Datenschutzerklärung

1. Introduction

Zamárdinyaralás Kft. (service provider) ,on its website, manages the personal data of its customers in order to provide suitable accommodation for them and to be able to fulfill its duties of sending appropriate information regarding the provided accommodation.

The service provider is to fully comply with the laws regarding the management and dealing of personal data, especially the edict of the European Parliament and Council (EU) 2016/679 and the Hungarian laws deriving from it.

This certain data management informant of the protection of personal data and of the free flow of information was created according to the edict of the European Parliament and Council (EU) 2016/679 in consideration for the content of 2011. CXII. law, about the right of informatial self-determination and the freedom of information.

2. Service provider, data manager:

Az adatkezelő elérhetőségei:

3. Definitions

• GDPR (General Data Protection Regulation) the new data protection edict of the European Union
• Data management: any action/operation taken on data files, so the collection, recording, systematization, storing, altering, introspection, transmission, query, usage or deleting.
• Data processor: a person or an agency managing personal data in the name of the data manager.
• Personal data: any information of an identified person; a person is identifiable, if directly or indirectly can be identified by some personal information such as name, number, location data, online id or by identifiers reffering to physical, physiological, genetic, mental, economic, cultural, social identity.
• Data manager: a person, an agency or any other organisation, which sets the aims and means of the managment of personal data either by itself or with the involvement of others. If the aims and means of data management is set by either EU or member state laws, then the data manager or the designation of the data manager can be altered by these laws
• The consent of the affected person: the willing, factual proclamation of the affected person, with which the affected person unmistakably expresses his/her consent to the management of the personal data affecting him/her.
• Data protection incident: the damaging of data security, resulting in the accidental or illicit deletion, altering, accessing, transmission of the stored transmitted personal information.
• Recipient: a person, an agency or any other organisation, with which or whom the personal data is shared, irrespective of wether it is a third-party. Those public authorities, which according to Eu or member state law have access to personal information do not classify as recipient, the management of the aforementioned information by such public authorities must match the data protection laws set up according to the aims of the data management.
• Third-party: a person, an agency or any other organisation, which is not identical with the affected pesron, the data manager nor with those, directly employed either by the data manager or the data processor.

4. Directives of the data management

The data manager declares, that it manages personal data according to the points listed in the Data management informant and adheres to the regulations of concerning laws, with special attention to the followings:

• Personal data must be processed in line with concerning laws and righteously, also transparently for the affected person. The principal of transparency demands, that any reference and information regarding data management must be easily accessable articulative
• The collection and management of personal data can onyl occure with a legal, clear and specific aim.
• The aim of personal data management must be relevant, can only be on a required scale.
• Personal data must be accurate and up-to-date, inaccurate information must be deleted.
• The storage of personal data must be solved in a way, that it makes the identification of the affected person possible only during the required time period. The storage of personal data can extend this period only, if it is achived due to public interest aims, or due to cultural, historical research, statistic goals.
• Personal data must be processed with adequate technical or organizational measures in place to grant the protection of all personal data against the illicit management, accidental forfeiture, deletion or damaging of these information.
• The service provider is obligated to prove the accounatbility connected to data management
• The principals of data protection must be enacted to the personal information of all identified or identifiable person

5. Important data managemental information

• The aim of data management is to use, sort and manage the personal data of the customers of the service provider during the operation of its website, accorind to relevant laws.
• The legal basis of the data management is the consent of the affected person.
• People affected by the data management on the online platform of the service provider are the group of individuals, who share data in order to reserve accommodation.
• The duration of data management is dependent on the certain user aim, however the data must be deleted if the original aims have been accomplished or if the affected person requires to. The consent to the data management can – at any point, without any reason – be withdrawn by the affected person via e-mail. If the deletion is not obsructed by any law, then any personal information must be deleted immediately, and the service provider is obligated to notify the affected person of the changes.
• The data manager and, connected to accommodation providing, the employees are entitled to the cognition of the data.
• The affected person can request the access to, the correction, the deletion or the limiting of the personal data linked to him/her.
• The affected person can withdraw his/her consent to the data management at any point, however it does not affect the legality of process of the data management before the withdrawal.
• The affected person has the rigth to file a complaint to the supervising authorities.
• If the affected person is to avail him/herself of the services offered by the registration the the website of the service provider, then he/she must give the requested pieces of information. The affected person is not required to give any personal information, as the lack
• of data providing does not have any negative effect on the person, however some functions of the website is not accessable without registering first.
• The affected person is entitled to request the service provider to correct and add to faulty or missing information linked to him/her, without groundless procrastination.
• The affected person is entitled to request the service provider to delete the faulty or wrong information linked to him/her, without groundless procrastination. The service provider is obligated to notify the affected person of the changes.
• The deletion or altering of personal information can be requested via e-mail, telephone or by mailing the address given above.

6. Data collection on online platform

The aim of the data management is to tackle administrative duties connected to the reservation of the accommodation and to create contact opportunities between the provider and the customer.

The legal basis of the data management in connection with the accommodation providing is the consent of the affected person. People affected by the data management on the online platform of the service provider are the group of individuals, who share data in order to reserve accommodation.

The duration of data management: Data management occures until the withdrawal of the consent to data management, but at last 5 years from the collection of the personal data. The consent to the data management can – at any point, without any reason – be withdrawn by the affected person via e-mail.

The deletion of personal data happens at the withdrawal of consent to data management. You can withdraw your consent to data management in an e-mail to the service provider. The alteration or deletion of any personal data can be requested via e-mail, telephone or by mailing the address given above. The service provider is obligated to notify the affected person of the deletion of his/her personal data.

The data manager and, connected to accommodation providing, the employees are entitled to the cognition of the data

Method of storing personal data: on electronic devices and in paper form

In order to protect and preserve the integrity of the personal data stored in paper form, the service provider must enact all technical and organisational measures. To this end, the service provider may store such documents in closed cabinets througout the process of the data management.

The affected person can declare his/her consent to the data management process by ticking the checkbox set up for this purpose on the provider’s website.

The affected person is entitled to protest against the management of his/her personal data and is entitled to the procedures according to the content of this data management informant and of concerning laws

7. Reservation of accommodation

The booking of the accommodation may occure on an online platform, in e-mail or via telephone.

The provider, after the collection of certain personal data based on the consent of the affected person, is entitled to contact the affected person (e-mail, telephone) in connection with the reservation of the accommodation.

The aim of the provider with contacting the affected person is to finalize and to confirm the booking of the accommodation.

8. Invoicing

The data provided by the affected person is required for the service provider also to complete its law based obligation of handing out a receipt of their service.

The service provider is entitled to send the certain receipt via e-mail, or to give it to the customer in person.

The duration of data management: Data management occures until the withdrawal of the consent to data management, but at last 8 years from the handing out of the receipt. The consent to the data management can – at any point, without any reason – be withdrawn by the affected person via e-mail. The billing information must be deleted according to the regulations of concerning laws.

9. Newsletters

The service provider, as the operator of the online platform, is obligated to obey the regulations of the concerning laws. We also state, that we do not intend to confirm the genuineness of the personal data or check whether it connects to a company or a person when it comes to the subscription on newsletter. We handle those, who get in contact with us, as partners.

The aim of the data management is to send out advertisement, information, newsletter and discounts via e-mail, which the affected person can cancel at any point.

The legal basis of the data management is the consent of the affected person. The provider informs the affected person, that he/she can accept the sending of advertisements and other information to the e-mail address given at registration in advance. Consequently, the user agrees to the management of his/her data for this purpose.

The duration of data management: Data management occures until the withdrawal of the consent to data management. The consent to the data management can – at any point, without any reason – be withdrawn by the affected person via e-mail. The service provider must notify the affected person of the changes caused by unsubscribing from the newsletter.

The data manager and, connected to accommodation providing, the employees are entitled to the cognition of the data.

Method of storing personal data: electronic

Place of storing personal data: Digithotel Online Foglalás Kft. , and the storing services listed below.

Only the the ceo of the provider and the employees of Digithotel Online Foglalás Kft. have access to these servers on the secure online platform.

The deletion or altering of personal information can be requested via e-mail, telephone or by mailing the address given above.

10. Cookies

Cookies are placed on the websites visited by the affected person and contain information, such as the settings or the status of the data log of the website.

So cookies are files created by the visited websites. With the help of the browsing history, they ameliorate the user experience. Due to these cookies, the website can recall previously set settings and can show content relevant to the location of the user.

The online platform of the sevicxe provider sends a small file (cookie) on the computer of the affected person to make the time and date of the visiting ascertainable. The affected person is informed of this on the website of the service provider.

The consent of the affected person to the data management is not required, as long as the usage of cookies is necessary for the service provider.

The range of data:

The service provider informs the affected person, that he/she can delete the cookies in the Settings menu at any point.

The serive provider, as the data manager responsible for the legal operation of the online platform, is entitled to cognize the data of the cookies. With using cookies, the service provider does not deal with any personal data.

Method of storing data: electric

11. Intermediary services

When posting contents connected to providing accommodation on social media platforms (i.e.: Twitter, Facebook, etc.) the operator of the site is considered to be the data manager and to its actions, its own data protection rules apply.

12. In case of using Google Analytics

The service provider relies to external web analytic organisations, which operate independently from the service provider, when operating its own website.

The service provider uses the services of Google Inc. Google Analytics and Googly Adwords. Google Inc. uses cookies and web beacons to gather information and to help analyse the usage of the website. Information stored by cookies (including the IP address of the user) are stored on the

servers of Google Inc.. Within the remarketing program of Google Adwords, Google places cookies on the user’s device tracking the location of the user, which monitor the online behaviour of the user based on which, Google places advertisements on visited websites. These cookies help Google identify the user on other website sas well. The „Guidelines for data protection” of Google can be found here: http://www.google.hu/intl/hu/policies/privacy/. More information regarding Google’s policies, the blocking of cookies, the personalization of advertisements can be found here: https://policies.google.com/technologies/ads. There is no option to reject web beacons. The provider uses the services of Adverticum Zrt. for marketing purposes, of which more information can be found here: http://www.adverticum.hu/

13. Data processors

The provider uses the services of the following data processors in its actions connected to providing accommodation:

• Reservation registering office
• Local government
• Digithotel Online Foglalás Kft. (HQ: 8272 Balatoncsicsó, Rozmaring utca 8.;Company number: Cg. 19-09-518843)
• AB Plusz Bt. (HQ: 2049 Diósd, IV. Béla király u. 48. ; Company number: Cg. 01-06-757647)
• EV2 Internet Kft. (HQ: 1149 Budapest, Róna u. 120-122.; Company number: Cg. 01-09-987250)

14. Storage provider:

All personal data provided by the affected person is stored on the servers of the storage provider. The data manager and its employees have access to these personal information.

The legal basis of the data management is the consent of the affected person.

15. Rights of the affected persoon:

Right to ask for information: You can ask for information from us regarding the personal data we manage, the legal basis, the aim, the source or the duration of the data management. We reply within 30 days to your e-mail.

Right to make amendments: You can request us to alter or correct your personal data. We reply within 30 days to your e-mail.

Right to deletion: You can request us to delete your personal data. We reply within 30 days to your e-mail.

Right to lockup: You can request us to lock your personal data up, which lasts until it is necesarry according to your reasoning. We reply within 30 days to your e-mail and send a notification of the changes.

Right to reject: You can protest against the data management. Your request is examined as soon as possible, and at last within 15 days, decide upon the validity of its causes, and notify you in e-mail of the decision.

16. Enforcement of rights connected to data management

When experiencing illicit data management, the affected person must contact the service provider, to make the restoration of the legality of the situation possible.

If the affected person is certain, that the legality of the situation cannot be restored, the availability of the adequate authorities are listed below:

Nation Authority for the Protection of Data and the Freedom of Information

Post: 1530 Budapest, Pf.: 5.

Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c

Telephone: +36 (1) 391-1400

Fax: +36 (1) 391-1410 E-mail: ugyfelszolgalat@naih.hu

URL https://naih.hu

coordinates: N 47°30’56”; E 18°59’57”

17. The conerning laws sering as the basis of the data management

The edict of the European Parliament and Council (EU) 2016/679 (2016. april 27th) regarding the protection of personal data in the process of data amanagement and the free flow of such information and the annulment of the 95/46/EK edict.

• 2011. CXII. law, about the right of informatial self-determination and the freedom of information.
• 1995. LXVI. law concerning the protection of contents of public documents and private letters.
• 335/2005. (XII. 29.) Government edict regarding the general requirements of the document management of public authorities.
• 2001. CVIII. law concerning questions in connection with electronic trade and services of the information society.
• 2003. C. law of electronic media

18. Extent

The data management informant is in effect from the 26th of may, 2018.