PRIVACY POLICY FOR THE WEBSITE QUALITYRENTALSDEBRECEN.HU

1./ Provider Information
Name: Szin-Real Kft. (hereinafter “Szin-Real” or “Provider”)
Represented by: Sándor Szabó (managing director, independently), by Tamás Bucher (managing
director, jointly) and jointly by Mária Lehrreich and Angelika Kovács
Court of Registration: Debrecen Tribunal, Company Court
Company Registration Number: 09-09-035310
Registered Office: 4025 Debrecen, Simonffy Street 17–19
Tax Number: 32328408-2-09
Telephone: +36-30-502-9075
Email: info@qualityrentalsdebrecen.hu
Bank: UniCredit Bank Hungary Zrt. Head Office (1054 Budapest, Szabadság tér 5-6; account
01-10-041348)
Account Number: 10918001-00000123-23860005

Data Protection Officer:
Dr. Czére-Réti Law Office
Name: Dr. Gabriella Czére-Réti
Email: info@drreti.hu
Phone: +36-20-210-9939
This Privacy Notice covers data protection information related to services provided on the
website https://qualityrentalsdebrecen.hu(hereafter “Website”) by the Provider.

2./ Activities on the Website
As a member entity of the SZINORG corporate group, the Service Provider is engaged in the
utilization of real estate assets owned by the group. Interested parties may obtain information
regarding the properties offered for utilization through the Website, as the Service Provider makes
available all relevant data concerning each property.
Beyond the provision of information, the Website also serves as a means of establishing contact
with the Service Provider, as all contact details are made publicly accessible. For the purpose of
facilitating efficient communication, interested parties may voluntarily provide their own contact
details by completing the contact form (see below).
Accordingly, the purpose of the Website is to ensure the prompt and effective utilization or leasing
of the properties and to facilitate the conclusion of lease agreements.

2.1./ Use of the website
Browsing the Website does not require registration—anyone may freely view property listings. By
clicking on a listing, users can see details such as description, features, floorplan, map, parking,
location, minimum lease term, property photos, and contact info.
The Provider notes that some listings may already be rented; such properties are marked with an
orange “RENTED UNTIL …” label. Available properties are labeled with a green “AVAILABLE
FOR IMMEDIATE MOVE-IN” label.
If an available property interests a visitor, they can click “ÉRDEKEL A BÉRLEMÉNY”
(INTERESTED IN THE PROPERTY) and submit their name and contact information to get in
touch with the Provider regarding rental.

2.2./ Dara Processing Activities
2.2.1./ Legal Basis, Purpose, Duration of Data Processing and Data Transfers
Szin-Real, as Providor collects the information listed below via the contact form in order to
facilitate communication with prospective tenants. This Privacy Notice explains the legal basis,
purpose, duration, and transfer of the collected data.

2.2.1./ Submission of the Contact Form
During the visit to the Website, the User may contact the Service Provider directly by completing
the form available under the “Contact” menu. In the course of filling out this form, the following
data are collected and processed:

By filling out the contact form under the “Contact” menu, visitors may voluntarily choose to share
data. Submission does not create any contractual obligation. By submitting, the data subject
explicitly consents to processing of their data according to this Notice, for purposes of contacting
them about rental opportunities and negotiating lease agreements.

2.3./ Website Traffic Data Management
Certain details—such as user IP addresses and system information—are logged for generating site
traffic statistics and ensuring proper Website functioning. IP addresses are not linked to other
identifying data. For more information, see the cookie policy.

3./ Visiting the Website
3.1./ Liability
The Data Subject, as a user of the Website, uses the Website entirely at their own risk and
acknowledges that the Service Provider shall not be held liable for any material or non-material
damages arising from such use, except in cases of intentional misconduct or breaches of contract
resulting in harm to life, physical integrity, or health.
Except for liability for any third parties engaged by the Service Provider, the Service Provider
excludes all liability for the conduct of Website users, and the Data Subject shall bear full and
exclusive responsibility for their own conduct.
The Data Subject is obliged to ensure that their use of the Website does not, either directly or
indirectly, infringe the rights of third parties or violate any applicable laws

3.2./ Copyrights
The Website is a copyrighted compilation (“collective work”) under Hungarian law (Act
LXXVI/1999 § 7). Protection extends to the compilation even if some elements are not
individually protected. Copyrights to the Website’s design, graphics, text, and technical solutions
are held by the Provider. Unauthorized reproduction—online, in print, in public, or in other
forms—may trigger a contractual penalty of HUF 200,000 plus VAT per page or image. Automated
data extraction, archiving, reverse-engineering source code, or similar actions are strictly prohibited.

4./ Data Transfers
Collected data are forwarded only to third parties providing hosting services. The data are stored
with:
Hostinger International Ltd. (Head office: 61 Lordou Vironos Street, 6023 Larnaca, Cyprus;
company number HE360194; tax number 10360194T; contact: support@hostinger.com).

5./ Rights of Data Subjects
5.1./ Right to Erasure (Deletion)
Data subjects may request immediate deletion of their personal data if:

  • the data are no longer needed for the original purpose;
  • consent has been withdrawn and no other legal basis applies;
  • they object to processing with no overriding lawful grounds;
  • data were processed unlawfully;
  • the data must be erased to comply with EU or national law;
  • the data were collected in connection with information society services.

Data required by law for storage may not be deleted.

5.2./ Right to Information and Access
Data subjects may request information about processing—what data is processed, how, if locked
or deleted, any measures taken. They may request access to their data at any time. The Provider
will respond in writing in a clear manner within a maximum of 25 days of receiving the request,
indicating purposes, legal basis, duration, and recipients of the data (if any transfers occurred).
On https://qualityrentalsdebrecen.hu, the “Privacy Policy” link at the bottom offers users access
to view or modify their data.

5.3./ Right to Feedback
Data subjects are entitled to feedback on whether their personal data is being processed and, if so,
to access:

  • processing purposes;
  • categories of personal data;
  • categories of recipients (including international transfers);
  • planned storage duration or criteria for determining it;
  • right to request correction, deletion, restriction, or objection;
  • right to lodge a complaint with a supervisory authority;
  • data source if not collected directly from the data subject.

Following submission, the Provider sends an email confirmation including the processed personal
data. All data are stored electronically in internal software.

5.4./ Right to Rectification
Data subjects may request corrections of their data via info@qualityrentalsdebrecen.hu or by mail
to the Provider’s registered office, specifying which data category and new data apply. Changes are
implemented promptly upon receipt.

5.5./ Right to Restrict Data Processing
Data subjects may request restriction of processing if:

  • they dispute data accuracy—restriction applies until accuracy is verified;
  • processing is unlawful but they oppose deletion, requesting restriction instead;
  • data is no longer needed by Provider but required by the subject for legal claims;
  • they object to processing and Provider’s lawful reasons have not yet prevailed.
    Where the processing of personal data is subject to restriction, such data may—except for
    storage—only be processed with the consent of the Data Subject, or for the establishment, exercise,
    or defense of legal claims, or for the protection of the rights of another natural or legal person, or
    for reasons of important public interest of the Union or of a Member State

5.6./ Right to Object
The Data Subject shall have the right to object, at any time, on grounds relating to their particular
situation, to the processing of their personal data in the following cases:

  1. where the processing is necessary for the performance of a task carried out in the public
    interest or in the exercise of official authority vested in the Service Provider – currently,
    no such processing takes place – or
  2. where the processing is necessary for the purposes of the legitimate interests pursued by
    the Service Provider or by a third party, unless such interests are overridden by the
    interests or fundamental rights and freedoms of the Data Subject which require the
    protection of personal data.

In such cases, the Service Provider shall no longer process the personal data unless it demonstrates
compelling legitimate grounds for the processing which override the interests, rights, and freedoms
of the Data Subject, or for the establishment, exercise, or defense of legal claims.
The Data Subject may request the rectification or erasure of their personal data, or submit an
objection to the processing at any time by sending an email to the Service Provider’s central email
address. The Service Provider shall respond to the Data Subject’s request without undue delay, but
no later than within one month of receipt—unless this Policy specifies a shorter deadline, in which
case the Service Provider shall comply within the period specified therein. If the request is
consistent with the Data Subject’s rights under applicable laws, the Service Provider shall comply
accordingly.
The Service Provider informs visitors to the Website that no profiling or automated decisionmaking
is carried out in relation to the personal data processed.

5.7./ Right to Withdraw Consent
Users may withdraw consent to data storage at any time. Upon withdrawal, the Provider deletes
the data immediately. Withdrawal is possible by email or postal mail.

5.8./ Right to Data Portability
Data subjects may request their personal data in a machine-readable format and have it transferred
directly to another controller—if data processing is based on consent or contract and processing
is automated. This right does not apply if processing is in the public interest or conducted in the
exercise of official authority, nor if it adversely affects others’ rights and freedoms.

5.9./ Right to Lodge Complaint
Data subjects may file complaints with the Provider or directly with the supervisory authority. If
submitted to the Provider, it will be reviewed and responded to within 15 days. Consumer
complaints can be submitted by mail to: 4025 Debrecen, Simonffy utca 17–19, or via email
to info@qualityrentalsdebrecen.hu.
Verbal complaints are addressed immediately if possible. If not, a complaint log is kept for five
years along with the substantive response. For verbal complaints, a copy of the log must be
provided on-site or electronically. Complaints via telephone or other electronic means are assigned
a unique identifier to facilitate tracking. Written complaints are substantively answered within
30 days; postage counts as filing date. In case of rejection, the subject is informed of the reason. If
the Provider deems a complaint unfounded, the subject may contact NAIH (1125 Budapest,
Szilágyi Erzsébet fasor 22/c.) or seek judicial remedy.

6./ Handling of Data Security Incidents
In the event of a data breach, concerning any data it processes, the Service Provider shall report
the incident to the competent supervisory authority without undue delay and, where feasible, no
later than 72 hours after having become aware of it, unless it can demonstrate, in accordance with
the accountability principle, that the personal data breach is unlikely to result in a risk to the rights
and freedoms of natural persons. If the notification is not made within 72 hours, the reasons for
the delay must be provided, and the required information may be supplied in phases, without
further undue delay.

If the data breach is likely to result in a high risk to the rights and freedoms of the Data Subject,
the Service Provider shall inform the Data Subject without undue delay in order to enable them to
take the necessary precautions. The notification shall include a description of the nature of the data
breach, as well as recommendations for the Data Subject to mitigate potential adverse effects.

Following the identification of the data breach, the Service Provider shall assess whether all
appropriate technical and organizational protection measures had been implemented—both to
promptly detect the breach and to ensure timely notification to the supervisory authority and,
where necessary, to the Data Subject. To this end, within 24 hours of becoming aware of the
breach, the Service Provider’s representative shall convene all relevant personnel involved in data
processing, as well as an external IT expert, to determine the cause of the breach, develop a
remediation and action plan, and adopt the necessary measures to prevent future incidents.

7./ Principles Considered in Data Processing
Principles Relating to the Processing of Personal Data

  • Lawfulness, Fairness and Transparency: Personal data shall be processed lawfully, fairly, and
    in a manner that is transparent to the Data Subject.
  • Purpose Limitation: Personal data shall be collected for specified, explicit, and legitimate
    purposes and not further processed in a manner that is incompatible with those purposes.
  • Accuracy: Personal data shall be accurate and, where necessary, kept up to date; every
    reasonable step must be taken to ensure that personal data that are inaccurate, having regard to
    the purposes for which they are processed, are erased or rectified without delay.
  • Storage Limitation: Personal data shall be kept in a form which permits identification of Data

Subjects for no longer than is necessary for the purposes for which the personal data are
processed.
Personal data may be stored for longer periods insofar as the data will be processed solely for
archiving purposes in the public interest, scientific or historical research purposes, or statistical
purposes, subject to the implementation of appropriate technical and organizational measures
required by the GDPR to safeguard the rights and freedoms of the Data Subject.

  • Integrity and Confidentiality: Personal data shall be processed in a manner that ensures
    appropriate security of the personal data, including protection against unauthorized or unlawful
    processing and against accidental loss, destruction, or damage, using appropriate technical or
    organizational measures.
  • Accountability: The Service Provider shall be responsible for compliance with the above
    principles and must be able to demonstrate such compliance.

8./ Security of Personal Data Processing
The Service Provider shall implement appropriate technical and organizational measures to ensure
a level of security appropriate to the risk, taking into account the state of the art, the cost of
implementation, the nature, scope, context, and purposes of processing, as well as the varying
likelihood and severity of risks to the rights and freedoms of natural persons. These measures shall
include, among others:

  • the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing
    systems and services;
  • the ability to restore the availability of and access to personal data in a timely manner in the event
    of a physical or technical incident;
  • a process for regularly testing, assessing, and evaluating the effectiveness of technical and
    organizational measures for ensuring the security of the processing.
    The Service Provider has not joined any approved code of conduct or certification mechanism
    under the GDPR.

9./Data Storage
The physical location of data storage is: 4025 Debrecen, Simonffy utca 17–19, Hungary. The
Service Provider stores the personal data obtained during contact via its electronic communication
channel, specifically at info@qualityrentalsdebrecen.hu, as well as on its own server and in the
database of its Website. The Service Provider maintains records of the data provided through the
contact form on its own server for the purpose of fulfilling its data transfer and data storage
obligations.

10./ Restrictions
In the case of a Data Subject who is under the age of 16, or who is otherwise incapable or has
limited legal capacity, and where the legal basis for the data processing is the consent referred to in
Article 6(a) of the GDPR, such processing shall be lawful only if and to the extent that consent is
given or authorized by the holder of parental responsibility over the child.

11./ Cookies on the Website
The Service Provider uses cookies on its website.

What is a cookie?
During a visit to the website, the Data Controller uses so-called cookies. A cookie is a small data
file composed of letters and numbers that the website sends to the User’s browser with the purpose
of saving certain settings, facilitating the use of the website, and collecting certain relevant,
statistical information about visitors. Cookies do not contain personal information and are not
suitable for identifying individual users. Cookies often contain a unique identifier—a secret,
randomly generated numeric string—that is stored on the User’s device. Some cookies are deleted
when the browser is closed, while others are stored for a longer period.

Legal Basis and Background of Cookie Usage
The legal background of data processing related to cookies is provided by Act CXII of 2011 on
the Right of Informational Self-Determination and Freedom of Information (Infotv.), and Act
CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society
Services. The legal basis for data processing is the User’s consent pursuant to Section 5(1)(a) of
Infotv.

Main Categories of Cookies Used
Marketing Cookies
Google AdWords cookie
When a user visits our website, their cookie ID is added to the remarketing list. Google uses
cookies—such as the NID and SID cookies—in Google products to customize ads in Google
Search. These cookies are used, for example, to remember recent searches, past interactions with
ads or search results, and visits to advertisers’ websites. Google AdWords’ conversion tracking also
uses cookies to track sales and other conversions resulting from ads. These cookies may serve to:

  • Select ads relevant to the User;
  • Improve campaign performance reports;
  • Prevent ads the User has already seen from being shown again.

Statistical Cookies
Google Analytics cookie
Google Analytics is Google’s analytics tool that helps website and app owners better understand
the behavior of their users. It may use cookies to collect and report aggregated data on website
usage, without identifying individual visitors. The primary cookie used by Google Analytics is the
“_ga” cookie. In addition to producing usage statistics, Google Analytics may also be used together
with some of the advertising cookies listed above to show more relevant ads in Google products
(like Google Search) and across the web.

Referrer cookie
Records which external site the visitor arrived from. These cookies are valid until the browser is
closed.

Last Viewed Product cookie Stores the last real estate property viewed by the visitor. Valid for
60 days.

Last Viewed Category cookie Stores the last viewed category. Valid for 60 days.

Strictly Necessary Cookies
These cookies are essential for the basic operation of the website and allow the use of fundamental
site features. Without these cookies, many functions of the site would be unavailable. The lifespan
of these cookies is limited to the duration of the session.

Cookies for Enhancing User Experience
These cookies collect information about how users interact with the website—for example, which
pages are visited most frequently or what error messages are shown. These cookies do not collect
information that identifies the visitor; all data is aggregated and anonymous. The collected data is
used solely to improve the performance of the website. These cookies are also limited to the
duration of the session.

Cookie Acceptance Cookie
When arriving on the website, users are shown a notification window, where they may accept the
use of cookies. This cookie stores the acceptance for 365 days.

12./ Record of Data Processing Activities
The Service Provider maintains a record of processing activities in accordance with applicable
data protection legislation.
This record includes the following information:

  • The name and contact details of the Data Controller;
  • The purposes of the processing;
  • A description of the categories of Data Subjects and the categories of personal data;
  • The categories of recipients to whom the personal data have been or will be disclosed;
  • Where possible, the envisaged time limits for the erasure of the different categories of data.

This Privacy Notice takes effect on July 28, 2025.

PRIVACY POLICY FOR THE WPREPARED BY:
DR. CZÉRE-RÉTI ÜGYVÉDI IRODA
DR. CZÉRE-RÉTI GABRIELLA LAWYER
HATVAN STREET DEBRECEN

In order to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), Act CXII
of 2011 on Informational Self-Determination and Freedom of Information (the “Info Act”), and related legal provisions,
the Service Providers hereby inform all Data Subjects with whom they come into contact about the processing of their personal
data during visits to the website, as follows.