Privacy Policy

We hereby inform you as the visitor of our website and the user of our services about our data management and data protection regulations.

1. What kind of principles do we follow when managing your data?
   Our company follows the following principles when managing data:
   1. we manage your data in a legal and fair manner, in a way that is transparent for you.
   2. we collect data only for specific, clear and legitimate purposes, and we do not manage them in a way that is incongruous with these purposes.
   3. the personal data collected and managed by us are adequate and relevant to the purposes of data management, and only up to the point of being necessary.
   4. our company will do everything it can in order to ensure that the data is correct and up-to-date, incorrect data will be deleted or corrected immediately.
   5. your personal data will only be stored in a way that ensures that you are identifiable only for as long as it is necessary for the purposes of the goal of the data collection.
   6. we assure the appropriate security of personal data against the unauthorized or unlawful management, accidental loss, deletion or damage of data, by using appropriate technical and organizational measures.

   Our company will  

   1. manage, collect, organize, store and use your personal data only on the basis of your consent based on previous information given to you, and in every case only in the measure necessary and in connection with our goals.
   2. in some cases the management of your data is based on legal regulations and is obligatory, in these cases we will always specifically call your attention to it.
   3. and in some cases the management of your personal data is in the lawful interest of our Company or a third party, for example the operation, development, and security of our website.

   The issuer of the Data Protection Information, who is also the Data Manager:
   Company name: Varga & Family Kft.
   Seat: 8749 Zalakaros, Üdülő sor 4.
   Company Registration Number: 20 09 066693
   Tax number: 13437473-2-20
   Representative: Varga Zoltán
   Phone number: 30 3400 205
   E-mai: info@belenushotel.hu
   Website: www.belenushotel.hu

   (From now on: Company)
   Our company is not obliged to appoint a Data Protection officer under article 37 of the GDPR. Our Data Protection representative is Katalin Friskó.

   Our company employs a data processor for the maintenance and management of our website, who ensures our IT services (hosting service) and within this framework – until the term of the contract with them – manages the personal data submitted onto the website, the action performed by them is the storing of personal data on the server.

   Our IT provider:
   Company name: CRE-ART Stúdió Bt.
   Seat: 8800 Nagykanizsa, Zrínyi út 20/B
   Company Registration Number:20 06 035008
   Tax number: 27697089-2-20
   Representative: Nagy Csaba
   Phone number: 30 959 7972
   E-mail: posta@creart.hu
   Website: www.creart.hu

2. Website visitor data management on the Company’s website – Information on the use of cookies
   (1) Cookies are short data files that the visited webpage places on the user’s computer. The aim of cookies are to make user experience better, and make internet services easier. Based on the directives of the European Commission, cookies can be placed on a user’s device only with their permission [except if they are essential to the use of the service]. (2) The website stores cookies for the use of the visitor side (front-end) and the administration side (back-end) of the site. According to the regulations, there is information about this that pops up at the loading of the site. The life cycle of these cookies is defined by the developer (usually till the closing of the browser but in some cases up to a year). We create website statistics with the use of Google Analytics, which also uses cookies, but does not store or display personal data about visitors.
   The cookies are stored on the computer of the website’s visitor, the data is then read from there at the time of use, and the handling of these can only be done by the visitor. (3) We inform visitors to the website about the use of cookies in the Data Management Information section. With this information section the Company ensures that the visitor can learn, before and during the use of the services connected to the information society, about which data the Company uses for which data handling purposes, including the handling of the data not directly associated with the user..
3. Registering on the Company’s website
   (1) Those natural persons registering on the website can consent to the handling of his/her personal data by ticking the appropriate box. The ticking of the box in advance is forbidden.
   (2) The scope of personal data that can be handled is the following: the name of the natural person (last name, first name), address, phone number, email address, online user ID.
   (3) The purpose of handling of the personal data:
   1. The delivery of services offered on the website.
   2. Correspondence, either by electronic or telephone inquiry.
   3. Providing information on the Company’s products, services, terms and conditions, promotions.

   (4) The legal basis of the data handling is the consent of the user.

   (5) The recipients of the personal data, and the categories of recipients are: the employees of the Company who are responsible for the company’s customer service and marketing activities, and as data processors the employees of the Company’s IT service company who are responsible for providing hosting.

   (6) The time of storage of the personal data: until the existence of the registration/service, or the withdrawal of the consent by the user (request for deletion).

4. Data handling connected to Newsletters 
   (1) The natural person registering for the newsletter service can give their consent for the handling of their personal data by ticking an appropriate box. Ticking the box in advance is forbidden. During the process of registration, the Information of Data Management (annex 2) has to be made available through a link. They can unsubscribe from the newsletter at any time, by using the „Unsubscribe” button in the newsletter, or by making a statement in an email, both of which mean the withdrawal of consent. In these cases, all of the personal data of the subscriber has to be deleted immediately. (2) The scope of personal data to be handled: the name of the natural person (last name, first name), e-mail address.(3) The purpose of handling the personal data: sending of newsletters in the subject of the Company’s product packages and services (4) The legal basis of the data handling: the consent of the user (5) The recipients of the personal data, and the categories of recipients are: the employees of the Company who are responsible for the company’s customer service and marketing activities, and as data processors the employees of the Company’s IT service company who are responsible for providing hosting. (6) The time of storage of the personal data: until the existence of the registration/service, or the withdrawal of the consent by the user (request for deletion).
5. Community Directives / Data Handling on the company’s Facebook page 
   (1) The Company maintains a Facebook page in order to provide information on and promote the Company’s products and services. (2) Questions posted to the Company’s Facebook page do not constitute as an official complaint. (3) Personal information (data) provided by the user on the Company’s Facebook page is not handled by the Company (4) Users (visitors) to the page are subject to Facebook’s Data Protection and Services Terms and Conditions (5) If publishing any unlawful or offensive material, the Company can, without any prior warning, remove them from its members or can delete their comments (6) The Company is not responsible for information content or comments of the users that infringe upon any laws. The Company is not responsible for any errors arising from the activity of Facebook, or from any breakdown or malfunction of Facebook, or any errors arising from any changes in the system.
6. Other Questions of Data Management 
   We can only forward your data according to the conditions defined in the appropriate legal provisions, in the case of our data processors, we have used contractual conditions to ensure that they cannot use your personal data for purposes opposite to which you have given consent. Our company does not forward data to other countries. The Court, the Public Prosecution Office and other Authorities (e.g. police, tax authorities, National Authority of Data Protection and Freedom of Information) can contact our Company for information, the disclosing of data, or the disclosure of documents. In these cases we must oblige with our data disclosure obligations, but only in the measure absolutely necessary for the aims of the request. The employees participating in the data handling of our Company are entitled in a measure that is previously defined – alongside an obligation of confidentiality – to learn about your personal data. We protect your data with appropriate technical and other measures, as well as protecting their safety, ensuring that it is always available, while protecting them from unlawful access, change, damage, or the publication of them and from any other unlawful use. In the framework of organizational measures, in the buildings we are continuously controlling the physical access to data, our employees are continually being trained, and we keep paper- based documents closed away with adequate security. As a part of technical measures, we use encryption, password protection, as well as anti-virus software. We bring to your attention, however, that transferring data through the Internet is not considered a completely safe way of transferring data. Our company will do everything in its power to keep our processes as safe as possible, however, we cannot take complete responsibility for data transmission through our website, but we abide by strict rules in regard to the handling of the data that comes into the possession of our Company for the safety of your data and to avoid any unlawful access to them. With regard to security issues we would like to ask you for your cooperation in keeping your password to our website safe, and not to share that password with anyone.
7. What are you rights and your options of legal remedy?
   You may
   • require information about our data handling,
   • ask for the correction, modification, complementation of your personal data,
   • object against the handling of data and you may ask for the deletion of your data and/or the blocking of your data (except for the obligatory data handling),
   • ask for legal remedy in front of a court,
   • file a complaint at the supervising authorities, and may initiate a legal action (https://naih.hu/panaszuegyintezes-rendje.html).

   Supervising Authority: National Authority of Data Protection and Freedom of Information
   Seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
   Postal address: 1530 Budapest, Pf.: 5.
   Phone: +36 (1) 391-1400
   Fax: +36 (1) 391-1410
   E-mail:ugyfelszolgalat@naih.hu
   Website: https://naih.hu/

   Upon your request, we will provide you with information on your data handled by us, as well as the data processed by the data handlers acting on our behalf. We will provide information on the following

   • your data,
   • the source of your data,
   • the aim and legal basis for collecting this data,
   • the duration of the data storage, and, if this is not possible, then on the factors determining this duration,
   • the name and address of our data processors and their activities in connection with the data handling,
   • about the circumstances of data protection incidences, the effects of these, and about our actions taken to counter and prevent these, as well as
   • in the case of forwarding your personal data, the legal basis of forwarding and the recipient of this.

   We provide you with the information in the shortest time after your request, without any undue delay (but not more than one month). Providing the information is free, except if you have already submitted a request in the same year for the same scope of data. Any fees already paid by you will be reimbursed if we have unlawfully kept your data or if the information resulted in correction. We can refuse information only in cases provided for by the law, with the specification of the law and with information on the possibilities of legal remedy in a court and on the possibilities of turning to the Authorities. Our Company will inform you and anyone else we have forwarded your data to about the correction, blocking, marking or deletion of your data, except in the case that the lack of providing this information does not infringe upon your rightful interests. In the case that we do not fulfill your request to correct, block, or delete your data, we will provide you with the reasons for our rejection within 15 days of receiving the request (but maximum within one month) in writing, or, with your permission: electronically. We will also provide you with information on the possibilities of turning to a court for legal remedy and of turning to the Authorities. If you object to the handling of your personal data, we will consider your objection and will inform you about our decision in writing as soon as possible after receiving your request (but maximum within one month). In the case that we deem that your request is substantiated, we will cease the data handling – including any further collection and transfer of data ¬– we will block the data, and we will inform all those to whom we have forwarded the personal data that is subject to the objection, and who have the obligation to act in the interest of enforcing the right to objection, informing them about the objection and the actions we have taken as a consequence of it. We will reject your request if we can prove that the handling of the data is justified by such constraining legal reasons which have a priority over your interests, rights and freedoms, or which are connected to the presentation, enforcement or protection of legal demands. In case you do not agree with our decision, or if we fail to keep the deadline, you may turn to a court within 30 days after we inform you about our decision, or within 30 days from the last day of the deadline. The judging of data protection lawsuits is under the jurisdiction of the Tribunal, the lawsuit – depending on the decision of the person in question – may be initiated with the Tribunal connected to the person’s place of living or place of residence. A foreign national may also turn to the authorities of his or her supervising authority belonging to their residence.

   We would like to request that before turning to the supervising authorities or court with your complaint, please turn to our Company in order to solve the problem as fast as possible, and for reconciliation.

8. What are the primary normative pieces of legislation that our Company adheres to?
   • the regulation of the European Parliament and Council (EU) 2016/679 on the handling of personal data of natural persons (GDPR)
   • law 212 of 2011 about informational self-determination and informational freedom – (Info tv.)
   • law 5 of 2013 of the Civil Code
   • law 108 of 2001 about certain questions concerning services of electronic commerce and services in connection with informational society
   • law 100 of 2003 about electronic communication
   • law 155 of 1997 about consumer protection
   • law 165 of 2013 about grievances and whistle blowing
   • law 48 of 2008 about the basic conditions of economic advertising and certain limitations of it
9. Modifications to the Information on Data Protection
   Our Company reserves the right to modify the current Information on Data Protection, of which it will adequately inform all the parties involved. Publication of information regarding data handling takes place on the website (www.belenushotel.hu/adatvedelmi-tajekoztato).

 

VARGA & FAMILY Ltd. 2018.