Rotemberg Limited Liability Company’s information notice on its data processing related to the prevention and suppression of money laundering and terrorist financing, and the enforcement of financial and asset-restrictive measures.
January 1
Purpose of this Information Notice
Rotemberg Ltd. (hereinafter: Controller) carries out the data processing set out in this Notice in order to fulfill its obligations under Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing (AML Act) and Act LII of 2017 on the Enforcement of Financial and Asset-Restrictive Measures (together: Legislation). The Controller hereby publishes and acknowledges as binding its principles of data management.
Controller’s Details
Company name: Rotemberg Limited Liability Company
Registered office: 3200 Gyöngyös, Alkotmány utca 5.
Telephone: +36 20 5858 058
Email: iroda@rotemberg.com
The Controller has not appointed a Data Protection Officer.
Definitions
Personal data: any information relating to an identified or identifiable natural person (Data Subject); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, number, location data, online identifier, or one or more factors specific to physical, physiological, genetic, mental, economic, cultural or social identity.
Data processing: any operation or set of operations performed on personal data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data.
Processor: any natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
Recipient: any natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether a third party or not. Public authorities that may receive personal data in the context of a specific inquiry under Union or Member State law are not regarded as recipients, provided that their processing complies with the purposes set out in this Notice and with applicable data-protection rules.
Data transfer: making personal data available to a specified third party.
Data Subject’s consent: a freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which they signify agreement to the processing of personal data relating to them.
Data-protection incident: a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data.
Principles of Personal Data Processing
Personal data shall be processed:
a) lawfully, fairly and transparently in relation to the Data Subject;
b) for specified, explicit and legitimate purposes, and not further processed incompatibly with those purposes (further processing for public-interest archiving, scientific or historical research or statistical purposes does not constitute incompatibility);
c) in an adequate, relevant and limited manner (“data minimization”);
d) accurately and, where necessary, kept up to date; every reasonable step must be taken to ensure that inaccurate personal data are erased or rectified without delay (“accuracy”);
e) in a form permitting identification of Data Subjects for no longer than necessary; further storage for public-interest archiving, scientific or historical research or statistical purposes only subject to appropriate safeguards (“storage limitation”);
f) securely, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by appropriate technical or organizational measures (“integrity and confidentiality”).
The Controller is responsible for and must be able to demonstrate compliance with these principles (“accountability”).
Scope of Data Subjects
Natural person clients or their authorized representatives who use the Controller’s services in connection with property transactions governed by the Legislation.
Categories of Personal Data Processed
Identity data: family name; given name; birth family name; place and date of birth; mother’s birth name; nationality; address or residence; type and number of identity document.
Business-relationship data: contract type, subject and duration; circumstances of performance (place, time, manner); purpose and anticipated nature of the business relationship.
Politically exposed person data: status as a politically exposed person; supporting data establishing such status.
Wealth and source-of-funds data.
Beneficial owner data: nature and extent of ownership interests.
Reporting data: data required for mandatory reporting or related to such reporting.
Legal Basis for Processing
Compliance with a legal obligation.
Purpose of Processing
To fulfill the client due-diligence and reporting obligations prescribed by the Legislation.
Retention Period
Eight years from the end of the business relationship, or up to ten years if required by Section 58 of the AML Act.
Recipients, Access, Transfers and Security Measures
Personal data may be accessed and processed by the Controller’s managing director, the person appointed under the Legislation, the designated compliance officer, and those performing client due-diligence, always in accordance with the above principles. The Controller and any Processor will implement appropriate technical and organizational measures—such as pseudonymization and encryption, securing system confidentiality, integrity, availability and resilience, and procedures for restoring access in case of incident—to ensure a level of security appropriate to the risk.
Data Subject Rights
a) Right of access: obtain confirmation and a copy of their personal data and specified information;
b) Right to rectification: require correction of inaccurate or incomplete data without undue delay;
c) Right to erasure (“right to be forgotten”): request deletion of data where grounds apply;
d) Right to restriction of processing: request restriction where accuracy is contested, processing is unlawful, data is no longer needed by the Controller but required by the Data Subject for legal claims, or the Data Subject has objected pending verification of overriding interests;
e) Right to data portability: receive their personal data in a structured, commonly used, machine-readable format and transmit to another controller;
f) Right to object: at any time for reasons relating to their particular situation, including profiling;
g) Right to object to direct marketing: to cease processing for direct marketing purposes, including profiling;
h) Rights in automated decision-making: to not be subject to a decision based solely on automated processing, including profiling, unless necessary for a contract, authorized by law with safeguards, or based on explicit consent.
Response Time
The Controller will inform the Data Subject of action taken within one month of receipt of a request, extendable by two months if necessary, with notification of extension within one month. If no action is taken, the Controller will inform the Data Subject of the reasons and their right to lodge a complaint.
Notification of Data-Protection Incidents
If a breach is likely to result in high risk to rights and freedoms, the Controller will inform the Data Subject without undue delay, describing the nature of the breach, its likely consequences, measures taken or proposed, and contact details for further information. Notification is not required if adequate safeguards (e.g., encryption) were applied, subsequent measures ensure no risk, or notification would require disproportionate effort (in which case public communication or similar measures will be used).
Reporting to Supervisory Authority
The Controller will notify the competent authority of a notifiable breach without undue delay and, if possible, within 72 hours, unless unlikely to result in risk. Delays must be justified.
Right to Lodge a Complaint
Data Subjects may complain to the National Authority for Data Protection and Freedom of Information:
1055 Budapest, Falk Miksa u. 9–11.
Mailing address: 1363 Budapest, P.O. Box 9
Tel: +36 1 391 1400, +36 30 683 5969, +36 30 549 6838
Fax: +36 1 391 1410
Email: [authority’s address]
Data Subjects also have the right to judicial remedy.
Applicable law:
• Regulation (EU) 2016/679 (GDPR)
• Act CXII of 2011 on Information Self-Determination and Freedom of Information
Gyöngyös, January 1, 2025
Rotemberg Limited Liability Company / Controller
Rotemberg Ltd. places a small data packet (so-called “cookie”) on the computer or mobile device of visitors to the https://rotemberg.com website (hereinafter: “Website”) in order to provide customized service. The purpose of the cookie is to ensure the highest possible performance of the Website, to enable personalized services, and to enhance the user experience.
Visitors can delete cookies from their own computers or configure their browsers to refuse cookies. For more information, please visit AllAboutCookies.org. By disabling cookies, the visitor acknowledges that the Website will not function fully.
Rotemberg Ltd. never uses information stored in cookies to personally identify visitors to the Website.
Information on the Use of Cookies
1.1 What is a cookie?
When you visit our Website, we use so-called cookies. A cookie is a packet of information made up of letters and numbers that our site sends to your browser in order to save certain settings, facilitate your use of the site, and help us collect some relevant, statistical information about our visitors.
Some cookies do not contain personal information and cannot identify an individual user. However, some cookies contain a unique identifier—a secret, randomly generated string of characters—stored on your device, enabling your identification. The lifespan of each cookie is detailed in its individual description.
1.2 Legal Basis and Justification for Cookies
The legal basis for processing this data is your consent pursuant to Article 6(1)(a) of the GDPR.
1.3 Main Types of Cookies Used by the Website
Strictly necessary cookies: These cookies are essential for the operation of basic Website functions. Without them, many features will not be available. Their lifetime is limited to the duration of your browser session.
Performance-enhancing cookies: These cookies collect information about how users interact with the site—e.g., which pages are visited most often or what error messages occur. They do not gather personally identifying information, only anonymous, aggregated data, which we use to improve performance. Their lifetime is limited to the duration of your browser session.
RTB personalized retargeting cookies: These may appear when previous visitors browse other sites on the Google Display Network or search for terms related to our products or services.
Session cookies: These store your location, browser language, and payment currency. They last until you close your browser or, at most, two hours.
Cookie-consent cookie: Records your acceptance of our cookie policy when you click “Accept” in the notice banner. Lifetime: 365 days.
Google Analytics cookie: Google Analytics is Google’s analytics service, helping website and app owners understand visitor behavior. It uses cookies—most notably the “_ga” cookie—to collect anonymous statistical data on site usage without identifying individual visitors. Alongside performance reporting, Google Analytics cookies can, together with certain advertising cookies, be used to show more relevant ads across Google products and the Internet.
1.4 Deleting Cookies
If you do not accept cookies, certain functions will not be available to you. For instructions on deleting cookies, please consult the following links:
Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11
Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
Mozilla (Hungarian guide): https://support.mozilla.org/hu/kb/weboldalak-altal-elhelyezett-sutik-torlese-szamito
