Privacy Policy

Data Controller: Thury Dent Kft. (hereinafter referred to as Data Controller)

Address: 8174 Balatonkenese Fő utca 25.

Mailing address: 8174 Balatonkenese Fő utca 25.

Phone: +36 209954540

Email address: hoteldolcevita.ungarn@gmail.com

Company registration number: 19-09-510425

Tax number: 13839772-2-19

Website: www.dolcevitahotel.hu

The Data Controller declares that during data processing, it acts in accordance with the provisions of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: Infotv.).

The Data Controller respects the personal rights of its Guests, and therefore has prepared the following Privacy Policy (hereinafter: Policy), which is available electronically on the Data Controller’s official website and in paper form at the individual hotels.

This Policy provides general guidance on data processing during the services provided by the Data Controller. The method of data processing may differ from the provisions of this Policy in some cases, but the Data Controller will inform the Guest in advance about such deviations and their exact method. For any data processing not included in this Policy, the Data Controller will provide information prior to the specific data processing.

The Data Controller processes personal data solely for a pre-defined purpose, for the necessary period, and for the exercise of rights and fulfillment of obligations. The Data Controller only processes personal data that is essential for the realization of the data processing purpose and is suitable for achieving that purpose.

For the validity of a legal declaration containing the consent of a minor under sixteen years of age, the consent or subsequent approval of their legal representative is required.

In all cases where the Data Controller uses the provided data for a purpose other than the original data collection purpose, it will inform the data subject, request their prior express consent, and provide them with the opportunity to prohibit the use.

During data processing, personal data that comes to the knowledge of the Data Controller may only be accessed by persons acting on behalf of the Company or in an employment relationship with the Company who have a task related to the specific data processing.

 

1. Definitions

 

Data Subject: any specific natural person identified or identifiable – directly or indirectly – based on personal data;

Personal Data: data that can be linked to the data subject – in particular the name, identification mark of the data subject, and one or more pieces of information characterizing their physical, physiological, mental, economic, cultural or social identity –, as well as conclusions that can be drawn from the data regarding the data subject;

Special Category Data: personal data relating to racial origin, nationality, political opinions or party affiliation, religious or other philosophical beliefs, trade union membership, sexual life, as well as personal data relating to health status, pathological addictions, and criminal personal data;

Consent: the data subject’s voluntary and clear expression of their will, based on adequate information, with which they give their unambiguous consent to the processing of personal data relating to them – in whole or for specific operations;

Objection: the data subject’s statement objecting to the processing of their personal data and requesting the termination of data processing or the deletion of the processed data;

Data Controller: the natural or legal person, or organization without legal personality, who or which, alone or jointly with others, determines the purposes of the data processing, makes and executes decisions regarding data processing (including the tools used), or has them executed by a data processor entrusted by them;

Data Processing: any operation or set of operations performed on data, regardless of the procedure used, including in particular collection, recording, organization, storage, alteration, use, retrieval, transmission, disclosure, alignment or combination, blocking, erasure and destruction, as well as preventing their further use, taking photographic, audio or video recordings, and recording physical characteristics suitable for identifying a person (e.g., fingerprint or palm print, DNA sample, iris image);

Data Transfer: making data accessible to a specified third party;

Disclosure: making data accessible to anyone;

Data Erasure: making data unrecognizable in such a way that their recovery is no longer possible;

Data Marking: providing data with an identification mark for the purpose of distinguishing them;

Data Blocking: providing data with an identification mark for the purpose of permanently or temporarily restricting their further processing for a specified period;

Data Processing Activity: performing technical tasks related to data processing operations, regardless of the method and tools used for performing the operations, and the location of the application, provided that the technical task is performed on the data;

Data Processor: the natural or legal person, or organization without legal personality, who or which, based on a contract concluded with the data controller – including the conclusion of a contract based on a legal provision – performs data processing;

Third Party: a natural or legal person, or organization without legal personality, who or which is not the same as the data subject, the data controller or the data processor.

Data Protection Incident: unlawful handling or processing of personal data, including in particular unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage.

Person with Third Country Citizenship: any person other than a Hungarian citizen who is not a citizen of a member state of the European Economic Area, including stateless persons.

European Economic Area (EEA): The member states of the European Union, Iceland, Liechtenstein, and Norway, as participating member states, and Switzerland, as a state with equivalent legal status.

 

2. Purposes of Data Processing

 

 

2.1. Hotel Services

 

In the scope of providing services, all data related to the data subject are processed based on voluntary consent, and the purpose is to ensure the provision of the service, contact, and presentation of the Data Controller’s services. The Data Controller stores the personal data contained in this point for the period appropriate to the current tax and accounting regulations, and deletes them after the expiry of the deadline.

For individual services, it is possible to provide additional data in the comments section, which helps to fully understand the Guest’s needs, but this is not a condition for room reservation and the use of other services.

 

2.1.1. Request for Quotation, Room Reservation

 

In case of online, personal (paper-based) or telephone requests for quotation and room reservations, the Data Controller requests/may request the following data from the Guest:

  • surname,
  • first name,
  • place of residence (address, city, postal code, country),
  • email address,
  • phone number,

 

2.1.2. Registration Form

 

When using individual hotel services, the Guest fills out a hotel registration form, by handing it over to the employees working in the Data Controller’s facility, the Guest consents to the Data Controller processing the following mandatory data for the purpose of fulfilling its obligations specified in the relevant legal regulations (in particular, those related to immigration and tourism tax) for as long as the competent authority can check the fulfillment of the obligations specified in the given legal regulations:

  • surname,
  • first name,
  • address
  • place and date of birth
  • personal identification number
  • citizenship

The provision of mandatory data by the Guest is a condition for using the hotel service.

By signing and submitting the registration form, the guest consents to the Data Controller processing and archiving the personal data indicated on the registration form for the exercise of its rights and the fulfillment of its obligations for the necessary period.

 

2.1.3. Gift Voucher Purchase

 

When purchasing a gift voucher, the Buyer provides the following personal data:

In case of personal purchase:

  • name,
  • billing name and address;

In case of online order via the Data Controller’s official websites:

  • name
  • email address
  • phone number
  • billing name and address
  • delivery name and address
  • name(s) of recipient(s)

The purpose of data processing is to establish contact and deliver the gift voucher.

The personal data thus obtained will be stored by the Data Controller for the period appropriate to the current tax and accounting regulations, and will be deleted after the expiry of such period.

 

2.1.4. Guest Questionnaire

 

Guests can provide their opinion on the Data Controller’s services as part of the quality assurance process applied by the company, through a paper-based guest questionnaire. When filling out the questionnaire, the Guest may provide the following personal data:

  • name;
  • date of visit;
  • room number;
  • contact information (address, email address);

The provision of data is not mandatory; it only serves to ensure the accurate investigation of any complaints and the Data Controller’s response to the guest.

The opinions thus received, and any related data that may have been provided but cannot be traced back to the specific Guest or linked to the Guest’s name, may also be used by the Data Controller for statistical purposes.

Personal data provided by filling out the Guest Questionnaire will be deleted by the Data Controller within 5 (five) working days after the investigation of the complaint. The email address and username provided for using the evaluation system will be deleted by the Data Controller upon the Guest’s request sent to hoteldolcevita.ungarn@gmial.com.

 

2.2. Camera System

 

For the personal and property safety of Guests, cameras operate in the hotels operated by the Data Controller.

By entering the hotel, the data subject consents to the Data Controller making a motion picture recording of them and processing and archiving it for the exercise of its rights and the fulfillment of its obligations for the necessary period (168 hours).

 

2.3. Newsletter

 

The Data Controller sends newsletters only with the consent of the data subject. The data subject gives consent for the newsletter by subscribing on the hotel websites, via email, in paper form, on Facebook or by other means, by providing their name and email address, and by agreeing to receive electronic newsletters from the Data Controller to the email address or Facebook contact provided by them.

The provided personal data will be stored by the Data Controller separately from data provided for other purposes. The Company is entitled to forward the list or data to a third party for the purpose of the recipient receiving comprehensive general or personalized information about the Data Controller’s latest promotions.

The Data Controller processes the personal data collected for this purpose only as long as it wishes to inform the data subject via the newsletter, or until the data subject unsubscribes from the newsletter list.

The data subject can unsubscribe from the newsletter at any time via the link at the bottom of the electronic emails, or by sending an unsubscribe request to hoteldolcevita.ungarn@gmail.com or to the Data Controller’s postal address: 8174 Balatonkenese, Táncsics M.u. 6/a.

 

2.4. Facebook Page

 

The companies operated by the Data Controller are also individually available on the Facebook social portal.

The purpose of data processing is to share exclusive content found on the Data Controller’s websites and content not found there. Through the Facebook page, guests can book a room, participate in prize games, and find out about the latest promotions.

Information about Facebook page data management can be obtained from the privacy policy and rules on the Facebook website, at www.facebook.com.

 

2.5. Prize Game

 

The Data Controller, independently or jointly with others, occasionally organizes prize games for the purpose of introducing the services of a given hotel/hotels.

Participation in the prize game is possible after registration on paper, or online on the Data Controller’s websites or Facebook pages, after providing the following data:

  • first name,
  • surname,
  • place of residence/stay (address, city, postal code, country),
  • email address,
  • phone number,

The purpose of data processing is to establish contact so that the Data Controller can deliver the prize to the winner. Data processing lasts until the end of the prize game; within 15 working days after the end of the prize game, the data processed in this way (with the exception of the winner) will be deleted. The Data Controller stores the winner’s data for the period appropriate to the current tax and accounting regulations, and then deletes them after the expiry of the deadline. In the case of Guests who subscribe to the newsletter and consent to promotional inquiries, the Data Controller will continue to process the above data in accordance with the provisions of point 3.4 of this Policy.

 

2.6. Website Visit Data

 

The Data Controller’s website may also contain links that are not operated by the Data Controller, but merely serve to inform visitors. The Data Controller has no influence on the content and security of websites operated by partner companies and therefore takes no responsibility for them.

 

2.7. Email

 

The Data Controller ensures that anyone can contact Thury Dent Kft. via email. The Data Controller processes messages until the question is answered, after which the emails are archived and stored for 5 years.

 

3. Data Security

 

The Data Controller treats personal data confidentially and does not disclose them to unauthorized persons. Personal data is protected particularly against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction, damage, and unavailability due to changes in the technology used. To ensure the technical protection of personal data, the Data Controller takes all necessary security measures.

The Data Controller’s employees use personal data only to the extent necessary and only for authorized purposes. To ensure this, they have undertaken a duty of confidentiality, which remains in force even after the completion of their activities.

 

4. Data Transfer

 

The Data Controller reserves the right to transfer personal data processed by it to the competent authorities and courts in cases specified by law, even without the data subject’s specific consent, in accordance with their requests.

For the purpose of checking the legality of data transfers and informing the data subject, the Data Controller keeps a data transfer register, which contains the date of transfer of the personal data processed by it, the legal basis and recipient of the data transfer, the scope of the personal data transferred, and other data specified in the legal regulation prescribing the data processing.

The Data Controller reserves the right to transfer personal data processed by it to the competent authorities and courts in cases specified by law, even without the data subject’s specific consent, in accordance with their requests.

 

5. Data Processors

 

A specific list of the Data Controller’s data processors can be requested by sending an email to hotledolcevita.ungarn@gmail.com, which requests the Company will fulfill in writing within 30 (thirty) days.

 

6. Legal Remedies

 

 

6.1. Information

 

Upon a request sent to hotledolcevita.ungarn@gmail.com or to the Data Controller’s name and address (Thury Dent Kft. 8174 Balatonkenese, Táncsics M.u.6/a), the Data Controller will provide information within a maximum of 25 days from the submission of the request – once a year free of charge for identical data, and for a fee thereafter – about the data processed by it or by a data processor commissioned by it, their source, the purpose, legal basis, and duration of the data processing, the name, address, and data processing activity of the data processor, the circumstances and effects of the data protection incident, and the measures taken to remedy it, as well as – in case of transfer of the data subject’s personal data – the legal basis and recipient of the data transfer.

For the purpose of checking measures related to data protection incidents and informing the data subject, the Data Controller keeps a register, which contains the scope of the data subject’s personal data, the scope and number of data subjects affected by the data protection incident, the date, circumstances, and effects of the data protection incident, the measures taken to remedy it, and other data specified in the legal regulation prescribing the data processing.

In case of refusal to provide information, the Data Controller will inform the data subject in writing which provision of which law was the basis for the refusal and will inform the data subject about the possibilities for legal remedy.

 

6.2. Rectification

 

If the personal data does not correspond to reality and the personal data corresponding to reality is available to the Company, the Data Controller will rectify the personal data. The Data Controller will notify the data subject of the rectification, as well as all those to whom the data may have been previously transferred for data processing purposes. Notification may be omitted if this does not prejudice the legitimate interest of the data subject with regard to the purpose of data processing. For rectification upon request, the deadline for handling, and the possibility of legal remedy, the provisions of section 7.1 shall apply.

 

6.3. Erasure and Blocking, Objection

 

For the erasure and blocking of personal data, and objection to data processing, the provisions of Sections 17-21 of the Info.tv. shall apply.

 

6.4. Judicial Enforcement

 

In case of violation of their personal rights, the data subject may turn to the court. The judicial procedure shall be governed by the provisions of Section 22 of the Info.tv., Sections 2:51-2:54 of Act V of 2013 on the Civil Code, and other relevant legal regulations.

 

6.5. Compensation and Damages

 

If the Data Controller causes damage by unlawful processing of the data subject’s data or by breaching the requirements of data security, or violates the data subject’s personality rights, the Data Controller may be liable for damages.

The data controller shall be exempt from liability for the damage caused and from the obligation to pay damages if it proves that the damage or the violation of the data subject’s personality right was caused by an unavoidable cause outside the scope of data processing.

The Data Controller is also responsible to the data subject for damages caused by the data processor and is obliged to pay the data subject the damages due in case of personality rights violation caused by the data processor. The Data Controller is exempt from liability and the obligation to pay damages if it proves that the damage or the violation of the data subject’s personality right was caused by an unavoidable cause outside the scope of data processing. Damage shall not be compensated and damages shall not be claimed to the extent that it resulted from the data subject’s intentional or grossly negligent conduct.

 

7. Other Provisions

 

The Data Controller reserves the right to amend this Policy, and will notify the data subjects of such amendment. The Data Controller does not assume responsibility for the accuracy of the data provided by website visitors or Guests.

For data protection questions, you can always ask for the help of the National Authority for Data Protection and Freedom of Information:1

President: Dr. Attila Péterfalvi2

Mailing address: 1534 Budapest, Pf.: 8343

Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c4

Phone: +36 (1) 391-14005

Fax: +36 (1) 391-14160

www: http://www.naih.hu

Email: ugyfelszolgalat@naih.hu