Tető Centrum 95 Kft. (Registered office: 3300 Eger, Radnóti Miklós utca 48 .; company registration number: 10-09-026050; tax number: 13289043-2-10; hereinafter: “Company”) is present this data management information (hereinafter: “Information”). Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46 (hereinafter referred to as the GDPR) and the CDII of 2011 on the right to information self-determination and freedom of information. the exercise of the right to information of the data subject specified in the Act (hereinafter: “Information Act”).
The material scope of the Prospectus covers all processes carried out at all organizational units of the Company, during which personal data is processed.
The Prospectus shall remain in force until revoked. The Company reserves the right to amend this Prospectus by providing a notice on the website of the amended Prospectus.
I. Data controller
Data handler: Tető Centrum 95 Kft.
The registered office of the company: 4800 Eger, Radnóti Miklós utca 48.
Company registration number: 10-09-026050
Tax number: 13289043-2-10
Phone number: +36 (30) 688 7034
Email address: firstname.lastname@example.org
I. General concepts
(a) data subject: a natural person identified or identifiable on the basis of any information, a natural person who, directly or indirectly, in particular an identifier such as name, identification number, location data, online identifier or , identifiable by one or more factors relating to its economic, cultural or social identity);
(b) "personal data" shall mean any information relating to an identified or identifiable natural person (data subject), such as the name of the data subject, his or her identification mark and one or more physical, physiological, mental, economic, cultural or social identities; knowledge and the conclusion to be drawn from the data on the data subject);
(c) "specific data" shall mean all data belonging to specific categories of personal data, ie personal data referring to racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data for the unique identification of natural persons, health data and personal data concerning the sexual life or sexual orientation of natural persons;
(d) "controller" shall mean any natural or legal person, or any entity without legal personality, who, individually or together with others, determines the purpose for which the data are processed, by law or by a binding act of the European Union; make and implement decisions on the device or with the data controller;
(e) "data management" means any operation or set of operations, irrespective of the procedure used, in particular collecting, recording, recording, organizing, storing, altering, using, retrieving, transmitting, disclosing, reconciling or linking, blocking, deleting and destroying , and to prevent further use of the data, the taking of photographs, sound or images and the recording of physical characteristics capable of identifying the person (eg fingerprints or palm prints, DNA samples, irises);
(f) "processor" shall mean any natural or legal person, or any entity without legal personality, who processes personal data on behalf of or under the authority of a controller, within the limits and under the conditions laid down by law or by a binding act of the European Union;
(g) "data protection incident" means a breach of data security which results in the accidental or unlawful destruction, loss, alteration, unauthorized transfer or disclosure of, or unauthorized access to, personal data which have been transmitted, stored or otherwise handled.
Other legislation cited:
Grt .: Act XLVIII of 2008 on the basic conditions and certain restrictions of economic advertising activity. law
Szvmt .: Act CXXXIII of 2005 on the rules of personal and property protection and private investigation. law
Szvt .: Act C of 2000 on Accounting
Tht .: Act CXXXIII of 2003 on condominiums. Law
III. The Company's data management
Description of data management Purpose of data management Legal basis of data management Duration of data management
VISITING THE WEBSITE It is not necessary to provide personal data in order to view the information published by the Company on the https://1552.hu website. The Company uses Google Analytics cookies to analyze visitor preferences in order to ensure the user-friendliness of the website (eg number of visitors to the website and subpages, duration of visit, order of viewing pages, search terms used, browser type, geographical location of the computer). .) The Company does not collect personal data about the visitors of the website. The cookies used on the website only record the anonymous IP address of the visitor's computer and do not collect any personal data that could be used to identify a person. The Company does not process any personal information other than the visitor's anonymized IP address in connection with this activity. The Company does not process any personal information other than the visitor's anonymized IP address in connection with this activity. The Company does not process any personal information other than the visitor's anonymized IP address in connection with this activity.
REQUEST FOR QUOTATION In case of inquiry on the Company's website, in person, by e-mail or telephone, or in case of a request for quotation, in addition to the data related to the planned stay, the following personal data must be provided: name, e-mail address or telephone number. The purpose of data management is to make contact and keep in touch, as well as to send information and offers. The legal basis for data processing is the consent of the data subject [Article 6 (1) GDPR. (a)] and the legitimate interest of the data subject and of the Company [Article 6 (1) GDPR. point f)]. The duration of the processing shall last until the date of the data subject's request for erasure or the withdrawal of the data subject's consent.
BOOKING, PAYMENT In connection with booking and payment on the Company's website, in person, by e-mail or by telephone, the Company It handles the personal identification data, address data, contact information and vehicle registration number required for the issuance of a document pursuant to Section 169. If the guest comes from a third country, the Company is also obliged by law to record additional data, these are the following:
personal identification data (birth name, place and time of birth, sex, mother's birth name, citizenship);
travel document identification;
the address of the accommodation;
start and end dates of the accommodation;
visa / residence permit number and
date and place of entry. The purpose of data management is to conclude and fulfill the contract between the Company and the guest, to keep in touch, to provide a parking space, and to issue an invoice. The legal basis for data processing is the consent of the data subject [Article 6 (1) GDPR. (a)] and the conclusion and performance of the contract between the data subject and the Company [Article 6 (1) GDPR. b)]. The duration of data management is 8 (eight) years after the performance of the contract, according to the Szvt. in accordance with the legal provisions on the retention of documents
DIRECT MARKETING If the data subject subscribes to the Company's newsletter, the Company will send it a newsletter at a frequency of its own discretion. By subscribing to the newsletter, the data subject consents to the Company processing the personal data required for this purpose. To subscribe to the newsletter, you need to enter your name, address, phone number and e-mail address to be able to deliver messages. The Company will process the data until the data subject requests its deletion or withdraws its consent. The option to unsubscribe is provided by a direct link in each newsletter. The purpose of data management is the direct acquisition of business by the Company through direct marketing activities, in the framework of which the data subject is informed about the services of the Company. The legal basis of the data management is the voluntary consent of the data subject and the Grt. Section 6 (5). The duration of the processing shall last until the date of the data subject's request for erasure or the withdrawal of the data subject's consent.
Description of data management Purpose of data management Legal basis of data management Duration of data management
PROCESSING OF THE DATA OF JOB APPLICANTS The Company handles the personal data contained in the “in-flight” and targeted CVs received by it directly or through a labor intermediary and in the attached other documents. The purpose of data management is to inform the data subject about the most suitable job opportunities for his or her education and interests, to arrange a date with the data subject and to carry out the selection procedure. The legal basis for the processing is the voluntary consent of the data subject [Article 6 (1) GDPR. (a)], which gives the consent of the data subject by sending his / her CV and related documents. Duration of data management In case of a successful application, the duration of the employment relationship, in case of an unsuccessful application, the application material of the unsuccessful applicants will be deleted after the selection.
DATA MANAGEMENT RELATED TO CAMERA SURVEILLANCE The Company operates an electronic monitoring and recording system in the areas indicated by a camera pictogram or alert information at the registered office (monitored areas). The camera system monitors the common areas of the hotel. The camera surveillance system captures the image and actions of people entering the monitored area. The camera surveillance system does not record sound. Authorized employees of the data controllers are entitled to view the current image and the recordings of the cameras. The camera system is operated by the Company, it does not use a service provider, so only the Company qualifies as a data controller. The purpose of data management is the protection of property and the protection of persons in the building, the protection of business secrets, and the proof of possible abuses and violations. The legal basis for data management is, on the one hand, the voluntary consent of the data subject (entering the building) and, on the other hand, the Tht. § 25 provided by law. The duration of data management is 15 (fifteen) days from the recording, after which the recordings are automatically deleted in the Tht. In accordance with Section 25.
IV. The scope of access to the data
Personal data may be disclosed to employees of the Company with access rights related to the relevant data management purpose, or to persons and organizations performing data processing or outsourced activities on the basis of service contracts for our company, to the extent specified by our company and to the extent necessary to perform their activities.
During the data processing, the Company uses the services of the following data processors within the framework of the relevant service contracts.
a) Contindigo Kft. (registered office: 3300 Eger, Szvorényi utca 4 .; tax number: 14360479-2-10)
The above company provides the Company's accounting and payroll accounting, so it carries out data processing activities with regard to the documents issued by the Company (and the personal data processed on them), as well as the data processed in connection with payroll accounting.
b) Creative Management Kft. (registered office: 8200 Veszprém, Boksa tér 1. A. ép .; tax number: 13881676-2-19)
The above company operates the website of the Company, within the framework of which it performs electronic data processing activities for the Company.
c) NetHotelBooking Hotel Kft. (registered office: 8200 Veszprém, Boksa tér 1 .; tax number: 22710776-2-19)
The above company provides the Company with hotel management software called RESENWEB, in the framework of which it performs electronic data processing activities for the Company.
V. Rights with regard to data processing and their enforcement
5.1. Right to request information and access
The person concerned may request information in writing from the Company in order for the Company to inform:
a) what personal data,
b) on what legal basis,
c) the purpose of the data processing,
d) from what source,
e) how long it handles,
f) to whom, when, under what legislation the Company granted access to its personal data or to whom it transmitted its personal data.
The Company shall fulfill the request of the data subject within a maximum of 15 (fifteen) days, by e-mail or post sent to the contact details provided by the data subject.
Prior to the fulfillment of the request, the Company may request the data subject to specify its content and to specify the requested information and data management activities.
If the data subject's right of access under this section adversely affects the rights and freedoms of others, in particular the trade secrets or intellectual property of others, the Company shall be entitled to refuse the data subject's request to the extent necessary and proportionate.
In the event that the data subject requests the above information in several copies, the controller shall be entitled to charge a fee that is proportionate and reasonable to the administrative costs of making the additional copies.
If the personal data indicated by the data subject is not handled by the Company, it is also obliged to inform the data subject in writing.
5.2. Right to rectification
The data subject may request in writing that the Company amend his or her personal data that is inaccurate, incorrect or incomplete. In this case, the Company shall clarify or correct the indicated personal data without delay, but no later than within 5 (five) days, or, if it is compatible with the purpose of data processing, with additional personal data provided by the data subject or with a statement attached to the personal data processed by the data subject. complements. The Company shall notify the data subject by e-mail or post to the contact details provided by the data subject.
The Company is released from the obligation to make a correction if
a) accurate, correct or complete personal data are not available to him or her and are not made available to the Company by the data subject, or
(b) the veracity of the personal data provided by the data subject cannot be established beyond doubt.
5.3. Right of cancellation
The data subject may request the deletion of his personal data from the Company in writing. The data subject must submit his / her request for deletion in writing and must indicate which personal data he / she intends to delete for what reason.
The request for cancellation will be rejected by the Company if a legal obligation obliges the Company to further store personal data. If the Company has no such obligation, the Company shall comply with the data subject's request within a maximum of 15 (fifteen) days and shall notify the data subject by e-mail or post sent to the contact details provided by the data subject.
5.4. Right to lock
The data subject may request in writing that his / her personal data be blocked by the Company. The blocking lasts as long as the reason given by the data subject necessitates the storage of the data. The data subject may request the blocking of data, for example, if he or she believes that his or her personal data has been processed unlawfully by the Company, but in order for official or court proceedings initiated by the data subject, it is necessary that the personal data be processed by the Company.
5.5. Right to restrict data processing
The data subject may request in writing that the processing of his or her personal data be restricted by the Company. During the period of the restriction, the Company or the data processor commissioned by it or acting on its basis may perform other data processing operations with the personal data affected by the restriction only for the purpose of enforcing the legitimate interest of the data subject or as defined by law. Restrictions on data processing may be requested by the data subject if and for as long as
a) if the data subject disputes the accuracy, correctness or completeness of the personal data processed by the Company or the data processor and the accuracy, correctness or completeness of the personal data processed cannot be established beyond a reasonable doubt (for the period of clarification of the existing doubt),
b) if it would be necessary to delete the data, but on the basis of the written statement of the data subject or the information available to the Company, there is a reasonable presumption that the deletion would harm the data subject's legitimate interests (for the duration of the legitimate interest);
(c) where there is a need to delete the data, but in proceedings carried out by or with the participation of a public authority, it is necessary to retain the data as evidence (until the investigation or procedure is concluded).
In the event of a restriction, personal data may be processed, with the exception of storage, only with the consent of the data subject or for the purpose of bringing, enforcing or protecting legal claims or protecting the rights of another natural or legal person or in an important public interest.
The Company informs the data subject in advance about the lifting of the data management restriction.
The Company shall immediately inform the persons to whom the data subject has communicated his / her personal data, provided that this is not impossible or does not require a disproportionate effort from the Company, after the fulfillment of his / her request to exercise the right of restriction of the data subject. Upon request, the Company shall inform the data subject of these addressees.
5.6. Right to protest
Where the processing of data subjects' data is based on a legitimate interest, the data subject must be provided with adequate information and the exercise of the right to object in connection with the data processing. This right must be expressly brought to the attention of the data subject at the latest at the time of first contact.
On this basis, the data subject has the right to object to the processing of his / her personal data and in such a case the Company may not further process the data subject's personal data, unless it can be proved that
(a) the processing is justified by compelling legitimate reasons on the part of the Company which take precedence over the interests, rights and freedoms of the data subject; or
b) the data processing is related to the submission, enforcement or protection of the legal claims of the Company.
If the data subject objects to the processing of data for the purpose of direct marketing, the Company may no longer process the data of the data subject for this purpose.
5.7. Right of appeal
5.7.1. Dispute settlement with a company
The data subject may submit their protests and requests related to the processing of their personal data to the Company orally (in person) or in writing (by a document delivered in person or by other means, or by post or e-mail) at the contact details indicated in point I, the name of the Data Controller.
5.7.2. Right to complain
If you have not been able to satisfactorily resolve your protests, complaints or requests regarding your personal data with the Company, or at any time you consider that there has been an infringement or imminent threat of a breach of your personal data, you are entitled to report to the National Data Protection and Freedom of Information Authority. .
Contact details of the National Data Protection and Freedom of Information Authority
Headquarters: 1125 Budapest, Szilágyi Erzsébet avenue 22 / c. Mailing address: 1530 Budapest, Pf. 5
Phone: +36 (1) 3911400
Fax: +36 (1) 3911410
5.7.3. Right to go to court (right of action)
Irrespective of the right to complain, the data subject may apply to a court if the GDPR or the Infotv. rights granted by the
A lawsuit may be filed against the Company as a data controller with a domestic location in a Hungarian court.
The person concerned may also bring an action before the court of his place of residence. The contact details of the courts in Hungary can be found at the following link: http://birosag.hu/torvenyszekek.
VI. Other information
6.1. Enforcement of personal data rights after the death of the data subject
Within five years after the death of the data subject, the rights of the deceased during his or her life are entitled to be enforced by a person authorized by the data subject by an administrative order or a statement made to the data controller (in a public document or a private document with full probative value). If the data subject has not made such a declaration, the rights of the deceased in life may be asserted by a close relative of the deceased within five years after the death of the data subject (in case of several close relatives, .
6.2. Special provisions for camera recordings
6.2.1. Right to request information
Within 15 (fifteen) days from the beginning of the recording, the data subject may request information on what is shown on the recording in connection with the data subject. The application must indicate where and when the recording was made and what the data subject can be identified about. The Company will fulfill the request within 15 (fifteen) days.
6.2.2. Right to lock
Within 15 (fifteen) days from the beginning of the recording, the data subject may request, by proving his / her right or legitimate interest, that the data shall not be destroyed or deleted by the data controllers (blocking). The application must indicate where and when the recording was made, what the data subject can be identified about and for what reason he or she requests the blocking. Simultaneously with the blocking, it is expedient for the data subject to initiate the necessary official and court proceedings, as the recordings are issued by the Company only upon official, court request.
6.2.3. Right of access
The data subject may, within 15 (fifteen) days from the creation of the recording, request to have access to the recordings made about him or her. It is necessary to indicate in the application where and when the recording was made, what the data subject can be identified about, and on what day he or she wishes to see the recording. The Company can provide insight on weekdays from Monday to Friday, from 9 am to 3 pm.