1. INTRODUCTION

REIT Ltd. (hereinafter referred to as the “Data Controller”) is committed to protecting the personal data of its customers, partners, and visitors to its website, and carries out its data processing activities in compliance with the following legislation:

– Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation – GDPR)

– Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (Hungary)

The purpose of this Privacy Notice is to provide data subjects with transparent, clear, and comprehensive information regarding the purpose, legal basis, duration of processing of personal data, as well as the rights available to data subjects.

2. IDENTIFICATION OF THE DATA CONTROLLER

Name of the Data Controller:

REIT Kft.

Registered office:

4220 Hajdúböszörmény, Külső-Szoboszlói út 8., Hungary

Postal address:

4220 Hajdúböszörmény, Külső-Szoboszlói út 8., Hungary

Telephone number:

+356 999 333 85

E-mail address:

info@reitld.eu

Website:

Tax number:

32801460-2-09

Pursuant to Article 37 of the GDPR, the Data Controller is not obliged to appoint a Data Protection Officer (DPO).

3. DATA PROCESSORS

Hosting service provider (Data Processor):

YOPA Tanácsadó és Fejlesztő Korlátolt Felelősségű Társaság

Registered office: 3534 Miskolc, Előhegy utca 2/c., Hungary

Website: https://itserv.hu/

E-mail: info@itserv.hu

The Data Controller engages only such data processors that provide appropriate guarantees to implement suitable technical and organisational measures in accordance with Article 28 of the GDPR.

4. LEGAL BASES FOR DATA PROCESSING

Personal data are processed on the following legal bases pursuant to Article 6(1) of the GDPR:

a) Consent of the data subject – Article 6(1)(a) GDPR

b) Performance of a contract or pre-contractual steps – Article 6(1)(b) GDPR

c) Compliance with a legal obligation – Article 6(1)(c) GDPR

d) Legitimate interests of the Data Controller – Article 6(1)(f) GDPR

5. CATEGORIES AND PURPOSES OF PROCESSED DATA

5.1. Communication Data

Processed data: name, e-mail address, telephone number, content of the message

Purpose: communication, providing quotations, responding to enquiries

Legal basis: consent of the data subject – Article 6(1)(a) GDPR

Retention period: up to 1 year following the closure of communication

5.2. Contract-Related Data

Processed data: name, address, contact details, contractual data

Purpose: performance of contractual obligations

Legal basis: Article 6(1)(b) GDPR

Retention period: in accordance with applicable statutory obligations (e.g. accounting legislation)

5.3. Technical Data

Processed data: IP address, browser type, operating system, website usage data

Purpose: ensuring secure operation of the website, statistical analysis

Legal basis: legitimate interest – Article 6(1)(f) GDPR

Retention period: up to 26 months

5.4. Marketing and Analytical Data

Processed data: cookie identifiers, website traffic statistics

Purpose: website development, measurement of marketing campaigns

Legal basis: explicit consent of the data subject – Article 6(1)(a) GDPR

Retention period: until consent is withdrawn

The Data Controller does not process special categories of personal data as defined in Article 9 of the GDPR.

6. COOKIES AND GOOGLE ANALYTICS

The website uses cookies. Cookies that are not strictly necessary are applied only with the prior consent of the data subject.

The website uses Google Analytics, a web analytics service provided by Google LLC. IP addresses are anonymised during processing.

Detailed information regarding cookie usage is available in the separate Cookie Policy.

7. DATA TRANSFER AND INTERNATIONAL DATA TRANSFERS

The Data Controller transfers personal data exclusively on the basis of legal obligations, performance of a contract, or legitimate interests.

Any transfer of personal data outside the European Economic Area (EEA) takes place solely with appropriate safeguards approved by the European Commission, such as Standard Contractual Clauses (SCCs).

8. DATA RETENTION PERIOD

Personal data are processed only for as long as necessary to achieve the purpose of processing or to comply with applicable legal obligations.

Upon expiry of the retention period, the data are deleted or anonymised.

9. RIGHTS OF DATA SUBJECTS

Data subjects are entitled to:

– request access to their personal data (Article 15 GDPR)

– request rectification of inaccurate data (Article 16 GDPR)

– request erasure of personal data (Article 17 GDPR)

– request restriction of processing (Article 18 GDPR)

– exercise the right to data portability (Article 20 GDPR)

– object to processing (Article 21 GDPR)

– withdraw consent at any time

10. RIGHT TO LODGE A COMPLAINT

Data subjects have the right to lodge a complaint with the supervisory authority:

National Authority for Data Protection and Freedom of Information (NAIH)

Székhely: 1125 Budapest, Szilágyi Erzsébet fasor 22/C, Hungary

E-mail: ugyfelszolgalat@naih.hu

Website: https://www.naih.hu

11. DATA SECURITY

The Data Controller implements appropriate technical and organisational security measures (HTTPS encryption, access control, data backups) to protect personal data.

12. AMENDMENTS TO THIS NOTICE

The Data Controller reserves the right to amend this Privacy Notice. Any amendments shall enter into force upon publication on the website.