Privacy policy

Privacy policy

PRIVACY NOTICE

2018

Szépalma-Hotel Kft

TABLE OF CONTENTS

  1. Data Controller
  2. Glossary
  3. Data management

3.1. Use of hotel services

3.2. Room reservation

3.3. Enquiry, request for proposal

3.4. Notification form

– other personal data

3.5. Use of the wellness area

3.6. Events

3.7. Bank card details

3.8. Payment

3.9. Other data processing

3.10. Security of data processing

3.11. Gift voucher

3.12. Lottery

3.13. Guest questionnaire, evaluation system

3.14. Camera system

3.15. Newsletter

3.16. Facebook page

3.17. Website visit data

3.17.1. References and links

3.17.2. Analytics, cookies

3.17.3. Remarketing code

3.17.4. Contact

3.18. Processing of job applicants’ data

3.18.1. Purpose of data processing

3.18.2. Legal background to data management

3.18.3. Scope of data processed and duration of data processing

3.18.4. Access to data

3.18.5. Data security

3.18.6. Rights related to data management and means of enforcement

3.18.7. Processing of employee data

3.19. Data security

3.20. Data transmission

3.21. Data processors

3.22. Rights and remedies

3.22.1. Information

3.22.2. Correction

3.22.3. Cancellation and blocking, objections

3.22.4. Judicial enforcement

3.22.5. Compensation and damages

3.23. Other provisions

PRIVACY NOTICE

  1. Data Controller

Szépalma-Hotel Limited Liability Company

Place of residence: 8429, Porva, Suburban HRSZ: 0172/3.

Company registration number: 19-09-517534

Registered with the Metropolitan Court of Justice of Hungary

Tax number: 25090455-2-19

Phone number: 06-88-468-888

Data Protection Officer: Nóra Szent-Iványi – Managing Director

E-mail: hotel@szepalma.hu

Processing registration number:

The Company respects the privacy rights of its Guests and has therefore prepared the following Privacy Notice (hereinafter the “Notice”), which is available electronically on the Company’s official website (also in paper form upon request).

The Company, as the data controller, declares that it shall act in accordance with the provisions of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter referred to as the “Data Protection Act”).

This Notice provides general information about the processing of data in the course of the services provided by the Company. Due to the diversity of the needs of the Guests, the way of data processing may sometimes differ from the provisions of this Policy, such differences may be made at the request of the Guest and the exact method of processing will be communicated to the Guest in advance by the Company. The Company will provide information on any processing not covered by this Policy prior to the processing.

Personal data is processed by the Company only for the purposes and for the time necessary for the exercise of rights and the fulfilment of obligations. The Company only processes personal data that is necessary for the purposes for which it is processed and is adequate for the purposes for which it is processed.

The consent of a minor under the age of sixteen is subject to the consent of his or her legal representative or to the subsequent consent of his or her legal representative.

In all cases where the Company uses the data provided for purposes other than those for which they were originally collected, it shall inform the data subject and obtain his or her prior explicit consent or give him or her the opportunity to oppose such use.

Personal data that come to the knowledge of the Company in the course of processing may only be disclosed to persons who are employed by or have a contract of employment with the Company and who have a task in connection with the processing in question.

  1. Glossary

Affected: any specified natural person who is identified or identifiable, directly or indirectly, on the basis of personal data.

Personal data: data which can be associated with the data subject, in particular the name, the identification mark and one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of the data subject, and the inference which can be drawn from the data concerning the data subject.

Special data: personal data revealing racial or ethnic origin, nationality, political opinions or political party affiliation, religious or philosophical beliefs, membership of an interest group, sex life, health, pathological addiction and personal data concerning criminal offences

Contribution: a voluntary and explicit indication of the data subject’s wishes, based on appropriate information, by which he or she gives his or her unambiguous consent to the processing of personal data concerning him or her, whether in full or in part.

Protest: A statement by the data subject objecting to the processing of his or her personal data and requesting the cessation of the processing or the erasure of the processed data.

Data Controller: The natural or legal person or unincorporated body who, alone or jointly with others, determines the purposes for which the data are to be processed, takes and implements decisions regarding the processing (including the means used) or has them implemented by a processor on its behalf.

Data management: Any operation or set of operations which is performed upon data, regardless of the procedure used, such as collection, recording, organisation, storage, alteration, use, retrieval, disclosure, transmission, alignment or combination, blocking, erasure or destruction, prevention of further use, taking of photographs, sound recordings or images, and recording of physical characteristics that can be used to identify a person (e.g. fingerprints, palm prints, DNA samples, iris scans).

Data transmission: The making available of data to a specified third party. The Company does not transfer data to third parties.

Disclosure: Making the data available to anyone.

Data deletion: rendering data unrecognisable in such a way that it is no longer possible to recover it.

Data marking: The marking of data with an identification mark to distinguish it.

Data storage: The marking of data with an identification mark for the purpose of limiting its further processing permanently or for a limited period of time.

Data processing: The performance of technical tasks related to processing operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data.

Data processor: The natural or legal person or unincorporated body who or which processes data on the basis of a contract with the controller, including a contract concluded pursuant to a legal provision.

Third person: A natural or legal person or unincorporated body other than the data subject, the controller or the processor.

Data protection incident: unlawful processing or handling of personal data, in particular unauthorised access, alteration, disclosure, transmission, disclosure, erasure or destruction, and accidental destruction or damage.

  1. Data management
  1. Use of hotel services

The processing of all data relating to the data subject in the context of the provision of services is based on voluntary consent and is aimed at ensuring the provision of the service and maintaining contact. With the exceptions provided for in each subsection, the personal data contained in this section will be kept by the Company for a period of time in accordance with the applicable tax and accounting regulations and will be deleted after the expiry of this period.

For each service, it is possible to provide additional information in the comments section, which helps us to fully understand the Guest’s needs, but is not a condition for booking a room and using other services.

The Guest may also declare his/her subscription to the newsletter at the time of using the individual services.

  1. Reservations

You can book a room at our hotel by e-mail, by phone or in person. When booking a room, the following personal data will be processed in addition to the data relating to your stay:

  • surname and first name
  • phone number
  • e-mail address
  • the address required to issue the advance invoice and then the final invoice

Duration of processing: 8 years. The hotel will use this data for the purposes of managing the reservation, contacting the guest and fulfilling its accounting obligations.

In addition, the purpose of data processing is to identify the guest as the user of the service, to perform the services ordered, to issue invoices, to process payment, to register the guests and to distinguish them from each other.

The hotel will process personal data for the duration of the purpose of the processing, in particular for the duration of the contractual relationship established, and at the end of the contractual period the data provided by the guest will be deleted, except for the data necessary for mandatory processing, until the consent is withdrawn.

  1. Enquiry, request for a quote

In case of enquiries or requests for quotations on the hotel’s website, in person or by telephone, in addition to the data related to the planned stay, the following personal data are required: name, e-mail address, telephone number. The purpose of the data processing is to contact and communicate with the person interested in the services provided by the hotel, to send information and offers. The hotel will process the personal data for a maximum period of 1 year from the date of arrival at the hotel or until the user (Guest) requests the deletion of his/her data or withdraws his/her consent to the processing of his/her personal data. The Hotel does not record telephone conversations.

  1. Notification sheet

When using certain hotel services, the Guest shall fill in a hotel registration form in which he/she consents to the Company processing the following mandatory data for the purposes of fulfilling its obligations under the applicable legislation (in particular legislation on tourism and tourist tax), for the purposes of proving compliance and for the identification of the Guest, for as long as the competent authority is able to verify compliance with the obligations under the relevant legislation:

  • surname and given name
  • address/business address
  • nationality (data processed for statistical purposes only, not traceable to the individual)
  • place and date of birth
  • identity card number
  • names and dates of birth of children (if they are also using the hotel services)
  • vehicle registration number

The processing of the following data on third-country nationals is required by law:

  • in addition to the natural person identification data, the
  • travel document (passport) identification data
  • address of accommodation
  • the starting and ending dates for the use of the accommodation
  • visa, residence permit number,
  • date of entry, place of entry

Third-country national: any person other than a Hungarian national who is a national of a non-European Economic Area Member State, including stateless persons.

EEA member states:

  • the Member States of the European Union
  • Iceland, Liechtenstein, Norway as a participating Member State
  • and Switzerland, as a State with the same legal status

The provision of the mandatory data by the Guest is a condition of the use of the hotel service.

By signing the registration form, the Guest agrees that the personal data provided by filling in the registration form may be processed and archived by the Company for the purposes of the conclusion of the contract, the proof of performance and fulfilment of the contract, and the possible enforcement of claims within the above-mentioned period.

The hotel will provide you with information about the data processed in connection with the registration form upon your request by e-mail to hotel@szepalma.hu.

Other personal data (special data)

If the guest has special dietary requirements due to gluten-free, lactose-free, vegetarian or other health reasons and shares this information with the hotel, the hotel will pass this information on to other units (restaurant, breakfast room) in order to provide a full range of services.

The hotel does not request this health information on request.

At the end of the service (on departure), no health information is stored in any form.

  1. Use of the wellness area

If you are an external guest, you will be required to provide the necessary information to make a reservation and issue an invoice:

  • Name
  • phone number
  • billing address

At the contact address www.szepalma.huhonlapon, the Guest has the possibility to ask for the prices of the services of the wellness area and to contact the Company by providing his/her name and telephone number. After contacting the Company, the exact arrival time will be registered.

  1. Events

Guests using the hotel services are obliged to note that our events may be recorded by hotel staff or by contracted partners (press staff, contributors, other guests or other third parties) authorised by the hotel. Accordingly, by participating in the programmes and events, the guest consents to the recording of his/her face and appearance, provided that he/she may be named only with his/her express consent.

If the guest is a public figure, he or she may be named without his or her consent. The guest acknowledges that the hotel will record the event and other programmes.

  1. Bank card details

The data is processed by the Company’s contractual banking partner. You can find information about this processing on the website of the relevant bank (OTP – www.otp.hu).

For more information on the credit card data handled by some of the Company’s sub-systems, guests can send a request to hotel@szepalma.hu.

  1. Payment

The payment for the services of Szépalma-Hotel can be made by cash, gift voucher, SZÉP card or credit card, as determined by Szépalma-Hotel Kft.

The purpose of the data processing is to use the services of Szépalma-Hotel Kft, issue invoices, document the payment, and fulfil accounting obligations.

Szépalma-Hotel Kft processes the following data when you pay:

  • transaction number, date and time, document content
  • billing name, address, tax number and name of the service used, quantity, purchase price, method of payment, payment details (date, time, name of the items on the invoice, amount)
  1. Other data processing

We will provide information on data processing not listed in this policy at the time of collection. We inform our guests and customers that the hotel may be contacted by the court, prosecutor’s office, investigating authority, infringement authority, administrative authority or other bodies authorised by law to provide information, data, or documents. The hotel shall disclose to the authorities only such personal data as is strictly necessary for the purpose of the request.

The hotel does not control the personal data provided to it. The person providing the data is solely responsible for its accuracy and correctness. Any guest who provides an e-mail address is also responsible for ensuring that the e-mail address provided is the only one from which he/she will receive services. With regard to the assumption of responsibility, any liability in connection with access from a given e-mail address shall be borne solely by the User who registered the e-mail address. If the Guest does not provide his/her personal data, he/she is obliged to obtain the consent of the person concerned.

Personal data may be accessed by employees who are employed by or contracted by the hotel.

The hotel will only disclose personal data to third parties with the prior and informed consent of the guest. This does not apply to any data transfers required by law.

The hotel, as the data controller, is entitled and obliged to transmit to the competent authorities any personal data available and stored by it in accordance with the law, which it is obliged to transmit by law or by a final and binding obligation of a public authority. The hotel shall not be held liable for such transfers and the consequences thereof.

  • Buyers’ book:

The purpose of the data management in relation to the customer book is the management of comments on the services provided by the units of Szépalma-Hotel Kft.

  • Guestbook:

Guests using the hotel services can write their personal comments and experiences in the guestbook.

The guestbook is public and freely available to all visitors of Szépalma-Hotel Kft.

  • Found objects:

The Szépalma-Hotel Kft. manages and records the following data in connection with the found objects:

  • the date, time and place of the find, the person who found the object, the name of the object found, whether the owner was found, notified, whether the object was delivered, the signature of the person who took care of the case.
  1. Security of data processing

The hotel takes the utmost care in the processing and storage of personal data.

The hotel is obliged to carry out the processing operations in such a way as to ensure the protection of the privacy of the data subjects.

The hotel shall, in the course of processing the data, preserve, or – except in the case of other legal measures – shall do everything in its power to ensure that the data processed.

  • remain confidential: protect information so that only those who are authorised can access it
  • remain intact: protects the accuracy and integrity of the information and the processing method
  • and ensure that the rightful user has access to the information and the means to access it when he or she needs it.
  1. Gift voucher

When purchasing a gift voucher, the Customer provides the following personal data:

For personal purchases:

  • Name
  • name of the donee
  • billing name and address

In the case of online orders, through a written order (e-mail) sent to the Company:

  • Name
  • e-mail address
  • phone number
  • name of the donee
  • billing name and address
  • delivery name and address

The purpose of data processing is to maintain contact and deliver the gift voucher. The personal data received in this way will be stored by the Company for a period of time in accordance with the applicable tax and accounting regulations and will be deleted after such period.

The Company will provide more information on the data management of gift vouchers upon request to hotel@szepalma.hu.

  1. Prize draw

The Company occasionally organises a prize draw on its own to promote the services of a particular hotel. You can participate in the competition by registering on paper or online (Facebook page) and providing the following details:

  • Name
  • address
  • phone number
  • e-mail address

The purpose of the data processing is to maintain contact in order to enable the Company to deliver the prize to the winner.The data processing lasts for 12 (twelve) months after the end of the competition, and the data processed in this way (except for the winner) will be deleted. In the case of guests who have consented to a request for a promotion, the Company will continue to process the above data in accordance with the provisions of Section III.7 of this Prospectus.

The company will provide more information about the data processed in connection with the competition upon request to hotel@szepalma.hu.

  1. Guest questionnaire, evaluation system

As part of the quality assurance process of Szépalma-Hotel Kft, guests can give their opinion about the services provided by the company online, via e-mail and paper guest questionnaires, as well as through the rating system. When filling in the questionnaire, guests can provide the following personal data:

  • Name
  • date of visit
  • room number
  • contact details (address, e-mail address, telephone number)
  • how you found the hotel

Providing this information is not mandatory, it is only for the purpose of investigating any complaints and ensuring that the company responds to the guest.

The opinions obtained in this way and any related data that cannot be traced back to the Guest and cannot be linked to the name of the Guest may also be used by the Company for statistical purposes.

The personal data provided by filling in the guest questionnaire will be deleted by the Company within 12 (twelve) months after the complaint has been investigated. The e-mail address and username provided for the use of the rating system will be deleted by the Company upon request sent by the guest to hotel@szepalma.hu.

  1. Camera system

Cameras are installed in the hotels operated by the company to ensure the safety of guests and their property. Camera surveillance is indicated by a pictogram and warning text.

The operation of security cameras for the purpose of asset protection, pursuant to Section 30 (2) of Act CXXXIII of 2005 (“Act on the Protection of the Property”). Data processed: the camera recordings.

The purpose of CCTV surveillance is to protect property. The protection of assets of significant value and the personal property of guests, given that there is no other way of detecting infringements, catching the perpetrator in the act, preventing these infringements or proving them.

The cameras are in operation and recording all days of the year, 0-24 hours. A detailed description is given in the annex to this information. Data Protection Registration No.: NAIH96125/2016.

For more information on the data management related to the camera system, please contact the hotel concerned.

For more information on the location of cameras, see the annex to this document.

  1. Newsletter

If the guest subscribes to the hotel’s newsletter, the hotel will send him/her an occasional newsletter.

By subscribing to the newsletter, the guest consents to the hotel processing the necessary data. To subscribe to the newsletter, the name and e-mail address must be provided in order to enable the delivery of messages.

In case of refusal or withdrawal of consent, the hotel will not send any further newsletter and will delete the guest’s data from the system.

The purpose of data processing in connection with the sending of newsletters is to provide the recipient with comprehensive general or personalised information about the latest promotions of the Company.

  1. Facebook page

The Company and the hotels/restaurants operated by the Company are also available separately on the Facebook community portal.

The purpose of data processing is to share the content of the Szépalma Hotel website. The Facebook page allows guests to participate in competitions and find out about the latest promotions.

By clicking on the “like” link on the Company’s Facebook page, the data subject agrees to the publication of the Company’s news and offers on his/her own message board.

The newsletter is subject to the provisions of section 3.15.

The Company also publishes pictures/movies of events/hotels/restaurants, etc. on its Facebook page.Unless it is a mass shooting, the Company always asks for the written consent of the data subject before publishing the pictures.

For information about the Facebook Page’s privacy practices, please visit the privacy policy and guidelines on the Facebook website at www.facebook.comcímen.

  1. Website visit data
  2. References and links

The Company’s website may also contain links that are not operated by the Company and are provided solely for the information of visitors. The Company has no control over the content and security of the websites operated by partner companies and is therefore not responsible for them.

Please review the privacy policy and privacy statement of the sites you visit before you provide any form of information to those sites.

  1. Analytics, cookies

The Company uses an analytics tool to track its websites (Google Analytics), which creates a series of data and tracks how visitors use the websites. The system creates a cookie when a page is viewed, with the aim of recording information about the visit (pages visited, time spent on our pages, browsing data, exits, etc.), which is not, however, data that can be linked to the visitor personally. This tool helps to improve the ergonomics of the website design, to create a user-friendly website, to enhance the online experience of visitors. The Company does not use analytics systems to collect personal information. Cookies are automatically accepted by most web browsers, but visitors have the option to delete or automatically reject them. As each browser is different, visitors can set their cookie preferences individually using the browser toolbar. You may not be able to use certain features of our website if you choose not to accept cookies.

  1. Remarketing code

On the website, we use remarketing codes to track visits to specific pages so that we can provide targeted marketing messages to visitors to those pages. Visitors to this website can disable the cookies that provide remarketing codes by setting their browser accordingly.

  1. Contact

It is possible for anyone to contact the company by e-mail. The messages will be handled by the company until the request/question is resolved/answered, and once the request/question is closed, such e-mails will be archived and stored for 5 (five) years.

  1. Managing job applicant detailsPolylang
    placeholder do not modify

Management and registration of job applications and CVs received in response to advertised vacancies and for inclusion in an electronic database for recruitment and selection purposes.

  1. Legal background to data processing

The processing, storage, recording and transmission of the personal data detailed in this information notice is carried out in accordance with the provisions of Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information and the provisions of the Act.

3.18.3. Scope of data processed and duration of data processing

Szépalma-Hotel Kft will process, record and store the data contained in job applications, CVs, cover letters and other documents sent as personal data in accordance with this information for a maximum of 1 year from the date of receipt. The processed data will then be automatically destroyed. The processed data will be used exclusively in the recruitment and selection process or to determine whether the candidate concerned would be suitable to fill another vacant post.

3.18.4. Access to data

Submitted job applications and CVs will be handled only by the authorised staff of Szépalma-Hotel Kft. Szépalma-Hotel Kft shall not pass on the received job applications and CVs to third parties for statistical or other purposes, except in cases specified by law, shall not disclose the data received, and shall provide information related to the assessment of the submitted job applications and CVs only upon the request of and to the person concerned.

3.18.5. Data security

Szépalma-Hotel Kft takes special care to ensure the safe storage and safekeeping of all applications and CVs received. Personal data will not be made public.

3.18.6. Rights related to data processing and means of enforcement

The applicant concerned may request:

  1. information about the processing of his or her personal data, in particular: the scope and source of the personal data processed, the purposes, legal basis and duration of the processing, the name and address of the data processor and the data processor’s activities in relation to the processing, and, in the case of a transfer of personal data, the legal basis and the recipient of the transfer
  2. the rectification of your personal data; and
  3. erasure or blocking of your personal data, except for mandatory processing.

The applicant concerned may object to the processing of his/her personal data:

  1. where the processing or transfer of personal data is necessary for the fulfilment of a legal obligation to which the controller is subject or for the purposes of the legitimate interests pursued by the controller, the recipient or a third party, except in cases of mandatory processing,
  2. if the personal data are used or disclosed for direct marketing, public opinion polling or scientific research purposes, and
  3. in other cases specified by law

Any questions or comments regarding the processing of personal data can be addressed directly to the managing director of Szépalma-Hotel Kft. at the following e-mail address hotel@szepalma.hu.

By lodging a complaint with the National Authority for Data Protection and Freedom of Information, the data subject may initiate an investigation on the grounds that there has been or is an imminent threat of a breach of rights in relation to the processing of his or her personal data.

Contact details of the National Authority for Data Protection and Freedom of Information:

1530 Budapest, Pf.: 5.

1125 Budapest, Szilágyi Erzsébet fasor 22/C

Tel: 06-1-391-1400

Fax: 06-1-391-1410

  1. Employee data management

With regard to the processing of employee data, the data controller is the person who holds the position of hotel manager and the head of any department to whom personal data relating to the department under his/her control needs to be disclosed.

Employees may only be asked for and kept records of data and be subject to job aptitude tests which are necessary for the establishment, maintenance or termination of employment and for the provision of social benefits and which do not infringe their individual rights.

In the case of workers with reduced capacity to work, a document relating to their condition may be requested if it is necessary to fulfil an obligation on the employer.

All data shall be deleted without delay and all documents shall be destroyed if the employment relationship is not established after the recruitment procedure, unless the data subject explicitly requests or consents to the continued processing of his/her data for a specified period.

The “employment register” for employees contains the following data and documents:

  • natural identifiers
  • place of residence, domicile
  • citizenship
  • Social security number, tax identification number
  • start and end date of employment
  • job held
  • proof of education and other qualifications and competences
  • CV
  • a certificate of good character, depending on the job
  • an opinion on your medical fitness for work
  • employment contract, other agreements concluded during the employment relationship
  • amount of salary, other benefits
  • deductions based on a final decision or written consent to payroll deductions
  • data on sick leave taken
  • data on leave
  • employee performance appraisal
  • any personal data the processing of which is required by law or to which the employee has given his or her consent (in particular, data required for the purposes of claiming family tax allowances, the scope of individual expense claims, etc.)

On the basis of a legal authorisation or consent, the employer also processes other data, in particular:

  • records of accidents at work
  • data recorded by cameras or other systems used for security or safety purposes

Data relating to employees may be accessed and processed by the employee’s line manager to the extent and for the duration strictly necessary for the performance of his/her duties.

In addition, the employer will disclose the employee’s personal data to the extent requested by the court, prosecutor’s office, investigative authority and other competent authorities upon formal request.

In the event of termination of employment, the employee’s data must be deleted after 3 years. The deletion of data that are required by law to be recorded and kept in the future is prohibited.

  1. Data security

Other security activities

The Company shall ensure that it is possible to verify and establish to which bodies the personal data have been or may be transmitted using data transmission equipment, which personal data, when and by whom they were entered into the system and the

system recoverability in the event of a system failure. Errors in automated processing are reported.

The Company treats personal data confidentially and does not disclose them to unauthorized persons. In particular, personal data shall be protected against unauthorised access, alteration, disclosure, disclosure, deletion or destruction, accidental destruction, damage and loss of accessibility due to changes in the technology used. All security measures are taken to ensure the technical protection of personal data.

  1. Data transmission

The Company is entitled to disclose the personal data provided to it to the hotel operator, companies and business partners involved in the organisation of the relevant prize draw, who are entitled to process the data provided solely in the manner set out in this information. Such transfers may only be made if the data subject has been informed in advance when using the service in question or participating in a prize draw or loyalty programme.

For the purposes of monitoring the lawfulness of the transfer and informing the data subject, the company keeps a register of transfers, which includes the date of transfer of personal data processed by the company, the legal basis and recipient of the transfer, the scope of the personal data transferred and other data specified in the legislation requiring the processing.

The Company reserves the right, in the cases provided for by law, to disclose the data processed by it to the competent authorities and courts, even without the specific consent of the data subject, upon their request.

  1. Data processors

A specific list of the Company’s data processors may be requested by writing to hotel@szepalma.hu or by contacting the Company’s data protection officer at the contact details set out in point I. Such requests will be complied with in writing within thirty (30) days.

  1. Rights and remediesPolylang
    placeholder do not modify

At the request of the data subject, sent to the e-mail address indicated in each section or to the name and address of the Company (Szépalma-Hotel Kft, 8429, Porva, Suburban HRSZ: 0172/3), the Company shall provide information on the data processed by the data subject, free of charge once a year for the same data, and once a year for a fee, data processed by the data controller or by a data processor on its behalf, their source, the purpose, legal basis and duration of the processing, the name and address of the data processor and its activities in relation to the processing, the circumstances of the personal data breach, its effects and the measures taken to remedy it and, in the event of the transfer of the data subject’s personal data, the legal basis and the recipient of the transfer.

The Company shall keep a register for the purpose of monitoring the measures taken in relation to the data breach and informing the data subject, which shall include the scope of the personal data concerned, the number and type of data subjects affected by the data breach, the date, circumstances and effects of the data breach and the measures taken to remedy it, as well as other data specified in the legislation requiring data management.

In the event of a refusal to provide information, the Company shall inform the data subject in writing of the provision under which the refusal to provide information was made and inform the data subject of the legal remedies available to him or her.

30.22.2. Correction

If the personal data is not accurate and the accurate personal data is available to the Company, the Company will correct the personal data.

The company will notify the data subject of the rectification, as well as all those to whom the data may have been previously disclosed for processing purposes. The notification may be omitted if this would be contrary to the legitimate interests of the data subject in relation to the purposes of the processing.

30.22.3. Cancellation and blocking, objections

In the event of deletion and blocking of personal data and objections to data processing, the provisions of Articles 17 – 21 of the Data Protection Act shall apply.

30.22.4. Judicial enforcement

The data subject may take legal action against the Company in the event of a violation of his or her personal rights. The court proceedings shall be governed by Article 22 of the Data Protection Act, the provisions of Title XII, Part Three, Book One (§ 2:51 – § 2:54) of Act V of 2013 on the Civil Code, and other applicable legal provisions.

30.22.5. Damages and compensation

If the company causes damage or infringes the personal rights of the data subject by unlawfully processing the data or by breaching data security requirements, the company may be liable to pay compensation.

The controller shall be exempted from liability for the damage caused and from the obligation to pay compensation if it proves that the damage or the infringement of the data subject’s personality rights was caused by an unforeseeable cause outside the scope of the processing.

The Company shall also be liable to the data subject for any damage caused by the data processor, and the Company shall also pay the data subject the damages due in the event of a personal infringement caused by the data processor. The hotel shall be exempted from liability and from the obligation to pay the damage fee if it proves that the damage or the infringement of the data subject’s personality right was caused by an unforeseeable cause outside the scope of the processing. No compensation or damages shall be due if the damage resulted from the intentional or grossly negligent conduct of the data subject.

  1. Other provisions:

The Hotel reserves the right to amend this Policy and shall notify the persons concerned of any such amendment.

The Hotel is not responsible for the accuracy of the information provided by visitors to the websites or guests.

You can ask the National Authority for Data Protection and Freedom of Information for help with data protection issues at any time:

Postal address: 1534, Budapest, PO Box 834

Address: 1125, Budapest, Szilágyi Erzsébet fasor 22/C

Phone: +36 /1/ 391-1400

Website: www.naih.hu

e-mail: ugyfelszolgalat@naih.hu

Location and Headquarters:

Szépalma-Hotel Kft

8429, Porva, Suburban HRSZ: 0172/3.

X
<
>