Privacy and data management policy:
Details of the service provider as data controller
Name: Platán 2000 Kft.
Headquarters: 6100, Kiskunfélegyháza, Szentesi út 26
Tax number: 11484936-1-03
Phone number: +36 70 455 1101
E-mail: platansiofok@gmail.com
(hereinafter referred to as the "Data Controller")
The Data Controller, like Platán Vendégház Kft., www.platansiofok.com The Operator hereby informs its customers, guests and visitors to its website (hereinafter collectively: Affected (s), User (s) or Guest (s)) that it respects the personal rights of its Guests, and therefore (hereinafter referred to as the Regulations).
The current version of the Privacy Policy is available at www.platansiofok.com website. The Data Controller reserves the right to change the Regulations due to the harmonization of the legal background and other internal regulations to be amended in the meantime.
These regulations regulate the data management activities related to the services provided by Platán Vendégház and available through the website.
I. PURPOSE OF THE REGULATIONS
The primary purpose of these regulations is to define and comply with the basic principles and provisions concerning the processing of the data of natural and legal persons and guests who come into contact with Platán Vendégház in order to ensure that the privacy of the data subjects is protected in accordance with the relevant legal regulations.
The purpose of these regulations is also to ensure that Platán Vendégház complies in all respects with the data protection provisions of the applicable legislation, in particular, but not exclusively,
Act CXII of 2011 on the right to information self-determination and freedom of information. law,
CVIII of 2001 on certain aspects of electronic commerce services and information society services. law,
Act XLVII of 2008 on the Prohibition of Unfair Commercial Practices for Consumers law,
Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Commercial Advertising law,
the provisions of the relevant EU Regulation 2016/679 (GDPR).
The Data Controller considers it particularly important that Article CXII of 2011 on the right to information self-determination and freedom of information, made available by the data subject on the website or in any other way protect the personal data required by the relevant provision of the law and respect the right of data subjects to self-determination of information.
II. SCOPE OF THE REGULATIONS
Temporal validity: These Regulations 01.04.2021. effective from the date of revocation.
Personal scope: The scope of these Regulations extends to all persons whose data are contained in the data processing covered by these Regulations, as well as to persons whose rights or legitimate interests are affected by the data processing.
Material scope: the scope of these regulations extends to the processing of all personal data in all organizational units of Platán Vendégház.
III. DEFINITIONS
Data subject / User / Guest: a natural person identified or identifiable, directly or indirectly, on the basis of any information;
Personal data: any information about the data subject, in particular the name of the data subject, his or her identification mark and knowledge of one or more physical, physiological, mental, economic, cultural or social identities, photographs, video recordings and data that can be extracted from the data relevant conclusion;
Consent: a clear, voluntary and informed statement of the will of the data subject, giving his or her consent to the processing of personal data concerning him or her by means of a statement or other unambiguous expression of his or her will;
Data controller: a natural or legal person or an organization without legal personality who, within the framework specified by law or a binding act of the European Union, determines the purpose of data processing, independently or together with others, for data processing (including the means used) make and implement relevant decisions or execute with the data controller;
Data management: any operation or set of operations on data, regardless of the procedure used, in particular the collection, recording, recording, systematisation, storage, alteration, use, interrogation, disclosure, reconciliation or linking, blocking, erasure and destruction of data, and prevent the further use of the data, take photographs, record sound or images and record physical data capable of identifying the person;
Data transfer: making the data available to a specific third party;
Data processing: the totality of data processing operations performed by a data processor acting on behalf of or at the request of the data controller;
Data erasure: making data unrecognizable in such a way that it is no longer possible to recover it;
Data blocking: the identification of data to limit their further processing permanently or for a specified period of time;
Destruction of data: complete physical destruction of the data carrier;
Data set: the totality of the data managed in one register;
Third party: a natural or legal person or an entity without legal personality who is not the data subject, the controller, the processor or persons who carry out operations for the processing of personal data under the direct control of the controller or processor;
Data protection incident: a breach of data security that results in the accidental or unlawful destruction, loss, alteration, unauthorized transfer or disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise handled;
ARC. PRINCIPLES OF DATA MANAGEMENT
Proportionality, necessity principle: Only personal data that is essential for the realization of the purpose of data processing and suitable for the achievement of the purpose may be processed. Personal data may only be processed to the extent and for the time necessary to achieve the purpose.
Purpose limitation principle: Personal data may only be processed for a specific purpose, in order to exercise a right and fulfill an obligation. At all stages of data processing, it must be fit for purpose, and the collection and handling of data must be fair and lawful.
Personal data retains this quality during data processing as long as its connection with the data subject can be restored. The connection with the data subject can be restored if the data controller has the technical conditions necessary for the recovery.
The processing shall ensure the accuracy, completeness and, where necessary for the purposes of the processing, the accuracy of the data and that the data subject can only be identified for the time necessary for the processing.
Adequate security of personal data shall be ensured through the use of appropriate technical or organizational measures to protect personal data, in particular against unauthorized or unlawful processing, accidental loss, destruction or damage.
Principle of voluntariness: The provision of data by the data subject is voluntary. The Data Controller processes personal data with the consent of the data subject. Voluntary consent is to be understood as the user behavior by which the user accepts, by using the website, that all regulations relating to the use of the website automatically apply to him.
V. STATEMENTS BY THE DATA CONTROLLER
The Data Controller declares that
Act CXII of 2011 on the right to information self-determination and freedom of information during data processing. act in accordance with the provisions of this Act.
the personal data obtained by the Data Controller during the data processing may be accessed only by those persons who have a legal relationship with the Data Controller and who have a duty in connection with the given data processing.
ensure that the rules in force at all times are accessible to the data subject at all times, thus giving effect to the principle of transparency.
the website treats the personal data of the visitors confidentially, in accordance with the legal regulations in force, ensures their security, takes technical and organizational measures, and establishes rules in order to fully comply with the principles of data protection.
handles the personal data of the guests staying in the guest house confidentially, in accordance with the applicable legal regulations, ensures their security, takes technical and organizational measures, and establishes procedural rules in order to fully comply with the principles of data protection.
in order to preserve the data processed by it, it shall take and ensure all measures promoting the IT and other secure data management related to the storage, processing and transmission of data.
it will do everything in its power to protect the personal data it processes against unauthorized access, alteration, disclosure, deletion, damage or destruction, in order to guarantee the necessary technical conditions.
the personal data provided by the data subject is not checked by the data controller, he / she excludes his / her responsibility for their accuracy.
it transfers personal data to a third party only if it links the database managed by it to another data controller only if the data subject consents to it or is permitted by law, and if the conditions for data processing are met for each personal data.
keep a record of the scope of the personal data concerned, the scope and number of data subjects, the date, circumstances, effects of the data protection incident and the measures taken to deal with it, and other data specified by law.
the Data Controller excludes its liability for the lawfulness of the data processing of a contractual partner with a legal relationship with the Data Controller (eg sabeeapp.com).
In order to protect the personal data stored in automated data files, the Data Controller shall ensure the prevention of accidental or unlawful destruction or accidental loss, as well as unauthorized access, alteration or distribution.
VI. SCOPE OF DATA MANAGEMENT ACTIVITIES AND DATA
VI.1 Use of the Services
Platán Vendégház's handling of all data related to the data subject in the scope of the provision of services is based on voluntary consent, its primary purpose is to ensure the provision of the service and to maintain contact. The Data Controller shall keep the personal data contained in this section for a period of time in accordance with the applicable tax and accounting regulations, and shall delete them upon expiry of the deadline.
For each service, it is possible to provide additional information that will help you to fully understand the needs of the Guest, but these are not conditions for using the services.
VI.2 Request for quotation
When requesting a quote through the website, the guest enters the data through the email system.
In the reply letter / feedback, the data controller and his / her staff may request any additional data, e.g. full name, address, bank account number.
The data sent to the Data Controller is handled by the employees of the Data Controller working in an authorized position, it is not disclosed to third parties, the received data is recorded and an offer is made to the data subject, which is sent to the given e-mail address.
VI.3 Room reservation so-called through a booking engine
When booking https: // platansiofok / reservation / ... On the website, the Data Controller requests / may request the following data from the Guest:
Last name
First name
E-mail address
Title
Country
Phone number
Expected time of arrival
Additional billing addresses may be requested upon booking.
VI.4 Login and Application Form
Upon arrival, the Guest shall fill in a notification prior to the occupation of the booked room, in which the Data Controller consents to the processing of the provided data in order to fulfill the obligations specified in the relevant legislation and to prove the fulfillment, as long as the competent authority compliance with certain obligations.
During the registration form, the guest house will ask for the following information:
Last name
First name
Nationality
Date of birth
ID number
Home address
Phone number
Signature
The provision of the mandatory data by the Guest is a condition for the use of the services.
By signing the application form, the guest agrees that the data controller handles the data provided by filling in the application form within the deadline indicated above for the purpose of proving the conclusion of the contract, fulfillment or fulfillment, and possible enforcement.
The information provided by the Guest on the application form also applies to all services used by him.
VI.5 Credit Card Information
The data controller may only use and use the bank, credit card / bank account data provided by the data subject at the time of booking for as long as is necessary to exercise his or her rights and fulfill his or her obligations. Bank card data is primarily handled by the Data Controller's contractual partners.
VI.6 Website traffic data, use of cookies
Links
Cookies
The Data Controller's website may also contain links that are not operated by the Data Controller for the sole purpose of informing visitors. The Data Controller has no influence on the content and security of the websites operated by the partner companies and is therefore not responsible for them.
Platán Vendégház uses cookies in connection with its use on its website. A cookie is a file sent by a server to a user's browser and stored on a user's computer. The purpose of using cookies is to facilitate easier and better use of the website and any registration / booking. Cookies may contain information about the user's operating system or browser. Based on the above, the Internet cookie allows the user to be more accurately identified. The service provider does not use or allow cookies that allow third parties to collect data without the user's consent. You can disable the use of cookies in your browser settings. If cookies are disabled, certain elements of the service may be used only partially or not at all. The service provider uses Google Analytics. The purpose of using "ad-related cookies" is to select the ads that are most interesting or relevant to your visitors and to display them on your website. Modern browsers allow you to change "cookie settings". Some browsers automatically accept "cookies" by default, but this setting can also be changed to prevent the visitor from automatically accepting it in the future. In the event of a switch, the browser will continue to offer the option to "set cookies" each time.
VII. STORAGE OF PERSONAL DATA, SECURITY OF INFORMATION
Personal data may only be processed in accordance with the law and for the purpose of data processing.
The purpose of data management: to contact and keep in touch with the data subject, to increase the quality of the service that fits the profile of the Data Controller, to do so market research and to survey consumer habits.
Legal basis for data processing: the voluntary consent of the data subject based on the prior information of the Data Controller.
Duration of data processing: 30 days from the termination of the customer relationship, if they are not used to enforce the rights and obligations arising from the customer relationship, or until the data subject's data is deleted or his or her data processing authorization is revoked upon request.
To modify and delete personal data, to withdraw voluntary consent and to request information on the processing of personal data, the platansiofok@gmail.com contact request.
The data subject has the right to prior information regarding data processing, as well as the right to access, correct, restrict or delete data.
The Data Controller shall ensure the IT environment used for the processing of personal data during the provision of the service by linking the personal data provided by the data subject only and exclusively with the data and in the manner specified in these regulations, ensuring that only to whom it is essential for the performance of their duties arising from their duties.
Incorrect data shall be deleted or rectified within 24 hours at the request of the data subject.The Data Controller provides the level of protection specified by law when requesting or protesting the relevant information during the processing of the data - in particular their storage, correction and deletion.
The transfer of data shall take place with the consent of the data subject, without prejudice to his or her interests, in confidence, with the provision of a fully compliant IT system and in compliance with the purpose, legal basis and principles of data processing. The Data Controller shall not transfer the personal data of the data subject without his or her consent or make them available to third parties, unless required to do so by law.
Other unidentifiable data of the data subject, which cannot be contacted directly or indirectly, hereinafter referred to as anonymous, shall not be considered personal data.
VIII. REMEDIES, ENSURING THE ENFORCEMENT OF THE RIGHTS OF THE PERSON CONCERNED
The data subject may request information on the processing of his / her personal data, as well as the rectification or deletion or blocking of his / her personal data, with the exception of data processing required by law. platansiofok@gmail.com e-mail address and in person for each of the activities covered by the data processing as set out therein.
At the request of the data subject, the Data Controller shall provide information on the data processed by him, the purpose, legal basis, duration of the data processing, data of the data processor if he has used the data processor, the legal basis, purpose and recipient of the transfer.
In order to exercise the right of erasure, the controller shall immediately delete the personal data of the data subject if
The Data Controller shall notify the data subject of the rectification and erasure, as well as to all persons to whom the data have previously been transmitted for the purpose of data processing.
With the simultaneous suspension of data processing, the Data Controller shall examine the data subject's request within the shortest time from the submission of the request, but not later than within 25 working days, and shall notify the data subject in writing or electronically if the data subject has submitted the request electronically. If the applicant's protest is justified, the Data Controller shall terminate the data processing, including further data collection and data transfer, and block the data, as well as notify all persons to whom the personal data affected by the protest have previously been transferred of the protest and the measures taken on the basis.
If the data subject does not agree with the decision of the Data Controller, or the Data Controller fails to meet the deadline prescribed by law, the data subject is entitled to apply to a court as defined in the data protection legislation.
Judicial enforcement: The data subject may sue the data controller or, in connection with the data processing operations within the scope of the data controller's activities, against the data controller if, in his or her opinion, the data controller or the data controller acting on his or her behalf or in breach of the requirements laid down in a binding act of the European Union.
The court is acting out of turn in the case. The Data Controller is obliged to prove that the data processing complies with the provisions of the law.
In the event of a violation of the right to self-determination of information, the person concerned may also file a complaint or complaint with the National Data Protection and Freedom of Information Authority.
Contact the National Data Protection and Freedom of Information Authority (NAIH):
Issues not detailed in these data protection regulations are subject to the relevant data protection legislation, in particular Act CXII of 2011 on the right to self-determination of information and freedom of information. and Regulation (EU) 2016/679 of the European Parliament (GDPR) shall apply.
(a) the processing is unlawful, in particular if the processing
(aa) contrary to the principles of data management,
(ab) its purpose has ceased to exist or further processing of the data is no longer necessary for the purpose of the processing,
(ac) a period of time specified by law, international treaty or binding act of the European Union has elapsed, or
(ad) its legal basis has ceased to exist and there is no other legal basis for processing the data,
(b) the data subject withdraws his or her consent to the processing or requests the deletion of his or her personal data, unless the processing of the data is required by law,
(c) the erasure of the data has been ordered by law, an act of the European Union, the Authority or a court, or
d) the period specified by law has elapsed.
Postal address: 1530 Budapest, Pf .: 5.
Address: 1125 Budapest, Szilágyi Erzsébet avenue 22 / c
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat@naih.hu
URL: http://naih.hu
Siófok, April 1, 2021