Privacy Policy
Data of the Service Provider
- SÁ-RA Termál Kft.
- Establishment: Hotel HEGIQ****, 9437 Hegykő, Fürdő u. 9., Hungary
- Seat: 9437 Hegykő, Fürdő u. 5., Hungary
- Co. Reg. No.: 08-09-008517
- Tax No.: 11929736-2-08
- EU VAT No.: HU11929736
- Bank account: 17600011-00115733-00200004
The main activity of Hotel HEGIQ**** is accommodation services.
In connection with data management, the Hotel hereby informs its customers, guests and visitors of its website about the personal data it manages, the principles and practices followed in the handling of personal data, and the ways and means of exercising the rights of those concerned.
The Hotel is committed to protecting the personal data of its users and partners, and it attaches great importance to respecting the right to self-determination of its customers. The Hotel declares that it respects the personal rights of its partners, customers and visitors to the website. Your personal data will be treated confidentially, in accordance with data protection laws and international recommendations, in accordance with this Privacy Policy and will take all security, technical and organizational measures to ensure the security of your data.
The Hotel reserves the right to change this policy at any time by notifying its partners and guests of such changes.
The Customer Contacting the Hotel accepts the following and agrees to the data processing specified below.
1. Purpose and scope of the Privacy Policy
The purpose of this Policy is to ensure that the Hotel complies with applicable data protection legislation.
This Policy is effective as of March 1, 2022 and is valid until revoked.
The scope of this Policy extends to the Hotel, the persons whose details are contained in the data processing covered by this Policy and those whose rights or legitimate interests are affected by the data management.
The scope of this Policy extends to the processing of all personal data by the Hotel in all its organizational units.
2. Concepts
The following terms are used in the application of this Policy.
Affected:any natural person identified or identified directly or indirectly by personal data;
Personal data: data relating to the data subject, in particular the name of the data subject, his or her identification mark and knowledge of one or more physical, physiological, mental, economic, cultural or social identities, and the conclusion drawn from the data subject;
Contribution: a voluntary and determined declaration of the wishes of the data subject based on appropriate information and with unambiguous consent to the processing of personal data relating to him or her, wholly or in part;
Protest: a statement by the person concerned to object to the processing of his / her personal data and requests the termination of the data management and the deletion of the data processed;
Data Controller: a natural or legal person, or an entity without legal personality, who, either individually or together with others, determines the purpose of data management, makes and implements decisions relating to data management (including equipment used), or implements it with a data processor entrusted to it;
Data management: any operation or operation performed on data, irrespective of the procedure used, including, in particular, collection, recording, recording, systematization, storage, alteration, use, querying, transmission, disclosure, coordination or interconnection, blocking, deletion and destruction; preventing the further use of the data, taking photographs, sound or images, and recording physical characteristics suitable for identifying the person.
Data Processor: any natural or legal person or organization without legal personality who, under a contract with the data controller, including the conclusion of a contract under the provisions of the law, processes data;
Data processing: performing technical tasks related to data management operations, irrespective of the method and means used to perform the operations and the location of the application, provided that the technical task is performed on the data;
Third party: any natural or legal person or entity without legal personality which is not the same as the data subject, the data controller or the data processor;
Transmission of data: making data available to a specific third party;
Disclosure: making data available to anyone;
Data deletion: making data unrecognizable in such a way that their recovery is no longer possible;
Data designation: providing the data with an identification mark to distinguish it;
Data blocking: for the purpose of limiting the further processing of the data with an identifier for a definitive or definite period of time;
Data Destruction: complete physical destruction of data media containing data.
3. The scope of personal data, purpose, title and duration of data management
Personal data can be handled by the hotel
a) if the person concerned agrees,
b) or it is ordered by law or, under the authority of the law, within the scope specified therein, by a local government regulation for public interest purposes (mandatory data management).
Personal data may also be handled if the obtaining of the consent of the data subject would be impossible or disproportionate and the processing of personal data is necessary for the fulfillment of the legal obligation of the controller or for the legitimate interests of the data controller or a third party and the enforcement of this interest in the personal data.
Only personal data that is essential for the purpose of the data management are suitable for the purpose, and only to the extent and for the time necessary to achieve the purpose.
Personal data may only be processed with the appropriate consent based on information.
The data subject must be informed prior to the commencement of the data management that the processing is based on consent or mandatory. The data subject shall be informed, clearly, comprehensibly and in detail, of all facts relating to the management of his or her data, in particular the purpose and legal basis of the data management, the person entitled to data processing and data processing, the duration of the data management, and the personal data of the data subject with the consent of the data subject. and manage the legal obligation to the controller or enforce the legitimate interest of a third party, or who can know the data. The information should also cover the data processing rights and remedies available to the data subject.
During data management, the accuracy, completeness, and up-to-date data must be ensured and the data subject can only be identified for the time necessary for the purpose of data management. Data processing personnel at the organizational units of the Hotel are required to keep the personal data known as business secrets. Persons handling and accessing personal data must make a Privacy Statement.
The Data Controller handles personal data for the sole purpose of exercising the rights and fulfilling the obligation. At every stage of data management, it meets the purpose of data management. Data are recorded and handled fairly and lawfully. The Data Controller shall endeavor to process only such personal data that is essential for the purpose of the data management and is suitable for achieving the purpose. Personal data can only be managed to the extent and for the time necessary to achieve the goal.
We would like to inform the hotel informants that if they do not provide their own personal data, it is the duty of the informant to obtain the consent of the data subject.
4. Data management on the website
a) The legal basis for data management on the website is the User’s consent and the CVIII of 2001 on certain aspects of electronic commerce services and information society services. Act 13 / A. (3).
b) Scope of data processed: date and time of the visit, IP address of the visitor’s computer, type of browser, name, phone, e-mail address, date and time, number of adults, number and age of children, type of care, and by User other personal information provided.
c) Deadline for data deletion: 5 years from the date of the reservation, in the case of an invitation to tender, if no contract has been made immediately; while in the case of contributions to the newsletter, until the consent is withdrawn. In the case of accounting documents, the Service Provider maintains it for 8 years pursuant to Section 169 (2) of Act C of 2000 on Accounting.
d) You can initiate the deletion or modification of your personal information in the following ways:
- By mail (Hotel HEGIQ****, 9437 Hegykő, Fürdő u. 9., Hungary)
- By email (reserve@hotelhegiq.hu)
e) We inform our Users that, on the basis of the authorization of the court, the prosecutor, the investigative authority, the infringement authority, the administrative authority, the data protection commissioner or the law, other bodies may provide information to the Service Provider for the purpose of providing information, communicating, transmitting or making available documents.
f) The Hotel will only provide personal information to the authorities, if the authority has specified the exact purpose and scope of the data, to the extent strictly necessary for the purpose of the request.
g) The Hotel shall provide the information, information and information required by the guests for the performance of the Service in accordance with CXII of 2011 on Information Self-Determination and Freedom of Information. law.
h) The Hotel handles the personal data of the Users for the purpose of providing the Service (full use of the website, eg booking, sending newsletter) only to the extent and for the time required. This is the purpose of data management at all stages.
i) The hotel also handles the personal information that is technically necessary to provide the service. If personal data has been recorded with the consent of the User, the Hotel will not store the recorded data unless otherwise provided by law:
1. for the purpose of fulfilling his legal obligation, or
2. to enforce the legitimate interest of the Hotel or third party,
if the enforcement of this interest is proportionate to the limitation of the right to the protection of personal data, you may manage it without further consent and after the User’s consent has been withdrawn.
j) In addition, Users will only collect information about the User (IP address, date of use, webpage viewed, browser, and one or more cookies that allow the browser to be uniquely identified) used exclusively for the development and maintenance of the Services and for statistical purposes. The Service Provider uses the data processed for these statistical purposes only in a form incompatible with personal identification. In order to improve the quality of the Services, the Hotel has a file containing a string on the user’s computer. places a cookie if the User agrees. If you do not agree with the User, it will be indicated in advance in the chapter “Data Management on the Website”. in the contact details set out in point d).
k) The Hotel shall only transfer personal data it manages to a third party for the purpose of developing and / or operating certain services of the Hotel used by the User. The Hotel does not use the personal data it manages for the purposes of a third party and does not otherwise use it for any purpose.
l) Websites also contain links to an external (not managed by the Hotel) server; For this reason, the hotel disclaims all liability.
m) By using this service, the User agrees that the Hotel shall collect and manage personal data in order to provide the service in full, as described in this Privacy Notice.
5. Newsletter, DM activity
a) On the basic conditions and certain limitations of the economic advertising activity, XLVIII. Pursuant to Section 6 of the Act of 2006, the User expressly and explicitly agrees to seek out the hotel ‘s advertisements and other mailings at the contact details given at the time of registration (eg e – mail address or telephone number).
b) In addition, the Customer agrees, with the provisions of this Prospectus, to manage the personal data of the hotel for sending advertisements.
c) The Hotel does not send unsolicited advertising messages, and the User may unsubscribe from sending the offers free of charge without limitation or justification. In this case, all personal data of the hotel – necessary for the sending of advertising messages – will be deleted from its register and will not contact the User with further promotional offers. Users can opt out of advertising by clicking the link in the message.
d) The purpose of data management is to send an electronic newsletter containing an economic advertisement message to the User, information about current information and products.
e) The legal basis for data processing: the voluntary contribution of the data subject and the basic conditions and certain limitations of the economic advertising activity in 2008 XLVIII. Section 6 (5) of the Act.
f) The range of managed data: name, email address, phone number, date, time.
g) Deadline for deletion of data: Until the withdrawal of the declaration of consent, ie until the date of unsubscription.
6. Data security
a) The Hotel shall take all necessary safety, organizational and technical measures to ensure the highest level of security of personal data and to prevent unauthorized alteration, destruction and use.
b) The hotel shall take all necessary measures to ensure the integrity of the data, ie the accuracy, completeness and up-to-date status of the personal data it manages and / or processes.
c) The Hotel shall protect the data by appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as unavailability due to accidental destruction, damage, or change in the technique used.
d) Therefore, the Hotel reserves the right to inform its customers and partners about any vulnerability in its system if its customers or partners identify a vulnerability, and at the same time limit its access to the Service Provider’s system, services, or some of its features.
e) For the security of data stored on the network, the Hotel avoids data loss on the server by continuous mirroring.
f) Active data from databases containing personal data will be saved by the Hotel on a daily basis.
g) The personal data management network. The Hotel constantly takes care of virus protection.
h) Data managed by the Hotel network and access to data files must be provided with a user name and password.
7. Information on data management
a) The User may request information on the management of his / her personal data and may request the rectification of his / her personal data, or, except as provided for in the law, the deletion of the personal data in the manner indicated in the data collection or on the contact details provided by the Service Provider.
b) At the request of the user, the hotel provides information on the data it manages, their source, the purpose, legal basis and duration of the data management. The Hotel shall provide the information in writing, in a comprehensible form, in the shortest possible time after the submission of the request, and within 30 days at the latest.
c) The hotel corrects the personal data if it does not correspond to reality and it is at your disposal personal information that is correct.
d) The Hotel shall block the personal data if the User so requests or if, on the basis of the information at its disposal, it can be assumed that the deletion would violate the User’s legitimate interests. Locked personal data may be processed only for as long as there is a data management purpose that excludes the deletion of personal data.
e) The hotel will delete the personal data if its handling is unlawful, the User requests it, the data processed is incomplete or incorrect – and this condition cannot be legally rectified – provided the cancellation is not excluded by law, the purpose of data management has been eliminated or the data storage law has been abolished expired, the court or the National Data Protection and Freedom of Information Authority ordered it.
f) The data controller has 30 days to delete, block or correct personal data. If the hotel does not comply with the User’s request for rectification, blocking or cancellation, he / she shall communicate the reasons for the rejection in writing within 30 days.
g) The hotel will notify the Customer of the rectification, blocking and cancellation, as well as all those who have previously forwarded the data for data management purposes. The notification is ignored if this does not violate the legitimate interest of the User with regard to the purpose of the data management.
8. Checking
a) Compliance with data protection regulations, and in particular the provisions of these regulations, must always be checked by the heads of the organizational unit performing data management at the Hotel.
b) The Hotel and Operations Manager and the data protection officer entrusted to it are responsible for checking the data processed at the Hotel once a year.
9. Remedies
a) User may object to the processing of their personal data if
1) the processing or transfer of personal data is only necessary for the performance of the legal obligation of the Service Provider or for the legitimate interest of the Service Provider, the data recipient or a third party, unless the data management is prescribed by law;
2) the use or transmission of personal data is for direct marketing, opinion polling or scientific research;
otherwise provided by law.
b) The hotel will examine the protest as soon as possible after the submission of the request, but within a maximum of 15 days, decide on its validity and inform the applicant in writing of its decision. If the hotel finds that the data subject’s objection is well-founded, data management, including further data collection and data transfer, will be terminated, blocked and notified of any protest and any action taken on the basis of which the personal data subject to the protest has previously been transmitted and who are obliged to take action to enforce the right of protest.
c) If the User does not agree with the decision made by the hotel, he / she may appeal to the court within 30 days of its notification.
d) In case of violation of its rights, the user can go to court against the hotel. The court acts out of the case. You have the opportunity to appeal to the National Authority for Data Protection and Freedom of Information:
National Authority for Data Protection and Freedom of Information
- 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
- Mailing address: 1530 Budapest, Mailbox: 5.
- Phone: +36 -1-391-1400
- Fax: +36-1-391-1410
- E-mail: ugyfelszolgalat@naih.hu
Changes, modifications, and exact data security definition in effect from May 25, 2018 in accordance to the GDPR data protection regulations:
| Data handling activity | Online reservation / Online offer requests |
|---|---|
| Name of data manager | SÁ-RA Termál Kft. (Hotel HEGIQ) |
| Address of data manager | 9437 Hegykő, Fürdő u. 5. |
| Scope of data handling | Easing up the online reservation process |
| Legal ground for data handling | The prior, voluntary aggreement of the party who initiated the online reservation process. |
| Types of the data handeled | Name, email address, address (country, postcode, town, street, house number), phone number, IP address |
| Estimated duration of data handling | Until withdrawal of the consent, or 360 days after the end date of the reservation |
| Neccessity of the data handling | In case of online reservation: the interested party initiates the online reservation process, and makes transactions. In case of online inquiry: the interested party makes an inquiry, and the service provider responds in order to make an online reservation. |
| Do the data handler need data processing bodies? | yes |
| The data processing bodies | |
| Name of data processer | MORGENS Design Kft. |
| Address of data processer | 8800 Nagykanizsa, Csányi László utca 2. |
| Scope of data processing in name of the data handler | Usage of the servers of Tárhely.Eu Szolgáltató Kft. (1144 Budapest, Ormánság utca 4. X. emelet 241.) in order to store data of online reservations, confirmations, and other transactions. |
| Name of data processer | Rocket Science Group |
| Address of data processer | 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 |
| Scope of data processing in name of the data handler | Usage of the Mandrill software to send emails about reservations, confirmations, pre-arrival letters, and guest-rating inquiries. |
| Data handling activity | Newsletter subscription |
|---|---|
| Name of data manager | SÁ-RA Termál Kft.(Hotel HEGIQ) |
| Address of data manager | 9437 Hegykő, Fürdő u. 5 |
| Scope of data handling | Staying in contact, informing audience |
| Legal ground for data handling | The explicit and voluntary subscription tot he service |
| Types of the data handeled | Name, email address, IP address, date of subscription, source of subscription, status of subscription |
| Estimated duration of data handling | Until unsubscription |
| Neccessity of the data handling | Creating opportunity for the those interested to get information about offers and unique discounts or promorions. |
| Do the data handler need data processing bodies? | yes |
| The data processing bodies | |
| Name of data processer | SÁ-RA Termál Kft.(Hotel HEGIQ) |
| Address of data processer | 9437 Hegykő, Fürdő u. 5 |
| Scope of data processing in name of the data handler | Usage of the MailerLite Limted. (Ground Floor, 71 Lower Baggot Street, Dublin 2, D02 P593, Ireland) services to send out mails. The closed, online storage is only accessible by an ID and a password. |
| Name of data processer | MailerLite Inc. |
| Address of data processer | Ground Floor, 71 Lower Baggot Street, Dublin 2, D02 P593, Ireland |
| Scope of data processing in name of the data handler | Usage of the MailerLite Limted. (Ground Floor, 71 Lower Baggot Street, Dublin 2, D02 P593, Ireland) services to send out mails. |
