Pivacy policy

ÖREG-TÓ HOTEL Korlátolt Felelősségű Társaság

Data controller

Name: ÖREG-TÓ HOTEL Limited Liability Company Headquarters: 2890 Tata, Fáklya utca 4.

Company registration number: 11-09-011942

Tax number: 13817291-2-11

Address of actual data management: 2890 Tata, Fáklya utca 4.

Internet availability: https://www.oregtohotel.hu/

Phone number: +36 34 487 960, +36 30 756 6116

E-mail: recepcio@oregtohotel.hu

Website: https://www.oregtohotel.hu/

Independently represented by: Kiss Júlia

Introduction

The Data Controller attaches great importance to the protection of personal data and continuously ensures the security of personal data. The Data Controller complies in all respects with the data protection provisions of the applicable legislation and with the General Data Protection Regulation 2016/679 of the European Parliament and of the Council.

This data management information can be found on the Data Controller's website. The Data Controller may change the content of this information at any time, informing the data subjects in due time.

Definitions

Data subject: any natural person identified or identifiable, directly or indirectly, on the basis of personal data, e.g. employee, a natural person applying for a job offer, a natural person using the services of the Data Controller.

Personal data: any information relating to an identified or identifiable natural person (ie the data subject); identify a natural person who, directly or indirectly, in particular by an identifier such as name, number, location, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable.

Specific data: all data belonging to special categories of personal data, ie personal data referring to racial or ethnic origin, political opinion, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data for the unique identification of natural persons, health data and personal data relating to the sexual life or sexual orientation of natural persons.

Data set: the totality of the data managed in one register.

Consent: the voluntary and firm expression of the will of the data subject, based on adequate information and giving his or her unambiguous consent to the processing of personal data concerning him or her, in whole or in part.

Data controller: a natural or legal person or an organization without legal personality who, alone or together with others, determines the purpose of data processing, makes and implements decisions on data processing (including the means used) or implements it with a data processor entrusted by him. . Pursuant to these Regulations, the Data Controller shall person specified in Chapter.

Data management: any operation or set of operations on data, regardless of the procedure used, in particular their collection, recording, recording, systematisation, storage, alteration, use, interrogation, transmission, disclosure, coordination or linking, blocking, erasure and destruction, and to prevent further use of the data, to take photographs, sound or images and to record physical characteristics capable of identifying the person.

Restriction on data management: marking of stored personal data in order to limit their future processing.

Profiling: any form of automated processing of personal data in which personal data are evaluated for the purpose of assessing certain personal characteristics of a natural person, in particular performance, economic status, health, personal preferences, interests, reliability, behavior, location or movement. used to analyze or predict.

Pseudonymisation: the processing of personal data in such a way that it is no longer possible to determine to which specific natural person the personal data relate without the use of additional information, provided that such additional information is stored separately and technical and organizational measures are taken to ensure that this personal data may not be linked to identified or identifiable natural persons.

Data transfer: making the data available to a specific third party.

Data processing: the performance of technical tasks related to data management operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data. Eg performing legal advisory tasks.

Data erasure: making data unrecognizable in such a way that it is no longer possible to recover it.

Data blocking: the identification of data to limit their further processing permanently or for a specified period of time.

Data Destruction: The complete physical destruction of the data carrier. Eg shredding a document, destroying a hard drive.

Recording system: a file of personal data in any way, centralized, decentralized or functional or geographically, which is accessible according to specific criteria.

Third party: a natural or legal person or entity without legal personality who is not the same as the data subject, the controller or the processor, or persons who have been authorized to process personal data under the direct control of the controller or processor.

Privacy Incident: A security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access to personal information that is transmitted, stored, or otherwise handled.

Partner: legal entities using the services of the Data Controller under a contract and / or facilitating the performance of the Services of the Data Controller (performance assistant), unincorporated companies to which the Data Controller transfers or may transfer personal data with the consent of the data subject, or They perform or may perform activities for the data controller to facilitate data storage, processing, related IT and other secure data management;

Employee: a natural person in an employment, employment or other legal relationship with the Data Controller, who is entrusted with the task of providing and performing the services of the Data Controller and who comes into contact with or may come into contact with personal data during his data management or data processing tasks. personnel and third parties.

Data owner: the Employee to whom the data was generated and / or who has the right to access the data, and / or to whom the data was transmitted by another data controller or a third party, and / or to whom the data came into their possession in any other way.

Website: the portal and all its sub-pages operated by the Data Controller.

Social site: the online platform maintained by the Data Controller.

Data management principles:

"Purpose limitation principle": Personal data may only be processed for a specific purpose, in order to exercise a right and fulfill an obligation. At all stages of data processing, it must be appropriate to the purpose of the data processing, and the recording and processing of data must be fair and lawful.

Principle of "lawfulness, fairness and transparency": Personal data must be processed lawfully and fairly and in a way that is transparent to the data subject.

Principle of "proportionality, necessity" or "data saving": Only personal data which is essential for the purpose of the processing and suitable for that purpose may be processed. Personal data may only be processed to the extent and for the time necessary to achieve the purpose. Accordingly, the Data Controller handles only and exclusively data that is absolutely necessary.

Principle of "accuracy": The processing must ensure the accuracy, completeness and, where necessary, the up-to-dateness of the data, and that the data subject can only be identified for the time necessary for the purpose of the processing.

Principle of "limited storage": Personal data must be stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for a longer period only if the personal data will be processed for archiving in the public interest, for scientific and historical research purposes or for statistical purposes in accordance with Article 89 (1) of EU Regulation 2016/679, subject to the implementation of appropriate technical and organizational measures to protect the rights and freedoms of data subjects.

“Integrity and Confidentiality” Principle: The Data Controller shall ensure the prevention of accidental or unauthorized destruction or loss, as well as unauthorized access, alteration or distribution, by applying appropriate security measures to protect personal data stored in automated data files.

Principle of “Accountability”: The Data Controller is responsible for compliance with the provisions of the above paragraphs and the Regulations, and must be able to demonstrate such compliance.

“Privacy by design” principle: a very conscious data protection mindset, which means, in very brief terms, that the Data Controller implements appropriate technical and organizational measures, such as pseudonymisation, when defining the way of data management and during data management. fulfillment of obligations, incorporation of legal guarantees, etc. and does so in a regulated and detailed manner. In practice, the way of thinking is facilitated by the training of employees, their data protection awareness, as well as the impact assessment, risk analysis and interest balance test used during the introduction and / or regular review of individual data treatments.

Personal data retains this quality during data processing as long as its connection with the data subject can be restored. The connection with the data subject can be restored if the data controller has the technical conditions necessary for the restoration.

The purpose, legal basis and scope of the processing of personal data

General provisions related to each data management activity, the use of the services provided by the Data Controller and data management based on the contractual relationship between the Parties

As a general rule, the management of all data related to the data subject in the data management activities and services provided by the Data Controller is based on voluntary consent, and the general purpose is to ensure the provision of the service and to keep in touch.

The above general rule is supplemented by the data processing required by law, of which the Data Controller informs the data subjects during the definition of each data processing.

As a general rule, you should:

for some services it is possible to provide additional data that will help to fully understand the needs of the data subject, however, these are not conditions for the use of the services provided by the Data Controller.

personal data provided during any data management activity is stored by the Data Controller in separate data files, separately from other provided data. These data files may only be accessed by the Authorized Employee (s) of the Data Controller.

the modification, erasure and / or blocking of data recorded or stored in the course of any data management activity and the request for detailed information on data management are covered by Annex IV / 1. You can do so by sending a request to the e-mail address indicated in point 1, if no other contact details are specified in the definition of the given data management activity.

The Company may manage the name, birth name, date of birth, mother's name, address, tax identification number, tax number, entrepreneurial, primary producers of the contract between the parties for the purpose of concluding a contract or legal transaction, and ID card number, ID card number, personal identification number, residential address, registered office, site address, telephone number, e-mail address, website address, bank account number, customer number.

Such data processing is also considered lawful if the data processing is necessary to take steps at the request of the data subject (eg request for quotation) before concluding the contract. The controllers of personal data are the front-office and back-office employees of the Company performing customer service-related tasks, the employees performing accounting and tax tasks, and the data processors. Duration of storage of personal data: 5 years after the termination of the contract.

The data subject must be informed before the start of the data processing that the data processing is based on the title of performance of the contract, that information may also take place in the contract. The data processing consent related to the contract concluded with a natural person is included in the annex to these regulations.

Contact details of natural person representatives of legal entity customers, buyers, suppliers:

The range of personal data that can be managed: the name, address, telephone number, e-mail address and online ID of the natural person.

The purpose of the processing of personal data: fulfillment of the contract concluded with the Company's legal entity partner, business relations, legal basis: the consent of the data subject.

Duration of storage of personal data: 5 years after the existence of the business relationship or the status of the representative concerned.

Marketing data management

Send newsletter

The data subject may subscribe to the newsletter before or during the use of the services or in any other way with the data specified below.

Subscribing to the newsletter is based on voluntary consent.

Stakeholders: All natural persons who wish to be regularly informed about the Data Controller's news and therefore subscribe to the newsletter service by providing their personal data.

Scope and purpose of the data processed:

  • name -identification
  • email address- to send a newsletter

The purpose of the data management related to the sending of the newsletter is to provide the recipient with full general or personalized information about the latest events, news and special products of the Data Controller.

The newsletter is sent by the Employee entrusted with this task.

A newsletter will only be sent with the prior consent of the data subject.

The Data Controller will only process the personal data collected for this purpose until the data subject has unsubscribed from the newsletter list or provided confirmation.

The data subject may unsubscribe from the newsletter at any time, at the bottom of the e-mails and in accordance with Annex IV / 1. by sending a cancellation request to the e-mail address specified in You can unsubscribe by mail to the registered office of the Company.

The Data Controller reviews the newsletter list every three years and requests confirmatory consent to send the newsletter after three years. The Data Controller deletes the data of the data subject who does not give confirmatory consent from the data file.

Duration of data processing: at the request of the data subject until cancellation or if the data subject does not give further consent.

The data controller keeps statistics on the readings of the sent newsletters.

The subscriber can subscribe to the feed published on social media, especially on the Facebook page, by clicking on the "like" link on the page, and by subscribing to the "dislike" / "dislike" link on the same page. Use the settings to delete unwanted feeds that appear on the message board. You can find out about the feeds of social networking sites, subscriptions and subscriptions, and the data management of the given social networking site on the social networking site.

Presence and marketing on social media:

The data manager is available on the Facebook social portal as well as other social networking sites.

The use of social networking sites, in particular the Facebook page, and the contact, contact and other operations permitted by the Data Controller through the Data Controller are based on voluntary consent.

Stakeholders: Natural persons who voluntarily follow, share or like the Data Controller's social pages, in particular the page on facebook.com or the content that appears on it.

Scope and purpose of data processed:

  • identification of the public concerned
  • affected public photo identification
  • concerned public email address contact
  • keep in touch with the message sent on the affected social site
  • involved in the evaluation of quality improvement

The Data Controller communicates with the data subjects via the social network only if the purpose of the scope of the processed data becomes relevant if the data subject contacts the Data Controller via the social network.

The purpose of presence on social portals, especially Facebook, and the related data management is to share, publish and market the content on the website. With the help of the social site, the person concerned can be informed about the latest promotions.

Based on the terms and conditions of the social site, the data subject voluntarily consents to following and liking the contents of the Data Controller.

The data subject may evaluate the Data Controller in text and number if the social network allows it.

You will also publish pictures / videos of the various events, the services of the Data Controller, etc. on the social operator's social media page, especially on the Facebook page. The Data Controller may link the Facebook page to other social networking sites in accordance with the rules of the facebook.com social portal, so publication on the Facebook page shall also mean publication on such linked social networking sites.

If it is not a mass recording or a recording of a public performance (Section 2:48 of the Civil Code), the Data Controller will always ask for the written consent of the data subject before publishing the images.

You can get information about the data management of the given social site on the given social site.

Duration of data processing: until canceled at the request of the data subject.

Website traffic data:

A IV / 1. When you visit the website indicated in point 1, the web server does not record user data.

The Data Controller's website may also contain links to pages that are not operated by the Data Controller, but only to inform visitors. The Data Controller has no influence on the content and security of the websites operated by the partner companies and is therefore not responsible for them. Please review the Privacy Policy and Privacy Statement of the sites you visit before providing any information on that site in any form.

The data controller uses the following cookies:

Essential cookies: Such cookies are essential for the proper functioning of the website. Without accepting these cookies, the Data Controller cannot guarantee that the website will function as expected, nor that the user will have access to all the information sought by the user. These cookies do not collect personal data from the data subject or data that can be used for marketing purposes.

Functional cookies: These cookies ensure the consistent appearance of the website tailored to the needs of the person concerned and remember the settings chosen by the person concerned.

Targeted cookies: Targeted cookies ensure that the advertisements displayed on the website are tailored to the interests of the person concerned.

The Data Controller places a set of codes on the Website, or any sub-page thereof, the purpose of which is to make the Data Controller's advertisement available to the user visiting that Website while browsing Google's Web sites and / or to the Data Controller or the Data Controller's services. search on Google. The code set does not collect, store or transmit personal data. For more information on using and operating the code set, visit http://support.google.com.

Based on all this, the Data Controller does not use analytical systems to collect personal data.

The data controller draws users' attention to the fact that most Internet browsers automatically accept cookies, but visitors have the option to delete them or reject them automatically.

Customer database:

On the website, the registering natural person can consent to the processing of his / her personal data by ticking the appropriate box. It is forbidden to check the box in advance.

The scope of personal data that can be managed: the name (surname, first name), address, telephone number, e-mail address, online ID of the natural person.

The purpose of processing personal data is:

Performance of services provided on the Website.

Contact, electronic, telephone, SMS, and mail inquiries.

Information about the Company's services, contract conditions, promotions.

The legal basis for data processing is the consent of the data subject.

A személyes adatok címzettjei, illetve a címzettek kategóriái: a Társaság ügyfélszolgálattal, marketing tevékenységével kapcsolatos feladatokat ellátó munkatársai, adatfeldolgozóként a Társaság IT szolgáltatója tárhelyszolgáltatást végző munkatársai.

Duration of storage of personal data: until the registration / service exists or the data subject's consent is revoked (request for deletion).

Operational data management Information request

The Data Controller allows data subjects to request information from the Data Controller by providing their details detailed below.

The request for information is based on voluntary consent.

Stakeholders: Any natural person who contacts the Data Controller and requests information from the Data Controller in addition to providing his or her personal data.

Scope and purpose of data processed:

  • address -identification
  • name -identification
  • address -contact
  • phone number- contact
  • email address -contact
  • message text is required to reply

The purpose of data management is to provide the data subject with appropriate information and to keep in touch.

The activity and process involved in data management is as follows: The data subject may consult with the Data Controller about the services, products and / or other related issues of the Data Controller in a manner provided to him / her by the Data Controller. The data provided to the data controller via the website will be sent by e-mail. The Data Controller will answer the data subject's question through the Employee entrusted with this task and will forward it to him / her - in the same way as the information request was received, if the data subject does not provide otherwise. In accordance with the purpose of the data processing, the data subject voluntarily consents to the Data Controller contacting him / her during the request for information in order to clarify or answer the question.

Duration of data management: until the goal is achieved.
Management of job advertisers' data

The Data Controller allows the data subject to apply for the job application announced by him / her in the way or in the manner specified in the job application (eg on an electronic or paper basis). Unsolicited applicants will also be selected.

In the case of CVs containing personal data received for the purpose of applying for a job, the Data Controller does not differentiate between the method of their arrival: CVs received on paper and electronically are subject to the same treatment.

The Company also stores the data of the applicants for admission electronically and / or in a lockable archive on paper.

The personal data of job applicants can be accessed by the Management of the Data Controller and the HR staff.

Applying for a job application is based on voluntary contribution.

Stakeholders: Any natural person who applies for a job application announced by the Data Controller or submits his / her CV to the Data Controller.

Scope and purpose of the data processed:

  • name- identification
  • place of birth, time- identification
  • email address- contact
  • address -contact
  • name of the position applied for- identification of the application
  • a list of previous work experience is required to assess the position, to select a staff member with the appropriate competence
  • education is required to assess the position, to select a staff member with the appropriate competence
  • knowledge of a foreign language is required to assess the position and to select a staff member with the appropriate competence
  • special data: PL: health data, medical data of a person with altered working capacity required for the assessment of the position, selection of a staff member with the appropriate competence
  • other data indicated in the submitted CV are necessary for the assessment of the position and the selection of a staff member with the appropriate competence
  • a letter of motivation sent is required to judge the position, to select an employee with the appropriate competence
  • an indication of consent to the processing of the data for a period of 2 years after the application, if the data subject does not obtain admission is necessary for the legal basis of further data processing in case of non-selection

The purpose of data management is to apply for a job application, to participate in the selection procedure, to fill the advertised position and to keep in touch.

Activity and process involved in data management:

The head of the relevant organizational unit is responsible for the selection of the appropriate employee, so he / she is obliged to ensure the rights of the data subjects during the performance of his / her tasks related to the present data management.

The data subject submits his / her data to the Data Controller in the manner specified in the job application or for the purpose of interest.

The application is typically, but not exclusively, made by sending data electronically via e-mail.

During the selection process, the data controller examines the applications and, on the basis of the comparison, invites the most suitable persons for a personal interview.

The selection process continues with a personal interview and, where appropriate, a professional test.

The selection ends with a contract with the most appropriate stakeholder.

The Data Controller will indicate the result of the selection to the applicants concerned and ask the non-selected applicants for their consent (Annex) to fill the same or similar or equivalent job according to the competencies of the data subject for a further 2 years after the application.

The Data Controller may also process the data of non-selected data subjects only if those data subjects have specifically consented to it and requested it in a separate, verifiable manner. The data controller shall link and store such consents to the data.

The data subject acknowledges that if he / she has provided a reference person when applying for a job, this data controller may be contacted by the Data Controller in order to verify the data subject's professional experience.

The data subject acknowledges that the Data Controller may view the information created for the data subject on the social media site of the data subject. If the data on the Internet becomes part of the evaluation, the Data Controller must provide an opportunity for the data subject to get to know and discuss them.

Duration of data management: until the goal is achieved, ie until the advertised position is filled, until the conclusion of the employment contract, or until 2 years after the application with the consent of the data subject, or until the data subject requests cancellation in the meantime.

Customer service

The Company may record telephone communications with its customer service and employees by voice recording for the purpose of providing services and informing about it. The legal basis for this data processing is the consent of the data subject.

The recording of the sound must be notified at the beginning of the call and consent must be sought.

When recording telephone conversations, we store the following data: telephone number, time of the call, voice recording of the recorded conversation, personal data provided during the conversation.

Recipients of personal data and categories of recipients: employees of the Company performing customer service tasks.

We keep phone conversations for 5 years. Recorded audio can be retrieved by phone number and date of the conversation.

Complaint handling:

The Data Controller provides an opportunity for the data subject to communicate his / her complaint about the ordered product and / or the Data Controller's conduct, activity or omission orally (in person, by telephone) or in writing (by e-mail, post).

Stakeholders: Any natural person who wishes to complain about the activities of the Data Controller.

Scope and purpose of the data processed:

Identification of the data subject and the complaint and recording of data resulting from the legal obligation.

The purpose of data management is:

The purpose of data management is to ensure that a complaint is made and to keep in touch.

Activity and process involved in data management:

The data subject shall communicate his complaint orally or in writing to the Data Controller.

If the data subject makes his complaint orally, the Data Controller shall record it.

The Data Controller will investigate and respond to the complaint received within a reasonable time.

Duration of data management:

The Data Controller is a consumer protection CLV of 1997. Pursuant to Section 17 / A (7) of Act no.

Rights of data subjects

The Data Controller informs the data subjects that they can exercise their rights in person or by sending a request to the e-mail address or postal address of the Company, or they can also request information at these contact details.

The Data Controller shall examine and respond to the statement as soon as possible, but within a maximum of 25 days, and shall take the necessary steps in accordance with the provisions of the statement, the Regulations and the law.

Right of information, also known as the "right of access" of the data subject: at the request of the data subject, the Data Controller shall provide information to:

  • the data it manages and the categories of personal data it handles,
  • the purpose of the data management,
  • the legal basis for data processing,
  • the duration of the data processing,
  • the period for which the data will be stored or, if that is not possible, the criteria for determining that period,
  • if the data were not collected from the data subject, information on their source,
  • where appropriate, automated decision-making, including profiling, and logical and comprehensible information on the significance of such data processing and the expected consequences for the data subject,
  • the data of the data processor, if you have used a data processor,
  • the circumstances, effects and response to the data protection incident
  • the measures taken and, in the case of transfers of personal data of the data subject, the legal basis, purpose and recipient of the transfer.

The information is free of charge if the person requesting the information has not yet submitted a request for information to the Data Controller for the same data set in the current year. In other cases, reimbursement may be established. Reimbursement of costs already paid shall be reimbursed if the data have been processed unlawfully or if a request for information has led to a correction.

The controller shall refuse the information if, pursuant to a law, an international treaty or a binding act of the European Union, the controller receives personal data in such a way that the controller notifies the data subject of the restriction of his rights under that law at the same time, or external and internal security of the State, such as national defense, national security, the prevention or prosecution of criminal offenses, the security of to prevent and detect breaches of disciplinary and ethical obligations relating to the pursuit of occupations, including in all cases control and supervision, and to protect the rights of the person concerned or others.

The data controller is obliged to notify the National Data Protection and Freedom of Information Authority of rejected requests for information annually by 31 January of the year following the relevant year.

Right of rectification: The data subject has the right to have inaccurate personal data concerning him / her rectified by the Data Controller without undue delay upon request. Taking into account the purpose of the data processing, the data subject has the right to request that the incomplete personal data be supplemented, inter alia, by means of a supplementary declaration. If the personal data does not correspond to reality and the personal data corresponding to reality is available to the Data Controller, the Data Controller must rectify the personal data without the request of the data subject.

The right to delete, also known as the "right to forget": The data subject has the right to have his or her personal data deleted without undue delay at his or her request, and the data controller is obliged to delete the personal data relating to him or her without undue delay. , if it is not excluded by mandatory data management. In addition to the above, the Data Controller is obliged to delete the data if:

  • the processing of the data is unlawful;
  • the data is incomplete or incorrect - and this condition cannot be legally remedied - provided that deletion is not precluded by law;
  • the purpose of data processing has ceased or the term for the storage of data specified by law has expired;
  • it has been ordered by a court or the Authority;
  • personal data are no longer required for the purpose for which they were collected or otherwise processed;
  • the data subject objects to the processing and there is no overriding legitimate reason for the processing;
  • personal data must be deleted in order to fulfill a legal obligation imposed on the Data Controller by applicable law;
  • the personal data were collected in connection with the provision of information society services directly to children as referred to in Article 8 (1) of EU Regulation 2016/679.

In the event that the Data Controller has disclosed personal data for any reason and is obliged to delete it in accordance with the above, it shall take reasonable steps, including technical measures, taking into account the available technology and implementation costs, to inform other data controllers. data controllers that the data subject has requested the deletion of the links to the personal data in question or of a copy or duplicate of that personal data.

The controller draws the attention of data subjects to the limitations of the right to erase or the "right to forget" arising from the EU Regulation, which are as follows:

  • exercising the right to freedom of expression and information;
  • fulfillment of an obligation under Union or Member State law applicable to the controller to process personal data or performing a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • public interest in the field of public health; in the public interest in accordance with Article 89 (1) of EU Regulation 2016/679
  • for archiving, scientific and historical research purposes or for statistical purposes, where the right of erasure would be likely to make it impossible or seriously jeopardize such processing; or bringing, enforcing or defending legal claims.

Right to restrict or block data management: The data subject is entitled to have the data controller restrict the data management at his / her request. If, on the basis of the information available to it, it can be assumed that the deletion would harm the legitimate interests of the data subject, the data shall be blocked. Personal data blocked in this way can only be processed for as long as the purpose of data processing, which precluded the deletion of personal data, exists. If the data subject disputes the accuracy and correctness of the personal data, but the inaccuracy or inaccuracy of the disputed personal data cannot be clearly established, the data shall be blocked. In this case, the restriction applies to the period of time that allows the Data Controller to verify the accuracy of the personal data. The data must be blocked if the data processing is illegal and the data subject opposes the deletion of the data and instead requests a restriction on their use, or the Data Controller no longer needs the personal data for data processing, but the data subject requests it to submit, enforce or protect legal claims, or the data subject has objected to the processing; in this case, the restriction shall apply for the period until it is determined whether the legitimate reasons of the Data Controller take precedence over the legitimate reasons of the data subject. Where the processing is subject to a restriction (blocking), such personal data, with the exception of storage, shall be subject to the consent of the data subject or to the submission, enforcement or protection of legal claims or the protection of the rights of can be treated.

The Data Controller draws the attention of the data subjects to the fact that the data subject's right to rectification, erasure or blocking may be restricted by law for the external and internal security of the state, such as national defense, national security, crime prevention or prosecution, security. economic or financial interest, the significant economic or financial interest of the European Union and disciplinary and ethical misconduct in in order to protect their rights.

The controller shall, without undue delay and within a maximum of 25 days of receipt of the request, inform the data subject of the details of his request and / or correct the data and / or delete and / or restrict (block) the data or take other action in accordance with the request, if there is no reason to rule it out.

The Data Controller shall notify the data subject in writing of the rectification, deletion or restriction of data management, as well as all those to whom the data was previously transmitted for the purpose of data management. Upon request, the Data Controller shall inform the data subject of these recipients. Notification may be omitted if it does not harm the legitimate interests of the data subject with regard to the purpose of the processing, or if the information proves impossible or requires a disproportionate effort. The data controller is also obliged to notify the data subject in writing if the data subject's exercise of rights cannot take place for any reason, and must indicate precisely the factual and legal reason and the legal remedies open to the data subject: the court and the National Data Protection and Freedom of Information.

"Right to data portability": The data subject has the right to receive personal data concerning him or her made available to the Data Controller in a structured, widely used machine-readable format and to transfer such data to another data controller without this would be prevented by the controller to whom the personal data have been made available if the processing is based on consent; and data management is automated. In exercising the right to data portability, the data subject shall have the right, if technically feasible, to request the direct transfer of personal data between data controllers. The exercise of this right shall not prejudice the right of cancellation. That law shall not apply where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. The exercise of the right must not adversely affect the rights and freedoms of others.

Right to protest: The data subject may object to the processing of his or her personal data, including profiling, if:

  • the processing (transmission) of personal data only by the Data Controller or the
  • necessary to enforce the data subject's right or legitimate interest, except
  • in case of mandatory data management;
  • the use or transfer of personal data is a direct business acquisition,
  • for the purpose of opinion polls or scientific research;
  • the exercise of the right to protest is otherwise permitted by law.

The person concerned may object to the application of Article 21 (3) of EU Regulation 2016/679. against the processing of personal data for the purpose of direct business acquisition, in which case the personal data may no longer be processed for this purpose.

Where personal data are processed for scientific and historical research or statistical purposes, the data subject shall have the right to object to the processing of personal data concerning him or her on grounds relating to his or her situation, unless such processing is necessary for the performance of a task carried out in the public interest.

With the simultaneous suspension of data processing, the Data Controller shall examine the protest as soon as possible, but not later than within 25 days from the submission of the request, and shall inform the applicant in writing of the result. If the applicant's objection is substantiated, the Data Controller shall terminate the data processing, including further data collection and data transfer, and block the data, as well as notify all persons to whom the personal data affected by the objection have previously been transmitted, and who are obliged to take action to enforce the right to protest.

If the data subject does not agree with the decision of the Data Controller, or the Data Controller fails to comply with the referred deadline, he / she is entitled to apply to a court within 30 days of its notification.

Rights of the data subject in relation to automated decision-making, including profiling: A decision based solely on the assessment of the data subject's personal characteristics can only be taken by automated data processing if the decision was taken or initiated by the data subject or by law which also lays down measures to safeguard the legitimate interests of the data subject.

In the case of a decision taken by automated data processing, the data subject shall, upon request, be informed of the method used and its substance, and shall be given an opportunity to state his or her views.

Judicial Enforcement: In the event of a violation of your rights, the person concerned can go to court. The court is acting out of turn in the case. The Data Controller is obliged to prove that the data processing complies with the provisions of the law.

In case of violation of the right to information self-determination, you can file a complaint with the National Data Protection and Freedom of Information Authority Address: 1125 Budapest, Szilágyi Erzsébet fasor 22 / c Phone: +36 (1) 391-1400 Fax: +36 (1) 391-1410 www: http: //www.naih.hu e-mail: ugyfelszolgalat@naih.hu

In case of violation of minors' insulting, hateful, exclusionary contents, reparations, the rights of the deceased, the rights of the reputable person, you can file a complaint or complaint: National Media and Communications Authority 1015 Budapest, Ostrom u. 23-25. Mail address: 1525. Pf. 75 Tel: (06 1) 457 7100 Fax: (06 1) 356 5520 E-mail: info@nmhh.hu

Statutory rules on damages and damages: In the event that the Data Controller violates the data subject's right to privacy by illegally processing the data subject's data or violating data security requirements, the Data Subject may claim a personal injury fee from the Data Controller.

In the event that the Data Controller has used a data processor, the Data Controller shall be liable to the data subject for the damage caused by the Data Processor and the Data Controller shall also pay the data subject in the event of personal injury caused by the Data Processor. The Data Controller shall be released from liability for the damage caused and the obligation to pay damages if it proves that the damage or the violation of the personal rights of the data subject was caused by an unavoidable cause outside the scope of data processing.

There is no need to compensate for the damage and no claim for damages to the extent that the damage was caused by the intentional or grossly negligent conduct of the injured party or the violation of the right to privacy.

Data transmission

The data subject agrees that his / her personal data may be transferred by the Data Controller to his / her affiliates as well as to his / her data processors.

In order to perform the administrative tasks of the Data Controller, in order to perform certain data management operations, the Data Controller may transfer a certain part or all of the personal data to a data processor, subcontractor or performance assistant entrusted by him as a data processor.

If the Data Controller entrusts a third party with accounting, legal tasks, hosting / server services, administrator or other tasks that are data processing tasks, the data of this partner as a data processor are defined in the appendix to this prospectus together with the members of the affiliated companies.

Data security

The data controller ensures the security of the data. To this end, it shall take the necessary technical and organizational measures with regard to the files stored by means of IT.

The data controller shall ensure that the data security rules laid down in the relevant legislation are complied with.

It shall ensure the security of the data, take the technical and organizational measures and establish the procedural rules necessary to enforce the applicable laws, data and confidentiality rules.

The controller shall take appropriate measures to protect the data against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage, as well as becoming inaccessible due to changes in the technology used.

When defining and applying data security measures, the data controller shall take into account the state of the art and shall choose from several possible data management solutions which ensure a higher level of protection of personal data, unless this would be a disproportionate difficulty.

Website information

The customer can visit the website for free, without providing any personal information. However, access to certain parts is subject to registration, during which the customer provides information that is considered personal data.

By submitting and sending the data and visiting the website, the customer consents to the data controller handling and processing the transferred data in accordance with the law and this prospectus, and consents to the data management that can be classified as an automated individual decision described below.

Under no circumstances will you make your personal data available to the data controller during registration without the express consent of the data subject, except in cases of legal obligation or official proceedings, as well as members of the company group and data processors.

Some parts of the website are called they use "cookies" - files that are stored on the hard drive of the data subject's hardware to facilitate data recording and to identify the data subject and further visits. The person concerned can set the browser to be notified when someone wants to send a cookie and determine whether they want to accept it (For more information about cookies, visit http://www.cookiecentral.com )

On the website, the internet addresses of the computers, the IP addresses are logged to record the user's visit. By analyzing this data, the data controller generates statistics, for example, to determine how often part of the site is visited by users and how much time they occasionally spend there. The IP addresses are not linked by the Data Controller to any other data on the basis of which the data subject could be personally identified, the data are for statistical purposes only.

The data controller may display advertisements on the website. The system collects personal information about users who click on the ad for the purpose. More information about the scope of this information and how it is used is provided in the Google Privacy Policy.

The Data Controller excludes all liability for damages due to the destruction, late arrival or other errors of the messages transmitted in electronic form.

Unless otherwise indicated, the content of the Website is the property of the Data Controller and is an intellectual property protected by copyright. The Data Controller reserves all rights in this regard.

In any case, the content of the website does not qualify as tax or legal advice, it is placed by the Data Controller for information purposes only, and excludes its liability.

The Data Controller also excludes compensation for any damage due to the download or unavailability of the website.

Content downloaded by following external links on the website is not under the control of the Data Controller.

The Data Controller reserves the right to ban users, terminate registration without prior notice and justification.