en

Privacy notice

By making an online reservation through the website, as a user, you accept the provisions of this data protection notice (hereinafter: Data Protection Notice).

Furthermore, we would like to inform you that the legal regulations for the management of personal data have fundamentally changed since May 25, 2018, as from this date the European Parliament and the Council (EU) on the protection of natural persons with regard to the management of personal data and on the free flow of such data shall apply. and 2016/679 on the repeal of Regulation 95/46/EC (general data protection regulation). Regulation (hereinafter: GDPR).

Name of data controller: Kovács István Krisztián private person

Contact information of the data controller:

Cím: 2330 Dunaharaszti Andrássy Gyula street 32/3

Phone number: +36 70/620 6362

E-mail address: balatonlellegyongyeapartman@gmail.com

External domain and hosting provider: : Webnode AG, Limmatquai 112, 8001 Zurich Switzerland

Purpose of data management 

The Data Controller manages the personal data of the Guests for the following purposes:

  1. It is primarily necessary to enter the personal data detailed later in order to book the Apartment (from September 2021, the personal data defined by law of all guests staying at all Hungarian accommodations will be submitted in an encrypted manner to the Guest Information Closed Database, i.e. the VIZA system. Accordingly, the VENDÉGEM software (My Guest software) will be expanded with a document reader function , for which the identity document of each guest is requested)
  2. Their personal data for issuing an invoice for the costs of the accommodation reservation.
  3. Providing your data for notification and information is also important in terms of communication with the Guest

Legal basis for data management

The data manager manages the guests' personal data on the following legal basis:

  1. GDPR Article 6 (1) point b) (data processing is necessary to fulfill a contract to which the data subject is a party, or it is necessary to take steps at the request of the data subject prior to the conclusion of the contract)
  2. GDPR Article 6 (1) point c) (data processing is necessary to fulfill the legal obligation of the data controller)
  3. GDPR Article 6 (1) point a) (the data subject has given his consent to the processing of his personal data for one or more specific purposes)

Scope of managed data

The use of the online booking interface on the website of the data controller is not subject to separate registration, however, the following personal data must be entered for booking:

  1. Name (surname and surname),
  2. Phone number,
  3. E-mail address,
  4. Billing address.
A szálláshely elfoglalásához szükséges Bejelentő lapon kezelt adatok köre:
  1. Name (surname and surname),
  2. Phine number,
  3. E-mail address,
  4. Billing address,
  5. Socialsecurity number/Passport number,
  6. Place of birth and birthday

Duration of data management

The processing of the data regarding the Guest's phone number and e-mail address starts from the date of the reservation and is deleted after the Guest leaves the Apartment.

Regarding the Guest's name and billing address, the data is processed for the period specified in the Accounting Act, 8 (eight) years, after which the data manager destroys them.


Data security

The Data Controller takes all necessary steps to ensure the security of the personal data provided by the Guests both in the network system and during the storage and preservation of the data. The reservation system operating through the website of the data controller has been placed with an external protected storage provider, which provider cannot access data managed on the storage provider. The data manager performs his work processes on a computer protected by a password and antivirus. 


1. In the course of its activities, the Service Provider considers the protection of personal data to be of utmost importance. In all cases, it handles the personal data provided to it in compliance with the applicable laws, ensures their security, takes the technical and organizational measures, and develops the procedural rules necessary to comply with the relevant laws.

2. In the course of the Service Provider's activities, the Service Provider uses the users' data solely for the purposes of concluding contracts, invoicing, and its own advertising purposes in accordance with the Data Protection Act. 

In all cases, the processing of personal data is based on the voluntary consent of the Guest(s). We use the Guest's personal data exclusively for concluding contracts, invoicing, and for our own advertising purposes - for sending our own newsletter.

3. The Guest consents to the Service Provider handling the data provided or obtained by the Guest in connection with the Service in accordance with the provisions of this Data Management Notice, and declares that it has the consent of the data subjects regarding the provided personal data.

4. If the Guest agrees, he can send a newsletter about the promotions and offers of the Service Provider to the e-mail address he provided. Guests can unsubscribe from the newsletter at any time.

5. If the Service Provider has recorded personal data that does not correspond to reality, we will correct it at the request of the Guest.

6. You may request the deletion of your personal data, unless the data management is necessary to fulfill the legal obligations of the data controller or to submit, assert or defend legal claims. The data manager deletes personal data without undue delay if the processing of the data is illegal, incomplete or incorrect, the purpose of data management has ceased, or the storage period has expired, or if it has been ordered by a court or authority, or if its deletion is necessary to fulfill a legal obligation of the data manager.

Definitions

Affected person

Any natural person identified or - directly or indirectly - identified on the basis of personal data.

Personal data

The data that can be associated with the Data Subject - in particular the Data Subject's name, identification mark, and one or more physical, physiological, mental, economic, cultural or social identity characteristics - as well as the conclusion about the Data Subject that can be drawn from the data.

Contribution

The Data Subject's voluntary and decisive declaration of will, which is based on adequate information, and with which he gives his unequivocal consent to the processing of his personal data - in full or covering certain operations.

Protest

The Data Subject's statement objecting to the processing of his personal data and requesting the termination of data processing or the deletion of the processed data.

Data controller

A natural or legal person, or an organization without legal personality, who, or which independently or together with others determines the purpose of data management, makes and implements decisions regarding data management (including the tool used), or implements them with the data processor.

Data handling

Regardless of the procedure used, any operation performed on the data or the set of operations, including in particular the collection, recording, recording, organization, storage, alteration, use, query, transmission, disclosure, coordination or connection, locking, deletion and destruction of the data, as well as preventing its further use, taking photographs, audio or video recordings, and recording physical characteristics suitable for identifying the person (e.g. fingerprint or palm print, DNA sample, iris image).

Data transfer
Making the data available to specific third parties

Disclosure
Making the data available to anyone.

Data processing

Performing technical tasks related to data management operations, regardless of the method and tool used to perform the operations, as well as the place of application, provided that the technical task is performed on the data.

Data processor

A natural or legal person, or an organization without legal personality, who processes data on the basis of a contract - including a contract concluded on the basis of the provisions of the law.

Data deletion

Making data unrecognizable in such a way that their recovery is no longer possible.

Data locking

Providing the data with an identification mark for the purpose of limiting its further processing permanently or for a specified period of time.

Datafile
The totality of the data managed in one register.

Homepage

The website, its page elements and all of them are available under the domain www.balatonlellegyongyeapartman.hu.

Relevant regulations

Our basic data management principles are in line with the applicable data protection legislation, in particular with the following:

  • ● CXII of 2011 Act - on the right to information self-determination and freedom of information (hereinafter: Infotv.)

  • ●Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) - on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and on the repeal of Regulation 95/46/EC (General Data Protection Regulation, GDPR)

  • ● Act V. of 2013 on the Civil Code (Ptk.)

  • ● Act C of 2000 on accounting (Accounting Act)

  • ● XLVIII of 2008 law - on the basic conditions of economic advertising activity and about some of its limitations (especially Section 6.§)

  • ● 2005 XC. Act on Electronic Freedom of Information

  • ● 16/2011. s. an opinion on best practices for behavioral online advertising on the relevant EASA/IAB recommendation

  • ● The recommendation of the National Data Protection and Freedom of Information Authority is preliminary information on data protection requirements

  • ● With electronic commercial services and the information society CVIII of 2001 on certain issues of related services. law -(Eker tv.)

  • ● Act C of 2003 on electronic communications - (Ehtv)

  • ● LIII of 2017 law - on the prevention of money laundering and terrorist financing and on prevention (Pmt.)

  • ● CLXV of 2013 on complaints and notifications of public interest. law. (Pktv.)

  • ● CLV of 1997 on consumer protection. law (Fogyv tv.)


Legal remedies and complaints can be made at the office of the Data Protection Commissioner at the following contact details:

National Data Protection and Freedom of Information Authority (NAIH)

Address: 1055 Budapest, Falk Miksa street 9-11.

Postal address: 1363 Budapest, Pf.: 9.

Phone number: +36 (1) 391-1400

fax: +36 (1) 391-1410

e-mail address: ugyfelszolgalat@naih.hu

Website: https://www.naih.hu

National Data Protection and Freedom of Information Authority Customer Service

Phone number: +36 (1) 391-1400

fax: +36 (1) 391-1410

postal address: 1363 Budapest, Pf.: 9.

possibility of online administration: https://online.naih.hu/EMS/Home

6.) Information and contact details of the data controller:

Balatonlelle Gyöngye Apartman

Service provider: Kovács István Krisztián

Service provider registered office:  8638 Balatonlelle Szent István street 2. 2/22.

Phone number: +36 (70) 620 6362

The Guest may make a verbal complaint regarding the Service, which the Service Provider will investigate immediately after becoming aware of it. If the Guest does not agree with the handling of the complaint, or the immediate investigation of the complaint is not possible, the Service Provider will record the complaint and its position and hand over a copy of it to the Guest on the spot, or in the case of a verbal complaint communicated by telephone or using other electronic communication services no later than it is sent to the Guest at the same time as the substantive answer contained in the next point. 

Legal disputes between the Service Provider and the Guest are settled primarily out of court, through negotiation. In the event of a legal dispute between the Service Provider and the Guest, a complaint can be made in writing at the place of use of the service, at the Service Provider's e-mail address balatonlellegyongyeapartman@gmail.com or at its postal address (2330 Dunaharaszti Andrássy Gyula utca 32/3.), which will be investigated by the Service Provider, and the result of which will be notified at the latest Within 30 days, it informs the Guest in writing by electronic message or by post.