Personal Privacy Policy

For accommodation seekers and accommodation bookers (guests).

I. General provisions

1. Foundation

The data protection guidelines for the data management of the service available at www.k46residence.com (hereinafter: website) are continuously available on the linked website.

 

The Király Boutique Residence Limited Liability Company (Cg.: 01-09-303463, registered office: 1082 Budapest, Kisfaludy utca 3. III/5., tax number: 2612944-2-42) and Kategora Rentals SLU (Adress: Gran Vía Lopez de Haro 2, 8º planta 48001 Bilbao TAX: B-01893577) (hereinafter: data controller or company) for you acknowledges the content of the declaration as binding, but reserves the right to change the declaration. The data controller undertakes to inform the affected parties in the event of a change.

 

The data manager considers it of utmost importance to respect the right of informational self-determination of its customers. It treats personal data confidentially and takes all measures to guarantee data security.

 

Regulation (EU) 2016/679 of the European Parliament and of the Council (April 2016) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, as well as on the repeal of Regulation 95/46/EC (General Data Protection Regulation) 27.) (hereinafter: Regulation), the data manager provides the following information.

 

This data management statement regulates the data management of the following websites: www.k46residence.com is based on the above content regulations. This data management statement is available on the website. Amendments to the regulations will come into effect upon publication at the above address.

 

Name and contact information of the data controller:

Király Boutique Residence Limited Liability Company
Headquarters: 1082 Budapest, Kisfaludy utca 3. III/5.
Company registration number: 01-09-303463
Tax number: 2612944-2-42
Electronic contact: office@k46residence.com
Phone number: +36 20 356 2252

2. Purpose of the data management information

The purpose of this data management information is to define the scope of personal data managed by the data controller, the method of data management, and to ensure the enforcement of the constitutional principles of data protection and data management, the requirements of data security, in order to ensure that the privacy of natural persons of the user is respected through the mechanical processing of the data subjects’ personal data. during its processing and handling.

3. Interpretive provisions

3.1. Data management: regardless of the procedure used, any operation or set of operations performed on the data, including in particular collection, recording, recording, organizing, storing, changing, using, querying, forwarding, disclosing, harmonizing or connecting, locking, deleting and destroying, and preventing further use of the data, taking photographs, audio or video recordings, and recording physical characteristics suitable for personal identification.

 

3.2. Data controller: the natural or legal person or organization without legal personality who, independently or together with others, determines the purpose of data management, makes and implements decisions regarding data management (including the device used), or has them implemented by the data processor.

 

3.3. Personal data: any information relating to an identified or identifiable natural person (hereinafter: data subject). A natural person can be identified directly or indirectly, in particular on the basis of an identifier such as a name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person can be identified.

 

3.4. Data subject: any natural person identified or – directly or indirectly – identified on the basis of personal data.

 

3.5. Consent: the voluntary and firm declaration of the data subject’s will, which is based on adequate information, and with which he gives his unequivocal consent to the processing of his personal data – in full or covering certain operations.

 

3.6. Data processing: the performance of technical tasks related to data management operations, regardless of the method and tool used to perform the operations, as well as the place of application, provided that the technical task is performed on the data.

 

3.7. Data processor: a natural or legal person, or an organization without legal personality, who processes data on the basis of a contract, including a contract concluded under the provisions of the law.

 

3.8. Recipient: the natural or legal person, public authority, agency or any other body to whom the personal data is communicated, regardless of whether it is a third party. Public authorities that have access to personal data in accordance with EU or member state law in the context of an individual investigation are not considered recipients. The handling of the mentioned data by these public authorities must comply with the applicable data protection rules in accordance with the purpose of the data management.

 

3.9. Data protection incident: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled.

4. Data management principles

Personal data can be processed if

  • – the person concerned consents to it (voluntarily), or
  • – it is ordered by law or local government decree based on its authorization for a purpose based on public interest (mandatory).
  •  

Personal data can be transferred, and different data processing can be linked, if the data subject has consented to it, or if the law allows it, and if the conditions for data processing are met for each individual piece of personal data.

Voluntary personal data can only be processed with consent based on adequate information. The data subject must be informed – clearly, clearly and in detail – about all the facts related to the management of his data, including in particular the purpose and legal basis of the data management, the person entitled to the data management and data processing, the duration of the data management, and who can see the data. The information must also cover the data subject’s rights and legal remedies.

 

4.1. Principle of legality, fair procedure and transparency

 

Personal data must be handled legally and fairly, as well as in a transparent manner for the data subject.

 

4.2. The principle of being bound to a goal

 

Personal data may only be processed for a specific purpose, to exercise a specific right and to fulfill an obligation. Personal data may only be collected for specific, clear and legitimate purposes, they may not be handled in a way that is incompatible with these purposes. Pursuant to Article 89 (1) of the Regulation, further data processing for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes is not considered incompatible with the original purpose.

 

4.3. Data saving principle

 

Only such personal data can be processed that is essential for the realization of the purpose of data management, is suitable for achieving the goal, that is, it must be appropriate and relevant for the purposes of data management, and must be limited to the necessary extent.

 

4.4. Principle of accuracy

 

The data can only be processed to the extent and for the time necessary to achieve the goal. They must be accurate and, where necessary, up-to-date. All reasonable measures must be taken to ensure that inaccurate personal data for the purposes of data management are immediately deleted or corrected.

 

4.5. Principle of limited storage

 

It must be stored in a form that allows the identification of the data subjects only for the time necessary to achieve the goals of personal data management. Personal data may be stored for a longer period of time only if the processing of personal data is carried out for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes in accordance with Article 89 (1) of the Regulation, the rights and freedoms of the data subjects in the Regulation taking into account the implementation of the appropriate technical and organizational measures required for its protection.

 

4.6. Principle of integrity and confidentiality

 

The data must be handled in such a way that adequate security of the personal data is ensured by the application of appropriate technical or organizational measures, including protection against unauthorized or illegal processing, accidental loss, destruction or damage of the data.

 

4.7. Principle of accountability

 

The data controller is responsible for compliance with the above and must be able to prove compliance.

 

4.8. Other principles

 

It is prohibited to use a general and uniform personal identification symbol that can be used without restriction.
The processed personal data
their admission and handling should be fair and legal,
be accurate, complete and, if necessary, timely,
the method of storage should be suitable so that the person concerned can only be identified for the time necessary for the purpose of storage.


Data transfer to the states of the European Economic Area must be considered as data transfer within the territory of Hungary. Personal data may be transferred to a data controller or data processor in a third country if the data subject has expressly consented to it, or if it is permitted by law, and an adequate level of personal data protection is ensured during the handling and processing of the transferred data in the third country.

5. Scope of personal data when booking accommodation via the website

Data management is based on voluntary consent. We draw the attention of informants that if they do not provide their own personal data, the informant must obtain the consent of the data subject.

 

In connection with the data management related to the reservation of accommodation and the use of other services via the website, the fact of data collection, the scope of the managed data and the purpose of the data management are defined below.

Description of personal data

Purpose of data management

Is it mandatory to give?

Title, surname, first name
It is necessary for making contact and issuing a regular invoice.
Yes
E-mail address*
Necessary to keep in touch.
Yes
Phone
It is necessary in order to maintain contact and more effectively negotiate questions related to invoicing or the service.
Yes
Address
It is necessary for the issuance of a regular invoice and for the conclusion of the contract.
Yes
Name of guest
Necessary for the performance of the service (e.g. a room with one or two beds)
No
Age
Necessary for the performance of the service (e.g. provision of a cot)
No
Notes
Necessary for the performance of the service (e.g. the guest arrives with a pet)
No

(*In the case of an e-mail address, it is not necessary to include personal data.)

 

Those who order the service through the website or their representatives are involved in providing the above data.

 

We inform those concerned that data management is necessary for the performance of the service in accordance with the contract. The person concerned is obliged to provide personal data so that our company can fulfill his reservation. Failure to provide data will result in our company not being able to process your reservation. Without providing personal data, you cannot request an offer, you can only browse the apartments for rent.

 

5.1. The duration of data management and the deadline for deleting data:


(1) year from the last login, while in the case of consent to sending the newsletter, until the withdrawal of consent. We keep the accounting documents for (8) years based on Section 169 (2) of Act C of 2000 on accounting. Based on Article 19 of the Regulation, the data controller shall inform the data subject electronically of the deletion of any personal data provided by the data subject. If the data subject’s deletion request also covers the e-mail address he/she has provided, the data controller will also delete the e-mail address after the information has been provided. Accounting documents are an exception to this, which, in accordance with the above, the data controller must keep for (8) years.

If no accommodation reservation is made, we do not store the personal data provided, they are automatically deleted when the browser is closed.

 

5.2. The person of the possible data controllers entitled to access the data, the recipients of the personal data: the personal data can be handled by the sales and marketing staff of the data controller, in compliance with the above principles.

 

5.3. Description of the rights of data subjects related to data management:


– the data subject may request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing,
– you can object to the processing of such personal data,
– the data subject has the right to data portability and to withdraw consent at any time.

 

5.4. The data subject can initiate access to personal data, their deletion, modification or restriction of processing, portability of data, objection to data processing in the following ways:


– by post to 1082 Budapest, Kisfaludy utca 3. III/5. at the registered address at
– by e-mail at office@k46residence.com,
– by phone at +36 20 365 2252.

 

5.5. Legal basis for data management:

 

– The legal basis for data management is the fulfillment of the accommodation reservation contract, as well as the fulfillment of legal obligations and the legitimate interests of the data controller (prevention of fraud, abuse, investigation of possible violations).


– Article 6 (1) point b) of the Regulation – data processing is necessary for the performance of a contract to which the data subject is a party, or it is necessary to take steps at the request of the data subject prior to the conclusion of the contract.

 

– CVIII of 2001 on certain issues of electronic commercial services and services related to the information society. Act 13/A. Section (3) – the service provider may process the personal data that is technically absolutely necessary for the provision of the service for the purpose of providing the service. If the other conditions are the same, the service provider must choose and in any case operate the tools used in the provision of services related to the information society in such a way that personal data is only processed if this is absolutely necessary for the provision of the service and the fulfillment of other objectives defined in this law necessary, but also in this case only to the extent and for the necessary time.

 

– In the case of issuing an invoice in accordance with the accounting legislation, on the basis of point c) of Article 6 (1) of the Regulation – data management is necessary to fulfill the legal obligations of the data controller.

 

– In case of enforcement of claims arising from the contract, Act V of 2013 on the Civil Code 6:21. § and 6:22. according to § (5) years. 6:21 am. § [Legal effect of the passage of time] Expiration of the statutory deadline for the exercise of rights and the enforcement of a claim results in the loss of rights if the law expressly so prescribes. If the deadline is not void, the statute of limitations shall apply. 6:22 a.m. § [Prescription] (1) If this law does not provide otherwise, claims become time-barred within five years. (2) The statute of limitations begins when the claim becomes due. (3) The agreement to change the limitation period must be in writing. (4) An agreement excluding the limitation period is void.

 

The website’s services are intended for users over (18) years of age. If the personal data of a user under the age of 18 is entered without the consent of the legal representative (parent or guardian), the data manager will automatically delete the personal data.

6. Scope of personal data when checking in to the apartment

Upon the guest’s arrival, before occupying the accommodation, a so-called fills out a registration card, which is based on the guest’s voluntary consent. If the guest does not provide their own personal data, it is the responsibility of the data provider to obtain the consent of the data subject.

 

In connection with the data management related to the reservation of the accommodation and the use of other services, the fact of data collection, the scope of the managed data and the purpose of the data management are defined below:

Description of personal data

Purpose of data management

Is it mandatory to give?

Name
It is necessary for making contact and issuing a regular invoice.
Yes
Address
It is necessary for the issuance of a regular invoice and for the conclusion of the contract.
Yes
Date of arrival
Necessary to fulfill the service contract.
Yes
Passport/ ID card number
Fulfillment of legal obligations and legitimate interest (prevention of fraud, abuse, investigation of possible violations).
Yes
E-mail address*
Necessary to keep in touch.
Yes.
Phone
It is necessary in order to maintain contact and more effectively negotiate questions related to invoicing or the service.
Yes

(*In the case of an e-mail address, it is not necessary to include personal data.)

 

The provision of the above data is concerned with the accommodation bookers who register in person upon arrival, as well as their proxies.

 

We inform guests that data management is necessary for the contractual performance of the service. The person concerned is obliged to provide personal data so that our company can fulfill his reservation. Failure to provide data will result in the guest not being able to occupy the accommodation. Without providing personal data, the data controller cannot fulfill the service contract.

 

6.1. The duration of data management, the deadline for data deletion: (1) year from the date of check-out from the accommodation. We keep the accounting documents for (8) years based on Section 169 (2) of Act C of 2000 on accounting. Based on Article 19 of the Regulation, the data controller shall inform the data subject electronically of the deletion of any personal data provided by the data subject. If the data subject’s deletion request also covers the e-mail address he/she has provided, the data controller will also delete the e-mail address after the information has been provided. Accounting documents are an exception to this, which, in accordance with the above, the data controller must keep for (8) years.

 

If no accommodation reservation is made, personal data will not be entered and processed.

 

6.2. The person of the possible data controllers entitled to access the data, the recipients of the personal data: the personal data can be handled by the sales and marketing staff of the data controller, in compliance with the above principles.

 

6.3. Description of the rights of data subjects related to data management:

 

– the data subject may request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing,
– you can object to the processing of such personal data,
– the data subject has the right to data portability and to withdraw consent at any time.

 

6.4. The data subject can initiate access to personal data, their deletion, modification or restriction of processing, portability of data, objection to data processing in the following ways:

 

– by post to 1082 Budapest, Kisfaludy utca 3. III/5. at the registered address at
– by e-mail at office@corvinbp.com,
– by phone at +36 20 365 7488.

 

6.5. Legal basis for data management:

 

– The legal basis for data management is the fulfillment of the accommodation reservation contract, as well as the fulfillment of legal obligations and legitimate interests (prevention of fraud, abuse, investigation of possible violations).


– Article 6 (1) point b) of the Regulation data processing is necessary for the performance of a contract to which the data subject is a party, or it is necessary to take steps at the request of the data subject prior to the conclusion of the contract.


– In the case of issuing an invoice in accordance with the accounting legislation, on the basis of point c) of Article 6 (1) of the Regulation – data management is necessary to fulfill the legal obligations of the data controller.


– In case of enforcement of claims arising from the contract, Act V of 2013 on the Civil Code 6:21. § and 6:22. according to § (5) years. 6:21 am. § [Legal effect of the passage of time] Expiration of the statutory deadline for the exercise of rights and the enforcement of a claim results in the loss of rights if the law expressly so prescribes. If the deadline is not void, the statute of limitations shall apply. 6:22 a.m. § [Prescription] (1) If this law does not provide otherwise, claims become time-barred within five years. (2) The statute of limitations begins when the claim becomes due. (3) The agreement to change the limitation period must be in writing. (4) An agreement excluding the limitation period is void.

 

II. Data processors used by the data controller

II. Data processors used by the data controller

7. Invoicing-related data management and data processing

Data management In order to fulfill tax and accounting obligations, the data manager uses the services/products of the following data processors.

 

The data manager processes the legally defined data of natural persons who entered into a business relationship with the service as customer or guest for the purpose of fulfilling legal obligations, tax and accounting obligations prescribed by law (bookkeeping, taxation).

 

The processed data is in accordance with CXXVII of 2017 on general sales tax. based on § 169, § 202 of the Act, in particular: tax number, name, address, tax status. Pursuant to § 167 of Act C of 2000 on accounting: name, address, designation of the person or organization ordering the economic operation.

 

The period of storage of personal data is (8) years after the termination of the legal relationship that provided the legal basis. Scope of stakeholders: natural persons who book accommodation with the data management company or request other services. Personal data are managed by the financial staff of the data controller.

 

The company/person operating the program used by the data management financial staff in their work is considered a data processor.

 

7.1. Számlázz.hu online invoicing software

 

Name and contact information of the data processor:

KBOSS.hu Trading and Service Limited Liability Company (KBOSS.hu Kft.)
Headquarters: 1031 Budapest, Záhony utca 7.
Tax number: 13421739-2-41
Company registration number: 01-09-303201
Website: https://www.szamlazz.hu/
E-mail address: info@szamlazz.hu
Telephone number: +36 30 3544 789
Data protection information of the data processor: https://www.szamlazz.hu/adatvedelem/

 

– Activity provided by a data processor: operating an invoicing program, providing the appropriate infrastructure for issuing invoices.
– The fact of the data management, the scope of the managed data: all data necessary for issuing the invoice (name, address, contact information).
– Scope of stakeholders: persons who order services from the data controller.
– Purpose of data management: fulfillment of the tax and accounting obligations prescribed by law.
– Duration of data management, deadline for deletion of data: (8) years, unless otherwise provided by law.
– The legal basis for data processing is provided by Article 6 (1) point b) of the Regulation.

 

7.2. HostWare hotel front office system

 

During the provision of the service, the data controller performs the invoicing related to the hotel reservation using a system built into the hotel’s reservation software.

Name and contact information of the data processor:

MT-HostWare Computing Limited Liability Company (HostWare Kft.)
Headquarters: 1149 Budapest, Róna utca 120.
Company registration number: 01-09-263594
Website: www.hostware.hu
E-mail address: hostware@hostware.hu
His phone number is +36 1 469 9000
Data processing data protection information: http://www.hostware.hu/sites/pdf/Adatkezelesi_tajekoztato.pdf

 

– Activity provided by a data processor: operating an invoicing program, providing the appropriate infrastructure for issuing invoices.
– The fact of the data management, the scope of the managed data: all data necessary for issuing the invoice (name, address, contact information).
– Scope of stakeholders: persons who order services from the data controller.
– Purpose of data management: fulfillment of the tax and accounting obligations prescribed by law.
– Duration of data management, deadline for deletion of data: (8) years, unless otherwise provided by law.
– The legal basis for data processing is provided by Article 6 (1) point b) of the Regulation.

 

7.3. Bookkeeping, use of an accounting firm

 

In order to properly fulfill the tax and accounting obligations prescribed by law, the data controller has a contractual relationship with an accounting firm, which accounting firm is considered a data processor.

Name and contact information of the data processor:

WTS Klient Economic Consulting Limited Liability Company (WTS Klient Economic Consulting Kft.)
Headquarters: H-1143 Budapest Stefánia út 101-103.
Tax number: 11691675 -2-41
E-mail address: info@wtsklient.hu
Website: www.wtsklient.hu
Phone: +36 (0) 1 887 3700
The data manager laid down the rules for handling personal data in a separate agreement with the data processor.

 

– Activities performed by a data processor: bookkeeping, payroll.
– The fact of the data management, the scope of the managed data: all data necessary for issuing the invoice (name, address, contact information).
– Scope of stakeholders: persons who order services from the data controller.
– Purpose of data management: fulfillment of the tax and accounting obligations prescribed by law.
– Duration of data management, deadline for deletion of data: (8) years, unless otherwise provided by law.
– The legal basis for data processing is provided by Article 6 (1) point b) of the Regulation.
– The accounting documents directly and indirectly supporting the bookkeeping (including ledger accounts, analytical and detailed records) must be kept in a readable form for at least (8) years in a way that can be retrieved by reference to the accounting records.

8. Range of data processors used in the performance of the consideration for the service

8.1. K & H Bank Zrt

In the case of online payment, the transaction identifier, the amount, date and time of the purchase are forwarded to the person conducting the transaction. The possibility of online payment on the website is provided by the Hungarian branch of K&H Bank, which is considered a data processor in the present process.

Name and contact information of the data processor:
K&H Bank Zrt
Headquarters: 1095 Budapest, Lechner Ödön fasor 9.
Hungarian telephone number: +36 1/20/30/70 335 3355
E-mail address: alapkezelo@kh.hu
Contact: https://www.kh.hu/cegcsoport
Information on data management: https://www.kh.hu/adatvedelem

– In the course of data management, all users of online shopping are affected.
– Range of processed data: billing name, billing address, e-mail address.
– Purpose of data management: online payment processing, transaction confirmation and fraud monitoring for the protection of users.
– The duration of data management, the deadline for deleting data: lasts until the online payment is completed.
– The legal basis for data processing is Article 6 (1) point c) of the Regulation, as well as CVIII of 2001 on certain issues of electronic commercial services and services related to the information society. Act 13/A. Section (3) ensures.

8.2. SIX Payment

In case of on-site bank card payment, the bank terminal is provided by the following service provider, who is considered a data processor in this process.
Name and contact information of the data processor:

Hungarian Branch Office of SIX Payment Services (Europe) S.A
Headquarters: 1117 Budapest, Budafoki út 91-93. C. intact. fst.
Tax number: 23106554243
Company registration number: 01-17-000672
Phone number: +36 1 490 0234
Website: www.six-payment-services.com
Privacy policy (in English):
https://www.six-payment-services.com/hu/services/legal/privacy-statement.html

– In the course of data management, all those who use a bank card payment method are affected.
– Scope of processed data: bank card data.
– The purpose of data management: processing bank card payments, confirming transactions.
– The duration of data management, the deadline for deleting data: lasts until the bank card payment is completed.
– The legal basis for data processing is provided by Article 6(1)(c) of the Regulation.

9. Scope of data processors used during the service (apartment complex reservation).

9.1. Booking.com

The data controller uses the services of the www.booking.com website in order to introduce its services to guests as widely as possible.
Name and contact information of the data processor:

Booking.com B.V
Registered Office: Herengracht 597, Amsterdam 1017 CE The Netherlands
Mailing address: Postbus 1639, Amsterdam 1000 BP The Netherlands
Phone number: +31 70 770 3884
Fax number: +31 20 712 5609
Email address: customer.service@booking.com
Data management information: https://www.booking.com/content/privacy.hu.html?label=gen173nr-1FCAEoggI46AdIM1gEaGeIAQGYARG4ARfIAQzYAQHoAQH4AQuIAgGoAgM;sid=734d72f3fb561d3b4f51e85acf4010b6

Booking.com provides an online booking service through the website www.booking.com. The data controller of this data management policy offers its reservation and other services through the website of the data processor, where the data subjects can book accommodation directly with the data controller. Accordingly, Booking.com does not charge a reservation or cancellation fee or any other fee in connection with the reservation, i.e. Booking.com will not be the paying party, but the service fee must be paid directly to the data controller.

When the person concerned makes a reservation via the www.booking.com website, he enters into a direct contractual relationship with the data controller. The website www.booking.com transmits the data of the person booking the accommodation, so Booking.com is considered a data processor.

The data controller has a direct contractual relationship with Booking.com, where the data controller has offered its services and other products and advertises these services on the Booking.com website. As a result, the data subject can resolve any service-related requests directly with the data controller.

– Activities performed by the data processor: provision of services, forwarding and advertising of the products and services of the data controller.
– The fact of the data management, the scope of the managed data: name, e-mail address.
– Scope of those affected: persons who book accommodation with the data controller through the website www.booking.com.
– Purpose of data management: direct connection of the person booking the accommodation with the data manager.
– The duration of data management, the deadline for data deletion: the data management policy of the www.booking.com website provides for it (see the link above)
 – The legal basis for data processing is provided by Article 6 (1) point b) of the Regulation.

9.2. D-edge ( ex Availpro)

The data manager uses the Availpro Smart Channel Manager software, which is a hotel manager program.

With the help of the French-developed software, the data manager optimizes online reservation systems. Since the data controller advertises its accommodations on several websites/channels, it helps to keep the information up-to-date.

Using the software, the data controller can set the prices of the service and the number of accommodation places. Through the software, the personal data of those concerned will not be entered, nor will it be transmitted.

For the above reasons, Availpro is not considered a data processor, so the data controller waived the regulation of related provisions. No personal data is processed during the use of Availpro, and there was no need to provide for the fact, purpose, and legal basis of data processing in this point of the data management information.
More information about the software can be found in English on the following website: https://site.availpro.com/

10. The method of storing personal data, the security of data management, and the data processing used for this purpose

The data manager and the data processor implement appropriate technical and organizational measures taking into account the state of science and technology and the costs of implementation, as well as the nature, scope, circumstances and purposes of data management, as well as the variable probability and severity of the risk to the rights and freedoms of natural persons in order to guarantee a level of data security commensurate with the degree of risk, including, among other things, where appropriate:

– pseudonymization and encryption of personal data,
– ensuring the continuous confidentiality, integrity, availability and resilience of the systems and services used to manage personal data,
– in the event of a physical or technical incident, the ability to restore access to personal data and the availability of data in a timely manner,
– a procedure for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures taken to guarantee the security of data management.

The data controller selects and operates the IT tools used for the management of personal data during the provision of the service in such a way that the processed data to be:

– accessible to those authorized to do so (availability),
– its authenticity and authentication are ensured (authenticity of data management),
– its immutability can be verified (data integrity),
– protected against unauthorized access (data confidentiality).

The data controller ensures the protection of the security of data management with technical, organizational and organizational measures that provide a level of protection corresponding to the risks associated with data management.

The data manager keeps it during the data management

– confidentiality: it protects the information so that only those who are authorized to have access to it,
– integrity: protects the accuracy and completeness of the information and the method of processing,
– availability: it ensures that when the authorized user needs it, he can really access the desired information and that the related tools are available.

The IT system and network of the data controller and its partners are protected against computer fraud, espionage, sabotage, vandalism, fire and flood, as well as against computer viruses, computer intrusions and attacks leading to denial of service. The operator ensures security with server-level and application-level protection procedures.

We inform users that electronic messages transmitted on the Internet, regardless of the protocol (e-mail, web, ftp, etc.), are vulnerable to network threats that lead to unfair activity, contract disputes, or the disclosure or modification of information. In order to protect against such threats, the data controller takes all necessary precautions. Monitors systems to capture any security discrepancies and provide evidence for any security incidents. In addition, system monitoring also makes it possible to check the effectiveness of the precautions used.

The physical storage location of the processed personal data: takes place at the headquarters of the data controller and the following data processor.

The data controller uses a data processor in order to ensure that the stored data is preserved under safe and appropriate technical conditions.

Name and contact information of the data processor:
SZINGULARITÁS IT and Commercial Limited Liability Company (Szingularitás Kft.)
Headquarters: 1078 Budapest, Marek József u. 11. fsz. 3.
Tax number: 13314767-2-42
Company registration number: 01-09-728946 (Capital Company Court)
Phone number: +36 (1) 461 0272
E-mail address: szingularitas@szingularitas.hu
Website: www.szingularitas.hu
Data management information: http://szingularitas.hu/adatkezelesi-tajekoztato/

– Activity performed by a data processor: maintenance of IT devices, making backup copies of stored data.
– The fact of the data management, the scope of the managed data: all data provided by the data subject.
– The scope of those affected: the persons who ordered a service through the website, and the persons who personally booked accommodation on site.
– Purpose of data management: protecting the security of IT devices, preventing unauthorized access, creating backups.
– The duration of data management, the deadline for data deletion: it lasts for the period specified by law, or until the withdrawal of consent, and until the termination of the agreement between the data manager and the data processor.
– The legal basis for data processing is provided by Article 6 (1) point b) of the Regulation.

11. The hosting service of the website and the data processors used during the programming of the website

11.1. Hosting service

The activity provided by the data processor is the storage service, which is performed by the following data processor for the data controller:

Name and contact information of data processor
DigitalOcean, LLC.
Headquarters: 101 6th Ave, New York, USA
Website: www.digitalocean.hu
Email: privacy@digitalocean.com.
Data management information: https://www.digitalocean.com/legal/privacy-policy/

– Activity performed by the data processor: storage service.
– The fact of the data management, the scope of the managed data: all personal data provided by the data subject.
– Scope of stakeholders: all stakeholders who use the website.
– Purpose of data management: making the website available and operating it properly.
– Duration of data management, deadline for data deletion: data management lasts until the termination of the agreement between the data controller and the storage service provider, or until the deletion request addressed to the storage service provider by the data subject.
– The legal basis for data processing is Article 6 (1) c) and f) of the Regulation, as well as CVIII of 2001 on certain issues of electronic commercial services and services related to the information society. Act 13/A. Section (3) ensures.

11.2. Website programming

The activity provided by the data processor is to ensure the proper functioning of the website, which is carried out by the following data processor for the data controller:
Name and contact information of the data processor:
MIRAI ESPAÑA SL
Address: Fuencarral 6, 4º. 28004, Madrid, Spain
Web page: www.mirai.com

 

Data management information: https://www.mirai.com/privacy-policy/

– Activity performed by the data processor: ensuring the proper functioning of the website.
– The fact of the data management, the scope of the managed data: all personal data provided by the data subject.
– Scope of stakeholders: all stakeholders who use the website.
– Purpose of data management: making the website available and operating it properly.
– Duration of data management, deadline for data deletion: data management lasts until the termination of the agreement between the data controller and the data processor, or until the deletion request addressed to the data controller by the data subject.
– The legal basis for data processing is Article 6 (1) c) and f) of the Regulation, as well as CVIII of 2001 on certain issues of electronic commercial services and services related to the information society. Act 13/A. Section (3) ensures.

12. Information on the management of cookies

A cookie is a small data file that is placed on the user’s computer by the visited website. The purpose of the cookie is to make the given information communication and Internet service easier and more convenient. There are many types, but they can generally be classified into two large groups. One is the temporary cookie, which the website places on the user’s device only during a specific session (e.g. during the security identification of internet banking), the other type is the permanent cookie (e.g. the language setting of a website), which remains on the computer until then , until the user deletes it.


Cookies specific to online stores are the so-called:
– “cookie used for a password-protected session”,
– “cookie required for shopping cart”,
– “security cookie”


for the use of which it is not necessary to request prior consent from the data subjects.


– The fact of the data management, the scope of the managed data: unique identification number, dates, times.
– Scope of stakeholders: all stakeholders visiting the website.
– Purpose of data management: identification of users, registration of the “basket” and tracking of visitors.
– Duration of data management, deadline for data deletion: in the case of session cookies, the duration of data management lasts until the end of the website visit, while in other cases (60) days.


If the data controller does not process personal data using cookies, the possible data controller authorized to access the data does not need to be determined.


The consent of the data subject is not required if the sole purpose of the use of cookies is the transmission of information via an electronic communication network or if the service provider absolutely needs it to provide a service related to the information society specifically requested by the subscriber or user.


The data subject has the option to delete cookies in the Tools/Settings menu of the browsers, usually under the settings of the Data Protection menu item.


You can find information about the cookie settings of the most popular browsers at the following links:


Google Chrome: https://support.google.com/accounts/answer/61416?hl=hu
Firefox: https://support.mozilla.org/hu/kb/sutik-engedelizeze-es-tiltasa-amit-weboldak-haszn
Microsoft Internet Explorer 11: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-11
Microsoft Internet Explorer 10: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-10-win-7
Microsoft Internet Explorer 9: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-9
Microsoft Internet Explorer 8: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-8
Microsoft Edge: http://windows.microsoft.com/hu-hu/windows-10/edge-privacy-faq
Safari: https://support.apple.com/hu-hu/HT201265


The controller points out that certain website functions or services may not function properly without cookies. The cookies used on the website are not in themselves suitable for identifying the user.
You can find information about cookies used by third-party service providers at the link below
– You can find information about Google cookies here: https://policies.google.com/technologies/types
– You can find information about Facebook cookies here: https://www.facebook.com/policies/cookies/

13. Use of Google AdWords conversion tracking

The data controller uses the online advertising program called “Google AdWords”, and also uses Google’s conversion tracking service within its framework.


Google conversion tracking is an analytical service of Google Inc. (hereinafter: “Google”).
Name: Google Inc.
Headquarters: 1600 Amphitheater Parkway, Mountain View, California CA 94043, USA
Data management policy: www.google.de/policies/privacy/


When a visitor accesses a website through a Google ad, a cookie required for conversion tracking is placed on their computer. The validity of these cookies is limited and they do not contain any personal data, so the visitor cannot be identified by them. When the visitor browses certain pages of the website and the cookie has not yet expired, both Google and the data controller can see that the viewer has clicked on the ad. Since each Google AdWords customer receives a different cookie, they cannot be tracked through the websites of AdWords customers.


The information – obtained with the help of conversion tracking cookies – serves the purpose of creating conversion statistics for customers who choose AdWords conversion tracking. In this way, clients are informed about the number of users who click on their ad and are redirected to a page with a conversion tracking tag. However, they do not get access to information that could identify any user.


If the visitor does not want to participate in conversion tracking, he can reject it by disabling the possibility of installing cookies in his browser. After that, the visitor/user will not be included in the conversion tracking statistics.


In view of the fact that no personal data is processed during the application of Google AdWords, there was no need to provide for the fact, purpose, and legal basis of data processing in this section of the data management information.

14. Application of Google Analytics

The website uses the Google Analytics application, which is a web analysis service of Google Inc.
Name: Google Inc.
Headquarters: 1600 Amphitheater Parkway, Mountain View, California CA 94043, USA
Data management policy: www.google.de/policies/privacy/


Google Analytics uses so-called cookies, text files that are saved on the user’s/visitor’s computer, thus facilitating the analysis of the use of the website visited by the viewer.


The information created by the cookie related to the website used by the user/visitor is usually sent to and stored on one of Google’s servers in the USA. By activating IP anonymization on the website, Google shortens the user’s IP address – within the member states of the European Union or in other states that are parties to the Agreement on the European Economic Area.


The full IP address is transmitted to a Google server in the USA and shortened there only in exceptional cases. On behalf of the website operator, Google will use this information to evaluate how the user/visitor used the website, and to prepare reports related to website activity for the website operator, as well as to provide further information about website and internet usage. perform services.


Within the framework of Google Analytics, the IP address transmitted by the user’s browser is not compared with other Google data.


The user can prevent the storage of cookies by setting their browser accordingly. In this case, it is possible that not all functions of the website will be fully usable.


The user can also prevent Google from collecting and processing data related to the user’s use of the website through cookies, including the IP address, by downloading and installing the browser plugin available at the following link: https://tools.google.com /dlpage/gaoptout?hl=en

15. Newsletter service, direct marketing

15.1. XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activity. pursuant to § 6 of the Act, the user can give prior and specific consent to the service provider’s advertising offers and other mailings at the contact details provided when ordering the service. Furthermore, bearing in mind the provisions of this information, you can consent to the service provider handling your personal data necessary for sending advertising offers.


The data controller does not send unsolicited advertising messages.


The user can unsubscribe from the sending of offers free of charge, without limitation or justification. In this case, the service provider deletes all personal data necessary for sending advertising messages from its records and does not contact the user with further advertising offers.


The user can unsubscribe from advertisements by clicking on the link in the message.
The fact of data collection, the scope of processed data and the purpose of data management:

Personal data

Purpose of data management

Name, email address
Identification, enabling subscription to the newsletter
Date of Subscription
Execution of a technical operation
IP address at the time of subscription
Execution of a technical operation
  • – Scope of stakeholders: all stakeholders who subscribe to the newsletter.
    – Purpose of data management: sending electronic messages (e-mail, sms) containing advertising to the data subject, providing information about current information, services, promotions, new functions…. etc.
    – Duration of data management, deadline for data deletion: data management lasts until withdrawal of consent, i.e. until unsubscription.

Name and contact information of the data processor used during data management:

15.2. The data controller so-called does not carry out direct marketing activities. In the case of direct marketing, a specialized service provider collects an e-mail address list according to specific criteria and hands it over to the customer for use.


The data manager is not in contact with an external service provider that would provide the data manager with a list of e-mail addresses for the purpose of sending marketing messages.


The data controller – sends a newsletter based on prior consent to those concerned who specifically requested it. A newsletter is an e-mail that is sent to an address list collected by the data controller. The data controller is also responsible for collecting and maintaining the address list and actually sending out the letters.

16. Social media sites

The data controller maintains Facebook and Instagram pages for the purpose of introducing and promoting its products and services. Questions and comments posted on the data manager’s Facebook and Instagram pages are not considered an officially submitted complaint. The data manager is Facebook and Instagram


the personal data published by visitors on the website is not managed by the data manager. Visitors are governed by the data management rules of the given social media page.


In case of publication of illegal or offensive content, the data controller may exclude the person concerned from the members of the social media site or delete his/her comments without prior notice. The data manager is not responsible for data content and comments posted by Facebook and Instagram users that violate the law. The data manager is not responsible for any errors, malfunctions or problems arising from changes to the operation of the system resulting from the operation of Facebook and Instagram.


– The fact of the data collection, the scope of the processed data: the name registered on the Facebook and Instagram social networking sites, and the user’s public profile picture.
– Scope of stakeholders: all stakeholders who registered on any of the listed social media sites and “liked” (liked) the website.
– Purpose of data collection: sharing, “liking” (liking) and promoting certain content elements, services, promotions or the website itself on social networks.
– The duration of the data management, the deadline for deleting the data, the person of the possible data managers entitled to access the data and the description of the rights of the data subjects related to data management: the data subject can find out about the source of the data, its management, and the method and legal basis of the transfer on the given social page. Data management takes place on social networking sites, so the duration and method of data management, as well as the options for deleting and modifying data, are governed by the regulations of the respective social networking site.


The most frequently used social media sites by the website:
FACEBOOK
Name: Facebook Inc
Address: 1 Hacker Way Menlo Park, California 94025, United States of America
Email: press@fb.com
Website: www.fb.com
Data management policy: https://www.facebook.com/help/325807937506242
INSTAGRAM
Name: Instagram Inc
Website: www.instagram.com
Data management policy: https://help.instagram.com/155833707900388
The legal basis for data management: the voluntary consent of the concerned person to the processing of his personal data on social networking sites.

III. Other provisions

17. Customer correspondence of the service, handling of complaints

If you have any questions or problems while using our services, you can contact the editors of the service at http://corvinbp.com/kapotlas.


The data manager deletes the received letters, together with the sender’s name and e-mail address, as well as other voluntarily provided personal data, no later than five (5) years after the case has been settled.


The fact of data collection, the scope of processed data and the purpose of data management:

Description of personal data

Purpose of data management

Is it mandatory to give?
Name
Identification, contact
Yes.
E-mail address*
Contact
Yes.
Phone number
Contact
Yes.
Message
Management of quality objections, questions and problems arising in connection with the ordered service.
Yes.

(* In the case of an e-mail address, it is not necessary to include personal data.)

• Scope of stakeholders: all stakeholders who order the service and complain about quality.

• Duration of data management, deadline for deletion of data: copies of the record of the objection, transcript and the response to it, CLV of 1997 on consumer protection. Act 17/A. It must be kept for (5) years on the basis of paragraph (7) of §


• Person of possible data controllers entitled to access the data, recipients of personal data: personal data can be handled by the sales and marketing staff of the data controller, in compliance with the principles defined in these regulations.

 

Description of the rights of data subjects related to data management:


• the data subject may request from the data controller access to personal data relating to him, their correction, deletion, or restriction of processing,
• you can object to the processing of such personal data,
• the data subject has the right to data portability and to withdraw consent at any time.

The data subject can initiate access to personal data, their deletion, modification or restriction of processing, portability of data, objection to data processing in the following ways
• by post to 1082 Budapest, Kisfaludy utca 3. III/5. at the registered address at
• by e-mail at office@k46residence.com,
• by phone at +36 20 356 2252.

 

The person concerned can inquire about the direct contact of the appointed administrative employee at the e-mail address or telephone number provided above.
The legal basis for data management: Article 6 (1) point c) of the Regulation and CLV of 1997 on consumer protection. Act 17/A. (7) of §
We inform you that the provision of personal data is based on a contractual obligation. A prerequisite for concluding a contract is the management of personal data. You are required to provide personal data so that we can handle your complaint. Failure to provide data will result in us not being able to handle your complaint.

18. Customer relations and other data management

If the data subject has any questions or problems while using the data controller’s services, he can contact the data controller using the methods provided on the website.


Király Boutique Residence Kft.


• by post to 1082 Budapest, Kisfaludy utca 3. III/5. at the registered address at
• by e-mail at office@k46residence.com,
• by phone at +36 20 356 2252.

The data manager deletes received e-mails, messages, data provided by telephone, Facebook or Instagram, together with the name and e-mail address of the interested party, as well as other voluntarily provided personal data, after a maximum of (2) years from the date of data communication.


The data controller or the employee employed by the data controller will provide information on data processing not listed in this information when the data is collected.


In the case of an exceptional official request, or in the case of requests from other bodies based on the authorization of the law, the data controller is obliged to provide the requested information, communicate and transfer data, and make documents available.


In these cases, the data manager only releases personal data to the requester – if he has indicated the exact purpose and the scope of the data – to the extent and to the extent that is absolutely necessary to achieve the purpose of the request.

19. Rights of data subjects

19.1. Right of access


The data subject has the right to receive feedback from the data controller as to whether his personal data is being processed, and if such data processing is underway, he is entitled to access the personal data and the information listed in the Regulation.


19.2. Right to rectification


The data subject has the right to request that the data controller correct inaccurate personal data concerning the data subject without undue delay. Taking into account the purpose of the data management, the data subject is entitled to request the completion of incomplete personal data, including by means of a supplementary statement.


19.3. The right to erasure


The data subject has the right to request that the data controller delete the personal data concerning the data subject without undue delay, and the data controller is obliged to delete the personal data concerning the data subject without undue delay under certain conditions.


19.4. The right to be forgotten


If the data controller has disclosed the personal data and is obliged to delete it, taking into account the available technology and the costs of the implementation, it will take the reasonably expected steps – including technical measures – in order to inform the data controllers handling the data that the data subject has requested the personal data in question deleting links to data or copies or duplicates of personal data.


19.5. The right to restrict data processing


The data subject has the right to request that the data controller restricts data processing if one of the following conditions is met:


• the data subject disputes the accuracy of the personal data. In this case, the limitation applies to the period that allows the controller to check the accuracy of the personal data,
• the data management is illegal and the data subject opposes the deletion of the data and instead requests the restriction of their use,
• the data controller no longer needs the personal data for the purpose of data management, but the data subject requires them to present, enforce or defend legal claims,
• the data subject objected to data processing. In this case, the limitation applies to the period until it is determined whether the legitimate reasons of the data controller take precedence over the legitimate reasons of the data subject.

 

19.6. The right to data portability


The data subject has the right to receive the personal data concerning him/her provided by him/her to a data controller in a segmented, widely used, machine-readable format, and is also entitled to transmit this data to another data controller without being hindered by the data controller whose made the personal data available to you.


19.7. The right to protest


The data subject has the right to object to the processing of his personal data at any time for reasons related to his own situation, including profiling based on the aforementioned provisions.


19.8. Objection in case of direct acquisition of business


If personal data is processed for direct business acquisition, the data subject has the right to object at any time to the processing of personal data concerning him for this purpose, including profiling, if it is related to direct business acquisition. If the data subject objects to the processing of personal data for the purpose of direct business acquisition, then the personal data may no longer be processed for this purpose.


19.9. Automated decision-making in individual cases, including profiling


The data subject has the right not to be covered by the scope of a decision based solely on automated data management, including profiling, which would have legal effects for the data subject or would significantly affect the data subject.


The previous paragraph does not apply if the decision:


• necessary in order to conclude or fulfill the contract between the data subject and the data controller,
• it is made possible by EU or Member State law applicable to the data controller, which also establishes appropriate measures to protect the rights and freedoms and legitimate interests of the data subject, or
• is based on the express consent of the data subject.
The data manager notes within the framework of this data management information that automated decision-making does not take place at the company, and the data manager does not perform profiling. The data controller does not use behavior-based advertising during the operation of the website. For example, intelligent product recommendations and remarketing ads qualify as behavioral advertising.

20. Deadline for action

The data controller shall inform the applicant of the measures taken following the above requests without undue delay, but within (1) month from the date of receipt of the request.


If necessary, the action deadline can be extended by (2) months. The data controller informs the applicant of the extension of the deadline – specifying the reasons for the delay – within (1) month of receiving the request.


If the data controller does not take measures following the request of the requester, it shall inform the requester without delay, but no later than within (1) month of the receipt of the request, of the reasons for the failure to take action, as well as of the fact that the requester may file a complaint with a supervisory authority and exercise his right to judicial redress.

21. Informing the data subject about the data protection incident

If the data protection incident likely involves a high risk for the rights and freedoms of natural persons, the data controller shall inform the data subject of the data protection incident without undue delay.

In the information given to the person concerned, the nature of the data protection incident must be clearly and comprehensibly described and the name and contact details of the data protection officer* or other contact person providing additional information must be provided. The likely consequences of the data protection incident must also be described. In addition, the measures taken or planned by the data controller to remedy the data protection incident must be described, including, where appropriate, measures aimed at mitigating any adverse consequences resulting from the data protection incident.

(*The data controller states in this data management information that a data protection officer was not appointed when this data management information entered into force, because this data manager is not obliged to do so according to the current legislation.)

The data subject does not need to be informed if any of the following conditions are met:

• the data controller has implemented appropriate technical and organizational protection measures and these measures have been applied to the data affected by the data protection incident, in particular those measures – such as the use of encryption – that make the personal data unintelligible to persons not authorized to access the personal data data,
• after the data protection incident, the data controller has taken additional measures to ensure that the high risk to the rights and freedoms of the data subject is unlikely to materialize in the future,
• providing information would require a disproportionate effort. In such cases, the data subjects must be informed through publicly published information, or a similar measure must be taken that ensures similarly effective information to the data subjects.


If the data controller has not yet notified the data subject of the data protection incident, the supervisory authority, after considering whether the data protection incident is likely to involve a high risk, may order the data subject to be informed.

22. Notification of the data protection incident to the authority

The data controller shall report the data protection incident to the competent supervisory authority (NAIH) on the basis of Article 55 of the Regulation without undue delay, and if possible no later than (72) hours after becoming aware of the data protection incident, unless the data protection incident probably does not pose a risk to the rights and freedoms of natural persons. If the notification is not made within (72) hours, the reasons justifying the delay must also be attached.

23. Remedies

23.1. The data subject may request information about the management of his personal data, as well as request the correction of his personal data or, with the exception of data processing mandated by law, the deletion of his personal data in the manner indicated at the time of data collection.

At the request of the data subject, the data controller provides information about the data managed by it or processed by the processor commissioned by it, the purpose, legal basis, duration of the data processing, the name, address (headquarters) of the data processor and its activities related to data processing, as well as who and for what purpose receive or have received the data. The data controller shall provide the information in writing in an understandable form as soon as possible, but no later than (30) days after the submission of the request. This information is free of charge if the information requester has not yet submitted an information request for the same area to the data controller in the current year. In other cases, the data controller may determine reimbursement.

23.2. The data controller deletes personal data if

• handling is illegal,
• the person concerned requests,
• the purpose of data management has ceased, or
• the statutory period for data storage has expired, as well as
• it was ordered by the court or the National Data Protection and Freedom of Information Authority.

 

The data controller notifies the data subject of the correction and deletion, as well as all those to whom the data was previously transmitted for the purpose of data management. The notification is omitted if this does not violate the legitimate interest of the data subject in view of the purpose of the data management.

23.3. The data subject may object to the processing of his personal data if

• the processing (transmission) of personal data is necessary only to enforce the rights or legitimate interests of the data controller or the data recipient, unless the data processing is mandated by law;
• personal data is used or forwarded for the purpose of direct business acquisition, public opinion polls or scientific research;
• exercising the right to protest is otherwise permitted by law.

 

The data manager will examine the objection as soon as possible, but no later than (15) days after the submission of the request, with the simultaneous suspension of data management, and will inform the applicant in writing of the result. If the protest is justified, the data controller will terminate the data management – including further data collection and data transmission – and block the data, as well as notify all those to whom the personal data affected by the protest was previously transmitted about the protest and the measures taken based on it. are obliged to take measures to enforce the right to protest.

If the data subject does not agree with the decision made by the data controller, he/she may appeal to the court within (30) days of its notification.

The data controller cannot delete the data subject’s data if the data processing is ordered by law. However, the data cannot be forwarded to the data recipient if the data controller has agreed to the protest, or the court has established the legitimacy of the protest.

In the event of a violation of their rights, the data subject may apply to the court against the data controller. The court acts out of sequence in the case.

The data controller compensates the damage caused to others by the illegal processing of the data subject or by violating the requirements of technical data protection. The data manager is exempted from responsibility if the damage was caused by an unavoidable cause outside the scope of data management. It does not reimburse the damage to the extent that it resulted from intentional or grossly negligent behavior of the injured party.

23.4. The data controller may file a complaint against a possible violation of the law at the court of the company’s registered office, within the framework of litigation, in view of the subject matter of the case within the framework of proceedings initiated before the Pest Central District Court

Address: 1055 Budapest, Markó utca 25.
Mailing address: 1887 Budapest, Pf. 28.
Central telephone number: +36 1 354 6000

obsession
within the framework of proceedings initiated before the Metropolitan Court
Address: 1055 Budapest, Markó utca 27.
Phone number: +36 1 354 6000

 

23.5. You can also file a complaint with the National Data Protection and Freedom of Information Authority, as a supervisory authority.
Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Postal address: 1530 Budapest, Pf.: 5.
Phone: +36 (1)391-1400
Fax: 06 1 391 1410
Website: https://naih.hu
E-mail: ugyfelszolgalat@naih.hu

The data controller informs the data subjects that all natural persons have the right to appeal to the court against the legally binding decision of the supervisory authority, or if the supervisory authority does not deal with the data subject’s complaint, or does not inform the data subject within (3) months of the procedural steps related to the submitted complaint developments or their results.

24. Final Provisions

24.1. The data controller informs the data subjects that the court, the prosecutor, the investigative authority, the infringement authority, the public administrative authority, the National Data Protection and Freedom of Information Authority, the Hungarian National Bank, or other bodies based on the authorization of the law, provide information, communicate data, and transfer , or in order to make documents available, they can contact the data controller and oblige them to release the data of an affected person. By virtue of the law, the data controller is obliged to comply with this obligation towards the authority and other bodies.


If the authority has indicated the exact purpose and the scope of the data, the data controller will only release personal data to the authorities to the extent and to the extent that is absolutely necessary to achieve the purpose of the request.

 

24.2. The data controller prepared this data management information sheet in accordance with the following legislation:

 

• Regulation (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and the free flow of such data, as well as the repeal of Regulation 95/46/EC (General Data Protection Regulation). April 27)
• CXII of 2011. Act – on the right to self-determination of information and freedom of information
• CVIII of 2001 Act – on certain issues of electronic commercial services and services related to the information society, in particular its 13/A. to the provisions of §
• XLVII of 2008 Act – on the prohibition of unfair commercial practices towards consumers,
• XLVIII of 2008 law – on the basic conditions and certain limitations of economic advertising, especially its provisions contained in § 6.
• 2005 XC. Act on Electronic Freedom of Information
• Act C of 2003 on electronic communications, especially its provisions contained in § 155
• 16/2011. Opinion No. EASA/IAB Recommendation on Best Practices for Behavioral Online Advertising
• the recommendation of the National Data Protection and Freedom of Information Authority is prior information on data protection requirements