Privacy and Data Management Information

Privacy and Data Management Information

General provisions

Operator: Dr. Mariann Zsifkó and Tamás Bálint

Address: 2481 Velence, Csongor utca 8/A., hereinafter referred to as the Accommodation.

Data protection and data management information valid from 13.09.2024.

Introductory provisions, purpose and scope of the information

The Accommodation is committed to the protection of the personal data of its guests and attaches great importance to respecting the right of information and self-determination of its customers. The accommodation will treat personal data confidentially, in accordance with the data protection legislation and international recommendations, and in accordance with this statement. This notice is available on the website and in paper form at the accommodation.

The data processing principles are in accordance with the data protection provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR).

The purpose of this notice is to provide data subjects with adequate information about certain of their rights and obligations in relation to the processing of their personal data. It will enable data subjects to understand the circumstances in which their personal data are processed.

Personal data will be processed by the accommodation only for predefined purposes and for the time necessary for the exercise of the rights and obligations. The accommodation shall only process personal data which is necessary for the purpose of the processing and which is suitable for the achievement of that purpose.

Basic terms

Data Controller: a natural or legal person or unincorporated body who, alone or jointly with others, determines the purposes for which the data are processed, takes and executes decisions regarding the processing (including the means used) or has them executed by a processor on its behalf;

Data processing: any operation or set of operations which is performed upon data, whatever the means used, in particular any collection, recording, recording, organisation, storage,

alteration, use, retrieval, disclosure, transmission, alignment or combination, blocking, erasure or destruction of data or any prevention of their further use, taking of photographs, sound recordings or images, or any other physical means of identification of a person (e.g. fingerprints, palm prints, DNA samples, iris scans).

Processing of data: the performance of technical tasks related to data processing operations, irrespective of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;

'processor' means a natural or legal person or an unincorporated body which, under a contract with a controller, including a contract entered into pursuant to a legal provision, processes data;

'transfer of data' means the making available of data to a specified third party;
erasure: rendering data unrecognisable in such a way that it is no longer possible to retrieve them;

Data Breach: unlawful processing or handling of personal data, in particular unauthorised access, alteration, disclosure, transmission, erasure or destruction, accidental destruction or accidental damage.

Data blocking: the marking of data with an identification mark for the purpose of limiting its further processing permanently or for a limited period of time;
Data subject: any natural person identified or identifiable, directly or indirectly, on the basis of personal data;

Third party: a natural or legal person or an unincorporated organisation which is not the same as the data subject, the controller or the processor; Third-country national: a person as defined in Act II of 2007 on the entry and residence of third-country nationals;

Consent: a voluntary and explicit indication of the data subject's wishes, based on appropriate information, by which he or she gives his or her unambiguous consent to the processing of personal data relating to him or her, either in full or in relation to specific operations;

Special Data: personal data concerning health;

MTÜ: Hungarian Tourism Agency (hereinafter referred to as MTÜ) is the governmental organisation of the tourism sector.

Disclosure: making data available to the public;

Accommodation: a building, part of a building or area established or used for the purpose of providing accommodation services.(2481, Velence Csongor street 8/A, the entire western side of the duplex.)

Personal data: data which can be associated with the data subject, in particular the name, the identification mark and one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity, and the inference which can be drawn from the data concerning the data subject;

Objection: a statement by the data subject objecting to the processing of his or her personal data and requesting the cessation of the processing or the erasure of the processed data;

VIZA: The Guest Information Closed Database (VIZA) is an IT system protected by multiple asymmetric encryption, in which the personal data of all guests staying in Hungarian accommodation establishments, as defined by law, are stored in encrypted form.

Data management

The Data Controller acknowledges that it is bound by the contents of this Privacy Policy (hereinafter referred to as the "Policy") and undertakes to ensure that its processing of data relating to its services complies with the provisions of the Code, the Policy and the legislation in force, in particular the following.

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation, hereinafter "GDPR").

Information on the mandatory recording of personal data

The Data Controller acknowledges that it is bound by the contents of this Privacy Policy (hereinafter referred to as the "Policy") and undertakes to ensure that its processing of data relating to its services complies with the provisions of the Code, the Policy and the legislation in force, in particular the following.

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation, hereinafter "GDPR").

Information on the mandatory recording of personal data

After 1 September 2021, in accordance with the legislation in force, the accommodation provider will record the personal data of the users of accommodation services in Hungary, as defined by law, in its accommodation management software via a document scanner and transfer it to a storage facility, the Closed Information Database for Guests (VIZA).

In order to protect the rights, safety and property of the data subject and others, and to check compliance with the provisions on the stay of third-country nationals and persons enjoying the right of free movement and residence, the accommodation provider will record the following data of the user in its accommodation management software upon check-in: surname and first name; surname and given name at birth, place of birth; sex; nationality; mother's maiden name and surname, identity or travel document identification data; in the case of third-country nationals, the visa or residence permit number, date and place of entry.

The contract between the parties is not fulfilled for reasons of force majeure.

The accommodation user presents the identification document to the accommodation provider for recording. Data which are not contained in the document shall not be recorded. Failing the presentation of the document, the accommodation provider shall refuse to provide the accommodation. By law, the accommodation provider is entitled to request the guest's identity document and the guest is obliged to present it.

The accommodation provider shall process the data of the guests until the last day of the year following the year in which they become known to the accommodation provider, for the purposes laid down by law. The system is operated by the hosting provider (MTÜ). The data cannot be accessed by either the hosting provider or the encryption key provider. By means of asymmetric encryption, the police may search the data stored in the statutory storage space, i.e. the VIZA system, for the purposes of law enforcement, crime prevention, public order, public security, the protection of the order of the state border, the rights, safety and property of the data subject and others, and the conduct of wanted persons proceedings.

Relevant legislation

Act CLVI of 2016 on State Tasks for the Development of Tourist Areas;Government Decree No. 235/2019 (X. 15.) on the implementation of the Act on the State Tasks of the Development of Tourist Areas; Government Decree No. 414/2015 (XII. 23.) on the issuance of identity cards and the rules for the uniform taking of facial images and signatures.

Dr. Mariann Zsifkó, Tamás Bálint.

Place of residence: 2481 Velence, Mandula utca 39.

Phone number: +36 30 5866771

E-mail address: aurora.apartman.velence@gmail.com

Web: : https://aurora-apartman-velence.hu

Use of private accommodation services

The processing of all data relating to the data subject in the context of the provision of services is based on voluntary consent and is aimed at ensuring the provision of the service and maintaining contact. The personal data contained in this section will be kept by the accommodation for the period of time required by the tax and accounting regulations in force.

Reservation

In the case of reservations made by e-mail or by telephone, the Accommodation shall/may request the Guest to provide the following data:

Surname and first name;*
By e-mail or telephone, please send us your full name and surname at the time of booking
place and date of birth;*
* name and surname, maiden name, maiden name, surname, maiden name, surname and
maiden name
nationality;*
mother's maiden name and surname;*
identification details of the identity document or travel document.*
EU: identity card number, driving licence number,
Non-EU country: passport (visa)
Number of persons,
number and age of children,
address,*
e-mail address,*
phone number,
billing address.*
* Mandatory data

The Guest is obliged to provide all the data to the Operator at the latest on arrival in order to be able to carry out the mandatory administrative tasks in the accommodation management software (GuestMy) and in the VIZA system.

We kindly ask the Guest to prepare his/her documents and to allow their data scanning in the VIZA system.

The provision of the mandatory data by the Guest is a condition for the use of the Accommodation Service.

Data from 3rd parties - accommodation booking, request for quote

The Accommodation works in cooperation with certain Websites (e.g. https://szallas.hu) In the case of a request for a quotation, the Service Provider receives the personal data of the person requesting the quotation (name, e-mail address, telephone number, address, number and age of children, pet ownership data) and a comment and the chosen payment method, based on the User's voluntary consent, at the same time as the request for quotation. In the case of an accommodation reservation, the Service Provider shall, on the basis of the User's voluntary consent, transmit the User's personal data (name, e-mail address, telephone number, data concerning pet ownership) and comments, as well as other reservation data (discount, request for a service at a surcharge, payment method chosen, etc.) to the Accommodation Provider for the purpose of fulfilling the reservation.


Duration of processing

The Service Provider shall further process the personal data related to the request for an offer initiated by the User as reservation data in case of acceptance of the offer, and in case of rejection of the offer, for the purpose of settlement with the Accommodation until the financial settlement for the period covered by the offer. The Service Provider shall process the personal data related to the offer accepted with the accommodation reservation initiated by the User for the purpose of fulfilling the obligations towards the accounting and the Partners pursuant to Article 169 of Act C of 2000 for a period of 8 years or for the limitation period specified in Act XCII of 2003 on the Taxation Order.

Contact

It is possible for anyone to contact the Accommodation by e-mail.

Messages will be handled by the accommodation until the request/question is resolved/answered.

Data security

Personal data will be kept confidential and will not be disclosed to unauthorized persons.In particular, personal data shall be protected against unauthorised access, alteration, disclosure, disclosure, deletion or destruction.

It shall, as far as possible, take all security measures to ensure the technical protection of personal data.

Rights and remedies

Information

Upon request sent to the e-mail address of the Private Accommodation or to the address of the Data Controller (Dr. Mariann Zsifkó Zsifkó, 2581 Velence, Mandula street 39), the Private Accommodation shall provide information about the data subject's data processed by it, the source of the data, the purposes, legal basis and duration of the processing, the name and address of the data processor and the data controller's activities in relation to the processing, within 30 days of the request. In the event of a refusal to provide information, the accommodation shall inform the data subject in writing of the provision of the law on the basis of which the refusal to provide information was made and shall inform the data subject of the legal remedies available to him/her.

Correction

The Data Subject may at any time request the Controller to correct his/her personal data if they are inaccurate. If the personal data is not accurate and the accurate personal data is available to the Controller, the Controller shall rectify the personal data. The Data Subject may send a written request for rectification to the Controller by post or e-mail. The rectification upon request, the time limit for its execution and the possibility of legal remedy shall be governed by the provisions of the information paragraph.

Deletion and blocking, objection

The deletion and blocking of personal data and objections to processing shall be governed by the Data Protection Act.

Enforcement

The data subject may take legal action against the accommodation service in the event of a breach of his/her rights. Court proceedings are governed by the Data Protection Act and other relevant legal provisions.

Other provisions

The Accommodation reserves the right to amend this Information. The Accommodation shall not be liable for the correctness of the data provided by visitors to the websites or by the Guests.

Remedies

You can lodge a complaint with the National Authority for Data Protection and Freedom of Information (1125 Budapest, Szilágyi Erzsébet fasor 22/c., postal address: 1530 Budapest, Pf.: 5., website: www.naih.hu).

Relevant legislation

Act CXII of 2011 - on the Right to Informational Self-Determination and Freedom of Information
Act CVIII of 2001 - on certain aspects of electronic commerce services and information society services;
Act XLVII of 2008 - on the prohibition of unfair commercial practices against consumers;
Act XLVIII of 2008 - on the basic conditions and certain restrictions on commercial advertising.
Act of 1990 - on local taxes
Municipal Decree 23/2022.(XII.1.) of the Council of the City of Venice (hereinafter: Municipal Decree)
Act CLVI of 2016 on State Tasks for the Development of Tourist Areas;
Government Decree No. 235/2019 (X. 15.) on the implementation of the Act on the State Tasks of the Development of Tourist Areas;
Government Decree No. 239/2009 (X.20) on the Procedure for Issuing Accommodation Establishment Licences;
Government Decree 414/2015 (XII. 23.) on the rules for issuing identity cards and for the uniform taking of facial images and signatures.

VIZA

For more information on the VIZA system, please click here.

Scope

The scope of this Notice covers the processing of data related to the services of the Data Controller, including the processing of data on the website of the Data Controller (https://aurora-apartman-velence.hu).

Date: 16.10.2024.

Dr. Mariann Zsifkó, Tamás Bálint - operator