Sukorose Guesthouse

Dear guests!

I would like to inform you that the provision of certain  ersonal data, detailed below, is
necessary for the booking to be successful.

In connection with the anagement of data, the data controller hereby informs you about the personal data it manages on the website, the principles and practices  followed in the management of personal data, the organizational and technical measures taken to protect personal data, as well as the manner and possibilities of exercising the rights of the data subjects. I inform you that the recorded personal data is handled confidentially, in accordance with data  rotection legislation and international recommendations, in accordance with this declaration.

I would also like to inform you that the legal regulation of the management of personal data will fundamentally change from May 25, 2018, as from this date the European Parliament and the Council (EU) on the protection of  atural persons with regard to the management of personal data and on the free flow of such data will apply. and 2016/679 on the repeal of Regulation 95/46/EC (general data protection regulation). Regulation (hereinafter: GDPR).

By making an online reservation on the website or via e-mail, as a user you accept the provisions of this data protection notice (hereinafter: Data Protection Notice).

I. Basic concepts

1. personal data: the information relating to the identified or identifiable natural person (data subject) that can be associated with him – in particular the data subject’s name, identification mark, and one or more physical, physiological, mental, economic, cultural or social identity characteristics – as well as what can be deduced from the data, the conclusion concerning the person concerned.

2. the totality of the data managed in one register;

3. concerned: natural person identified or – directly or indirectly – identifiable on the basis of any information;

4. data processing: performing technical tasks related to data management operations, regardless of the method and tool used to perform the operations, as well as the place of application, provided that the technical task is performed on the data;

5. third party: a natural or legal person, or an organization without legal personality, who is not the same as the data subject, the data manager or the data processor;

6. data protection: the set of technologies and organizational methods enabling the inviolability, integrity, usability and confidentiality of the collected data assets;

7. data protection incident: a breach of data security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled;

8. data management: regardless of the procedure used, any operation performed on the data or the set of operations, in particular the collection, recording, recording, organization, segmentation, storage, transformation or change, use, query, communication, transmission, distribution, or otherwise disclosure or making available, coordination or connection, restriction, deletion and destruction, as well as prevention of further use of the data, photographs, making sound or image recordings, as well as recording physical characteristics suitable for identifying the person (e.g. fingerprint or palm print, DNA sample, iris image).

9. data controller: the natural or legal person or organization without legal personality who, independently or together with others, determines the purpose of data management, makes and implements decisions regarding data management (including the device used), or has them implemented by the data processor.

10. data transfer: making the data available to a specific third party.

11. data deletion: rendering the data unrecognizable in such a way that their recovery is no longer possible.

12. restriction of data management: marking of stored personal data for the purpose of limiting their future management;

13. consent: the voluntary, definite and clear declaration of the data subject’s will, which is based on specific and appropriate information, and with which the data subject gives his/her consent to the processing of his/her personal data – in full or covering certain operations – by
    means of a statement or an act clearly expressing the confirmation.
    It is considered consent if the data subject checks a relevant checkbox when viewing the website or when finalizing the reservation, or makes relevant technical settings, as well as any other statement or action that, in the given context, is necessary for the planned processing of the data subject’s personal data. clearly indicates its contribution.

14. mandatory data management: if the data management is ordered by law or – based on the authorization of the law, within the scope defined therein – by a local government decree for a purpose based on public interest.

15. disclosure: making the data available to anyone.

16. Profiling: any form of automated processing of personal data in which personal data is used to evaluate certain personal characteristics of a natural person, in particular work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movement used to analyze or predict related characteristics.

II. Name and contact details of the data controller

Name of data controllers: Nagy Erzsébet and Ambrus Tamás András

Contact information of data controllers:

Address: 2481 Venice, Rozmaring utca 4.

Phone number: +36 30 516 9790 and +36 30 989 9507

E-mail address: sukorose@sukorose.hu

III. Purpose of data management

The Data Controller manages the personal data of the Guests for the following purposes:

(a) It is primarily necessary to provide certain personal data, detailed later, for the purpose of making a reservation at the Guest House.

(b) We also need your personal data to issue an invoice for accommodation.

(c) Providing your personal data is also important in terms of communication related to the reservation, so that we can inform you of any important circumstances that you need to know about.

 

IV. Legal basis for data management

The data manager manages the guests’ personal data on the following legal basis:

1. The III. in the case of the purpose included in point a) of Article 6, paragraph 1, point b) of the GDPR, i.e. the performance of a contract in which the Guest, as an affected party, is one of the parties.
2. The III. In the case of the purpose included in point b) of Article 6, paragraph 1, point c) of the GDPR, i.e. the fulfillment of the legal obligation applicable to the data controller, namely the obligation of the data controller to prepare a receipt and invoice.
3. The III. In the case of the purpose included in point c), the data is processed on the basis of point a) of Article 6, paragraph (1) of the GDPR, in order to be able to properly inform you about the essential circumstances arising from the contractual relationship.

In the event of the need for data processing for purposes other than the above, or on other legal grounds, the data controller must inform the data subject individually, prior to the start of data processing, of all important information related to the intended data processing and of their related rights.

V. Scope of managed data

The use of the online booking interface operating on the website of the data controller does not require a separate registration, however, the following personal data must be provided in an e-mail to make a reservation:

Name (surname and surname),
phone number,
Email address,
Billing address.

VI. Duration of data management

The processing of the data regarding the Guest’s phone number and e-mail address starts from the date of the reservation and is deleted after the Guest leaves the Guest House.

Regarding the Guest’s name and billing address, the data is processed for the period stipulated in the Accounting Act, 8 (eight) years, after which the data manager destroys them.

VII. Data security

The Data Controller takes all necessary steps to ensure the security of the personal data provided by the Guests both in the network system and during the storage and preservation of the data.

The reservation system operating through the website of the data controller has been placed with an external protected storage provider, the provider cannot access data managed on the storage provider. The data manager performs his work processes on a computer protected by a password and antivirus.

VIII. The Guest’s rights and legal enforcement options

1. The Guest is entitled to receive feedback from the data controller as to whether his personal data is being processed, and if it is, to receive information about his data being processed and all relevant information regarding data management.
2. The Guest may request that the data controller correct inaccurate personal data concerning him without undue delay. Taking into account the purpose of data  management, you can request the addition of your personal data.
3. You may request the deletion of your personal data, unless the data management is necessary to fulfill the legal obligations of the data controller or to submit, assert or defend legal claims. The data manager deletes personal data without undue delay if the processing of the data is illegal, incomplete or incorrect, the purpose of data management has ceased, or the storage period has expired, or if it has been ordered by a court or authority, or if its
   deletion is necessary to fulfill a legal obligation of the data manager.
4. If the data controller processes personal data based on the data subject’s consent, the data subject may withdraw this consent. If there is no other legal basis for the data management, the data manager will delete the personal data affected by the revoked consent.
5. The Guest has the right to have the data controller restrict data processing at his request, if

 

• • the Guest disputes the accuracy of the personal data – for the time required to check the accuracy;
  • the data management is illegal, but the Guest opposes the deletion of the data and requests the restriction of use;
  • the data controller no longer needs the personal data for the purpose of data  management, but the data subject requires them to present, enforce or defend his legal claim; or
  • the data subject objects to the processing of their data in the public interest or based on the legitimate interests of the data controller or a third party.

 

During the restriction period, the data controller may not use the personal data for purposes other than storage.

In the case of exercising the rights of the Guest, the data controller examines the request of the data subject and takes the necessary measures, and informs the Guest of these and the reasons for not doing so within one month of receiving the request.

Legal enforcement:

The Guest can send his request regarding data management to the data manager included in point I, to the address recorded in the same place, or to the e-mail address.

In the event of a violation of their rights, the data subject may apply to the court competent according to the address of the data controller, or – according to his choice – to the court competent according to his place of residence or, failing that, to the court competent according to his place of residence and file a claim.

The Guest may also file a complaint with the National Data Protection and Freedom of Information Authority (1125 Budapest, Szilágyi Erzsébet Fasor 22/c., hereinafter: NAIH) and may initiate an investigation citing that a violation of rights has occurred or there is an immediate threat of violation related to the handling of personal data.