Privacy Policy As data controller And as the operator of a website available at www.budatrioapartments.hu internet address, the
controller informs its users (hereinafter referred to as "the data subject") through this privacy policy that it respects the rights of the person concerned and acts in the processing of personal data under the following data management policy (hereinafter referred to as the "Policy"). the right to change the law. The current version of this privacy policy is available to users on the website.
I. The data controller
name: Prokator Ltd. ('the controller')
Headquarters: 8163 Chick branch, Railway u.1.
Internet contact: http://budatrioapartments.hu/
Registration Number: 19-09-501181
Tax Number: 11325046-2-19Availability: budatrio@gmail.com
II. Information onthe processing of personal data
The controller shall inform the data subject, clearly, comprehensively and in detail, of any facts relating to the processing of his personal data, in particular the purpose, legal basis, data processing and processing of data, the time content of the processing, the fact that the data subject's personal data are subject to the data subject's consent and/or the controller's legal the performance of the obligation or to pursue the legitimate interest of the controller or third party and who may know the data. The information shall also cover the rights and remedies of the data subject in relation to the processing.
Annex III Legal basis, purpose and duration ofthe processing of personal data The data management principles of
Prosator Ltd. are in accordance with the laws in force on data protection, in particular:
- Regulation (EC) No 2016/679 of the European Parliament and of the Council (2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and on the repeal of Regulation (EC) No 95/46 (hereinafter referred to as the "GDPR");
- CXII 2011 Law 2 - on the right to information and freedom of information (hereinafter referred to as "Infotv.")
- Law V of 2013 on the Civil Code ("Ptk.")
- Law C of 2000 on accounting ("Számv.tv.")
- CVIII 2001 Law on certain aspects of e-commerce services and information society services ("Eker. tv.")
- Law C of 2003 on electronic communications ("Eht.")
- Annex XLVIII of 2008 law on certain limitations of economic advertising ("Grt.")
The personal data of the data subject shall be processed only to the extent necessary for the purposes to be set out below. The controller shall examine at each stage of the processing whether it is fit for purpose.
1. Data processing related to the use of the budatrioapartments.hu website1.
Registration Website booking website available at
http://budatrioapartments.hu/ internet address operated by the
controller. During registration, the controller requests/requests the data subject to be provided: surname, first name, telephone number, e-mail address, zip code, settlement, address. The legal basis for the processing is based on the consent of the data subject. The purpose of the processing is to enable the operator to make the apartment available at the desired time and for the duration and to comply with the statutory confirmations. Providing the information requested for registration is an essential condition for booking. The controller transmits the data concerned to the Hungarian Tourism Agency, as this is a legal obligation. It shall also not pass them on to any other third party. Duration of processing: The data are retained by the controller for 5 years in accordance with the accounting law. The data subject shall have the right to withdraw his consent at any time. Withdrawal of consent shall not affect the legality of consent-based processing prior to withdrawal. Withdrawal of consent can be made at budatrio@gmail.com e-mail address. Processors:
Name
|
Home
|
Data processing task
|
3 in 1 Hosting Bt.
|
2310 Szigetszentmiklós, Dévai utca 10/A
|
Provide online storage
|
Péter Borbély self-employed
|
1182 Budapest Garay utca 9/a
|
Admin tasks
|
Fabriczki Katalin
|
1024 Budapest, 5 Bright Elek Street. Case No 103/20 2nd floor 1.
|
Manage order information
|
2. Database and marketing data processing2. User database
The website available at the www.budatrioapartments.hu internet address operated by the controller is an apartment booking system that allows guests to book the accommodations offered. The legal basis for data processing is that the operator is able to comply with the legal conditions relating to accommodation. The purpose of the data processing is to ensure that the operator is able to comply with the legal conditions for accommodation. The controller requests/requests that the data subject be provided/requested to provide the following information: date of birth, gender (male, female), field of expertise, occupation, operating (occupational) place of work. The data processed includes: surname, first name, telephone number, e-mail address, zip code, settlement, address, user unique identifier, booked accommodation ID, arrival date, departure date, number of guests, unique identifier of the reservation in the case of an electronic payment transaction and the result of the reservation value. Duration of data processing: Delete the userData processors:
Name
|
Home
|
Data processing task
|
3 in 1 Hosting Bt.
|
2310 Szigetszentmiklós, Dévai utca 10/A
|
Provide online storage
|
Péter Borbély self-employed
|
1182 Budapest Garay utca 9/a
|
Admin tasks
|
Fabriczki Katalin
|
1024 Budapest, 5 Bright Elek Street. Case No 103/20 2nd floor 1.
|
Manage order information
|
3. Web interface data processing1. Auditing the server
When you visit the www.budatrioapartments.hu Web page, the web server automatically logs the user's activity. The purpose of the data processing is to record visitor data during the visit of the website by the controller in order to verify the functioning of the services, to clarify, supplement visitor searches, to provide personalised service and prevent abuse. The legal basis for data processing is the legitimate interest of the controller to shape the content of the website, to prevent abuse, and to build databases for business and statistical purposes. The data processed includes: session ID, date, time of visit, address of the page you visit, IP address of the user's computer, operating system, and browser type. Duration of data processing: 7 days. Processors:
Name
|
Home
|
Data processing task
|
3 in 1 Hosting Bt.
|
2310 Szigetszentmiklós, Dévai utca 10/A
|
Provide online storage
|
Péter Borbély self-employed
|
1182 Budapest Garay utca 9/a
|
Admin tasks
|
2. Cookies The controller places a
small data package, so-called cookie (cookie) on the user's computer in order to make it work customised to operate on its website, and reads back during a subsequent visit. If your browser returns a previously saved cookie, the controller has the option to link the user's current visit to the previous one, but only in terms of its own content. The purpose of data management is to identify users, distinguish them from each other, identify the current session of users, and store the data provided during it. The legal basis for data processing is the legitimate interest of the controller to identify users and to establish the tailor-made operation of the website. The data processed is user, usercode. The following own cookies help the website to operate:- PHPSESSID to identify the session.- User - to identify the user.- Usercode - to identify the user. The duration of data processing is 30 days, but session cookie (PHPSESSID) is deleted by closing the browser window. Processors:
Name
|
Home
|
Data processing task
|
3 in 1 Hosting Bt.
|
2310 Szigetszentmiklós, Dévai utca 10/A
|
Provide online storage
|
Péter Borbély self-employed
|
1182 Budapest Garay utca 9/a
|
Admin tasks
|
Fabriczki Katalin
|
1024 Budapest, 5 Bright Elek Street. Case No 103/20 2nd floor 1.
|
Manage order information
|
Independent measurement of visitors and other web analytics data on the www.budatrioapartments.hu website is supported by the Google Analytics server as a third-party service provider. For more information on data processing by www.google.com/analytics, please contact http://www.google.com/intl/hu/policies. The document entitled "How Google uses the data when you use a partner's page or app" is available at the following link: http://www.google.com/intl/hu/policies/privacy/partners/A website, the following third-party service providers have placed the following cookies:
Service Provider
|
Cookie Name
|
Google Analytics
|
_ga_gid_gatAMP_TOKEN_gac___utma__utmt__utmb__utmc__utmz__utmv__utmx__utmxx__gaexp
|
The cookie can be deleted from your computer or blocked in your browser. Cookies are usually handled under the Privacy/History/Custom Settings menu in the Tools/Settings menu of browsers, with the name cookie, cookie or tracing.
IV. How personal data are stored, securityof data processing Prosator Ltd. and its processors implement appropriate technical and organisational measures to ensure a level of data security appropriate to the level of risk, taking into account the risk of
varying probability and severity. Guarantee. Prosator Ltd. selects and operates the IT tools used to process personal data in such a way that the data processed:
- accessible to the entitlese (availability);
- credibility and authentication of the data management is ensured (the authenticity of data processing);
- integrity (data integrity);
- protection against unauthorised access (confidentiality of data).
Prosator Ltd. protects the data by appropriate measures in particular through unauthorised access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction, injury and the technique used inaccessibility resulting from the change in change. In order to protect data files electronically managed in its various records, Prosator Ltd. provides an appropriate technical solution to ensure that the stored data cannot be directly linked and may be assigned to the data subject. In view of the current development of the technology, Prosator Ltd. provides technical, organisational and organisational measures to protect the security of data processing that is appropriate to the risks associated with data processing level of protection. Prosator Ltd. retains its
- confidentiality: protects information so that only those who are entitled to do so have access to it;
- integrity: protects the accuracy and completeness of the information and the method of processing;
- availability: ensure that when the authorised user needs it, it can indeed have access to the information you want and that the related tools are available.
Both the IT system and network of Prosator Ltd. and its data management partners are protected from computer-assisted fraud, espionage, sabotage, vandalism, fire and flooding, computer viruses, computer break-ins and denial of service attacks. The operator provides security with server-level and application-level protection procedures. Please inform users that electronic messages transmitted on the Internet are vulnerable to network threats that lead to unfair activity, contract dispute or disclosure or alteration of information, regardless of protocol (POP3, SMTP, HTTP, FTP, etc.). To protect against such threats, the controller shall take all precautions to be expected. Monitors systems to record all security discrepancies and provide evidence for each security incident. System monitoring also allows you to check the effectiveness of the precautions used.
A. The data subject's rights The controller shall inform the data subject through this data management policy that he may, as follows, request access to, correct, delete or restrict the processing of personal data relating to him, and is entitled to data
portability as follows and to protest against the processing of his/her personal data.
1. Right of access
Data Controller shall, at the request of the data subject, provide information on whether his personal data is being processed. The information can be requested by e-mail at the recepcio@.budatrioapartments.hu e-mail address by providing the email address of the data subject. The Controller shall respond in writing to the data controller within one month of receipt of the request as to whether the data subject's personal data are being processed. Where, on the basis of the feedback received from the controller, it can be concluded that the data subject's personal data is being processed, the controller shall provide information on:
- the purposes of the processing;
- categories of personal data concerned;
- categories of recipients or recipients to whom personal data have been communicated or will be communicated;
- the intended period of storage of personal data or criteria for determining the duration;
- providing information on your driving licences for the correction, deletion of personal data, restrictions on the processing of personal data and objection staves against the processing of personal data;
- information on the lodging of a complaint to a supervisory authority;
- providing all available information on the sources relating to the acquisition of personal data if the personal data has not been collected by the controller from the data subject.
2. Right to rectification
The data controller shall, at the request of the data subject, correct inaccurate personal data relating to the data subject without undue delay if the data subject has provided the relevant data in the request or supplements the incomplete personal data in the context of the processing, provided that the data subject has provided the missing data in an additional statement. The request may be submitted by e-mail at the budatrio@gmail.com e-mail address by entering the email address of the data subject. The controller shall inform the person concerned of the action taken by e-mail no later than one month after receipt of the request.
3. Right to erasure
The data controller shall, at the request of the data subject, delete the personal data relating to the data subject without undue delay if there is one of the following reasons:
- personal data is no longer restricted for the purpose for which it was collected or otherwise processed;
- the data subject has withdrawn his consent to the processing of his personal data and there is no other legal basis for the processing;
- personal data have been unlawfully processed;
- personal data must be deleted in order to fulfil the legal obligation of the controller.
Personal data may not be deleted if it is necessary to process it for the following reasons:
- the processing of personal data for the purpose of carrying out the task of fulfilling the legal obligation on the controller;
- to bring, enforce or defend legal claims.
The request for deletion may be submitted by e-mail at the recepcio@budatrioapartments.hu e-mail address by entering the email address of the data subject. The controller shall inform the person concerned of the action taken by e-mail no later than one month after receipt of the request.
4. Right to restriction
The data controller shall, at the request of the data subject, limit the processing without undue delay if one of the following reasons exists:
- the data subject disputes the accuracy of the personal data (in this case the duration of the restriction is the time of verification by the controller);
- the processing is unlawful, but the data subject requests restrictions on the use of the data instead of deleting it;
- the controller no longer needs personal data for the purposes of data processing, but the data subject requires them to pursue and defend legal claims;
- the data subject objects to the processing necessary to pursue the legitimate interest of the controller or third party (in this case the duration of the restriction is the time to determine whether the legitimate reasons of the controller take precedence over the legitimate reasons for the data subject).
Where the processing is subject to the above limitation, such personal data, with the exception of storage, shall be limited to the consent of the data subject, to the submission, enforcement or protection of legal claims, in order to protect the rights of another person, and can be treated in the public interest.
The request for limitation may be submitted by e-mail at the recepcio@budatrioapartments.hu e-mail address by entering the email address of the data subject. The controller shall inform the person concerned of the action taken by e-mail no later than one month after receipt of the request.
5. Right to data portability
At the request of the data subject, the data relating to him which he has provided to the controller shall be sent to the data subject (or to another controller designated by the data subject) in a widely used machine-readable format. where the legal basis for processing is based on voluntary consent or the conclusion of a contract, the performance of a contract and the processing is made in an automated manner.
An e-mail request for the submission of data in machine-readable form may be submitted by e-mail at the budatrio@gmail.com e-mail address by entering the e-mail address of the data subject. The controller shall inform the person concerned of the action taken by e-mail no later than one month after receipt of the request.
6. Right to protest
At the request of the controller, the data subject, in which the data subject objects to the processing necessary to exercise the legitimate interest of the controller or third party for the reasons explained in relation to his or her situation, the controller shall not will be treated further.
The controller may, after the application, prove that the processing is justified by legitimate reasons which take precedence over the interests expressed by the data subject or which are used to bring and pursue legal claims or protection of the environment.
The objection can be e-mailed to the budatrio@gmail.com e-mail address by entering the email address of the data subject. Data controller from the date of receipt of the request within one month at a later date, it shall inform the person concerned of the action taken.
7. Automated decision-making in individual cases
The data subject shall have the right not to be covered by a decision based solely on automated processing which would have legal effect on him or would be similarly significantly affected. The request may be submitted by e-mail at the recepcio@budatrioapartments.hu e-mail address by entering the email address of the data subject. The controller shall inform the person concerned of the action taken by e-mail no later than one month after receipt of the request.
The controller shall provide the requested information and information free of charge. If the data subject is referred to in paragraphs 1 to 6 above, the paragraphs 2015 are clearly unfounded or excessive, in particular because of its repetitive nature, by the controller, taking into account the administrative costs of providing the information or information requested or taking the action requested. a reasonable fee or refuse to take action on the basis of an application.
The controller may refuse to grant the information referred to above paragraphs 1 to 6 above. if it proves that the person concerned is not in a position to identify it.
If the controller is able to identify the data subject but has reasonable doubts that the application originates from the person concerned, the applicant may invite the applicant to prove his identity.
Where necessary, taking into account the complexity of the application and the number of applications referred to in paragraphs 1 to 6 above, the applicant shall be subject to the following conditions: the one-month period laid down in paragraph 1 may be extended by a further two months. The time limit shall be extended by the controller, indicating the reasons for the delay, within one month of receipt of the request. If the data subject has submitted the application electronically, the information shall be provided electronically, unless otherwise requested by the data subject.
If the controller does not take action following the request of the data subject, he shall inform the data subject without delay and at the latest within one month of receipt of the application of the reasons for the non-action and of the fact that the complaint concerned to a supervisory authority and exercise the right to judicial redress.
The controller shall inform any addressee who has made any corrections, deletions or limitations to the processing with whom the personal data has been communicated, unless this proves impossible or disproportionately high Effort. At the request of the data subject, the controller shall inform these addressees.
The controller shall provide the data subject with a copy of the personal data subject to the processing
forging it. For further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. If the data subject has submitted the application electronically, the information shall be made available in electronic format, unless otherwise requested by the data subject.
VI. Handling and reporting data breaches
Data controller shall report to the supervisory authority without undue delay, but not later than 72 hours after the data breach has become aware, of the data breach, unless the data breach is unlikely to risk to the rights and freedoms of natural persons. If the notification cannot be made within 72 hours, the reason for the delay shall be indicated therein. Notification to the supervisory authority shall contain at least the following information:
- the nature of the data breach, the categories of data subjects and the approximate number;
- the name and contact details of the contact person;
- the likely consequences arising from the data breach;
- measures taken or planned to deal with, troubleshoot and remedy a data breach.
Data protection incidents are recorded by the Data Controller to monitor the measures relating to the data breach and to inform the data subjects. The register shall contain the following information:
- relevant facts related to the incident;
- the circumstances and effects of the data breach;
- measures taken to remedy the data breach.
The data in the register shall be retained by the data controller for 5 years from the date of detection of the data breach.
If a data breach is likely to present a high risk to the rights and freedoms of natural persons, the controller shall, at the latest 72 hours after becoming aware of the incident, information on the data breach, in which it describes the nature of the data breach, the name and contact details of the contact person, the likely consequences of the data breach and describethe measures taken or planned to deal with a data breach.
VII. Appeal
The data subject shall have the right to lodge a complaint with the competent supervisory authority if the controller infringes the provisions of the GDPR when processing the data relating to him. You can make a complaint to the National Data Protection and Freedom of Information Authority.
Name: National Data Protection and Freedom of Information Authority
Headquarters: 1125 Budapest, Elisabeth Szilágyi tree line 22/C.
T: +36 (1) 391-1400.
E: ugyfelszolgalat@naih.hu
The data subject may refer the controller to court in the event of a violation of his rights. The competent court shall be the tribunal of the place of residence or residence of the person concerned.