Dear Guests!An online booking system is available on www.panziocentrum.hu, through which you can book accommodation on Szállás.hu, Booking.com, and in the traditional way.
I would like to inform you that in order to make a booking, certain of the personal details described below are required for the booking to be successful.
In connection with the processing of data, the data controller hereby informs you about the personal data processed on the website, the principles and practices followed in the processing of personal data, the organizational and technical measures taken to protect personal data, and the ways and means of exercising data subjects’ rights. I would like to inform you that the recorded personal data will be treated confidentially in accordance with this data protection law and international recommendations.
I would also like to inform you that the legal framework for the processing of personal data will change fundamentally from 25 May 2018, as from that date it will be mandatory for the European Parliament and the Council (EU) on the protection of individuals with regard to the processing of personal data and on the free movement of such data. and 2016/679 on the repeal of Regulation (EC) No 95/46 (General Data Protection Regulation). (hereinafter referred to as the GDPR).
By booking online through the Website, you agree to be bound by the provisions of this Privacy Statement (the “Privacy Statement”).
I. Basic concepts
personal data: information relating to an identified or identifiable natural person (data subject) which may be associated with him or her, in particular his or her name, identifying mark and knowledge of one or more physical, physiological, mental, economic, cultural or social identities, and a conclusion to be drawn on the data subject.
data set: the totality of the data managed in one register;data subject: any natural person identified or identifiable, directly or indirectly, on the basis of any information;data processing: the performance of technical tasks related to data management operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;third party: a natural or legal person or an entity without legal personality who is not the data subject, controller or processor;data protection: the set of technologies and organizational methods that enable the integrity, integrity, usability and confidentiality of the data collected;data protection incident: a breach of data security which results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise handled;data management: any operation on the data, or any combination of operations, regardless of the procedure used, in particular the collection, recording, recording, systematisation, segmentation, storage, transformation, alteration, use, retrieval, communication, dissemination or other disclosure, harmonization, interconnection, restriction, erasure and destruction of data, prevention of further use of data, pattern, iris image).“controller” means the natural or legal person, or any entity without legal personality, which alone or jointly with others determines the purposes for which the data are processed, and which makes or implements decisions relating to the processing (including the means used).
data transfer: making the data available to a specific third party.data erasure: making data unrecognizable in such a way that it is no longer possible to recover it.Restriction of data processing: marking of stored personal data in order to limit their future processing;consent: the voluntary, firm and unambiguous expression of the will of the data subject, based on specific and appropriate information, by which the data subject consents to the processing of personal data concerning him or her, in full or in part, by means of an unambiguous statement.Consent is considered to have taken place if the website concerned has been visited, or when finalizing a booking, select a check box or make technical adjustments to this effect, as well as any other statement or action that clearly indicates your consent to the intended processing of the data subject’s personal data in that context.mandatory data processing: if the data processing is ordered by law or – on the basis of the authorization of law, within the scope specified therein – by a decree of a local government for a purpose based on the public interest.disclosure: making data available to anyone.profiling: any form of automated processing of personal data in which personal data are evaluated in order to assess certain personal characteristics of a natural person, in particular his performance, economic situation, state of health, personal preferences, interests, reliability, behavior, location or movement used to analyze or predict.
II. Name and contact details of the data controller
Name of the data controller: Tisza River Ltd.Contact details of the data controller:Address: 4287 Vámospércs, Pacsirta utca 28., HungaryPhone number: +36 30 094 1104Email address: kfttiszariver@gmail.comIII. Purpose of data management
The data controller handles the personal data of the Guests for the following purposes:
In order to make a reservation in the apartment, it is necessary to provide certain personal details, which will be detailed later.We also need your personal details to issue an invoice for the accommodation.It is also important to provide your personal information in order to communicate with your booking so that we can inform you if any of the material circumstances you need to know about occur.For mandatory registration in the online guest registration software operated by the National Tourist Data Manager, NTAK and the Hungarian Tourism Agency at https://vendegem.hu/#/. Including the electronic recording of personal documents such as an identity card or passport (photographed, scanned).IV. Legal basis for data management
The data controller handles the personal data of the guests on the following legal basis:A III. For the purpose of point (a), Article 6 (1) (b) of the GDPR, ie the performance of a contract in which the Guest is one of the parties involved.A III. For the purpose set out in point (b), Article 6 (1) (c) of the GDPR, ie the fulfillment of a legal obligation on the controller, namely the obligation on the controller to draw up an invoice.A III. For the purpose of point (c), the data will be processed in accordance with Article 6 (1) (a) of the GDPR in order to be properly informed of the relevant circumstances arising from the contractual relationship.The accommodation provider must refuse the service if the guest refuses to provide the information required by law or regulation. The obligation to provide information also applies to minors.In the event of the need for data processing for other purposes or on other legal bases, the data controller is obliged to inform the data subject individually of all important information and rights related to the data processing to be performed before starting the data processing.
V. Scope of data processed
The use of the online booking interface on the data controller’s website is not subject to separate registration, however, the following personal data must be provided for the booking:
Name (surname and first name), maiden name, place of birth, time, address, photograph of both sides of identity card or valid passport, nationality.Phone number,E-mail address,Billing address.VI. Duration of data management
The processing of the data regarding the Guest’s telephone number and e-mail address will start from the date of booking and will be deleted after the Guest leaves the Guest House.
With regard to the name and billing address of the Guest, the data will be processed for the period of 8 (eight) years provided for in the Accounting Act, after which the data controller will destroy them.
VII. Data security
The data controller takes all necessary steps to ensure the security of the personal data provided by the Guests during the storage and preservation of both the network system and the data.
The reservation system operating through the data controller’s website has been placed with an external secure hosting provider, which does not have access to the data managed by the hosting provider. The data manager works on a computer protected by a password and antivirus software.
VIII. Guest Rights and Enforcement Options
The Guest is entitled to receive feedback from the data controller as to whether the processing of his / her personal data is in progress, and if so, to receive information about the data processed and all relevant information concerning the data processing.The Guest may request that the data controller correct the inaccurate personal data concerning him / her without undue delay. Depending on the purpose of the data processing, you may request that your personal data be supplemented.You may request the deletion of your personal data, unless the processing is necessary for the fulfillment of the data controller’s legal obligations or for the submission, enforcement or protection of legal claims. The data controller shall delete the personal data without undue delay if the processing of the data is illegal, incomplete or incorrect, the purpose of the data processing has expired or the storage period has expired or is ordered or deleted by a court or authority to fulfill the legal obligation of the data controller. .If the controller processes personal data with the consent of the data subject, the data subject may withdraw this consent. Unless there is another legal basis for the data processing, the data controller shall delete the personal data affected by the revoked consent.The Guest has the right to request the data controller to restrict the data processing ifthe Guest disputes the accuracy of the personal data – for the time necessary to verify the accuracy;the data processing is illegal, but the Guest objects to the deletion of the data and requests a restriction on its use;the controller no longer needs the personal data for the purpose of processing the data, but the data subject requests them in order to submit, enforce or protect his or her legal claim; obsessionthe data subject objects to the processing of his or her data in the public interest or on the basis of a legitimate interest of the controller or of a third party.During the restriction, the data controller may not use the personal data for purposes other than storage.In case of exercising the rights of the Guest, the data controller shall examine the request of the data subject and take the necessary measures and inform the Guest about these and the reasons for non-compliance within one month after receiving the request.
Enforcement:
The Guest may send his / her request related to data management to the data controller included in point I, to the address recorded there, or to an e-mail address.In the event of a breach of his or her rights, the data subject may apply to the court having jurisdiction over the controller’s address or, at his or her choice, the court having jurisdiction over his or her place of residence or, failing that, his or her place of residence.The Guest may also file a complaint with the National Authority for Data Protection and Freedom of Information (1125 Budapest, Szilágyi Erzsébet Fasor 22 / c.