Name of data controller:
- CODEX Értéktár Zrt., and
- Biggeorge Alapkezelő Zrt., as well as Biggeorge 45. Ingatlanfejlesztő Ingatlanbefeketési Alap established by it
The purpose of the Privacy Policy
CODEX Értéktár Zrt., Biggeorge Alapkezelő Zrt. and Biggeorge 45. Ingatlanfejlesztő Ingatlanbefektetési Alap (hereinafter: "Fund"), which is managed by Biggeorge Alapkezelő Zrt., hereby record that (i) Biggeorge Alapkezelő Zrt. shall, as a tied agent (intermediary) meeting the requirements under Section 116 of the Investment Firms Act, acting on behalf of CODEX Értéktár Zrt., in the framework of the investment service activity of the placement of financial instruments, act on the basis of an agency agreement between them when placing collective investment securities (hereinafter: Investment Fund Share) of a collective investment scheme managed by Biggeorge Alapkezelő Zrt. as an alternative investment fund manager, and (ii) for the purpose of the placement of the Investment Fund Shares, CODEX Értéktár Zrt. as distributor acts in the interest of Biggeorge Alapkezelő Zrt. as client on the basis of the distributor agreement between them and in the course of these activities (hereinafter collectively: Activity or Activities), they process the personal data of the clients (hereinafter: Data Subject(s)).
In carrying out this activity, CODEX Értéktár Zrt., Biggeorge Alapkezelő Zrt. and the Fund managed by it shall carry out the data processing in accordance with this Privacy Policy (hereinafter: Privacy Policy), acting as joint controllers for the purposes of data processing. The joint controllers are collectively referred to in the Privacy Policy as the Controller.
The Controller hereby publishes its data processing principles, which it accepts as binding upon it.
Data of the Controller
Company name: CODEX Értéktár Zrt.
Company registration number: 13-10-041615
Registered office: 2092 Budakeszi, Kagyló utca 1-3.
E-mail address: info(at)ertektar(dot)hu
Represented by: dr. Andrea Farkas Andrea CEO and Jenő Aradi Deputy CEO, entitled to act
jointly
Company name: Biggeorge Alapkezelő Zrt.
Company registration number: 01 10 045316
Registered office: HU-1023 Budapest, Lajos utca 28-32.
E-mail address: info(at)bgalapkezelo(dot)hu
Represented by: Zoltán Szegedi and Pál Szuda Members of the Board of Directors jointly
Name: Biggeorge 45. Ingatlanfejlesztő Ingatlanbefektetési Alap, represented by
Biggeorge Alapkezelő Zrt.
Registration number in the register of Magyar Nemzeti Bank (National Bank of Hungary):
1221-104
Registered office: HU-1023 Budapest, Lajos utca 28-32.
E-mail address: goldenvisa(at)bgalapkezelo(dot)hu
Represented by: Biggeorge Alapkezelő Zrt. represented by: Zoltán Szegedi and Pál Szuda
Members of the Board of Directors jointly
The Privacy Policy is available at: https://ertektar.hu, https://biggeorge.hungaryvisa.com
The following person shall act on behalf of the Controller in relation to the processing of personal data in connection with requests, enquiries from data subjects or requests from any authority:
Contact person:
Name: Biggeorge Alapkezelő Zrt.
Email address: goldenvisa(at)bgalapkezelo(dot)hu
The Controller does not have a Data Protection Officer.
Definitions
Personal data: any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; (hereinafter: Personal data);
Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (hereinafter: Processing);
Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Transfer: making the data available to a specified third party;
Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller (hereinafter: Processor);
Recipient: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
Data subject: any natural person identified or identifiable, directly or indirectly, by reference to specific personal data;
Consent of the data subject: any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
Personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed; (hereinafter: Personal data breach).
Principles governing the processing of personal data
Personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation’);
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with the law subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
The Controller shall be responsible for, and be able to demonstrate compliance with, the above (‘accountability’).
Processing relating to the activity
Scope of the data subjects:
Clients who are registered on the website and who are interested in the Activity, as well as authorised representatives and other representatives
Natural person client concluding a securities account contract, as well as the authorised representative and other representatives
The client purchasing an Investment Fund Shares, as well as the authorised representative and other representatives
Scope of the processed personal data
Full name, Name at birth, Place and date of birth, Nationality, Mother's name, Gender, Home address, Notification address, Type and number of identification document, Tax identification number, Tax residence
Phone number, email address
Bank account number(s)
Data on the permanent availability of financial resources,
Data relating to the availability of funds in Hungary or the transferability of funds to
Hungary,
Information on the origin of financial resources
Date, value and quantity of the purchase of the Investment Fund Shares
Legal basis for the Processing: consent of the Data Subject, performance of a contract, performance of a legal obligation
Purpose of the Processing:
To comply with the obligations of the Controller under its contracts relating to the Activities and under the law.
Duration of the Processing, deadline for the deletion of data
Unless otherwise provided, the Controller shall process the data for the duration of the contract and of the possible enforcement of the rights and obligations arising therefrom. When deleting the data, the Controller also takes into account the provisions of accounting, taxation and archiving legislation.
Recipient of the data, access to the data
Personal Data may be processed by the following persons, subject to the principles set out above:
On behalf of CODEX Értéktár Zrt.:
The current employees of CODEX Értéktár Zrt. and the persons involved in the outsourced activity.
On behalf of Biggeorge Alapkezelő Zrt. and the Fund:
The current employees of Biggeorge Alapkezelő Zrt. and the persons involved in the outsourced activity
Processing relating to the implementation of measures for the prevention and combatting of money laundering and terrorism financing, as well as of financial restrictive measures
Scope of the processed personal data
Personal identification data:
surname, forename, surname and forename at birth, place and date of birth, mother's maiden name, nationality home address or place of residence, type and number of identification document
Data on business relationship:
Type, subject matter and duration of the contract conditions of performance (place, time, method) the purpose of the business relationship and its intended nature
Data related to the quality of a politically exposed person:
Quality of a politically exposed person data on which the quality of a politically exposed person can be based
Data on the source of assets and financial resources
Nature and extent of the beneficial owner's ownership interest
Data on which a notification obligation is based or data relating to a notification
Legal basis for the Processing: performance of a legal obligation
Purpose of the Processing:
Compliance with the client due diligence and notification obligations required by law.
Duration of the Processing, deadline for the deletion of data
8 years from the termination of the business relationship, or up to 10 years in the case of those provided for in Section 58 of the Anti-Money Laundering Act.
Recipient of the data, access to the data
On behalf of CODEX Értéktár Zrt.:
The current employees of CODEX Értéktár Zrt. and the persons involved in the outsourced activity.
On behalf of Biggeorge Alapkezelő Zrt. and the Fund:
The current employees of Biggeorge Alapkezelő Zrt. and the persons involved in the outsourced activity
Privacy policy related to the website biggeorge.hungaryvisa.com
Scope of the processed personal data
Full name, Name at birth, Place and date of birth, Nationality, Mother's name, Home address,
Notification address,
Type and number of identification document, Tax identification number
Number and expiry date of guest investor visa
Date of registration, date of activation
Phone number, email address
Bank account number(s)
Data on the permanent availability of financial resources,
Data relating to the availability of funds in Hungary or the transferability of funds to
Hungary,
Information on the origin of financial resources
Data relating to the application for a guest investor visa,
Data relating to the entry into the territory of Hungary
Legal basis for the Processing: consent of the Data Subject (except for cookies that are necessary for the operation of the website).
A separate section on the website will be dedicated to the Privacy Policy, and the following information will be displayed when the website is loaded:
“We use cookies on our site for better performance and personalised content. You can find the Privacy Policy, including the “cookie” policy, under the menu item Data Protection and you can access it by clicking on the “Privacy Policy” button below.” By ticking the checkbox next to the text that appears (“I have read and accept the Privacy Notice.”) after opening the Privacy Policy, the Data Subject declares that he/she has read, acknowledges and accepts the Privacy Policy (including also the use of “cookies”).
In the case of social networking sites, the processing is carried out on the social networking site in accordance with the provisions laid down by the controller of the social networking site.
Purpose of the Processing: operation of the website, monitoring and management of visits, simplification of customer service and contact. The rules on the use of "cookies" are set out in the "Cookie Policy" annexed to this Privacy Policy.
Duration of the Processing, deadline for the deletion of data
Where a contract is concluded between the Controller and the Data Subject, the Controller shall process the personal data for the period specified in Section 1 of this Privacy Policy. The Controller shall review annually with which of the persons registered on the website no contract has been concluded and shall delete the data of these persons, unless the further processing of the data is a legal obligation of the Controller.
Recipient of the data, access to the data
On behalf of CODEX Értéktár Zrt.:
The current employees of CODEX Értéktár Zrt. and the persons involved in the outsourced activity.
On behalf of Biggeorge Alapkezelő Zrt. and the Fund:
The current employees of Biggeorge Alapkezelő Zrt. and the persons involved in the outsourced activity.
Provisions applicable to all processing
Transfer and data security measures applied
The Controller is entitled to transfer Personal Data to third parties (including, but not limited to, supervisory institutions, licensing authorities and other public authorities) acting in the performance of the contract.
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Controller (and, where applicable, the processor) shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
- the pseudonymisation and encryption of personal data;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
- a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
Assistance of a processor
For CODEX Értéktár Zrt.:
1. The processor involved: Sziráki Számviteli Szolgáltató Kft.
Activity performed by the processor: accounting
Contact details of the processor: 2045 Törökbálint, Vértes utca 10.
2. The processor involved: István Tóth sole proprietor
Activity performed by the processor: IT services
Contact details of the processor: 1068 Budapest, Király utca 80. fszt. 11.
3. The processor involved: KELER Központi Értéktár Zrt.
Activity performed by the processor: account management, creation of investment fund shares
Contact details of the processor: 1074 Budapest, Rákóczi út 70-72.
For Biggeorge Alapkezelő Zrt. and the Fund:
1. The processor involved: Adó Line Consulting Kft.
Activity performed by the processor: accounting
Contact details of the processor: 1031 Budapest, Nánási út 5-7. C. ép. 4. lház. 422. ajtó
2. The processor involved: Erste Bank Zrt.
Activity performed by the processor: deposit management
Contact details of the processor: 1038 Budapest, Népfürdő u. 24-26.
3. The processor involved: DORSUM Zrt.
Activity performed by the processor: IT services
Contact details of the processor: 1012 Budapest, Logodi u. 5-7. 3. em. 18. ajtó
4. The processor involved: Quick Informatika Kft.
Activity performed by the processor: IT services
Contact details of the processor: 1023 Budapest, Lajos u. 28-32.
5. The processor involved: Linemedia Kft.
Activity performed by the processor: creation and operation of an online interface
Contact details of the processor: 1141 Budapest, Komócsy u. 29-31. C. ép. 1. em. 1.
6. The processor involved: Duda és Csákó Ügyvédi Iroda
Activity performed by the processor: identification of customers and investigation of
sources of funds
Contact details of the processor: 1023 Budapest, Lajos u. 28-32.
Description of Data subjects' rights in relation to Processing
- Right of access: the data subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the information specified in the regulation;
- Right to rectification: the data subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Right to erasure: the data subject shall have the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay and the Controller shall have the obligation to erase personal data concerning the data subject without undue delay under certain conditions;
- Right to be forgotten: where the Controller has made the personal data public and is obliged to erase the personal data, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
- Right to restriction of processing: the data subject shall have the right to obtain from
the Controller restriction of processing where one of the following conditions applies:
- the accuracy of the personal data is contested by the data subject, for a period enabling the Controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
- the data subject has objected to processing pending the verification whether the legitimate grounds of the Controller override those of the data subject.
- Right to data portability: the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Controller to which the personal data have been provided;
- Right to object: the data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, including profiling based on those provisions;
- Right to object in case of direct marketing purposes: Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes;
-
Automated individual decision-making, including profiling: the data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her;
The above paragraph shall not apply if the decision:
- is necessary for entering into, or performance of, a contract between the data subject and the Controller;
- is authorised by Union or Member State law to which the Controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or
- is based on the Data subject's explicit consent.
Time limit for action
The Controller shall provide information on action taken on a request specified above to the data subject without undue delay and in any event within 1 month of receipt of the request.
That period may be extended by 2 further months where necessary. The controller shall inform the data subject of any extension within 1 month of receipt of the request, together with the reasons for the delay.
If the Controller does not take action on the request of the data subject, the Controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
Notification of the Data Subject of the Personal data breach
When the Personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Controller shall communicate the Personal data breach to the data subject without undue delay.
The communication to the data subject shall describe in clear and plain language the nature of the personal data breach and contain the name and contact details of the other contact point where more information can be obtained; describe the likely consequences of the personal data breach; describe the measures taken or envisaged by the Controller to remedy the personal data breach, including, where appropriate, measures to mitigate any adverse consequences of the personal data breach.
The communication to the Data subject shall not be required if any of the following conditions are met:
- the Controller has implemented appropriate technical and organisational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption;
- the Controller has taken subsequent measures which ensure that the high risk to the rights and freedoms of data subjects is no longer likely to materialise;
- it would involve disproportionate effort. In such a case, there shall instead be a public communication or similar measure whereby the data subjects are informed in an equally effective manner.
If the Controller has not already communicated the Personal data breach to the data subject, the supervisory authority, having considered the likelihood of the personal data breach resulting in a high risk, may require it to do so or may decide that the communication to the data subject is required.
Reporting Personal data breaches to the authority
The Controller shall notify the personal data breach to the supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where such notification is not achieved within 72 hours, the reasons for the delay should accompany the notification.
Possibilities for Data subjects to assert their rights
Complaints against possible infringements by the Controller may be lodged with Nemzeti Adatvédelmi és Információszabadság Hatóság (in English: National Authority for Data Protection and Freedom of Information):
Nemzeti Adatvédelmi és Információszabadság Hatóság
(in English: National Authority for
Data
Protection and Freedom of Information)
1055 Budapest, Falk Miksa u. 9-11.
Mailing address: 1363 Budapest, Postafiók 9.
Phone number: +36 1 391 1400, +36 30 683 5969, +36 30 549 6838
Fax: +36 1 391 1410
E-mail: ugyfelszolgalat(at)naih(dot)hu
Furthermore, the data subject has the right to seek judicial remedy before a court if his or her rights are infringed.
Governing legislation:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
- Act CXII of 2011 - on the Right of Informational Self-Determination and on Freedom of Information;
Cookie policy
1. What are “cookies”
When a visitor visits the website of Biggeorge Alapkezelő Zártkörűen Működő Részvénytársaság, a small file called a “cookie” (hereinafter: “cookie”) is placed on his/her computer, which can serve several purposes.
Some “cookies” are essential for the proper functioning of the site (“process cookies”), others collect information about the use of the website (statistics) to make the site more convenient and useful. Some “cookies” are temporary and disappear when the browser is closed, while there are also persistent versions that remain on the computer for a longer period of time.
2. The purpose of “cookies”
- to facilitate the navigation of the site and thus the use of the website by recording the visitor's preferences and usage habits;
- to improve the user experience by collecting information on how the visitor uses the website, which pages he/she visits or uses most often. This helps us to know how to provide an even better user experience when they visit our site again;
- to collect statistics the analysis of which helps us to understand how visitors use other online services in addition to the website, which we can then improve;
- to further develop and fine-tune the website according to the needs of visitors;
- to place targeted ads to show the most relevant offers to the visitor.
3. Types of “cookies”
3.1. “session cookies”
“Session cookies” are necessary for browsing the website and using its features, including allowing us to record the actions taken by the visitor on a particular page, feature or service. Without the use of “session cookies”, a smooth use of the website cannot be guaranteed. They are valid for the duration of the visit and the “cookies” are automatically deleted at the end of the session or when the browser is closed.
The “cookies” used by the website are:
- JSESSIONID: a “technical cookie” containing a session ID
- LFR_SESSION_STATE + visitor ID: this contains the date and time of the last session activity
3.2. “support cookies”
These "cookies" allow our website to remember which mode of operation you have chosen (e.g. whether you are using the English or the Hungarian version of the website, whether you have chosen the accessible version, how many results you want to see at once in the search results list, etc.). This is done so that you do not have to re-enter them on your next visit. Without the information contained in the “cookies” that store your preferences, our website may not function as smoothly as it should.
The “cookies” used by the website are:
- GUEST_LANGUAGE_ID: “cookie containing the ID of the language currently used”
- SESSIONID: Session cookie, the purposeof which is to support certain functions of the Website related to the user session
- COOKIE_PRIVACY_ACCEPTED: “cookie necessary for the cookie policy to work”, which stores whether the visitor has accepted the “cookie policy”
3.4. “performance cookies”
We use “performance cookies” to collect information about how our visitors use our website (e.g. which of our pages the visitor viewed, how many pages he/she visited, which part of the page he/she clicked on, how long each session took, what error messages he/she received, etc.). This is done in order to improve our website (available services, features, etc.) according to the needs of our visitors and to provide them with a high quality, user-friendly experience.
For performance measurement purposes, our website uses third-party “cookies” on each visit. We use “cookies” to track how many people visit the website and what content they are interested in. All information is stored anonymously and used to anonymously analyse visitor behaviour in order to provide a high quality experience for users.
The website uses analysis cookies from the following service providers:
- Google Analytics
detailed information on the service is available via the following link:
https://www.google.com/analytics/terms/us.html
4. Maximum security
It is essential that the website does not remember any identifiers or passwords even if "cookies" are enabled.
5. Checking the “cookie setting”, disabling “cookies”
Modern browsers allow you to change the “cookie settings”. Some browsers automatically accept “cookies” by default, but this setting can be changed in order to allow the visitor to prevent automatic acceptance in the future. If you change this setting, the browser will subsequently offer you the option to “set cookies” each time you do so.
We would like to draw our visitors’ attention to the fact that, as “cookies” are intended to support and facilitate the usability and processes of the website, we cannot guarantee that a visitor will be able to use all the functions of the website to their full extent if “cookies” are disabled. The website may then function differently than intended in the browser.