Apartman | Gallery | Places to visit | Contact | FAQ | Booking / Price | Blog | HU

GDPR

Data Protection Notice

 

Dear Dear Guests! !

At www.luxapartman-vodice.hu you will find an online booking system to book your stay at Luxapartman-vodice. Please be informed that in order to make a reservation, you will be required to provide certain personal data, as detailed below, in order for the reservation to be successful.
Please note that the personal data collected will be treated confidentially, in accordance with data protection legislation and international recommendations, and in accordance with this statement.
I inform you that the personal data collected will be treated confidentially, in accordance with data protection legislation and international recommendations, and in accordance with this statement.
I also inform you that the legal regime for the processing of personal data will change fundamentally as of 25 May 2018, as Regulation 2016/679 of the European Parliament and of the Council (EU) on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation) (hereinafter “GDPR”) will apply on a mandatory basis from that date. Translated with DeepL.com (free version) május 25. napjától, ugyanis ezen időponttól kezdve kötelezően alkalmazandó az Európai Parlament és a Tanács (EU) természetes személyeknek a személyes adatok kezelése tekintetében történő védelméről és az ilyen adatok szabad áramlásáról, valamint a 95/46/EK rendelet hatályon kívül helyezéséről (általános adatvédelmi rendelet) szóló 2016/679. rendelete (a továbbiakban: GDPR).
By making an online reservation through the website, you as a user accept the provisions of this Privacy Policy (hereinafter referred to as the “Privacy Policy”).

 

I. Basic concepts

personal data: information relating to an identified or identifiable natural person (the data subject) which can be associated with him or her, in particular the name, identification mark and one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity, and any inference relating to him or her which can be drawn from the data.

dataset: the set of data managed in a single register;

érintett: bármely információ alapján azonosított vagy közvetlenül vagy közvetve azonosítható természetes személy;

adatfeldolgozás: az adatkezelési műveletekhez kapcsolódó technikai feladatok elvégzése, függetlenül a műveletek végrehajtásához alkalmazott módszertől és eszköztől, valamint az alkalmazás helyétől, feltéve hogy a technikai feladatot az adaton végzik;

harmadik személy: olyan természetes vagy jogi személy, illetve jogi személyiséggel nem rendelkező szervezet, aki vagy amely nem azonos az érintettel, az adatkezelővel vagy az adatfeldolgozóval;

data protection:the set of technologies and organisational methods that enable the integrity, usability and confidentiality of the collected data assets;
Data breach: a breach of data security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

Data management::any operation or set of operations which is performed upon data, regardless of the procedure used, such as collection, recording, recording, organisation, structuring, storage, adaptation or alteration, use, consultation, retrieval, disclosure, transmission, dissemination or otherwise making available to the public or otherwise making accessible, alignment or combination, restriction, erasure or destruction of data or preventing their further use, taking of photographs, sound recordings or images, and physical features which can be used to identify a person (e.g. fingerprints, palm prints, DNA samples, iris scans).

Controller: the natural or legal person or unincorporated body which, alone or jointly with others, determines the purposes for which the data are to be processed, takes and executes decisions regarding the processing (including the means used) or requires the processor to do so.

transfer: making data available to a specified third party.

erasure: making data unrecognisable in such a way that it is no longer possible to recover it.
restriction of data management: marking of stored personal data for the purpose of limiting their future management;

consent: a voluntary, explicit and unambiguous indication of the data subject’s wishes, based on specific and adequate information, by which the data subject signifies his or her agreement to the processing of personal data concerning him or her, either in full or in relation to specific operations, by means of a statement or an act which unambiguously expresses his or her consent.
Consent shall be deemed to be given if the data subject, when consulting the website or when finalising the booking, ticks a checkbox or makes technical settings to that effect, or makes any other statement or takes any other action which, in the context of the particular case, clearly indicates his or her consent to the intended processing of personal data.

mandatory data processing: where the processing is required by law or, on the basis of a law, by a local government decree within the scope specified therein, for a purpose in the public interest.
disclosure: making the data available to anyone.

 

II. Name and contact details of the controller

Name of the data controller: Tarnóczyné Jakab Renáta
Address of data controller: 22211 Vodice, Don Ante Juriceva Police 15.
Phone: +36 20 317 61 36
Email: hello@luxapatman-vodice.hu

 

A Vendég jogosult arra, hogy kérésére adatkezelő korlátozza az adatkezelést, ha

The Data Controller processes the personal data of the Guests for the following purposes:
In the first instance, for the purposes of booking accommodation at Luxapartman-vodice.hu, you will be required to provide certain personal data, as detailed below.
It is also important to provide your personal data for the purposes of communicating with you about your booking, so that we can inform you if any material circumstances arise that you need to know about.

 

IV. Legal basis for data processing

The controller processes the personal data of guests on the following legal basis:
For the purpose of point III. a), Article 6(1)(b) GDPR, i.e. the performance of a contract to which the Guest, as data subject, is a party.
In the case of the purpose set out in point III. b), Article 6(1)(c) of the GDPR, i.e. the fulfilment of the legal obligation on the controller, namely the obligation to prepare a document or invoice.
For the purpose set out in point III. c), the data are processed on the basis of Article 6(1)(a) of the GDPR in order to provide you with adequate information on the relevant circumstances arising from the contractual relationship.
Where processing is necessary for other purposes or on other legal bases than those set out above, the controller shall inform the data subject individually, prior to the start of the processing, of all relevant information and of their rights in relation to the processing to be carried out.

 

V. Scope of the data processed

The use of the online booking platform on the website of the Data Controller is not subject to a separate registration, but for the purpose of booking accommodation we only request the data that is strictly necessary for the realisation of the service and the statutory requirements of the service.

The following personal data are required:
Name, (first and last name) Address,
Phone,
Email

 

VI. Duration of data processing

The processing of data concerning the Guest’s name, telephone number, address and e-mail address starts from the time of the booking and is deleted after the Guest leaves the apartment.


VII. Data security

The Data Controller will take all necessary steps to ensure the security of the personal data provided by the Guests. For reservations made on the website, the data is sent via the gmail mail system, which is governed by the Privacy Policy of the gmail mail system as defined by law.
The Facebook page is designed for the sole purpose of providing information, and data security on the Facebook page is governed by Facebook’s Privacy Policy as defined by law.
Personal data are collected when booking accommodation.
The reservation system operating through the website of the data controller is hosted on an external secure storage service provider, which does not have access to the data processed on this storage. The controller’s work processes are carried out on a password and anti-virus protected computer.

 

VIII. Guest’s rights and means of enforcement

The Guest has the right to receive feedback from the controller as to whether his/her personal data are being processed and, if so, to be informed of the data processed and of any relevant information concerning the processing.
The Guest may request the controller to correct inaccurate personal data concerning him/her without undue delay. Taking into account the purpose of the processing, he/she may request the integration of his/her personal data.
You may request the erasure of your personal data, unless the processing is necessary for compliance with the controller’s legal obligations or for the establishment, exercise or defence of legal claims. The controller shall erase personal data without undue delay if the processing is unlawful, incomplete or inaccurate, the purpose of the processing has ceased or the storage period has expired or has been ordered by a court or public authority, or the erasure is necessary to comply with a legal obligation to which the controller is subject.
Where the controller processes personal data on the basis of the data subject’s consent, the data subject may withdraw that consent. If there is no other legal basis for the processing, the controller shall erase the personal data concerned by the withdrawn consent.
The Guest is entitled to have the data controller restrict the processing at his/her request if.
the Guest disputes the accuracy of the personal data – for the time necessary to verify the accuracy;
the processing is unlawful, but the Customer objects to the deletion of the data and requests the restriction of use;
the controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of a legal claim; or the data subject objects to the processing of his or her data on grounds of public interest or the legitimate interests of the controller or a third party.
During the restriction period, the controller may not use the personal data for any purpose other than storage.
In the event of the exercise of the Guest’s rights, the Data Controller shall examine the data subject’s request and take the necessary measures and inform the Guest of these measures or the reasons for not taking them within one month of receipt of the request.

Enforcement:
The Guest may send his/her request for data processing to the data controller referred to in point I, at the address or e-mail address indicated therein.
In the event of a breach of his or her rights, the data subject may bring an action before the competent court at the address of the controller or, at his or her choice, the court of his or her place of residence or, failing that, the court of his or her place of stay.