LEVELES Szálloda – és Vendéglátóipari Kft.
4030 Debrecen, Somlyai u. 10.
Cégjegyzékszám: 09-09-002757
Adószám: 11152352-2-09
DETERMINATION OF THE PURPOSE, SCOPE, DATA PROCESSOR OF THE RULES
The purpose of the Data Protection Regulation is the basic rules for data management based on Regulation No. 2016/679 of the European Parliament and the Council (EU) of April 27, 2016 (on the protection of natural persons with regard to the processing of personal data and the flow of such data) definition in order for them to be handled and respected by the data controllers in accordance with the provisions of the legislation. It covers all data management and data processing carried out in Hungary, which refers to the data of a natural person, as well as data of public interest or public data in the public interest.
The regulation was created on the basis of the following effective legislation:
CXIX of 1995 TV. on the management of name and address data for the purpose of research and direct business acquisition
Act CXII of 2011 on the right to self-determination of information and freedom of information.
Regulation 2016/679/EU (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and on the repeal of Regulation 95/46/EC
The Basic Law of Hungary
The regulation was created on the basis of the following effective legislation:
CXIX of 1995 TV. on the management of name and address data for the purpose of research and direct business acquisition
Act CXII of 2011 on the right to self-determination of information and freedom of information.
Regulation 2016/679/EU (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and on the repeal of Regulation 95/46/EC
TV V of 2013 on the Civil Code
TV C of 2012 on the Criminal Code
- TV of 2003 on Electronic Communications
CLXV of 2013 TV. on Complaints and Public Interest Notifications
LIII of 2017 TV. on the prevention and prevention of money laundering and terrorist financing
57/2010. (V. 7.) FVM decree on licensing and notification of the marketing and production of foodstuffs
In the course of its activities, LEVELES Szálloda – és Vendéglátóipari Kft. (hereinafter: Data Controller) does everything possible to protect the personal data in its possession, to comply with the relevant legal provisions, for safe and fair data management.
In all cases, the Data Controller handles the personal data provided to it in accordance with the applicable Hungarian and European legislation and ethical requirements, taking the measures necessary for proper secure data management.
The data controller reserves the right to amend this Privacy Policy as necessary. If this happens, the amended policy will be published publicly.
Basic principles
Personal data can be processed if the data subject gives their consent, or if it is ordered by law or – on the basis of legal authorization, within the scope specified therein – by a decree of the local government.
Personal data may only be processed for specific purposes, in order to apply, exercise and fulfill obligations in accordance with the relevant legislation.
Only such personal data can be processed that are essential for the realization of the goals of data management, suitable for achieving the goal, to the extent and for the time necessary for the realization of the goal.
Pursuant to all of this, LEVELES Szálloda – és Vendéglátóipari Kft. carries out all its activities in accordance with the provisions of these regulations. At the same time, it is recorded that the provisions contained in these regulations are also valid in the Platán Hotel *** (4030 Debrecen, Somlyai u. 10.) store owned and operated by Kft.
Interpretations
Regardless of the procedure used, any operation performed on the data or the set of operations, including, in particular, its collection, recording, recording, organization, storage, change, use, query, transmission, disclosure, coordination or connection, locking, deletion and destruction, and preventing further use of the data, taking photographs, audio or video recordings, and recording physical characteristics suitable for identifying the person.
In relation to clients, based on the anti-money laundering legislation, the main objective is to enforce the principle of purposefulness when handling personal documents. When copying documents for the verification of persons, the Data Controller prepares the declaration of consent in each case, and provides the client with information on the duration and purpose of the registration.
The Data Controller may, in the course of managing the personal data available to him, make use of business-related electronic inquiries with the consent of the customers.
The Data Controller will not provide tax secrets or other documents provided by customers to third parties without the customer’s written consent, except for its obligations as prescribed by law. He shall preserve the business secret he has become aware of and shall not pass it on to third parties.
ersonal data: data that can be associated with any specific (identified or identifiable) natural person (hereinafter: Data Subject), the conclusion that can be drawn from the data regarding the Data Subject.
During data processing, personal data will retain its quality as long as the relationship with the Data Subject can be restored. A person can be considered identifiable in particular if he can be identified – directly or indirectly – on the basis of a name, identification mark, or one or more factors characteristic of his physical, physiological, mental, economic, cultural or social identity.
Consent: the Data Subject’s voluntary and firm declaration of will, which is based on adequate information, and with which he gives his unequivocal consent to the processing of his personal data – in full or covering certain operations.
Objection: the Data Subject’s statement, with which he objects to the processing of his personal data and initiates the termination of data processing or the deletion of the processed data.
Personal data: data that can be associated with any specific (identified or identifiable) natural person (hereinafter: Data Subject), the conclusion that can be drawn from the data regarding the Data Subject.
During data processing, personal data will retain its quality as long as the relationship with the Data Subject can be restored. A person can be considered identifiable in particular if he can be identified – directly or indirectly – on the basis of a name, identification mark, or one or more factors characteristic of his physical, physiological, mental, economic, cultural or social identity.
Consent: the Data Subject’s voluntary and firm declaration of will, which is based on adequate information, and with which he gives his unequivocal consent to the processing of his personal data – in full or covering certain operations.
Data controller: the natural or legal person or organization without legal personality who, independently or together with others, determines the purpose of data management, makes and implements decisions regarding data management (including the device used), or has them implemented with the Data Processor.
Data management: regardless of the procedure used, any operation performed on the data or the set of operations, including in particular collection, recording, recording, organizing, storing, changing, using, querying, transmitting, disclosing, harmonizing or connecting, locking, deleting and destroying, and preventing further use of the data, taking photographs, audio or video recordings, and recording physical characteristics suitable for identifying the person.
Data transfer: making the data available to a specific third party.
Disclosure: making the data available to anyone.
Data deletion: rendering the data unrecognizable in such a way that its recovery is no longer possible.
Data marking: providing the data with an identification mark for the purpose of distinguishing it.
Data blocking: providing the data with an identification mark for the purpose of limiting its further processing permanently or for a specified period of time.
Data destruction: complete physical destruction of the data carrier containing the data.
Data processing: the performance of technical tasks related to data management operations, regardless of the method and tool used to perform the operations, as well as the place of application, provided that the technical task is performed on the data.
Data processor: a natural or legal person, or an organization without legal personality, who processes data on the basis of a contract, including a contract concluded under the provisions of the law.
Data file: the totality of the data managed in a register.
Third party: a natural or legal person, or an organization without legal personality, who is not the same as the data subject, the data controller or the data processor.
EEA state: a member state of the European Union and another state that is a party to the Agreement on the European Economic Area, as well as the state whose citizen is the European Union and its member states, as well as a state that is not a party to the Agreement on the European Economic Area, on the basis of the European Economic Area He enjoys the same legal status as a citizen of a state party to the Territorial Agreement.
Third country: any state that is not an EEA state.
Data protection incident: unlawful handling or processing of personal data, including in particular unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage.
The role of the Data Controller:
During the registration and preservation of the data of employees, customers, principals, guests, partners, and suppliers as necessary, compliance with the requirements of the applicable legal regulations (Mt., Szja tv., Sztv., Air.).
The Data Controller destroys the personal documents copied for the contracts, if the business negotiations that have started do not lead to results.
Preparation of a confidentiality statement – compliance with regulations related to business secrets, written warning of the legal consequences associated with their violation to the parties concerned (employees, business partners, organization providing accounting services).
Limiting employees’ access to customers’ personal data by accurately documenting physical, operational and technical security requirements.
The legal basis for data management is the entrepreneur’s legitimate interest, which is based on a legal requirement, contractual performance obligation, or voluntary consent, which is linked to the goal of being able to prove contractual performance in the event of a legal dispute.
In order to protect the data, it manages (unauthorized access, change, deletion, etc.), the Data Controller, together with the server operators, ensures the security of the data with technical, organizational and organizational measures that provide a level of protection corresponding to the risks associated with data management.
INVOICING: indication of the customer’s address is a legal obligation.
In this case, the legal basis for data management is Eker. Paragraph (2) of § 13/A., based on which LEVELES Kft. can process personal data related to the use of the service for the purpose of invoicing the fees arising from the performance of the service.
The data management used in relation to hosting guests:
In the course of this, all directly or indirectly identifiable natural persons, from the provision of preliminary information until the guest’s departure, or even thereafter, are considered Data Subjects, whose data is managed by the Data Controller.
During the activity, the Data Controller ensures that the Data Subject keeps in contact with him continuously or regularly in various ways and forums. Such e.g. electronic-based contact (e-mail exchange) or contact via other communication channels.
The legal basis for data management is the Data Subject’s voluntary consent. In the event that the Data Controller and the Data Subject conclude an agreement with each other on the use of one of the Data Controller’s services, such as accommodation services, the legal basis for data management may also be based on the conclusion of a contract. Contacting and maintaining contact, thus the processing of the relevant data, may be based on the legitimate interests of the Data Subject, a third party, or the Data Controller, as well as on other legal grounds defined by law: for example, on the basis of applicable law.
Scope of the interested parties: all natural persons, including persons acting on behalf of the organization, who are in continuous or regular contact with the Data Controller beyond the one-time request for information.
The scope and purpose of the processed data, the personal data and contact information of the guests in order to maintain proper contact, financial and other information related to invoicing, but all information that is necessary to meet the service needs of the guests and the Kft. are necessary for
Duration of data management: until the goal is achieved, or if the interest of the data subject or a third party or the fulfillment of an obligation requires it, then after the goal has been achieved, until the interest ceases, or until the obligation is fulfilled. If the duration of data management is mandatorily determined by law on the basis of the method of data management or on another basis, the Data Controller will manage the data for the period specified in the relevant legislation.
Duration of data management: lasts until the expiration of the enforceability of the rights and obligations arising from the legal relationship in connection with which the Data Controller manages the personal data, in relation to data that is included in receipts and the receipt supports the accounting, the duration of data management is Act C of 2000 Based on § 169, paragraph (2), at least 8 years.
Check-in: registration form/guest and tourist register
Upon arrival, before occupying the reserved and confirmed room, the data subject fills out a registration form and/or a document for the guest and tourism register defined by the local government, in which he consents to the Data Controller using the data provided below in accordance with the relevant legislation (in particular with the immigration police, and in the legislation related to tourism tax) for the purpose of fulfilling its obligations, as well as proving fulfillment, as well as identifying the data subject, process it until the competent authority requires the fulfillment of obligations defined in specific legislation
Logging in and filling out the registration form is based on voluntary consent, but it is a condition for using the services. If the Data Subject refuses this, the service cannot be provided.
Scope of stakeholders: every natural person who logs in to the Hotel operated by the Data Controller by entering their personal data and fills out a registration form.
The scope and purpose of the processed data:
name, place and time of birth, address, identity card number, citizenship, dates of arrival and departure – mandatory identification based on legislation
vehicle registration number – for the purpose of vehicle identification
in the case of a business order, company identification
gender (mandatory for non-EU citizens based on legislation) – identification
passport number (mandatory for citizens not based on EU legislation) – identification
visa or residence permit number (in the case of identification of non-EU citizens) – required by law
Date of entry into Hungary (non-EU identification in the case of citizens) – mandatory based on legislation,
The purpose of data management is to ensure full compliance with the legislation (especially the legislation related to immigration enforcement and local tourism tax), the creation of the accommodation service contract, as well as the proof of fulfillment and fulfillment, as well as the possible enforcement of claims and maintaining contact with the data subject.
Based on the authorization of Act C of 1990 on local taxes, based on the decree of the local government on the establishment of tourism tax, data processing is mandatory in relation to name, place and time of birth, address, and citizenship, which are the legal conditions for using the services provided by the Data Controller.
The data controller draws the attention of those concerned that, in view of the CXII of 2011. to the provisions of Section 6, Paragraph 5 of the Act, data voluntarily provided by the data subject for the purpose of fulfilling his obligations arising from tax (especially tourism tax) legislation, as well as for the purpose of asserting his legitimate interests, without the data subject’s further separate consent, and also after the data subject’s consent has been revoked can handle.
Regarding the safekeeping, storage and destruction of paper-based registration forms and other paper-based documents containing data, the Data Controller acts in accordance with these regulations.
Duration of data management: in the case of data required by law, for 5 years from the date of inclusion, in the case of a newsletter, until deletion at the request of the data subject, in the case of other data, until the expiration of the enforceability of the rights and obligations arising from the legal relationship in connection with which the Data Controller processes the personal data, in the case of data that are documents are incurred, and the receipt supports the accounting, the duration of data management is at least 8 years based on Section 169 (2) of Act C of 2000.
DELETE DATA:
The Data Subject may request from the data controller access to the personal data relating to him, their correction, deletion or restriction of processing, and the Data Subject has the right to data portability, as well as the right to withdraw consent at any time.
In the absence of a different agreement, the employee may use the computing device provided by the employer for work exclusively for the purpose of fulfilling the employment relationship. As a general rule, therefore, private use of the workplace infrastructure is prohibited, but the employer may allow this.
In the course of the employer’s inspection, the employer may look into the data related to the employment relationship stored on the computing device used to fulfill the employment relationship.
The purpose of the inspection is to verify compliance with the employer’s provision regarding the use of the e-mail account, as well as to verify the employee’s obligations (Mt.§ 8, § 52).
The manager of the employer or the practitioner of employer rights is entitled to the inspection. If the circumstances of the inspection do not exclude the possibility of this, it must be ensured that the employee can be present during the inspection.
Website contact: www.platanhotel.eu, www.hotelplatan@t-online.hu
RIGHTS OF THE DATA PARTIES
In the course of its activities, the data controller always manages personal data based on legal requirements or voluntary consent. In some cases, the data management, in the absence of consent, is based on other legal grounds or the EU Parliament and Council 2016/679. Regulation no. is based on Article 6 of the GDPR.
The Data Subject may request from the data controller information about the management of his personal data, the correction of his personal data, and the deletion or blocking of his personal data – with the exception of mandatory data management.
At the request of the Data Subject, the data controller shall provide information on the data of the Data Subject managed by it or processed by the data processor commissioned by it or at its disposal, its source, the purpose, legal basis, duration of the data processing, the name and address of the data processor and its activities related to data processing, the circumstances of the data protection incident , its effects and the measures taken to prevent them, and – in the case of forwarding the Data Subject’s personal data – the legal basis and recipient of the data forwarding.
n the event of a violation of their rights, the Data Subject may appeal to the court or the data protection authority against the data controller.
SUPERVISORY BODIES:
Competent District Court – in civil law matters
In the event of a data protection incident or misuse of personal data:
Name: National Data Protection and Freedom of Information Authority
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
Phone: 06-1-391-1400, Fax: 06-1-391-1410
Web: www.naih.hu e-mail: ugyfelszolgalat@naih.hu