CONTACT

Privacy policy

Teszt Vendégház private accommodation respects the personal rights of its Guests. The following Data Management Notice (hereinafter: Notice) is available at the Guest House on site and electronically on its website.

The Accommodation Provider, as a data controller, declares that during the data management, Regulation (EU) 2016/679 of the European Parliament and the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and the free flow of such data, as well as the Acts in accordance with the provisions of Regulation 95/46/EC on repealing (General Data Protection Regulation).

Data controller details:

Accommodation provider:
Address
Tax number:
NTAK registration number:
Contact:
Website:

The data provided during the accommodation reservation is managed by the Accommodation Service that operates the private accommodation. In connection with data management, the data controller hereby informs the Guests about the personal data provided to it and managed by it, the principles and practices followed in the management of personal data, the organizational and technical measures taken to protect personal data, as well as the manner and possibilities of exercising the rights of the data subjects.

The data manager treats recorded personal data confidentially, in accordance with data protection legislation and international recommendations, in accordance with this statement.

By making a reservation (placed online, by email, by phone or in person), the Guest, as a user, accepts the provisions of this Data Management Information.

BASIC CONCEPTS:

Personal data: the information relating to the identified or identifiable natural person (data subject) that can be linked to him - in particular the data subject's name, identification mark, and one or more physical, physiological, mental, economic, cultural or social identity characteristics - as well as the information that can be deduced from the data, the conclusion concerning the person concerned.

Data set: the totality of the data managed in one register.

Data subject: a natural person identified or - directly or indirectly - identifiable on the basis of any information.

Data processing: performing technical tasks related to data management operations, regardless of the method and tool used to perform the operations, as well as the place of application, provided that the technical task is performed on the data.

Third person: a natural or legal person, or an organization without legal personality, who is not the same as the data subject, the data manager or the data processor.

Data protection: the set of technologies and organizational methods enabling the inviolability, integrity, usability and confidentiality of the collected data assets.

Data protection incident: a breach of data security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled.

Privacy Policy any operation or set of operations performed on the data, regardless of the procedure used. In particular, collecting, recording, recording, organizing, segmenting, storing, transforming or changing, using, querying, communicating, transmitting, distributing or otherwise disclosing, making available, coordinating or connecting, limiting, deleting and/or destroying, and preventing the further use of the data, taking photographs, audio or video recordings, and recording physical characteristics suitable for identifying the person (e.g. fingerprints or palm prints, DNA samples, iris images).

Data manager: the natural or legal person or organization without legal personality who independently or together with others determines the purpose of data management, makes and implements decisions regarding data management (including the device used), or implements them with the data processor.

Data transmission: making the data available to specific third parties.

Data deletion: rendering the data unrecognizable in such a way that their recovery is no longer possible.

Limitation of data management: marking stored personal data in order to restrict their future processing.

Contribution: the voluntary, firm and clear declaration of the data subject's will, which is based on specific and appropriate information, and with which the data subject gives his consent to the processing of his personal data - comprehensive or covering certain operations - through a statement or an act that clearly expresses the confirmation. It is considered consent if the data subject checks a relevant checkbox when viewing the website or when finalizing the reservation, or makes relevant technical settings, as well as any other statement or action that, in the given context, is necessary for the planned processing of the personal data of the data subject. clearly indicates its contribution.

Mandatory data management: if the data management is ordered by law or - based on the authorization of the law, within the scope defined therein - by the decree of the local government for a purpose based on public interest.

Disclosure: making the data available to anyone.

Profile creation: any form of automated processing of personal data, during which personal data is used for the evaluation of certain personal characteristics of a natural person, in particular for the analysis of characteristics related to work performance, economic situation, state of health, personal preferences, interests, reliability, behavior, location or movement, or used for prediction.

PURPOSE AND LEGAL BASIS OF DATA MANAGEMENT

The data controller manages the personal data of the Guests for the following purposes:

1. management of data provided to the Guest House for the purpose of booking accommodation

  • Legal basis: Article 6 (1) point b) of the GDPR, i.e. the performance of a contract in which the Guest, as an affected party, is one of the parties.

2. management of data required for invoicing

  • Legal basis: Article 6 (1) point c) of the GDPR, i.e. the fulfillment of the legal obligation for the data controller, i.e. receipt, obligation to prepare invoices, obligation to provide data based on legislation.

3. communication related to the reservation

  • Legal basis: the data is processed on the basis of point a) of Article 6 (1) of the GDPR, in order to ensure that the Data Controller properly informs the Guest about the essential circumstances arising from the contractual relationship. In the event of the need for data processing for purposes other than those mentioned above or on other legal grounds, the data controller must inform the data subject individually, prior to the start of data processing, of all important information related to the intended data processing and of their related rights.

4. mandatory data provision to NTAK

  • Legal basis: Article 6 (1) point c) of the GDPR, i.e. the fulfillment of the legal obligation for the data controller, i.e. the obligation to provide data based on legislation.

SCOPE OF HANDLED DATA

In order to make a reservation and stay at the accommodation, it is necessary to enter the following personal data:

  • Name (surname and surname),
  • Guest gender
  • Mother's name
  • Time and place of birth
  • Postal code of residential address
  • Phone
  • E‐mail
  • Billing address
  • Type and number of identification document

The Guest expressly consents to the Personal Data of his/her child staying with him (a child under the age of 16 according to the Regulation) being handled by the Accommodation Provider.

PERIOD OF DATA MANAGEMENT

Data processing begins with the date of the Guest's reservation and is deleted within 365 days after the Guest leaves the Guest House. Regarding the Guest's name and billing address, the data is processed for the period specified in the Accounting Act, 8 (eight) years, after which the data manager destroys them.

DATA SECURITY

The data manager takes all necessary steps to ensure the security of the personal data provided by the Guests both in the network system and during the storage and preservation of the data. The data manager performs his work processes on a computer protected by a password and antivirus.

GUEST'S RIGHTS AND OPTIONS FOR ENFORCEMENT OF RIGHTS

1. The Guest is entitled to receive feedback from the data controller as to whether his personal data is being processed, and if it is, to receive information about his data being processed and all relevant information regarding data management.

2. The Guest may request that the data controller correct inaccurate personal data concerning him without undue delay. Taking into account the purpose of data management, you can request the addition of your personal data.

3. The guest may request the deletion of his personal data, unless the data management is necessary to fulfill the legal obligations of the data controller or to submit, assert or defend legal claims. The data manager deletes personal data without undue delay if the processing of the data is illegal, incomplete or incorrect, the purpose of data management has ceased, or the storage period has expired, or if it has been ordered by a court or authority, or if its deletion is necessary to fulfill the legal obligation of the data manager.

4. If the data controller processes personal data based on the data subject's consent, the data subject may withdraw this consent. If there is no other legal basis for the data management, the data manager will delete the personal data affected by the withdrawn consent.

5. The Guest has the right to have the data controller restrict the processing at his/her request if.

  • the Guest disputes the accuracy of the personal data - for the time necessary to verify the accuracy;
  • the processing is unlawful, but the Customer objects to the deletion of the data and requests the restriction of use;
  • the controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of a legal claim; or
  • the data subject objects to the processing of his or her data on grounds of public interest or the legitimate interests of the controller or a third party. During the restriction period, the controller may not use the personal data for any purpose other than storage.

6. In the event of the exercise of the Guest's rights, the Data Controller shall examine the data subject's request and take the necessary measures and inform the Guest of these measures or the reasons for not taking them within one month of receipt of the request.

7. Enforcement: the Guest may send his/her request regarding the processing of the data to the controller referred to in point I, at the address or e-mail address indicated in the same point. In the event of a breach of his/her rights, the data subject may bring an action before the competent court at the address of the controller or, at his/her option, at the competent court at his/her place of residence or, failing that, at the place of his/her domicile.

8. The Guest may also lodge a complaint with the National Authority for Data Protection and Freedom of Information (1125 Budapest, Szilágyi Erzsébet Fasor 22/c., hereinafter referred to as NAIH) and initiate an investigation on the grounds that a violation of rights has occurred or is imminent in relation to the processing of his/her personal data.

Valid from: 20/07/2023 until withdrawn.