled to process the data until the termination of the agreement concluded with the Controller.

The recipient of the data, access to data, Transfer and security measures used

Personal data may be processed by the CEO and COO and back-office colleagues of the Controller, by observing the principles above.

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Controller (and if relevant the Processor) shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

a) the pseudonymisation and encryption of Personal data;

b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

c) the ability to restore the availability and access to Personal data in a timely manner in the event of a physical or technical incident;

d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

Data processing rights of Data subjects

a) Right of access: The Data subject shall have the right to obtain from the Controller confirmation as to whether or not Personal data concerning him or her are being processed, and, where that is the case, access to the Personal data and the information set out in the regulation;

b) Right to rectification: The Data subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate Personal data concerning him or her. Taking into account the purposes of the processing, the Data subject shall have the right to have incomplete Personal data completed, including by means of providing a supplementary statement;

c) Right to erasure: The Data subject shall have the right to obtain from the Controller the erasure of Personal data concerning him or her without undue delay and the Controller shall have the obligation to erase Personal data without undue delay where certain conditions apply;

d) Right to be forgotten: Where the Controller has made the Personal data public and is obliged to erase the Personal data, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the Personal data that the Data subject has requested the erasure by such controllers of any links to, or copy or replication of, those Personal data;

e) Right to restriction of processing: The Data subject shall have the right to obtain from the Controller restriction of processing where one of the following applies:

• the accuracy of the Personal data is contested by the Data subject, for a period enabling the Controller to verify the accuracy of the Personal data;
• the processing is unlawful and the Data subject opposes the erasure of the Personal data and requests the restriction of their use instead;
• the Controller no longer needs the Personal data for the purposes of the processing, but they are required by the Data subject for the establishment, exercise or defence of legal claims;
• the Data subject has objected to processing, pending the verification whether the legitimate grounds of the Controller override those of the Data subject;

f) Right to data portability: The Data subject shall have the right to receive the Personal data concerning him or her, which he or she has provided to a Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Controller without hindrance from the Controller to which the Personal data have been provided;

g) Right to object: The Data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of Personal data concerning him or her, including profiling based on the provisions mentioned;

h) Objecting in the case of direct marketing: Where Personal data are processed for direct marketing purposes, the Data subject shall have the right to object at any time to processing of Personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the Data subject objects to processing for direct marketing purposes, the Personal data shall no longer be processed for such purposes;

i) Automated individual decision-making, including profiling: The Data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her;
The above shall not apply if the decision:

• is necessary for entering into, or performance of, a contract between the Data subject and the Controller;
• is authorised by Union or Member State law to which the Controller is subject and which also lays down suitable measures to safeguard the Data subject's rights and freedoms and legitimate interests; or
• is based on the Data subject's explicit consent.

Deadline for taking measures

The Controller shall provide information on action taken on the requests above to the Data subject without undue delay and in any event within one month of receipt of the request.

That period may be extended by two further months where necessary. The Controller shall inform the Data subject of any such extension within one month of receipt of the request, together with the reasons for the delay.

If the Controller does not take action on the request of the Data subject, the Controller shall inform the Data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

Communication of a Personal data breach to the Data subject

When the Personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Controller shall communicate the Personal data breach to the Data subject without undue delay.

The communication to the Data subject shall describe in clear and plain language the nature of the Personal data breach and contain the name and contact details of the contact point where more information can be obtained, describe the likely consequences of the Personal data breach, describe the measures taken or proposed to be taken by the Controller to address the Personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

The communication to the Data subject shall not be required, if any of the following conditions are met:

a) the Controller has implemented appropriate technical and organisational protection measures, and those measures were applied to the Personal data affected by the Personal data breach, in particular those that render the Personal data unintelligible to any person who is not authorised to access it, such as encryption;

b) the Controller has taken subsequent measures which ensure that the high risk to the rights and freedoms of Data subjects is no longer likely to materialise;

c) the communication would involve disproportionate effort. In such a case, there shall instead be a public communication or similar measure whereby the Data subjects are informed in an equally effective manner.

If the Controller has not already communicated the Personal data breach to the Data subject, the supervisory authority, having considered the likelihood of the Personal data breach resulting in a high risk, may require it to do so.

Notification of a Personal data breach to the supervisory authority

In the case of a Personal data breach, the Controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the Personal data breach to the supervisory authority competent, unless the Personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.

Seeking legal enforcement by Data subjects

In the case of any eventual breach by the Controller, a complaint may be lodged at the Hungarian National Authority for Data Protection and Freedom of Information:

Hungarian National Authority for Data Protection and Freedom of Information
1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal address: 1530 Budapest, Postafiók: 5.
Telephone: +36 -1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu

The Data subject may bring any infringement of his/her rights to the attention of the judicial authorities and engage in legal proceedings.

Relevant internal policies:

• Data protection and processing policy (accessible at: www.bgalapkezelo.hu)

Relevant laws:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;
• Act CXII of 2011 on the right to self-determination as regards information and freedom of information;
• Act CVIII of 2001 on certain issues of electronic commerce activities and information society services;
• Act XLVII of 2008 on the prohibition of unfair commercial practices against consumers;
• Act XLVIII of 2008 on essential conditions of and certain limitations to business advertising activity;
• Act XC of 2005 on the freedom of electronic information;
• Act C of 2003 on electronic communications;
• Opinion 16/2011 on EASA/IAB Best Practice Recommendation on Online Behavioural Advertising;
• Recommendation of the Hungarian National Authority for Data Protection and Freedom of Information on the data protection requirements of prior notification.

  “Cookie-policy”

1. What are “cookies”?

When a visitor visits the website of Biggeorge Fund Management Private Limited Company, a small file, a so called “cookie” is placed on his/her computer, which file may serve multiple purposes.

Certain cookies are indispensable to the proper working of the website (“session cookies”), other collect information about the use of the website (statistics) in order to make the site even more comfortable and useful. Some cookies are temporary and disappear upon closing the browser, however there are permanent ones, that remain on the computer for a longer period of time.

2. The purpose of the cookies

• by recording the settings, pattern of use of the visitor they facilitate navigation on the site and thereby its use;
• enhancing user experience by collecting information on how the visitor uses the website, which sites are visited or used most often. This way we know how to ensure even better user experience when the user visits our site again;
• collecting statistics, the analysis of which helps to understand how visitors use other online services besides the website, which can thereby be further developed;
• further developing the website and finetuning it to meet visitor needs;
• placing targeted advertisements, in order to display the offers most relevant to the visitor.

3. Cookie types

3.1. Session cookies

Session cookies are necessary for browsing the website and using its functions. Among others they enable remembering the operations of the visitor on a given site, function or service. The smooth use of the website cannot be guaranteed without the use of session cookies. Their validity period extends for the duration of the visit, and the cookies are deleted automatically at the and of the session or upon closing the browser.

The cookies used by the website are the following:

• JSESSIONID: „technical cookie” containing a session ID
• LFR_SESSION_STATE + visitor ID: in this cookie the date and time of the last session activity is stored

3.2. Functional cookies

These cookies enable our website to store information about operational choices (e.g. whether the visitor uses the Hungarian or English version of the site, chooses the accessible setting, the number search results are to be displayed in one list etc.). The purpose of this is that you do not have to make these settings again at the next visit. Without these preference-storing cookies our site is operational, however less smoothly.

The cookies used by the website are the following:

• GUEST_LANGUAGE_ID: "cookie storing the ID of the language currently used"
• SESSIONID: The purpose of the session cookie is to support the certain functions of the website linked to the session of the user.
• COOKIE_PRIVACY_ACCEPTED: "cookie necessary for the functioning of the cookie policy", it stores the information whether the visitor has accepted the "cookie policy"

3.4. Performance cookies

With the performance cookies we gather information about how our visitors use our website (e.g.: the sites the visitor has visited, the number of sites she/he has browsed, the parts of the site she/he has clicked on, the length of the individual sessions, the error messages received etc.). The purpose is to further develop our website (services, functions etc.) according to the needs of our visitors and ensure high quality user experience for them.

In order to measure the performance, our website uses third-party cookies upon each visit. By using these cookies, we can monitor the visitor numbers of our website and the contents the visitors are interested in. All information is stored anonymously and we use it to anonymously analyse the visitor behaviour, for providing high quality user experience to our users.

The website uses the following service providers analytics cookies:

• Google Analytics
  For detailed information about this service please click on this link: https://www.google.com/analytics/terms/us.html

4. Maximum security

It is important to note, that the website does not store any IDs or passwords even when the cookies are enabled.

5. Checking "cookie preferences", disabling "cookies"

Modern browsers allow for the modification of cookie settings. Some browsers automatically accept cookies as a default setting, however, this setting may be changed and it will prevent automatic acceptance in the future. In case of changing this setting, the browser will ask every time the choice of setting the cookies.

Please note that since the purpose of the cookies is to support and facilitate the use and sessions of the website, if the cookies are disabled we cannot guarantee that the visitor will be able to use the full functionality of the website. In this case the website may not work in the browser as intended.

6. Further information about how to set cookie preferences in various browsers

• Google Chrome
• Firefox
• Microsoft Internet Explorer 11
• Microsoft Internet Explorer 10
• Microsoft Internet Explorer 9
• Microsoft Internet Explorer 8
• Safari