GDPR
A www.villaendante.hu has an online booking system that allows you to book accommodation at Villa Endante apartments .
I would like to inform you that in order to make a booking, certain of the personal details described below are required for the booking to be successful.
In connection with the processing of data, the data controller hereby informs you about the personal data processed on the website, the principles and practices followed in the processing of personal data, the organizational and technical measures taken to protect personal data, and the ways and means of exercising data subjects’ rights. I would like to inform you that the recorded personal data will be treated confidentially in accordance with this data protection law and international recommendations.
I would also like to inform you that the legal framework for the processing of personal data will change fundamentally from 25 May 2018, as from that date it will be mandatory for the European Parliament and the Council ( EU ) on the protection of individuals with regard to the processing of personal data and on the free movement of such data. and 2016/679 on the repeal of Regulation (EC) No 95/46 (General Data Protection Regulation). ( hereinafter referred to as the GDPR ).
By booking online through the Website, you agree to be bound by the provisions of this Privacy Statement ( the “Privacy Statement” ).
Basic concepts
- personal data : information relating to an identified or identifiable natural person (data subject) which may be associated with him or her, in particular his or her name, identifying mark and knowledge of one or more physical, physiological, mental, economic, cultural or social identities, and a conclusion to be drawn on the data subject.
- data set : the totality of the data managed in one register;
- data subject : any natural person identified or identifiable, directly or indirectly, on the basis of any information;
- data processing : the performance of technical tasks related to data management operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;
- third party : a natural or legal person or an entity without legal personality who is not the data subject, controller or processor;
- data protection : the set of technologies and organizational methods that enable the integrity, integrity, usability and confidentiality of the data collected;
- privacy incident : a breach of data security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise handled;
- data management : the disclosure, disclosure, retrieval, transmission, distribution or other disclosure of any operation or set of operations on data, irrespective of the procedure used, in particular or making available, harmonizing or linking, restricting, deleting and destroying data and preventing further use of the data, taking photographs, sound or images, and physical characteristics capable of identifying the person (eg fingerprint or palm print, DNA sample, iris image).
- controller ” means the natural or legal person, or any entity without legal personality, who alone or jointly with others determines the purposes for which the data are processed, and makes or implements decisions relating to the processing (including the means used).
- data transfer: making the data available to a specific third party.
- data erasure: making data unrecognizable in such a way that it is no longer possible to recover it.
- Restriction of data processing: marking of stored personal data in order to limit their future processing;
- consent: the voluntary, firm and unambiguous expression of the will of the data subject, based on specific and appropriate information, by which the data subject consents to the processing of personal data concerning him or her, in whole or in part, by means of an unambiguous statement.
Consent shall be deemed to be consent if the data subject selects a check box or makes technical adjustments in this regard when viewing the website or finalizing the booking, as well as any other statement or action that is intended to process the data subject’s personal data in that context. clearly indicates its consent.
- mandatory data processing: if the data processing is ordered by law or – on the basis of the authorization of law, within the scope specified therein – by a decree of a local government for a purpose based on the public interest.
- disclosure: making data available to anyone.
- profiling: any form of automated processing of personal data in which personal data are evaluated in order to assess certain personal characteristics of a natural person, in particular his performance, economic situation, state of health, personal preferences, interests, reliability, behavior, location or movement used to analyze or predict.
II.
Name and contact details of the data controller
Name of data controller: Márta Sombori, authorized employee
Contact details of the data controller:
Address: 4200, Hajdúszoboszló Sport utca 2.
Phone number: +3670 3007300
Email address : villaendante@gmail.com
Purpose of data management
The data controller handles the personal data of the Guests for the following purposes:
- Primarily the z In order to make a reservation in an apartment house, it is necessary to provide certain personal details, which will be detailed later.
- We also need your personal details to issue an invoice for the accommodation.
- It is also important to provide your personal information in order to communicate with the booking so that we can inform you if any of the material circumstances you need to know about occur.
Legal basis for data management
The data controller handles the personal data of the guests on the following legal basis:
- A III. For the purpose of point (a), Article 6 (1) (b) of the GDPR, ie the performance of a contract in which the Guest is one of the parties involved.
- A III. For the purpose set out in point (b), Article 6 (1) (c) of the GDPR, ie the fulfillment of a legal obligation on the controller, namely the obligation on the controller to draw up an invoice.
- A III. For the purpose of point (c), the data will be processed in accordance with Article 6 (1) (a) of the GDPR in order to be properly informed of the relevant circumstances arising from the contractual relationship.
In the event of the need for data processing for other purposes or on other legal bases, the data controller is obliged to inform the data subject individually of all important information and rights related to the data processing to be performed before starting the data processing.
Scope of data processed
The use of the online booking interface on the data controller’s website is not subject to separate registration, however, the following personal data must be provided for the booking:
- Name (surname and first name),
- Phone number,
- E-mail address,
- Billing address.
Duration of data management
The processing of the data regarding the Guest’s telephone number and e-mail address will start from the date of booking and will be deleted after the Guest leaves the Guest House.
With regard to the name and billing address of the Guest, the data will be processed for the period of 8 (eight) years provided for in the Accounting Act, after which the data controller will destroy them.
Data security
The data controller shall take all necessary steps to ensure the security of the personal data provided by the Guests in both the network system and the data during storage and preservation.
The reservation system operating through the data controller’s website has been placed with an external secure hosting provider, which does not have access to the data managed by the hosting provider. The data manager works on a computer protected by a password and antivirus software.
Guest Rights and Enforcement Options
- The Guest is entitled to receive feedback from the data controller as to whether the processing of his / her personal data is in progress, and if so, to receive information about the data processed and all relevant information concerning the data processing.
- The Guest may request that the data controller correct the inaccurate personal data concerning him / her without undue delay. Depending on the purpose of the data processing, you may request that your personal data be supplemented.
- You may request the deletion of your personal data, unless the processing is necessary to fulfill the data controller’s legal obligations or to submit, enforce or protect legal claims. The data controller shall delete the personal data without undue delay if the processing of the data is illegal, incomplete or incorrect, the purpose of the data processing has expired or the storage period has expired or is ordered or deleted by a court or authority to fulfill the legal obligation of the data controller. .
- If the controller processes personal data with the consent of the data subject, the data subject may withdraw this consent. Unless there is another legal basis for the data processing, the data controller shall delete the personal data affected by the revoked consent.
- The Guest has the right to request the data controller to restrict the data processing if
- the Guest disputes the accuracy of the personal data – for the time necessary to verify the accuracy;
- the data processing is illegal, but the Guest objects to the deletion of the data and requests a restriction on its use;
- the controller no longer needs the personal data for the purpose of processing the data, but the data subject requests them in order to submit, enforce or protect his or her legal claim; obsession
- the data subject objects to the processing of his or her data in the public interest or on the basis of a legitimate interest of the controller or of a third party.
During the restriction, the data controller may not use the personal data for purposes other than storage.
- In case of exercising the rights of the Guest, the data controller shall examine the request of the data subject and take the necessary measures and inform the Guest about these and the reasons for non-compliance within one month after receiving the request.
Enforcement
The Guest may send his / her request related to data management to the data controller included in point I, to the address recorded there, or to an e-mail address.
In the event of a breach of his or her rights, the data subject may apply to the court having jurisdiction over the controller’s address or, at his or her choice, the court having jurisdiction over his or her place of residence or, failing that, his or her place of residence.
The Guest may also file a complaint with the National Authority for Data Protection and Freedom of Information (1125 Budapest, Szilágyi Erzsébet Fasor 22 / c ).