Data protection and data management policy

of Net Média Kiadó és Internet Tartalomszolgáltató Zárkörűen Működő Részvénytársaság

I. The aim of the Policy

The aim of the present Policy is to lay down the data protection and management principles applied by Net Média Kiadó és Internet Tartalomszolgáltató Zárkörűen Működő Részvénytársaság (8-10. Polgár Street, Budapest, 1033, postal address: 8-10., Polgár Street, Budapest, 1033, hereinafter: the Company) and the data protection and management policy, which is recognized by the Company as binding.

When drawing up the present rules the Company took into special account the regulations of the CXII. law of 2011 on informational self-determination right and freedom of information ("Infotv."), the CXIX. law of 1995 on the treatment of name and address data for the purpose of research and direct marketing, the VI. law of 1998 on the protection of individuals during mechanical process of their personal data, the Treaty proclaimed on 28 January 1981 in Strasbourg, and the XLIII. law of 2008 on the basic conditions and certain limitations of marketing advertising, and the recommendations of "ONLINE PRIVACY ALLIANCE".

The aim of the present Policy is to ensure the services provided by the Company in all areas, for all individuals, regardless of their nationality or residence, and to respect their rights and fundamental freedom, especially their right to privacy during the mechanical processing of their personal data (data protection).

The data protection registry ID of the company: [NAIH-60954/2012.]

II. Definitions

Personal data or data: the data which can be associated with a defined natural person (hereinafter: involved), conclusion can be drawn from the data concerning the involved. The personal data preserves this quality during data management until its connection with the involved can be recovered;

Data file: the sum of the data managed in one register;

Data management: regardless of the applied proceeding any operation or the total of operations carried out on personal data, especially the collection, adding, recording, systematization, storage, change, use, query, transfer, publishing, coordination, locking, deletion and destruction, or the prevention of further data usage;

The data management of the Company is carried out by the Company itself, it does not use any external storage media.

Data manager: the natural or legal person and organization without legal personality, who or which defines the aim of data management individually or together with others, makes and implements decisions concerning data management (including the equipment used), or implements it by the data processor;

Data processing: the completion of data managing operations and technical tasks regardless of the methods and devices applied for the completion of the operations, and of the place of application, assuming that the technical task is carried out in connection with the data.

Data destruction: the total physical destruction of the storage media which contains the data;

Data transfer: when they make the data accessible by a defined third person;

Publishing: when they make the data accessible by anyone;

Data processor: the natural or legal person and organization without legal personality, who or which carries out the processing of the personal data on behalf of the data manager;

Data deletion: making the data unrecognizable in a way their recovery is impossible;

Automatized data file: a set of data to be processed automatically;

Mechanical processing: contains the following procedures if they are carried out partly or fully automatized devices: data storage, logical or arithmetic operations of the data, changing, deleting, retrieving and spreading the data.

System: the total of technical solutions operating the available webpages and services of the Data managers and their partners.

User: the natural person who registers for using one of the services (portfolio.hu, penzcentrum.hu, agrarszektor.hu, resourceinfo.hu) provided by Net Média Zrt., and provides the data listed in point III. within this framework.

III. The range of managed personal data

3.1 Based on the User's choice the services provided by the Company (Portfolio news alert, Portfolio forum, Portfolio newsletter, Portfolio news archive, Portfolio Trader's room, Pénzcentrum newsletter, Konferencia participation, REsource newsletter, REsource Ingatlaninfo subscription, Agrárszektor newsletter, Agrárszektor marketplace, prize games, job advertisements) can manage the following data related to the usage: username, password, first name, last name, birth name, mother's maiden name, address, place of residence, place of birth, date of birth, type and number of identity card, email address, job category, age, gender, trading service, telephone number, postal address, what market is s/he interested in, time span of trading, status, what conference did s/he participate in -, dates of sign ins, name of contact, billing name, tax identification number, billing address, payment account number, company name.

IV. The range of other data managed by the Company

4.1 The Company in favour of personalized serving places a small data package (so called "cookie") on the User's computer. The aim of the cookie is to provide the higher level of operation in order to increase the user experience. The User can delete the cookie from his/her own computer, and s/he can configure the browser to disable the application of cookies. By disabling the application of cookies the User acknowledges that without cookies the operation of the given website is not complete.

4.2 The data to be recorded technically during the operation of the systems: the data of the User's login computer, which are generated during the usage of the service, and which are recorded as automatic results of technical operations by the system of the Data manager. The automatically recorded data are logged automatically by the system without any special statement or act of the User at signing in and out. Only the Data manager can access the data.

V. The legal basis, aim and method of data management

5.1 The data management is carried out based on the statement with voluntary, proper information base of the Company's Users, which statement contains the explicit consent of the Users to the management of their personal data provided during the usage of the website and of their generated data as well. The legal basis of the Data management, based on the a) point of (1) paragraph of article 5 of Infotv. is the voluntary consent of the involved.

5.2 The aim of managing the automatically recorded data is to ensure the services available via the websites of the Company, to show personalized contents and advertisements, to create statistics, to develop the IT system technically, and to protect the rights of users. The data which were made available by the Users during the use of the service can be used by the Company to form user groups and to show targeted content and/or advertisement for these user groups via the websites of the Company.

5.3 The Data manager cannot use the provided personal data for aims different than the ones described in these points. The release of Personal data to a third party or to the authorities - unless a law disposes about it differently with binding force - can only be possible based on official decision, or on the preliminary, direct consent of the User.

5.4 The Data manager does not check the received Personal data. Only the data provider is responsible for the conformance of the provided data.

5.5 By providing an e-mail address the User takes responsibility for the fact that via the given e-mail address s/he is the only one who uses the service. Having regard to this responsibility, only the User is responsible for the sign ins carried out by the given e-mail address who registered the given e-mail address.

VI. The principles of data management

6.1 Personal data can only be obtained and processed fairly and legally.

6.2 Personal data can only be stored for defined and legal aims, and it cannot be used in a different way.

6.3 The Personal data has to be proportional to the aim of the storage, and must comply with this aim, they cannot exceed it.

6.4 The appropriate security measures has to be done in order to protect the Personal data stored in the automatized data files by preventing accidental or unlawful destruction, accidental loss, unlawful access, modification or spreading.

VII. Data protection directives applied by the Company

7.1 The indispensable Personal data for using the services of the Company are used based on the contribution of the involved, solely tied to the aim.

7.2 The Company as Data manager undertakes to manage the received Personal data according to the provisions of the Infotv. and to the data protection principles laid down in the present Policy, and does not give it to a third party apart from the Data manager defined in the present Policy.

The usage of Personal data in statistically aggregated form is an exception from the provision defined in the present part, which cannot contain the included User's name or any other data suitable for identifying in any form, thereby it is not qualified as Data management, nor as Data transfer.

7.3 In certain cases - in case of official court, police requests, legal proceedings because of copyright, property or other infringement or their reasonable suspicion and therefore the violation of the Company's interests, jeopardising of service providing, etc. - the Company can make the Personal data of the involved User available for third parties.

7.4 The system of the Company can collect data of the Users' activity, which cannot be linked to the other data given by the Users at registration, nor to the data generated during the usage of other websites or services.

7.5 The User must be informed about the aim of the Data management and about who will manage and process the provided data. The information on Data management is carried out when a law disposes on the already existing Data management - on Personal data collection by transfer or linking.

7.6 In every case when the Company intends to use the provided data for other aims than the original purpose of the data collection, s/he has to inform the User about it, and for this the preliminary, explicit consent is needed, and the Company provides an opportunity for the User to prohibit the usage.

7.7 The Company as Data manager complies with the restrictions laid down by laws during the collection, recording and managing of the Personal data in any case.

7.8 The Company undertakes to take care of the safety of Personal data and to take the technical and organizational measures and creates those rules of procedure, which provide the security of the recorded, stored and managed Personal data, and which prevents their demolition, unauthorized use, and unauthorized change. It also undertakes to call upon every third party to whom the Personal data can be transferred or given to fulfil this obligations in this respect.

7.9 The Data manager locks the Personal data when the involved requests it, or based on the available information it is presumable that the deletion would affect the legitimate interests of the involved. The Personal data locked in this way can be managed until the data management aim, that excluded the deletion of the personal data, exists.

7.10 The involved User and all should be informed about the correction, locking and deletion of managed Personal data, for whom the data was transferred before with Data transfer purposes. The notice can be omitted in case the legitimate interest of the involved is not violated in respect of the aim of Data management.

VIII. The duration of data management

8.1. The management of the Personal data provided by the User persists as long as the User does not unsubscribe from the service with the given username, and requests the deletion of the data at the same time. The date of deletion is within 10 workdays from the receipt of the User's request for deletion. In this case the data is deleted at every Data manager defined in the present Policy.

In case of unlawful, deceptive use of Personal data, crimes committed by the User or attack on the system the Data manager is entitled to immediately delete the data of the User at the same time when the registration is terminated, however - in case of suspicion of crime or civil liability - the Data manager is entitled to preserve the data during the duration of the procedure to be prosecuted.

8.2 The Personal data provided by the User - even in case the User does not unsubscribe from the service or by deleting the registration s/he only terminated the sign in option, the comments and uploaded contents in them will be preserved - can be managed by the Company as Dara manager until the User specifically requests the abolition of their management in writing. The User's right to use the service is not affected by the request without unsubscribing the service, but it may occur that in absence of Personal data certain services will not be available for use. The data will be deleted within 10 workdays from the receipt of the request.

8.3 The Personal data which are recorded technically during the operation of the system are stored in the system for a period appropriate in respect of providing the operation of the system beginning with the date of generation. The Company ensures that these automatically recorded data cannot be linked to other personal user data - except for the cases bound by the law. If the User terminated his/her consent to Personal data management, or unsubscribed from the service, then his/her identity will not be identifiable based on the technical data - excluding investigating authorities and their experts.

IX. Provision of personal data

9.1 The changes of Personal data can be set or modified in the settings of the access control systems of Net Média Zrt.'s services, and in the profiles belonging to specific services. At the same place there is an option for deleting Personal data.

9.2 The newsletters of the Company can be waived at the unsubscribe links in them.

9.3 Following the completion of demands regarding the deleting or modifying the Personal data the previous (deleted) data cannot be restored.

9.4 The Users can request information about the management of their Personal data from the Company as Data manager at any time in writing, via a registered or certified letter sent to the address of the Data manager, or via e-mail sent to panasz@portfolio.hu e-mail address. The request for information is considered as authentic by the Company, if based on the sent request the User can be identified clearly. The request for information sent in e-mail can only be considered as authentic by the Data manager, if it was sent from the registered e-mail address of the User. The request for information can cover the data of the User managed by the Data manager, their sources, the aim, legal basis, duration of Data management, the names and addresses of possible Data managers, the activities related to Data management, and in case of Personal data transfer who and for what purpose did they get the data of the User.

9.5 For the questions in connection with Data management the Data manager is obliged to answer within 15 workdays from the receipt. In case of an e-mail the first workday after the sending shall be considered as the date of receipt.

X. Data processing

10.1 The Company does not apply any particular external Data processors. The personal data managed by the Company is processed by it if required.

XI. External service providers

11.1 The Company can cooperate with external service providers who facilitates the registry and sign in during the usage of certain services (e.g. Facebook Inc., Google Inc., hereinafter: "External service provider"). In the system of the External service providers in respect of the data provided there the external service providers' privacy policy is governing.

11.2 Within the framework of each services in respect of contents made available and shared on different social networks the External service provider is qualified as the manager of Personal data who makes the sharing of the content possible, and for its activities its own terms of use and privacy policy are governing. Such external intermediary services are for example: Facebook, Google, Pinterest, Tumblr, Twitter, iwiw, LinkedIn.

11.3 The Company can transfer certain Personal data provided by the User to an External service provider in connection with the operation of the service, but the transferred data can only be used by the External service provider for aims defined in the present Policy.

XII. The possibility of data transfer

12.1 The Company as Data manager is entitled and obliged to transfer all available and properly stored Personal data to the competent authority, for which data transfer the Company is bound to by law or by legally binding magisterial obligation. Because of such Data transfer and consequences derived from it the Data manager cannot be held responsible.

12.2 In case the Company transfers the operation or utilization of the content delivery and hosting services of its websites partly or fully to a third party, then the data managed by the Company can be fully transferred to this particular third party without asking for a special contribution for further management. This Data transfer cannot put the User at a more disadvantaged situation than the prevailing data management regulations laid down in the present Policy.

12.3 The Company keeps a data transfer record in order to check the legality of Data transfer, and to inform the involved.

XIII. The modification of Data Management Policy

13.1 The Company preserves the right to itself to modify the present Data Management Policy at any time with a unilateral decision.

13.2 The User accepts the prevailing provisions of the Data Management Policy with the next sign in, there is no need to ask for the permission of each Users.

XIV. Law enforcement opportunities

14.1 The User can exercise his/her law enforcement opportunities based on the Infotv., and on the V. law of 2013 (Ptk.), and the User can ask for the help of the National Authority for Data Protection and Freedom of Information (22/C Erzsébet Szilágyi Alley, Budapest, 1125; postal address: PO Box 5., Budapest, 1530) in connection with any Personal data issues.

14.2 With any questions and remarks in connection with data management can be sent to the colleagues of the Data manager at panasz@portfolio.hu e-mail address.