(0)

Privacy policy

Privacy policy

Data of the controller:
Name: Gyenesdiás Tourism Association
Address: 2 Hunyadi u., Gyenesdiás, H-8315
Mailing address, handling of complaints: 2 Hunyadi u., Gyenesdiás, H-8315
E-mail: gyenesdias@t-online.hu
Telephone:  +36 83 511 790
Website: www.gyenesdias.info.hu
Registry court: Zalaegerszeg Regional Court
Tax number: 18966527-1-20

The purpose and validity of this privacy policy:

The purpose of this privacy policy is to identify the data controlling activities of Gyenesdiás Tourism Association, as a Controller, regarding personal data. These activities are:
– validating the constitutional principles of data protection
– comply with the rules of use and the lawful order of processing records and databases
– ensuring the requirements of the rights to informational self-determination and data protection

The validity of this privacy policy covers the handling of personal and special information processed by the co-workers of the Controller or by contracted third party data processors.

Applicable law:

  • Regulation (EU) 2016/679 of the European Parliament and the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)
    Law CXII of 2011 on the right to informational self-determination and freedom of information
    Law V of 2013 on the Civil Code, and Law XLVIII of 2008 on Essential Conditions of and Certain Limitations to Business Advertising Activity
    Law CXXX of 2016 on Code of Civil Procedure

We also took the recommendation of the National Authority for Data Protection and Freedom on information privacy requirements of prior notification into account when drawing up this Privacy Policy. The content of this Privacy Policy also covers the information control connected to the following website: www.gyenesdias.info.hu

We reserve the right to make amendments to our Privacy Policy by unilateral decision anytime. Thus, as a Controller entity, we are authorised but not obliged to inform the persons concerned by sending a system notification in case this Privacy Policy is amended. The persons concerned are authorised to exercise their rights related to the processing of data as described in this Privacy Policy and the existing legislation.

The scope of the data processed, the aim and the title of information control:
The Controller handles the personal information based on voluntary submission, or by legal authorisation. In case of voluntary submission, the person concerned can request for information about the scope of data processed and the way of the procession, moreover, withdraw their submission anytime. In case of legislation, the Controller will inform the persons concerned about the further processing of data, and about their possibilities to exercise their rights.

The personal information can be only handled by our co-workers, and by those data processors who have signed a data processing contract with us (as a Controller entity). The above-mentioned data controllers are authorised to handle the data only to the extent necessary to achieve the purpose and for the time granted by the legislation. These controllers are not authorised to make their own decisions, they are obliged to process only according to the contract signed with us, and to the instructions given by us (as a Controller entity). As a Controller entity, we monitor the processing of our partner data controllers. These partners are authorised to work with other data controllers only with our permission.

Data processing related to the certain activities of the Controller:

1. Guest inquiries
Legal basis of data processing: the submission of the person concerned
Scope of data: name, email address, telephone number, address
Aim of data processing: providing information
Data transmission: none
Data processors: not relevant
Deadline for deleting data: 6 months
Possible consequences of the absence of data: non-commencement of the service

2. Handling of complaints
Legal basis of data processing: the submission of the person concerned
Scope of data: name, email address, telephone number, address
Aim of data processing: handling of complaints
Data transmission: none
Data processors: not relevant
Deadline for deleting data: 5 years
Possible consequences of the absence of data: non-commencement of the service

3. Job applications
Legal basis of data processing: the submission of the person concerned
Scope of data: name, email address, telephone number, address
Aim of data processing: participating in a job interview
Data transmission: none
Data processors: not relevant
Deadline for deleting data: 2 months after the job interview
Possible consequences of the absence of data: refusal of the application

4. Registering for touristic cards – West-Balaton Card/Gyenesdiás Plus Card
Legal basis of data processing: contractual obligation
Scope of data: name, date of birth, accommodation, email address, telephone number, address
Aim of data processing: ensuring the use of the discount card
Data transmission: through IT system – West-Balaton Tourism Card System V 1.1, GYTE
Legal basis of data transmission: contractual obligation
Data processors: Sárkány Informatikai Zrt.
Deadline for deleting data: 2 years
Possible consequences of the absence of data: non-commencement of the service

5. Bicycle rental agreement
Legal basis of data processing: contractual obligation
Scope of data: name, address, ID card number, telephone number
Aim of data processing: ensuring the service
Data transmission: none
Legal basis of data transmission: not relevant
Data processors: not relevant
Deadline for deleting data: 5 years
Possible consequences of the absence of data: non-commencement of the service

6. Subscribing for newsletters (private correspondence)
Legal basis of data processing: the submission of the person concerned
Scope of data: name, email address, telephone number, address
Aim of data processing: providing information
Data transmission: through IT system
Legal basis of data transmission: contractual obligation
Data processors: Chrome Soft Kft.
Deadline for deleting data: 24 hours after the persons concerned withdraw their consent
Possible consequences of the absence of data: non-commencement of the service

7. Webshop purchasing and online ordering of brochures
Legal basis of data processing: contractual obligation
Scope of data: name, email address, telephone number, address
Aim of data processing: shipping the ordered items
Data transmission: through IT system
Legal basis of data transmission: contractual obligation
Data processors: Chrome Soft Kft., GYTE
Deadline for deleting data: 5 years
Possible consequences of the absence of data: non-commencement of the service

8. Requesting accommodation quotations
Legal basis of data processing: the submission of the person concerned
Scope of data: name, email address, telephone number, address
Aim of data processing: sending quotations
Data transmission: through IT system
Legal basis of data transmission: contractual obligation
Data processors: Chrome Soft Kft., GYTE
Deadline for deleting data: 6 months
Possible consequences of the absence of data: non-commencement of the service

9. Booking accommodation
Legal basis of data processing: contractual obligation
Scope of data: name, email address, telephone number, address
Aim of data processing: arranging accommodation
Data transmission: through IT system
Legal basis of data transmission: contractual obligation
Data processors: Chrome Soft Kft., GYTE
Deadline for deleting data: 5 years
Possible consequences of the absence of data: non-commencement of the service

10. Uploading the data of accommodations and services in a personal capacity to the portal
Legal basis of data processing: contractual obligation
Scope of data: name, email address, telephone number, address
Aim of data processing: arranging accommodation
Data transmission: through IT system
Legal basis of data transmission: contractual obligation
Data processors: Chrome Soft Kft., GYTE
Deadline for deleting data: 5 years
Possible consequences of the absence of data: non-commencement of the service

11. Employment contracts
Legal basis of data processing: legal obligation
Scope of data: name, mother’s name, birthplace and date, address, telephone number, social security number, bank account number
Aim of data processing: paying wages and contributions
Data transmission: Könyvel-Velem Kft.
Legal basis of data transmission: contractual obligation
Data processors: Könyvel-Velem Kft. – Klára Varga
Deadline for deleting data: 5 years after the termination of the contract
Possible consequences of the absence of data: non-payment of wages and contributions

12. Logging of the website of the Controller
Legal basis of data processing: the submission of the person concerned
Scope of data: anonymised IP address
Aim of data processing: making statistics
Data transmission: Chrome Soft Kft.
Legal basis of data transmission: the submission of the person concerned, contractual obligation
Data processors: Chrome Soft Kft.

Data processors during the booking/request process:

  • All of your data given during the booking process will be stored on the servers of Chrome-Soft Kft., as it provides us with the TCM booking system. Data transmission occurs through a safe HTTPS connection.
    The chosen accommodation receives your request and your data given during the booking process so that it can send you a specific quotation and ensure the accommodation or the service that you have chosen. Our partner accommodation providers handle the personal data involved in the booking and request process as individual controllers.
    List of accommodation providers: Accommodations

Social media
The information control happens through social media sites, so the duration, the way of data control, and the deleting, modifying possibilities are subject to the regulation of the social media sites.

Rights of the persons concerned
The persons concerned are authorised to ask for information about, correction or deletion of their personal data (except data regulated by the law) by clicking on the link at the end of our newsletters, or by contacting us at any of our contact details. If requested, we provide information on the data of the persons concerned controlled by us, the aim, the legal basis and the duration of data processing, the name, the address (seat) and the activity of the data processor connected to the data processing, moreover on the details of the persons who received the data, and on the purpose they receive or have received the data.
We are obliged to provide information as soon as possible, but maximum within one month from the date of request, in clear, written form, and for free.
We are also obliged to correct all incorrect personal data. We will cancel the personal detail if
• its handling is against the law,
• or the person concerned asks for it,
• or it is incomplete or incorrect – and we are legally not allowed to correct it – provided that the law does not exclude its cancelling,
• or the purpose of data control no longer exists,
• the period for data storage defined by the law has elapsed,
• or it is ordered by the court or by the data protection supervision.
We will inform the person concerned – and all those parties who have received the data from us for the data control – about the amendment or the deletion of the data. We will skip this step, if it does not harm the legitimate interest of the person concerned, regarding the purpose of the data control.
The person concerned may object the control of his/her personal data, in case
• this control (transmission) is exclusively required for enforcement of the rights or the legitimate interests of the Controller, except the data control is required by the law;
• the aim of the data control or transmission is direct marketing, survey or scientific research;
• the exercise of the right to object is supported by the law.
When receiving the claim, as Controllers we are obliged to examine the objection and to inform the claimer on the results in writing as soon as possible, but during not more than 15 days, under the simultaneous suspension of the data control. If the objection is justified, we will cease data control, including further data collection and transmission, block the data, and we will also give information about the objection and the following actions to all the parties to whom we have transmitted the data involved in the objection. These parties are obliged to take measures to ensure the exercise of the right of objection.

Means for data storing
Controller stores controlled data archived in paper form at its head office, the data of the actual year at the office of its accountant (Könyvel-Velem Kft.), while in electronic form the data will be stored on the computers in the head office, and the servers of the Chrome-Soft Kft. (partner company). The data transmitted to the partners (data processors) of the Controller are stored at the head offices of those partners.
During data control process, Controller ensures the person concerned, that

  • they can access their data when they need them;
    only parties can access the data, who are entitled to do so;
    the information and the accuracy and the completeness of the methods of data processing are protected.

Compensation
If any of the concerned persons suffer material or non-material damage due to the breach of the data protection legislation, they are entitled to claim damages from the Controller and/or from the data processor. If both the Controller and the data processor(s) are involved in the infringement, they will be severally liable for damage.
The data processor is liable for damage, only if they have breached the special regulations for data processors of the relating data protection laws, or if the damage is due to not considering the instructions of the Controller.
The Controller or the data processors are liable for damage, only if they cannot prove that they are not responsible for the event, or circumstances that caused the damage.

Legal remedy
If the person concerned states that the Controller or any of the data processors have breached their rights, they are entitled to contact the competent court appointed by the Civil Procedure Code (Pp.). The court will give priority to the case.
If the person concerned wants to file a complaint regarding the data control, they are entitled to contact the Hungarian National Authority for Data Protection and Freedom of Information. Contact information:
Address: 22/C, Szilágyi Erzsébet fasor, 1125 Budapest
Tel.: +36 1 391 1400 Fax: +36 1 391 1410
E-mail: ugyfelszolgalat@naih.hu
Website: www.naih.hu

Cooperation with the authorities
If the Controller receives a formal request from the competent authorities, it will compulsorily deliver the related personal data. The Controller will deliver only those data, which are necessarily required for achieving the objectives defined by the authority.

Gyenesdiás, 22nd May 2018