otbaranyvendeghaz@gmail.com

+36/30/726-7442

hu_HU
hu_HU

Date Protection Notice

Data Controller:Klára Biró, sole proprietor, hereinafter the operator of the guesthouse

Headquarters: 2071 Páty, Hegyalja Street 4

Registration Number:7404508

Tax Number: 63784110-1-33

Phone Number: +36/30/726-7442

Responsible for Data Protection: Ágnes Klára Biró

Email: otbaranyvendeghaz@gmail.com

The operator of the guesthouse respects the personal rights of its Guests, and therefore has prepared the following Data Protection Notice (hereinafter: Notice), which is available electronically on the official website of the Guesthouse (and in paper form upon request).

The operator of the guesthouse, as the data controller, declares that in the course of data processing, it acts in accordance with the provisions of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: "Data Protection Act").

This Notice provides general information on data processing carried out in the course of services provided by the operator of the guesthouse. Due to the diversity of Guest needs, the method of data processing may occasionally differ from what is stated in this Notice. Such deviations may occur at the request of the Guest, and the Company will inform the Guest in advance about the exact method. Any data processing not included in this Notice will be communicated by the Company prior to the data processing.

The operator processes personal data solely for pre-determined purposes and for the necessary duration to exercise rights and fulfill obligations. The operator only processes personal data that are essential for achieving the purpose of data processing and are suitable for achieving that purpose.

For the validity of the consent statement of a minor under the age of sixteen, the consent or subsequent approval of their legal representative is required.

In all cases where the data provided are used for a purpose different from the original purpose of data collection, the operator informs the affected individual and requests their prior, explicit consent or provides the opportunity for them to prohibit the use.

Definitions

Affected Individual: Any natural person identified or identifiable, directly or indirectly, based on personal data.

Personal Data: Data related to the affected individual – especially their name, identification number, and one or more physical, physiological, mental, economic, cultural, or social identity characteristics – and the conclusions drawn from the data regarding the individual.

Special Data: Personal data related to racial or ethnic origin, political opinions or party affiliation, religious or other beliefs, membership in an interest representation organization, sexual life, health status, pathological addiction, and criminal personal data.

Consent: The voluntary and explicit declaration of the will of the affected individual, based on adequate information and giving unmistakable consent to the comprehensive or specific processing of their personal data.

Objection: The declaration of the affected individual objecting to the processing of their personal data and requesting the termination of data processing and the deletion of the processed data.

Data Controller: A natural or legal person, or a non-legal entity organization, that determines the purpose of data processing independently or together with others, makes decisions regarding data processing (including the used device), and implements or commissions the implementation of such decisions by the data processor.

Data Processing: Any operation or set of operations performed on data, regardless of the method applied, such as collection, recording, organization, storage, alteration, use, retrieval, transmission, disclosure, coordination, or combination, blocking, deletion, and destruction, and preventing further use of data, taking photographs, audio or video recordings, and recording physical characteristics suitable for identifying a person (e.g., fingerprints, palm prints, DNA samples, iris images).

Data Transmission: Making data available to a specified third party. The operator does not transmit data to third parties.

Disclosure: Making data available to anyone.

Data Deletion: Making data unrecognizable so that their restoration is no longer possible.

Data Marking: Labeling data with an identifier to distinguish them.

Data Blocking: Labeling data with an identifier to restrict further processing permanently or for a specified period.

Data Processing: Performing technical tasks related to data processing operations, regardless of the method and means used for the operations, and the location of the application, provided that the technical task is performed on the data.

Data Processor: A natural or legal person, or a non-legal entity organization, who processes data under a contract with the data controller, including contracts concluded based on legal provisions.

Third Party: Any natural or legal person, or a non-legal entity organization, who is not identical to the affected individual, the data controller, or the data processor.

Data Protection Incident: The unlawful processing or handling of personal data, especially unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as accidental destruction and damage.
Data Processing
Accommodation Services
All data processing related to the use of services provided by the guesthouse is based on the voluntary consent of the affected individual and aims to ensure the provision of services and maintain contact. With the exceptions noted in the specific subpoints, the Company retains personal data as stipulated by current tax and accounting regulations and deletes them after the specified retention period.

Booking

Guests can book rooms at our guesthouse via email. In addition to data related to the stay, the following personal data is processed when making a room reservation:

First and last name

Phone number

Email address

Address required for issuing a deposit invoice and final invoice

address required for issuing a deposit invoice and final invoice

Data retention period: 8 years. The operator of the guesthouse uses these data for handling room reservations, maintaining contact with the guest, and fulfilling accounting obligations.

The purpose of data processing also includes identifying the guest as the service user, fulfilling the ordered services, issuing invoices, processing payments, keeping records of guests, and distinguishing between different guests.

The operator processes personal data during the period of the contractual relationship, deleting the data provided by the guest at the end of this period, except for data required for mandatory data processing, until consent is withdrawn.

Inquiries and Requests for Quotes

When making inquiries or requesting quotes on the guesthouse's website or by phone, in addition to data related to the planned stay, the following personal data must be provided: name, email address, and phone number. The purpose of data processing is to establish contact and maintain communication with the individual interested in the services offered by the guesthouse and to send information and quotes. The guesthouse retains personal data for a maximum of one year from the date of the inquiry or until the user (guest) requests the deletion of their data or withdraws their consent for the processing of personal data. The guesthouse does not record phone conversations.

Payment

The cost of the services provided by Ötbárány Guesthouse can be settled by bank transfer, SZÉP card, or occasionally in cash, as determined by the guesthouse operator.

The purpose of data processing is to utilize the services of Ötbárány Guesthouse, issue invoices, document payments, and fulfill accounting obligations.

During payment, Ötbárány Guesthouse processes the following data:

billing name, address, tax number, and description of the services utilized, quantity, purchase price, payment method, payment details (date, time, items on the invoice, amount)

Other Data Processing

Data processing not listed in this policy will be disclosed at the time of data collection. Guests and clients are informed that the hotel may be approached by courts, prosecutors, investigative authorities, administrative authorities, or other organizations authorized by law for information disclosure, data provision, or document availability. The hotel provides personal data to authorities only to the extent necessary to achieve the purpose of the request.

The guesthouse operator does not verify the personal data provided. The person providing the data is solely responsible for the accuracy and authenticity of the provided data. By providing an email address, the guest also takes responsibility for ensuring that only they use the services associated with that email address. Therefore, any responsibility for activities related to entries made using a given email address lies solely with the user who registered the email address. If a guest provides data that is not their own, they must obtain the consent of the affected individual.

The operator of the guesthouse transfers personal data to third parties only with the guest's prior informed consent. This does not apply to mandatory data transfers based on legal requirements.

As a data controller, the operator is entitled and obliged to transfer all personal data available and lawfully stored by them to the competent authorities if required by law or a final official decision. The hotel is not responsible for data transfers or the consequences resulting from such transfers.

Guestbook

Guests who use the services of the guesthouse can write their personal comments and experiences in the guestbook.

The guestbook is public and freely accessible to those on the premises of Ötbárány Guesthouse.

Data Security

The operator of the guesthouse takes utmost care in handling and storing personal data.

The operator must conduct data processing activities in a manner that ensures the protection of the affected individuals' privacy.
During data processing, the operator must ensure that the processed data remain:

Confidential: Protected so that only authorized individuals can access it.
Intact: Protecting the accuracy and completeness of the information and processing methods.
Available: Ensuring that authorized users can access the required information and related tools when needed.
For any questions or comments regarding personal data processing, individuals can directly contact the operator of Ötbárány Guesthouse at otbaranyvendeghaz@gmail.com.

Individuals can initiate an investigation by the National Authority for Data Protection and Freedom of Information if they believe their personal data has been mishandled or there is an imminent risk of such an event.

Contact details of the National Authority for Data Protection and Freedom of Information:

1530 Budapest, Pf.: 5.

1125 Budapest, Szilágyi Erzsébet fasor 22/C

Tel.: 06-1-391-1400

Fax: 06-1-391-1410

Data Security

Other Security Activities

The Company ensures the traceability and verifiability of which authorities have been or may be provided with personal data through data transfer devices, which personal data were entered, when and by whom into the system, and the recoverability of the system in case of malfunction. Reports are generated on errors occurring during automated processing.

The Company treats personal data confidentially and does not disclose them to unauthorized persons. Personal data are protected, especially against unauthorized access, alteration, transmission, public disclosure, deletion, or destruction, as well as accidental destruction or damage and inaccessibility due to changes in the applied technology. The Company takes all security measures to ensure the technical protection of personal data.
Rights and Remedies

Information

Upon request sent to the email addresses specified in the respective sections, the Company will provide information within 25 (twenty-five) days from the submission of the request about the data processed by them or their data processors, the source of the data, the purpose, legal basis, and duration of the data processing, the name and address of the data processor and their activities related to data processing, the circumstances, effects, and measures taken to mitigate a data protection incident, and in the case of transferring personal data, the legal basis and recipient of the data transfer. This information is provided free of charge once a year for identical data; beyond this, a fee is charged.
The operator maintains a record of measures related to data protection incidents and informs the affected individuals. This record includes the personal data affected, the scope and number of individuals affected by the data protection incident, the time, circumstances, effects, and measures taken to mitigate the incident, and other data specified by the law.

If information is refused, the operator will inform the affected individual in writing about the provision under which the refusal occurred and about the available remedies.

30.22.2. Correction

If personal data do not correspond to reality and the correct personal data are available to the operator, the Company will correct the personal data.

The operator will inform the affected individual about the correction and any parties to whom the data were previously transmitted for data processing. Notification can be omitted if it does not harm the affected individual's legitimate interest considering the purpose of data processing.

30.22.3. Deletion and Blocking, Objection

For the deletion and blocking of personal data and objection to data processing, the provisions of Sections 17-21 of the Data Protection Act apply.

30.22.4. Legal Remedies

If the affected individual’s personal rights are violated, they may take legal action against the operator. The provisions of Section 22 of the Data Protection Act, Book One, Part Three, Title XII (Sections 2:51 . -2:54.) of Act V of 2013 on the Civil Code, and other relevant legal regulations apply to the legal proceedings.

30.22.5. Compensation and Damages

If the operator unlawfully processes the affected individual's data or violates data security requirements, causing harm or infringing personal rights, the affected individual may claim compensation.

The data controller is exempt from liability and the obligation to pay compensation if they prove that the harm or the infringement of the personal rights of the affected individual was caused by an unavoidable event outside the scope of data processing.

Other Provisions:

The operator reserves the right to amend this Information Notice and will inform the affected individuals of any changes.

The operator is not responsible for the accuracy of data provided by visitors to the website or guests.

In matters of data protection, individuals may contact the National Authority for Data Protection and Freedom of Information at any time:

Mailing address: 1534 Budapest, Pf.: 834

Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C

Phone: +36 /1/ 391-1400

Website: www.naih.hu

Email: ugyfelszolgalat@naih.hu

Ötbárány Guesthouse
Biró Ágnes Klára e.v.

Cím: 8934 Bezeréd Dózsa Gy.utca 65.