Privacy Policy

Privacy Policy

 

The purpose of this Privacy Policy is to operate the Website (Kiss Rita; 3561 Felsőzsolca, Kőrösi Cs. S. u. 16.; info@eden-apartman.hu; tax number: 72430871-1-25; hereinafter: "Data Manager") To inform those concerned about the management, use, transfer and registration of the data stored on their homepage accessible through the Data Manager").

Rules for data management and data processing:

  • Personal data can be managed if
    • the data subject consents thereto, or
    • it is ordered by law or by decree of the local government, within the scope of the authority authorized by law.
  • The data provided by the customer in the course of the registration as a necessary and sufficient identification data for the service user are provided by the Service Provider in the CVIII. According to the Act, it manages it for the purpose of establishing, defining, modifying, monitoring the performance of the contract for the provision of an information society service, billing the resulting consideration and enforcing claims relating thereto.
  • Special Data is not handled by Data Controller.
  • Public law may require the disclosure of personal data by expressly stating the scope of the data. In all other cases, the consent of the data subject or, in the case of special data, the written consent of the data subject shall be required for publication. In case of doubt, it must be presumed that the data subject has not given his consent. The consent of the data subject shall be deemed to have been given in respect of the data which he or she has provided in the course of his or her public performance or that he or she has disclosed to the public. In the context of proceedings brought at the request of the data subject, his / her consent to the processing of his / her necessary data shall be presumed. This fact should be brought to the attention of the data subject.
  • For the purposes of these Rules, the Hungarian Hosting Ltd. (1132 Budapest, Victor Hugo u. 18-22, info@mhosting.hu, 23495919-2-41) is the data processor.
  • The rights and obligations of the data processor regarding the processing of personal data shall be determined by the data controller. The controller is responsible for the legality of instructions for data processing operations. He shall be responsible for the processing, alteration, deletion, transmission and disclosure of personal data within the scope of the data processor's activities and within the limits set by the data controller. You may not use any other data processor in the performance of your data processing activities. The data processor may not make a substantive decision regarding the data management, may process personal data of which he / she becomes aware only in accordance with the provisions of the data controller, shall not process data for his / her own purposes, and shall store and store personal data according to data controller regulations.
  • Based on the above, Data Controller manages the following data of the data subject: name, date of arrival, date of departure, number of adults, number of children, e-mail address, telephone number.
  • The service provider manages personal data for billing the service it provides, which is essential for billing purposes, in particular the date, time and place of use of the service. In addition, the Service Provider manages the personal data that is technically necessary for the provision of the Service in order to provide the Service. The Service Provider also manages the data related to the use of the Service for the purpose of increasing the efficiency of its service, for sending electronic advertisements or other addressed content addressed to the User, and for the purpose of market research, and has expressly consented to this by registering the User.
  • Before and during the use of the Information Society Service, the User shall ensure that the User may prohibit the data management of data processed for this purpose in order to increase the efficiency of its service, deliver electronic advertising or other addressed content to the User .
  • In case of termination of the data management right, the service provider deletes the data of the user of the service. The service provider shall ensure that the user is aware, before and at any time during the use of the information society service, of the types of data the service provider handles for the purposes of data management.
  • The information obligation of the affected customer is voluntary, however, due to the lack of necessary and sufficient data, the service provider cannot fulfill the orders of the affected customer. Thus, in order to perform our service and in accordance with the terms and conditions of this policy, we are required to provide the necessary and sufficient information as a "must". The mandatory term in this case does not refer to the mandatory nature of the data collection, but to the fact that there are records that fail to complete the registration successfully, leaving certain fields blank or inadequately filled may result in the registration being rejected.
  • By registering, the user acknowledges that he has voluntarily, explicitly and in advance given his consent to the service being sent to him by the service provider and other service providers cooperating with the service provider. You may withdraw this Statement of Assistance at any time without limitation and without justification and at no charge. In this case, the service provider will immediately delete the name of the declarant from the specified register required by law and will no longer send him electronic advertisements. When submitting an electronic advertisement, the advertiser shall inform the addressee of the electronic mail address and other contact details where he / she may request the prohibition of sending electronic advertisements using an information society service.
  • For our subscription, subscription-based services, we periodically send our customers information letters about our new services, special offers, etc. If our customers do not wish to receive such promotional letters in the future, even though they have not previously indicated their intention to do so, they may opt-out in the same way and through the same channel as when they initiated the service.
  • By registering, the user, as customer, acknowledges that the service provider has read and accepted the data management rules, and has made the statements specified therein, and that his registration constitutes consent to the data management.
  • The Controller undertakes to inform its website visitors in advance of any changes to its privacy policy and practice so that they are always fully and accurately informed about the data management principles and practices applicable throughout the Controller's Portal. This Policy on the Management and Protection of Personal Data always reflects the principles and practices that are actually applied.
  • If we intend to use personal information in a way that differs from the principles and purposes stated in the collection of personal information, we will notify those concerned in advance by email, who will be offered the opportunity to decide whether to accept, to handle their personal data in a new way under these new conditions.
  • Anonymous information that is collected without any personally identifiable information and that is not associated with a natural person, or demographic information that is collected in a way that does not associate with personally identifiable personally identifiable information, connect with a natural person.
  • We do not supplement or link the personal or other information provided by those involved with any data or information from other sources. In the future, in the event of such linking of data from various sources, this will be done only after proper information, with the prior consent of the data subject.
  • Where the competent authorities require the service provider to provide personal data in the manner prescribed by law, the controller shall, subject to the law, provide the information requested and available.
  • If our customers provide us with personal information, we will take all necessary steps to ensure the security of this information, both during network communication (ie online data management) and during storage, storage (ie offline data management).
  • Personal data may only be accessed by persons holding relevant positions.
  • The Controller does not currently offer a service specifically intended for children under the age of 14 and hereby declares that it does not collect or process personal data on children under the age of 14. In the event of a need to process the personal information of a child under the age of 14, it is only possible to record such information with the proper consent of a parent or other legal representative in a verifiable form, with consent. Without such authorization, we will not record children's personal information (even if the service cannot be accessed without it).

Stakeholders Rights:

  • The data subject may request information about the processing of his or her personal data, and may request the rectification or deletion of his or her personal data, except as provided by law.
  • At the request of the data subject, the controller shall provide information on the data processed by the controller which he or she processes, or on the purpose, legal basis, duration, name, address and seat of the data controller and to whom and for what purpose receive or have received the data. The controller is required to provide the information in writing, in a comprehensible form, within a minimum of 30 days from the submission of the request.
  • The controller may refuse to provide information to the data subject only if it is required by law, the State's internal and external security, such as national defense, national security, crime prevention or law enforcement, financial interests of the state or local government limit. The data controller shall inform the data subject of the reason for the refusal of information. The Data Controller shall notify the Data Protection Commissioner annually of the rejected requests.
  • The data controller is obliged to correct incorrect data.
  • Personal data must be deleted if:
    • management is illegal,
    • the person concerned requests,
    • incomplete or erroneous - which cannot be legally remedied - unless cancellation is excluded by law,
    • the purpose of data management has ceased to exist or the statutory time limit for the storage of data has expired,
    • ordered by the court or the Data Protection Commissioner.
  • Corrections and deletions shall be notified to the data subject and to those to whom the data have previously been transmitted for data management purposes. Notification may be dispensed with if the legitimate interests of the data subject are not prejudiced in view of the purpose of the processing.
  • The data subject may object to the processing of his personal data if:
    • the processing (transfer) of personal data is necessary only for the enforcement of the rights or legitimate interests of the data controller or the data recipient, unless the data processing is ordered by law,
    • the use or communication of personal data is for the purpose of direct marketing, opinion polling or scientific research,
    • otherwise, the right to object is permitted by law.
  • The data controller shall, with the simultaneous suspension of the data processing, examine the objection as soon as possible after submitting the application, but not more than 15 days, and inform the applicant in writing of the result. If the objection is justified, the controller shall terminate the data processing, including further data collection and transfer, and block the data, and notify anyone to whom the personal data of the object of the objection have previously been transmitted of the objection and who are required to take action to enforce the right of protest. If the data subject disagrees with this decision of the controller, he or she may, within 30 days of being informed, bring the matter before a court.
  • The data controller may not delete the data of the data subject if the data processing has been ordered by law. However, the data may not be forwarded to the recipient if the controller has agreed to the protest or the court has declared the protest justified.
  • The data subject may take legal action against the controller in case of violation of his rights.

concepts:

  • data file:  the sum of the data managed in a filing system,
  • data processing:  performing technical tasks related to data processing operations, irrespective of the method and means used to carry out the operations and the place of application,
  • data processor:  any natural or legal person, or any entity without legal personality, who processes personal data on behalf of a controller, including as required by law,
  • data management:  any operation or combination of operations, including the collection, recording, recording, filing, filing, storing, altering, using, transmitting, publishing, coordinating or linking, blocking, deleting and destruction of personal data, irrespective of the procedure used; and preventing further use of the data. Data management also includes taking photographs, sound or images, and capturing physical features such as fingerprints, palm prints, DNA samples, iris images,
  • Data Controller:  any natural or legal person, or any entity without legal personality, which, having the purpose for processing personal data, determines and implements the data management (including the device used), or implements it with a data processor mandated by it;
  •  data destruction: the complete physical destruction of the data or the data medium containing the data,
  • data transfer:  if the data is made available to a specific third party,
  • data erasure:  making data unrecognizable in such a way that it is no longer possible to recover it,
  •  data blocking: rendering the transmission, access, disclosure, alteration, alteration, destruction, deletion, interconnection or harmonization and use of data permanently or temporarily impossible,
  • third party:  any natural or legal person, or any entity without legal personality, other than the data subject, the controller or the processor.
  • consent:  a voluntary and determined expression of the wish of the data subject, based on appropriate information and giving his / her unambiguous consent to the processing of personal data concerning him or her, whether complete or specific,
  • special data: data  on racial origin, national and ethnic minorities, political opinion or party affiliation, religious or other beliefs, membership of an advocacy organization, health status, pathological passion, sexual life, and criminal records data,
  • Disclosure:  If the information is made available to anyone,
  • registration:  providing the controller with the necessary and sufficient identification data to identify the user of the service
  • personal data:  any data related to any specific (identified or identifiable) natural person (hereinafter referred to as "the Data Subject"), a deduction of information from the data concerning the data subject. Personal data will retain this quality during data management as long as the relationship with the data subject can be restored. In particular, a person shall be deemed to be identifiable if, directly or indirectly, he is identifiable by name, identification mark or one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;
  • protest:  a statement by the data subject that he objects to the processing of his personal data and requests the termination of the data processing or the deletion of the processed data