1. Data controller
The data controller with regard to this Policy:
- Data controller: Rádli&Rádli 2020 Ltd.
b) Registered office: 13 Véndeki utca H-8300 Tapolca, Hungary
c) Mailing address: 13 Véndeki utca H-8300 Tapolca, Hungary
d) Electronic (email) address: info@bacchushotel.hu
e) Court of registry: Veszprém County Court of Registry
f) Tax ID.: 28805155-2-19
The purpose of the data protection information is to define the scope of personal data processed and the method of data processing by the Data Controller, and to make sure that the constitutional principles of data protection and data security requirements are enforced, and to prevent unauthorized access, alteration and unauthorized disclosure or use of data, in order to ensure that the privacy of the natural persons are respected by the user.
For the purpose set out in section (2), the data controller shall handle and process the personal data of the user confidentially, in accordance with the applicable legal regulations, ensure their security, take the technical and organizational measures and establish the procedural rules that comply with the relevant legal provisions and other recommendations needed for the enforcement of the provision of the relevant legislation and other recommendations.
2. Legal background
The Data Controller is obliged to comply with the legal regulations related to the processing of personal data in all phases of data processing. The processing of data by the data controller is primarily governed by the provisions laid down in the following legislation:
§ 2: 43 (e) of Act V of 2013 on the Civil Code,
- Act CXII of 2011 on the right to information self-determination and freedom of information.(“Privacy Act”);
- Act CVIII of 2001 on certain aspects of electronic commerce services and some issues of services related to information society services. TV. ("E-comm. Act");
- Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Commercial Advertising ("ComAd. Act.")
- Act VI of 1981 promulgated in Strasbourg on 28 January 1981 on the Protection of Individuals with regard to Automatic Processing of Personal Data;
- Act CXIX of 1995 on the Management of Name and Address Data for the Purpose of Research and Direct Business Acquisition. Act ("DirData Act.")
3. Definitions
(2) Data subject: any natural person identified or identifiable, directly or indirectly, based on specific personal data;
(2) personal data: data which may be related to the data subject, in particular the name, identification code and knowledge of one or more physical, physiological, mental, economic, cultural or social identity of the data subject, and the conclusion which may be drawn from the data concerning the data subject;
(3) consent: a voluntary and explicit statement of the data subject's wishes, based on appropriate information, giving his or her unambiguous consent to the processing of personal data concerning him or her, in full or in part;
(4) objection: a statement by the data subject objecting to the processing of his/her personal data and requesting the termination of the data processing or the deletion of the processed data
(5) data management: regardless of the procedure used, any operation or summary of operations carried out on personal data, such as collecting, recording, organizing, storing, altering, using, transmitting, disclosing, reconciling or linking, blocking, deleting and destroying the data, and prevent the further use, taking photographic, audio or video recordings and the recording of physical identifiers (e.g. fingerprints, palmprints, DNA samples, iris photo)
(6) data processing: performing technical tasks related to data management operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data.
(7) data transmission: making the data available to a specific third party.
(8) disclosure: making the data available to anyone.
(9) data controller: a natural or legal person or an organization without legal personality who, alone or together with others, who or that determines the purpose of the processing of personal data and takes decisions regarding the data processing (including the means used) and carry them out or have them carried out by a data processor appointed for the task by him/her/it.
(10) data processor: a natural or legal person or an organization without legal personality who carries out the processing of data based on a contract, including a contract concluded in accordance with the provisions of law.
(11) deletion of data: making the data unrecognizable in such a way that it is no longer possible to recover them.
(12) data set: all data managed in one record.
(13) third party: a natural or legal person or an entity without legal personality who is not the data subject, the controller or the processor;
4. Legal grounds for data management
The Data Controller shall manage the data of the Data Subjects in accordance with the applicable data protection legislation, based on their consent, and
in accordance with § 13/A of ACT CVIII of 2001 on certain issues of electronic commerce services and services related to the information society
and § 6 of Act XLVIII of 2008 on the basic conditions and certain restrictions of commercial advertising activities.
5. Scope of the data processed; purpose and duration of the data processing
(1) This Privacy Policy covers the processing of personal data only, given that personal data may only be interpreted in relation to natural persons. Anonymous information that is collected by a data controller without the possibility of personal identification and cannot be linked to a natural person are not considered to be personal data, nor is demographic data collected without linking it to the personal data of identifiable persons, thus not relationship with a natural person can be established.
(2) Requesting a quote, sending an online message:
On the website, it is possible to request a price offer or other information related to the services provided by the Service Provider, whereby the following personal data must be provided:
- email address
- name
- phone number
The purpose of data management is to provide personalized service to the Data Subject and to send a price offer to the Data Subject upon request.
Anonymous user ID (cookie)
The website uses a session cookie (small data package), which is valid until the end of the given session, so it is created for the duration of the visit, after which it is automatically deleted from the user's computer. The so-called cookies are necessary for the security of the website, for user-friendly solutions, and for a higher user experience. The use of cookies does not store personal data. Visitors can delete cookies at any time from his/her own computer/browsing device or set his/her browser to block the use of cookies, without which the website will still work, but the user acknowledges that his or her browser will not necessarily provide complete experience afterwards. The session cookie is not able to identify the Data Subject in any way; it is only necessary to identify the Data Subject's computer, it is not necessary to provide a name, e-mail address or any other personal information, as the User does not provide personal data to the Data Controller. and occurs exclusively between computers. The data subject has the option of disabling the placing of a unique identifier (cookie) on their computer by setting their browser accordingly. The Data Subject acknowledges that if he/she disable cookies, some services will not work properly.
Use of social extensions (Facebook, Instagram, Google+)
Extensions on the Portal are disabled by default. Extensions will only be enabled if you click the appropriate button. By enabling the extension, the data subject will connect to the social networking site concerned and gives his/her consent to the transfer his/her data to Facebook /Instagram/Twitter/Linked-in/Google+.
If the Data Subject is logged in to Facebook/Instagram/Twitter/Linked-in/Google+, the social network concerned may associate his/her visit with the Data Subject's social account.
If the Data subject clicks the appropriate button, his/her browser will transmit the relevant information directly to that social network and store it there.
Information on the scope and purpose of data collection, the further processing and use of your data by Facebook/Instagram/Twitter/Linked-in/Google +, and your rights and settings regarding the protection of your personal data can be found in the Privacy Statement of Facebook / Instagram / Twitter / Linked-in / Google + .
Remarketing codes
The Service Provider uses Google Adwords and facebook remarketing codes on the Portal. The remarketing code uses cookies to tag visitors to the Portal.
The cookies installed help the advertisements related to the Service Provider's products and services to be displayed on other websites of the Google Display network and on Facebook that the Visitor of the Portal visits later.
Users can disable cookies at any time and personalize their ads in the Google Ads Preferences interface.
Log files
In order to use the services, the system automatically logs the following data:
- the dynamic IP address of the user's computer
- Depending on the settings of the user's computer, the type of browser and operating system used by the user
- user's activity related to the website
The use of this data is needed for technical purposes, such as the analysis and subsequent verification of the secure operation of the servers, and on the other hand, the Data Controller uses this data to compile page usage statistics and analyze user needs in order to improve the quality of services.
The above data is not suitable for the identification of the user and is not linked to other personal data by the Data Controller.
(3) The Data Controller may process personal data related to the Data Subject for any purpose other than those specified above, in particular to increase the efficiency of its service or for market research, only with the prior determination of the purpose of data processing and with the consent of the Data Subject.
This data may not be linked to the data subject's identification data and may not be passed on to third parties without his/her consent.
The Data Controller is obliged to delete this data if the purpose of data processing has ceased or the Data Subject so orders it to do so.
(4) The Data Controller shall ensure that the User is able to find out for which types of data the Data Controller uses and for what data-processing purposes, including the processing of data that cannot be directly associated with the User, at any time before and during the use of the Service.
(5) In all cases, the legal grounds for the data processing performed by the Data Controller is the consent of the Data Subject.
(6) Duration of data management:
Data processed based on the bdata subject's consent may be processed until the consent is modified or revoked. Upon expiration of the data processing period, the Data Controller is obliged to delete the personal data of the Data Subject.
Data Controller shall store the data related to the orders - including the audio recording made during the phone customer management - for the purpose of proof during possible legal disputes, until the general limitation period, i.e. 5 (five) years.
In order to fulfill the accounting obligations, the Data Controller shall manage the data related to invoicing for 8 (eight) years in accordance with Section § 169 of Act C of 2000, or. in accordance with Section XCII of 2003 on the Taxation Procedure, until the statutory limitation period.
Session IDs are automatically deleted when users leave the web page.
www.bacchushotel.hu does not take responsibility for the pages that have already been deleted, but have been archived by the Internet search engines. These should be removed by the operator of the search engine concerned.
(7) In order to fully implement the services, the Data Controller may transfer certain personal data of the Data Subject to t third party on a temporary basis, with the necessary consent, for the purpose of data processing or data management, in particular:
- if payment is made online via the website, the Data Controller forwards the credit/debit card number required for the payment to the financial institution service provider without retaining it.
- if, in the case of products ordered on the website, the Data Controller provides the partner company contracted for delivery with the product to be delivered and the data necessary for the delivery (delivery name and address). The delivering partner shall be deemed to be a data processor with regard to the delivery details transferred, who may not use this data for purposes other than the performance of the transport.
(8) In order to obtain independent website traffic and other web analytics data, the service provider uses the Google Anatitycs software, therefore Google Inc. acts as a data processor for this data. The Google Inc. Privacy Policy is available at https://policies.google.com/privacy .
Users of the website acknowledge that they have consented to the processing of their data by Google by using the website
(9) When it comes to services in which personal data, such as a credit card number in the case of online payment, must be sent to the User online in order to use the service, the Data Controller shall provide an SSL-based connection providing adequate protection for such messages.
(10) If the Service Provider have certain services and pages of the website operated by a company related to it, the Service Provider's operating partner, acting in the name and on behalf of the Service Provider, collects personal data, which is also subject to the provisions of this Privacy Policy.
(11) If the website maintains a joint service with a content partner, the both have right to use personal data, however, the provisions of these Privacy Policy - in accordance with the rules for data management with the same content prescribed during the contractual relationship with the partner - still apply.
(12) In the case of the data processing specified in paragraphs 7 to 11, the person of the data controller or the data processor shall be clearly indicated during the provision of data or data processing.
By accessing the website and using the website, Users agrees to be bound by the provisions of this Privacy Policy.
Www.bacchushotel.hu treats all data and facts concerning users confidentially, and uses them exclusively for the development of its services, the sale of advertising space and the production of its own research and statistics. Statements made about them are published only in a form that is not suitable for the identification of individual users.
6. Scope of those having access to data, data processors
The personal data provided by the users can be accessed by the employees of the data controller.
Personal data will not be transferred by the data controller to third parties other than those indicated. This does not apply to any mandatory transfers required by law, which can only take place in exceptional cases. Before fulfilling each official data request, the data controller shall verify for each data whether the legal grounds for the data transfer actually exists.
7. Users' rights regarding the processing of their personal data
(1) Data Subject smay request the Data Controller to
a) give information on the process of their personal data,
b) to correct mistakes in their personal data, and
c) erase or block their personal data, exception for mandatory data processing.
(2) At the request of the Data Subject, the Data Controller shall, no later than within 30 days from the submission of the request, provide written information on the data of the Data Subject processed by the Data Controller or processed by the Data Processor assigned by the Data Controller, as well as on their source, and the purpose, legal grounds and duration of data management; the name the address of the data processor, as well as the activities related to data management. In the case of transfers of personal data of the data subject, the legal grounds and the recipient of the transfer are to be provided, too.
The information is free of charge if the person requesting the information has not yet submitted a request for information to the Data Controller for the same area in the current year. In other cases, the Data Controller will establish a reimbursement, adding that the reimbursement already paid must be reimbursed if the data has been processed unlawfully or the request for information has led to a need for correction. The information can be requested at the data controller's mailing address (registered office: 13 Véndeki utca 8300 Tapolca, Hungary.) or at the email address info@bacchushotel.hu.
(3) In order to check the lawfulness of the data transfer and to inform the data subject, the Data Controller shall keep a data transfer register containing the date of the transfer of personal data processed by him, the legal grounds and recipient of the transfer, the definition of the scope of personal data transferred and other data specified by law.
(4) If the personal data does not correspond to reality and the personal data corresponding to reality is available to the Data Controller, the Personal Data will be corrected by the Data Controller.
(5) Personal data must be deleted if
(a) its handling is unlawful;
b) the Data Subject requests it (except for mandatory data processing);
(c) incomplete or incorrect, and this condition cannot be legally remedied, provided that cancellation is not precluded by law;
d) the purpose of the data processing has ceased or the term for the storage of the data specified by law has expired;
(e) it has been ordered by a court or the Authority.
(6) Instead of deleting, the Data Controller shall block the personal data if the Data Subject requests so or if, based on the information available to it, it is presumed that the deletion would harm the data subject's legitimate interests. Personal data blocked in this way may only be processed for as long as the purpose of the data processing precludeing the deletion of personal data exists.
(7) The Data Controller shall flag (mark) the personal data processed by him/her if the data subject disputes its correctness or accuracy, but the incorrectness or inaccuracy of the disputed personal data cannot be clearly established.
(8) The data subject shall be notified of the rectification, blocking, flagging and deletion, and notification shall be sent to all persons to whom the data have previously been transmitted for data processing purposes. The notification may be omitted if it does not harm the legitimate interests of the data subject with regard to the purpose of the processing.
(9) If the Data Controller does not comply with the data subject's request for rectification, blocking or deleting, it shall notify the factual and legal reasons for the refusal of the request for rectification, blocking or deleting in writing within 30 days of receipt of the request. If the request for rectification, deleting or blocking is rejected, the Data Controller shall inform the Data Subject of the possibilities of legal redress and recourse to the Authority.
(10) Data Subjects may object to the processing of their personal data if
(a) if the processing or transfer of personal data is necessary solely for the performance of a legal obligation to the controller or for the enforcement of the legitimate interest of the controller, the recipient or a third party, except in the case of mandatory processing;
(b) where the personal data are used or transferred for the direct acquisition of business, public opinion polls or scientific research; and
c) in other cases specified by law.
The Data Controller - with the simultaneous suspension of data processing - is obliged to examine the protest within the shortest time from the submission of the request, but not later than within 15 days, and to inform the applicant in writing of the result. If the protest is justified, the Data Controller is obliged to terminate the data processing, including further data collection and data transfer, and to block the data, as well as to notify all persons to whom the personal data affected by the protest have previously been transmitted and also inform them about the action taken based on the protest. Those informed this way are obliged to take measures to enforce the right to protest.
If the Data Subject does not agree with the decision of the Data Controller, or if the Data Controller fails to comply with the 15-day deadline, the Data Subject may appeal against the decision at court within 30 days of its notification or the last day of the deadline.
(11) The rights of the Data Subject specified in this Section 5 may be restricted by law in the interests of the external and internal security of the state, such as national defence, national security, prevention or prosecution of criminal offenses, security of execution of criminal sentences, and in the economic or financial interest of the State or municipality, in the significant economic or financial interest of the European Union and in the prevention and detection of disciplinary and ethical breaches of employment and occupational safety and health, including in all cases control and supervision, and to protect the rights of the Data Subject or others.
8. Options for legal remedy
(1) In the event of an Infringement, the Data Subject may seek legal remedy at:
a.) to the Office of the Data Protection Commissioner (22 Nádor u. 1051 Budapest, Hungary),
b.) to the National Data Protection and Freedom of Information Authority
Registered Office: 22/c Szilágyi Erzsébet fasor 1125 Budapest, Hungary
Mailing address: Pf. 5. 1530 Budapest, Hungary
Phone: +36 -1- 391-1400
Fax: +36-1-391-1410
Email: ugyfelszolgalat@naih.hu
c.) at the General Court with jurisdiction competent at the premanent or temporary place of residence or of the Data Subject.
The court is acting out of turn in the case. The Data Controller is obliged to prove the legality of the data processing, and the data recipient is obliged to prove the legality of the receipt of the data.
If the court grants the request, the Data Controller may be instructed to provide the information, to correct, block or delete the data, to annul the decision made by the automated data processing, to take into account the right of the data subject to object, or to It is obliged to release the data requested by the data recipient specified in § 21. of Act CXII of 2011 on Informational Self-Determination and Freedom of Information ("Privacy Act")
If the court, in the cases specified in § 21 of Act CXII of 2011 on Informational Self-Determination and Freedom of Information ("Privacy Act"), rejects the data recipient's request, the data controller is obliged to delete the personal data of the Data Subject within 3 days from the notification of the judgment.
The data controller is obliged to delete the data even if the data recipient does not apply to a court within the time limit specified in Section 21 (5) and (6) of the Privacy Act.
The court may order the publication of its judgment by publishing the identification data of the Data Controller if the interests of data protection and the rights of a larger number of data subjects protected by this Act so require.
(2) The Data Controller is obliged to compensate the damage caused to others by the illegal processing of the data subject's data or the violation of the data security requirements. The Data Controller is also liable to the Data Subject for the damage caused by the data processor. The Data Controller shall be released from liability if it proves that the damage was caused by an unavoidable cause outside the scope of data processing.
The damage shall not be compensated in case it resulted from the intentional or grossly negligent conduct of the injured party.
Users may request information about the handling of their personal information. Upon request, the data controller shall provide information on the data subject's data, the purpose, legal grounds, duration of the data processing, the name and address of the data processor (registered office: 13 Véndeki utca 8300 Tapolca, Hungary) and the activities related to data processing, as well as who and for what purpose receive or have received the data. The information can be requested at the data controller's mailing address (registered office: 13 Véndeki utca 8300 Tapolca, Hungary) or at the email address info@bacchushotel.hu.
The correction and deletion of the user's personal data acan be initiated at the same contact details.
In the event of improper use of the services of the website, as well as at the request of the user, the data relating to the person concerned will be deleted. Deletions will be made within 24 hours of the next business day following the start of the deletion request.
9. Data security measures
The technological background of the hosting required for the operation of the www.bacchushotel.hu website is provided by Harmless Digital Bt. (Registered Office: 65. A ép. 3. Testvérhegyi út 1037 Budapest, Hungary, Tax ID.: 21587195-2-41).
10. Information on privacy threats
The use of the Internet is associated with various threats to privacy.
Please note that the opinion described on the website is personal data, which it is suitable to deduce the special data of the users, even their origins and political opinions. These data will be available to everyone.
We recommend that you use PET (Privacy Enhancing Technology) to protect your personal information. You can find information on this on many websites.