otbaranyvendeghaz@gmail.com

+36/30/726-7442

hu_HU
hu_HU

Date Protection Notice

Data Controller:Klára Biró, sole proprietor, hereinafter the operator of the guesthouse

Headquarters: 2071 Páty, Hegyalja Street 4

Registration Number:7404508

Tax Number: 63784110-1-33

Phone Number: +36/30/726-7442

Responsible for Data Protection: Ágnes Klára Biró

Email: otbaranyvendeghaz@gmail.com

The operator of the guesthouse respects the personal rights of its Guests, and therefore has prepared the following Data Protection Notice (hereinafter: Notice), which is available electronically on the official website of the Guesthouse (and in paper form upon request).

The operator of the guesthouse, as the data controller, declares that in the course of data processing, it acts in accordance with the provisions of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: "Data Protection Act").

This Notice provides general information on data processing carried out in the course of services provided by the operator of the guesthouse. Due to the diversity of Guest needs, the method of data processing may occasionally differ from what is stated in this Notice. Such deviations may occur at the request of the Guest, and the Company will inform the Guest in advance about the exact method. Any data processing not included in this Notice will be communicated by the Company prior to the data processing.

The operator processes personal data solely for pre-determined purposes and for the necessary duration to exercise rights and fulfill obligations. The operator only processes personal data that are essential for achieving the purpose of data processing and are suitable for achieving that purpose.

For the validity of the consent statement of a minor under the age of sixteen, the consent or subsequent approval of their legal representative is required.

In all cases where the data provided are used for a purpose different from the original purpose of data collection, the operator informs the affected individual and requests their prior, explicit consent or provides the opportunity for them to prohibit the use.

Definitions

Affected Individual: Any natural person identified or identifiable, directly or indirectly, based on personal data.

Personal Data: Data related to the affected individual – especially their name, identification number, and one or more physical, physiological, mental, economic, cultural, or social identity characteristics – and the conclusions drawn from the data regarding the individual.

Special Data: Personal data related to racial or ethnic origin, political opinions or party affiliation, religious or other beliefs, membership in an interest representation organization, sexual life, health status, pathological addiction, and criminal personal data.

Consent: The voluntary and explicit declaration of the will of the affected individual, based on adequate information and giving unmistakable consent to the comprehensive or specific processing of their personal data.

Objection: The declaration of the affected individual objecting to the processing of their personal data and requesting the termination of data processing and the deletion of the processed data.

Data Controller: A natural or legal person, or a non-legal entity organization, that determines the purpose of data processing independently or together with others, makes decisions regarding data processing (including the used device), and implements or commissions the implementation of such decisions by the data processor.

Data Processing: Any operation or set of operations performed on data, regardless of the method applied, such as collection, recording, organization, storage, alteration, use, retrieval, transmission, disclosure, coordination, or combination, blocking, deletion, and destruction, and preventing further use of data, taking photographs, audio or video recordings, and recording physical characteristics suitable for identifying a person (e.g., fingerprints, palm prints, DNA samples, iris images).

Data Transmission: Making data available to a specified third party. The operator does not transmit data to third parties.

Disclosure: Making data available to anyone.

Data Deletion: Making data unrecognizable so that their restoration is no longer possible.

Data Marking: Labeling data with an identifier to distinguish them.

Data Blocking: Labeling data with an identifier to restrict further processing permanently or for a specified period.

Data Processing: Performing technical tasks related to data processing operations, regardless of the method and means used for the operations, and the location of the application, provided that the technical task is performed on the data.

Data Processor: A natural or legal person, or a non-legal entity organization, who processes data under a contract with the data controller, including contracts concluded based on legal provisions.

Third Party: Any natural or legal person, or a non-legal entity organization, who is not identical to the affected individual, the data controller, or the data processor.

Data Protection Incident: The unlawful processing or handling of personal data, especially unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as accidental destruction and damage.

Booking

Guests can book rooms at our guesthouse via email. In addition to data related to the stay, the following personal data is processed when making a room reservation:

First and last name

Phone number

Email address

Address required for issuing a deposit invoice and final invoice

address required for issuing a deposit invoice and final invoice

Data retention period: 8 years. The operator of the guesthouse uses these data for handling room reservations, maintaining contact with the guest, and fulfilling accounting obligations.

The purpose of data processing also includes identifying the guest as the service user, fulfilling the ordered services, issuing invoices, processing payments, keeping records of guests, and distinguishing between different guests.

The operator processes personal data during the period of the contractual relationship, deleting the data provided by the guest at the end of this period, except for data required for mandatory data processing, until consent is withdrawn.

Inquiries and Requests for Quotes

When making inquiries or requesting quotes on the guesthouse's website or by phone, in addition to data related to the planned stay, the following personal data must be provided: name, email address, and phone number. The purpose of data processing is to establish contact and maintain communication with the individual interested in the services offered by the guesthouse and to send information and quotes. The guesthouse retains personal data for a maximum of one year from the date of the inquiry or until the user (guest) requests the deletion of their data or withdraws their consent for the processing of personal data. The guesthouse does not record phone conversations.

Payment

The cost of the services provided by Ötbárány Guesthouse can be settled by bank transfer, SZÉP card, or occasionally in cash, as determined by the guesthouse operator.

The purpose of data processing is to utilize the services of Ötbárány Guesthouse, issue invoices, document payments, and fulfill accounting obligations.

During payment, Ötbárány Guesthouse processes the following data:

tranzakció száma, dátuma és időpontja, bizonylat tartalma számlázási név, cím, adószám és igénybe vett szolgáltatás megnevezése, mennyisége, vételára, fizetési mód, fizetési adatok (dátum, időpont, a számlán szereplő tételek megnevezése, összege)

Other Data Processing

Data processing not listed in this policy will be disclosed at the time of data collection. Guests and clients are informed that the hotel may be approached by courts, prosecutors, investigative authorities, administrative authorities, or other organizations authorized by law for information disclosure, data provision, or document availability. The hotel provides personal data to authorities only to the extent necessary to achieve the purpose of the request.

The guesthouse operator does not verify the personal data provided. The person providing the data is solely responsible for the accuracy and authenticity of the provided data. By providing an email address, the guest also takes responsibility for ensuring that only they use the services associated with that email address. Therefore, any responsibility for activities related to entries made using a given email address lies solely with the user who registered the email address. If a guest provides data that is not their own, they must obtain the consent of the affected individual.

The operator of the guesthouse transfers personal data to third parties only with the guest's prior informed consent. This does not apply to mandatory data transfers based on legal requirements.

As a data controller, the operator is entitled and obliged to transfer all personal data available and lawfully stored by them to the competent authorities if required by law or a final official decision. The hotel is not responsible for data transfers or the consequences resulting from such transfers.

Guestbook

Guests who use the services of the guesthouse can write their personal comments and experiences in the guestbook.

The guestbook is public and freely accessible to those on the premises of Ötbárány Guesthouse.

Data Security

The operator of the guesthouse takes utmost care in handling and storing personal data.

A vendégház üzemeletetője köteles az adatkezelési műveleteket úgy végrehajtani, hogy biztosítsa az érintettek magánszférájának védelmét. A vendégház üzemeletetője az adatkezelés során megőrzi, – illetve egyéb jogi intézkedések esetét kivéve- köteles megtenni mindent, hogy a kezelt adatok

titkosak maradjanak: megvédi az információt, hogy csak az férhessen hozzá, aki erre jogosult sértetlenek maradjanak: megvédi az információnak és a feldolgozás módszerének a pontosságát és teljességét továbbá gondoskodik arról, hogy amikor a jogosult használónak szüksége van rá, valóban hozzá tudjon férni a kívánt információhoz és rendelkezésre álljanak az ezzel kapcsolatos eszközök. A személyes adatok kezelésével kapcsolatos kérdésekkel, észrevételekkel közvetlenül az Ötbárány Vendégház üzemeltetőjéhez lehet fordulni az alábbi elektronikus levélcímen otbaranyvendeghaz@gmail.com

Individuals can initiate an investigation by the National Authority for Data Protection and Freedom of Information if they believe their personal data has been mishandled or there is an imminent risk of such an event.

Contact details of the National Authority for Data Protection and Freedom of Information:

1530 Budapest, Pf.: 5.

1125 Budapest, Szilágyi Erzsébet fasor 22/C

Tel.: 06-1-391-1400

Fax: 06-1-391-1410

Data Security

Other Security Activities

The Company ensures the traceability and verifiability of which authorities have been or may be provided with personal data through data transfer devices, which personal data were entered, when and by whom into the system, and the recoverability of the system in case of malfunction. Reports are generated on errors occurring during automated processing.

A Társaság a személyes adatokat bizalmasan kezeli, azokat illetékteleneknek nem szolgáltatja ki. A személyes adatokat védi különösen a jogosulatlan hozzáférés, megváltoztatás, továbbítás, nyilvánosságra hozatal, törlés vagy megsemmisítés, valamint a véletlen megsemmisülés, sérülés továbbá az alkalmazott technika megváltozásából fakadó hozzáférhetetlenné válás ellen. A személyes adatokat technikai védelmének biztosítása érdekében minden biztonsági intézkedést megtesz. Jogok és jogorvoslati lehetőségek

Information

Az érintett az egyes fejezetekhez írt e-mail címre eljutatott kérelmére a kérelem benyújtásától számított legfeljebb 25 (huszonöt) napon belül a Társaság – azonos adatok tekintetében évente egy alkalommal térítésmentesen, ezen felül térítés ellenében – tájékoztatást ad az érintett általa kezelt, illetve az általa megbízott adatfeldolgozó által feldolgozott adatairól, azok forrásáról, az adatkezelés céljáról, jogalapjáról, időtartamáról, az adatfeldolgozó nevéről, címéről és az adatkezeléssel összefüggő tevékenységéről, az adatvédelmi incidens körülményeiről, hatásairól és az elhárítására megtett intézkedésekről továbbá – az érintett személyes adatainak továbbítása esetén – az adattovábbítás jogalapjáról és címzettjéről. Az üzemeltető az adatvédelmi incidenssel kapcsolatos intézkedések ellenőrzése, valamint az érintett tájékoztatása céljából nyilvántartást vezet, amely tartalmazza az érintett személyes adatok körét, az adatvédelmi incidenssel érintettek körét és számát, az adatvédelmi incidens időpontját, körülményeit, hatásait és az elhárítására megtett intézkedéseket, valamint az adatkezelést előíró jogszabályban meghatározott egyéb adatokat.

If information is refused, the operator will inform the affected individual in writing about the provision under which the refusal occurred and about the available remedies.

30.22.2. Correction

If personal data do not correspond to reality and the correct personal data are available to the operator, the Company will correct the personal data.

The operator will inform the affected individual about the correction and any parties to whom the data were previously transmitted for data processing. Notification can be omitted if it does not harm the affected individual's legitimate interest considering the purpose of data processing.

30.22.3. Deletion and Blocking, Objection

For the deletion and blocking of personal data and objection to data processing, the provisions of Sections 17-21 of the Data Protection Act apply.

30.22.4. Legal Remedies

If the affected individual’s personal rights are violated, they may take legal action against the operator. The provisions of Section 22 of the Data Protection Act, Book One, Part Three, Title XII (Sections 2:51 . -2:54.) of Act V of 2013 on the Civil Code, and other relevant legal regulations apply to the legal proceedings.

30.22.5. Compensation and Damages

If the operator unlawfully processes the affected individual's data or violates data security requirements, causing harm or infringing personal rights, the affected individual may claim compensation.

The data controller is exempt from liability and the obligation to pay compensation if they prove that the harm or the infringement of the personal rights of the affected individual was caused by an unavoidable event outside the scope of data processing.

Other Provisions:

The operator reserves the right to amend this Information Notice and will inform the affected individuals of any changes.

The operator is not responsible for the accuracy of data provided by visitors to the website or guests.

In matters of data protection, individuals may contact the National Authority for Data Protection and Freedom of Information at any time:

Mailing address: 1534 Budapest, Pf.: 834

Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C

Phone: +36 /1/ 391-1400

Website: www.naih.hu

Email: ugyfelszolgalat@naih.hu

Ötbárány vendégház Biró Ágnes Klára e.v.

Cím: 8934 Bezeréd Dózsa Gy.utca 65.