WING
HU

Privacy Notice on the processing related to making contact through the website

I. INTRODUCTION

The purpose of this specific privacy notice (hereinafter referred to as the “Notice”) is to provide data subjects with transparent and clear information about the processing of their data by the Controller in relation to making contact through the website in accordance with the provisions of the General Data Protection Regulation 2016/679/EU (hereinafter referred to as the “GDPR”).

Please note that this Notice only provides detailed information on the specific circumstances of the processing related to making contact through the website.

Processing not regulated in this Notice shall be governed by the provisions of the General Privacy Notice and the specific or unique privacy notices related to each service or activity which are available on the Controller's website (www.wing.hu/en), and also at the Controller's registered office and business premises.

II. CONTROLLER

a) The personal data are processed by WING Ingatlanfejlesztő és Beruházó Zrt. and the legal persons listed in Annex 1 of the General Privacy Notice (www.wing.hu/en) available at the website (hereinafter referred to as the “Controller” or “Joint Controllers”) with which the data subject is in contact related to sending offers and/or direct marketing activities.

The Joint Controllers shall determine among themselves their respective degree of responsibility for the performance of their obligations in relation to the processing and the way in which they are to divide their tasks, in particular those relating to the exercise of the data subject's rights and the provision of information to the data subject.

b) Description of the legal relationship between the Joint Controllers and the essential elements of the agreement among them:

WING Ingatlanfejlesztő és Beruházó Zrt. has been appointed by the Joint Controllers as the contact point for the data subjects:

Name:

WING Ingatlanfejlesztő és Beruházó Zrt.

Registered office:

1095 Budapest, Máriássy utca 7.

Tax number:

10872332-2-43

Company registration number:

01-10-042336

Website:

www.wing.hu/en

Contacts:

e-mail: info@wing.hu
phone: +36 1 451 4974

Contact details of the DPO:

adatvedelem@wing.hu


- The Joint Controllers shall jointly determine the purposes and means of the processing covered by this Notice and shall therefore be considered joint controllers for the purposes of carrying out the processing activities.

- The legal relationship among the Joint Controllers, in this context, the division of responsibilities and liabilities related to each processing activity, is always described in detail in the Privacy Notice providing detailed information on the specific processing.

- A shared electronic system is used to process the personal data collected by the Joint Controllers.

- The source of the personal data are the data subjects who have provided their personal data to a Controller for the purpose of receiving detailed information (offers) from the Controller or another Controller involved in the joint processing on its own products, services or events or for the purpose of being contacted by the Controllers involved in the joint processing by means of direct marketing.

- Data subjects shall be contacted by the Controller with whom the data subject has initiated the targeting or to whom the data subject has given his or her consent to the processing for direct marketing purposes, or by WING Ingatlanfejlesztő és Beruházó Zrt. as the designated contact point for data subjects.

- The responsibility for the fulfilment of the obligations arising from the processing is as follows. WING Ingatlanfejlesztő és Beruházó Zrt. is responsible for the fulfilment of the obligations arising from the data protection legislation. Data subjects may exercise their rights in relation to the processing of their personal data by sending a request or complaint by post addressed to WING Ingatlanfejlesztő és Beruházó Zrt. to 1095 Budapest, Máriássy utca 7. or by e-mail to: adatvedelem@wing.hu.

- The above division of responsibility for the processing of personal data among the Joint Controllers is, of course, without prejudice to the right of data subjects to exercise their rights under the data protection law in relation to and against each Controller.

III. DETAILS OF PROCESSING

PURPOSE CATEGORIES OF PROCESSED DATA LEGAL BASIS STORAGE PERIOD

Managing and responding to inquiries received through the website

Name, email address, phone number, name of the represented legal entity, purpose of making contact, text of the message

Data subject’s consent [GDPR Art. 6 par. 1 point (a)]

30 days following the closing of inquiries received



IV. ADDITIONAL IMPORTANT INFORMATION ABOUT PROCESSING FOR THE ABOVE PURPOSES

SCOPE OF DATA SUBJECTS

Data subjects contacting the Controller through its website

SOURCE

The source of the data processed is the data subject.

AUTHORISED ACCESS GRANTED TO

The authorised employees of the Controllers involved in the joint processing, who may process the data only to the extent strictly necessary for the performance of their tasks.


V. DATA TRANSFER, PROCESSING

PROCESSOR

SERVICES

CollabIT Zrt.
(registered office: 1119 Budapest, Fehérvári út 77/C.; company registration no: 01-10-140165)

OPERATION of the SharePoint system for the storage of personal data, in particular: collection, recording, organisation, structuring,

Linemedia Kft.
(registered office: 1141 Budapest, Komócsy utca 29-31. C. ép. 1. em. 1. ajtó, company registration no: 01-09-940357)

In the context of its tasks related to the development and operation of the website, in particular: storage, retrieval and access to personal data.



VI. RIGHTS OF THE DATA SUBJECTS

6.1 Data subject’s right of access/to information

The data subject shall have the right to obtain from the Controller information as to whether or not personal data concerning him or her are being processed, and if so, access to their personal data and the following information:

  • The purpose of processing;
  • The categories of personal data concerned;
  • The envisaged period for which the personal data will be stored, or, if that is not possible, the criteria used to determine that period,
  • The recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations, in particular recipients in third countries or international organisations. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to GDPR relating to the transfer.
  • Where the personal data are not collected from the data subject, any available information as to their source.
  • The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  • The right to lodge a complaint with a supervisory authority,
  • The existence of automated decision-making, including profiling, and, at least in those cases, comprehensible information about the logic applied, as well as the significance and the envisaged consequences of such processing for the data subject.

The Controller shall provide the data subject with a copy of the personal data undergoing processing. For any further copies requested by the data subject, the Controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.

6.2 Right to rectification

The data subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her. Subject to the purpose of the processing, the data subject also has the right to have incomplete personal data completed.

6.3 Right to restriction of processing

The Controller shall, at the data subject’s request, restrict processing if one of the following applies:

  • The Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  • The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • The accuracy of the personal data is contested by the data subject. In such cases the restriction remains until the Controller can verify it;
  • The data subject objects to the processing. In such cases the restriction shall apply until it is verified whether the legitimate grounds of the Controller override those of the data subject.

Where processing has been restricted, such personal data may, with the exception of storage, only be processed for the following purposes or subject to the following legal basis:

  • with the consent of the data subject,
  • for reasons of important public interest of the European Union or of a Member State, or
  • for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person.

Should restriction on processing be removed, the data subject who has obtained restriction of processing shall be informed by the Controller before the restriction of processing is lifted.

6.4 Right to erasure

The data subject shall have the right to request from the Controller without undue delay the erasure of personal data concerning him or her. Furthermore, the personal data of the data subject shall be deleted by the Controller without undue delay if the conditions stipulated in the GDPR exist.

Where the Controller has made the personal data public and is obligated based on the above to erase the personal data, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers who are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of the personal data in question.

The data shall not be erased if data processing is required:

  • for compliance with a legal obligation which requires processing by European Union or Member State law;
  • for the establishment, exercise or defence of legal claims (e.g.: data are needed to be used as evidence in court proceedings);
  • for exercising the right of freedom of expression and information;
  • for archiving in the interest of the public, scientific or historical research purposes or statistical purposes, and the erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing.

6.5 Right to data portability

The data subject has the right:

  • to receive personal data relating to him or her which he or she has made available to a Controller in a structured, widely used, machine-readable format, and
  • to transmit those data to another controller without hindrance from the Controller to which the personal data have been provided, where:
    • the processing is based on consent or a contract; and
    • the processing is carried out by automated means.
  • to have the personal data transmitted directly from one controller to another, if such transfer is technically possible.

6.6 Rights related to automated processing

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. This right of the data subject is a legal right, so the data subject may exercise it whether he or she requested it or not.
So automated processing may only be used if:

  • it is based on the data subject's explicit consent;
  • it is necessary for entering into, or performance of, a contract between the data subject and the Controller; or
  • it is authorised by Union or Member State law applicable to the Controller.

In the first two cases the Controller shall implement appropriate measures to safeguard the data subject's rights, freedoms and legitimate interests, including at least the right of the data subject

  • to express their opinion,
  • to contest the decision, and
  • to obtain human intervention on the part of the Controller.

In the above cases of applicability, decisions cannot be based on the special categories of personal data, save for express consent and significant public interest, and only if appropriate measures are taken to safeguard the rights, freedoms and legitimate interests of the data subject.

6.7 Right to remedy

Every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement in case of a breach concerning the applicable personal data processing.

Request for remedy and complaints may be filed at the following:
Name: Nemzeti Adatvédelmi és Információszabadság Hatóság (National Data Protection and Freedom of Information Authority)
Mailing address: H-1363 Budapest, Pf. 9, Hungary
Email: ugyfelszolgalat@naih.hu
Website: www.naih.hu

In addition to the above, the data subject is entitled to file for action with the courts against the Controller where they consider that their rights under this Regulation have been infringed as a result of the processing of their personal data by the Controller or the processor acting on its behalf or under its instructions in non-compliance with the mandatory legal act of the European Union. Such cases will be given priority by the court. Regional courts have jurisdiction over the lawsuit. At the data subject’s option, the lawsuit may also be brought before the regional court for the data subject’s place of domicile or residence, or the Controller’s registered office.

Effective from: 26 May 2025