Information
on the collection and processing of data classified as personal data by Smart Hotel Budapest
DEAR GUEST!
- Introdiction:
Smart Hotel Budapest is a 4-star, full-service hotel with its own cellar and spa, located at 4 Lövölde tér 1062 Budapest (hereinafter: “Hotel”). The operator of the hotel (hereinafter: “Data Manager”) is LaraDom Kft.
The purpose of this Privacy Policy (hereinafter referred to as the “Information”) is for natural persons (hereinafter together referred to as “Stakeholders”) who use or intend to use the services of the Hotel or who visit the Hotel, enter and stay in its territory – together with the relevant in accordance with legal regulations – the Data Controller shall provide information on the handling of personal data collected in connection with the provision of hotel services, the purposes and legal bases of data processing, the identity and contact details of the data controller and data processor (s), basic information on data management.
The purpose of the Prospectus is also to enable Stakeholders to:
- learn about their rights to data management concerning them,
- be informed of who and how to contact them with their requests and questions concerning the processing of their personal data, from whom and within what timeframe,
- if they consider that they have been infringed in connection with the data processing, for example if they have not been adequately informed or do not agree with the data processing or do not consider the processing of their personal data lawful, to whom they can turn or complain.
In our prospectus, we strive to summarize the above in a comprehensible and concise form so that our Guests, Visitors (Stakeholders) who contact us can assess whether their contact details with the Hotel or their personal data are recorded during the use of any of our services. , storage and other data processing operations on them may affect their right to information self-determination and privacy.
- Data controller:
- Name of the controller: LaraDom Korlátolt Felelősségű Társaság
- Headquarters: 1068 Budapest, Lövölde tér 4. al.
- Place of actual data management: Smart Hotel Budapest, 1068 Budapest, Lövölde tér 4. al.
- Data manager web addresses: hu
- Company registration number: 01-09-332180
- Tax number: 26561378-2-42
- Phone number: 06-21/234-7710
- e-mail address: laradom@smarthotelbudapest.com
- Legal representative: Mercedesz Emese Tóth executive (independent)
- Main legislation on data management:
The data controller’s data management activities in accordance with the relevant valid European Union and national legislation, in particular:
- 05.2018. 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 Regulation (“GDPR”)
- Act CXII of 2011 on the right to information self-determination and freedom of information. TV. (hereinafter: “Info TV”).
subject to the other provisions governing the conditions for the pursuit of hotel activities.
The Data Controller reserves the right to unilaterally amend the content of this Prospectus, in particular if justified by changes in data processing legislation or guidelines set out in Recommendations issued by the National Data Protection and Freedom of Information Authority to promote lawful data management practices.
In the event of a change to the Prospectus, we will ensure that we notify the Stakeholders in advance of the changes.
A Prospectus has been placed on the Hotel’s website www.smarthotelbudapest.hu (after opening the website, the pdf format of this Prospectus is available by clicking on the “Privacy Information” in the header), and it is also available in printed form at the Hotel reception.
- Some data management
3.1. Personal data processed in connection with the contact initiated by the Data Subject to request information from the Hotel
3.1.1. Stakeholders
All natural persons who contact the Data Controller orally and / or in writing (including electronic contact details) in order to obtain any information related to the Hotel or the services provided by the Hotel by providing their personal data.
3.1.2. The scope of the managed data and the purpose of the data management
personal data |
is the purpose of data processing |
name |
Required for your identification and proper contact. |
e-mail address |
It is necessary to provide and send the information requested in your request. |
telephone number |
You are not obliged to provide your telephone number, we will handle it if you request a reply by short route or provide the possibility to provide information by short route by providing the data. |
other personal information provided during the request for information (eg telephone number, age, number of children, age, etc.) |
You do not need to provide any other personal information in addition to the above, but providing such information may help to more accurately serve and fulfill your information needs |
3.1.3. Legal basis for data management
We process your referenced personal data on the basis of your consent, which we consider to have been given by contacting us by providing your personal data.
3.1.4. Duration of data management
The Data Controller handles the data processed for the purpose specified in this section until the withdrawal of the consent, but at most until the realization of the purpose of the data management (answering your question or request for information).
You can withdraw your consent at any time by sending a statement to reception@smarthotelbudapest.com , but the withdrawal will not affect the lawfulness of any
previous data processing. If you withdraw your consent, we will not be able to provide you with information about your questions or fulfill your other needs.
3.1.5. Data processors performing data processing
Name |
Headquarters |
Scope of data submitted for processing |
Data processing task |
SMB BEST ADMIN Kft. |
1144 Budapest, Ormánság u. 4. B. lph. Fszt. 17. |
any and all of the conditions set out in 3.1.2. The data specified in point |
IT service |
SMB CLOUD SYSTEM Kft. |
1144 Budapest, Ormánság u. 4. B. lph. Fszt. 17. |
any and all of the conditions set out in 3.1.2. |
The data hosting service specified in |
3.2. Personal data processed in connection with a request for quotation for accommodation services, including related contacts
3.2.1. Stakeholders
Any natural person who requests a quote from the Hotel.
3.2.2. Scope of data processed and purpose of data management
personal data |
is the purpose of data processing |
name |
Needed to identify you and keep in touch. |
e-mail address |
Required for officient request and quotation procedures |
phone number |
You do not need to enter your phone number. If you provide it, we can also contact you by phone in order to answer questions related to the use of our services. |
3.2.3. Legal basis for data management
The legal basis for data processing is your consent and your data is necessary to take the steps at your request before concluding the contract (eg offer, contract preparation, etc.);
3.2.4. Duration of data management
We will process and retain your personal data until your consent is withdrawn, but no later than the expiry date of the offer you have requested.
You can withdraw your consent at any time by sending a statement to reception@smarthotelbudapest.com , but the withdrawal will not affect the lawfulness of any previous data processing. If you withdraw your consent, we will not be able to give you an offer for our services.
3.2.5. Data processors performing data processing
Name |
Headquarters |
Scope of data submitted for processing |
Data processing task |
SMB BEST ADMIN Kft. |
1144 Budapest, Ormánság u. 4. B. léph. Fszt. 17. |
any and all of the conditions set out in 3.2.2. The data specified in point |
IT servic |
SMB CLOUD SYSTEM Kft. |
1144 Budapest, Ormánság u. 4. B. léph. Fszt. 17. |
any and all of the conditions set out in 3.2.2. The data hosting |
service specified in |
3.3. Management of personal data related to accommodation booking
3.3.1. Stakeholders
Any natural person who makes a reservation for the services of the Hotel.
3.3.2. The scope of the managed data and the purpose of the data management
When booking accommodation online, by phone or in person, we ask you to provide the following personal information:
personal data |
is the purpose of data processing |
name (first name, surname) |
It is necessary for your identification in the database (hotel management system), for keeping in touch, and for concluding the necessary contract and fulfilling our accounting obligations in case of using a paid service. (invoicing) Providing this information is a condition of the validity of the booking. |
address (street, house number, city, country, postal code) |
It is necessary for your identification, contact and, in case of using a remunerated service, for concluding the necessary contract and for fulfilling our accounting obligations. (invoicing) . Providing this information is a condition of the validity of the booking. |
e-mail address
|
Necessary to ensure the contact necessary for the efficient and effective booking process. Providing this information is a condition of the validity of the booking. |
telephone number |
In order to carry out the communication related to the reservation quickly and efficiently, and in order to answer questions related to the use of our services, we can also contact you by telephone. Providing this information is a condition of the validity of the booking. |
Expected time of arrival (hours / minutes) |
This information is optional, but if you provide it, it will help us to prepare the room to be booked, to provide the required services at the right time, at the highest level. |
number of rooms / adults / children |
This information is required to serve a booking request. |
other important data related to the reservation / arrival |
The provision of this information (possible further disclosure of personal data) is not obligatory, the data provided by you optionally is only necessary to serve your personal request and needs. |
mother’s name |
This information is optional at the time of booking, but must be provided at the latest upon check-in at the property, subject to applicable legal obligations. |
Gender |
|
place of entry and date of entry |
|
Visa / identification document type number |
|
Purpose of visit |
|
Method of payment |
Necessary for the efficient payment of the consideration for the remunerated service, the provision of which is a condition for the use of the service. |
Credit card details (cardholder’s name, card number,card type,validity period,card CVV) |
In the case of an advance payment, it is necessary to identify the payment and to take the necessary measures. (to secure the reservation or to withdraw the total amount or part of the reservation, regardless of cancellation) |
3.3.3. Legal basis for data management
The legal basis of the data processing is your consent, another legal basis is that the data processing is necessary for the performance of a contract in which you are a party or to take steps at your request before concluding the contract (valid reservation, related financial obligations, etc.);
3.3.4. Duration of data management
Your personal data will be processed until your consent is withdrawn if a remunerated service is used, in which case for the period specified in the applicable accounting regulations. (currently 8 years)
You can withdraw your consent at any time by sending a statement to reception@smarthotelbudapest.com , but the withdrawal does not affect the lawfulness of the previous data processing and certain personal data may continue to be processed in order to fulfill our obligations under applicable law.
If you withdraw your consent, you will not be able to use our services.
3.3.5. Data processors performing data processing
Name |
Headquarters |
Scope of data submitted for processing |
Data processing task |
SMB BEST ADMIN Kft. |
1144 Budapest, Ormánság u. 4. B. step. Fszt. 17. |
any and all of the conditions set out in point 3.3.2. The data specified in point |
IT service |
SMB CLOUD SYSTEM Kft. |
1144 Budapest, Ormánság u. 4. B. step. Fszt. 17. |
any and all of the conditions set out in point 3.3.2. The data hosting |
service specified in |
thePass Kft. |
1061 Budapest, Király u. 30-32. A. ép. 105. |
any and all of the conditions set out in point 3.3.2. data provided in point |
cloud hotel management system operation (Sabee app) |
3.4. Management of personal data related to the use of the accommodation service, check-in and tourist register
3.4.1. Stakeholders
All natural persons using the hotel as a guest of the Hotel.
3.4.2. Scope of data managed
personal data |
is the purpose of data processin |
name (surname and first name); birth surname and first name; previous surname and first name; signature |
Necessary for the fulfillment of our obligations specified in the relevant legislation (especially the legislation related to the immigration police and the tourist tax), as well as for the identification of you as a contracting party |
place and time of birth; |
|
gender |
|
mother’s birth surname and first name, |
|
citizenship (s) or stateless status |
|
type and number of travel document / identity document |
|
date of arrival and departure |
|
address |
|
phone number |
Required to contact you. |
e-mail address |
3.4.3. Purpose of data management
Our hotel handles the personal data listed in this section for the purpose of fulfilling the obligations set out in the relevant legislation (especially the legislation related to the immigration police and the tourist tax), for the purpose of certifying the fulfillment, as well as for your identification and contact.
3.4.4. Legal basis for data management
The legal basis of the data management is the fulfillment of the obligations prescribed by the legislation on the service provider’s obligations related to the accommodation service, the need to fulfill a contractual contract in which you, as one of the parties, and the data management in respect of its employees and contributors.
3.4.5. Duration of data management
The Data Controller shall retain the data processed for the purpose specified in this section for 8 years in respect of the documents related to accounting and taxation, and otherwise for 6 years after the existence of the contractual relationship (eg data subject to the obligation to report tourist tax).
3.4.6. Data processors performing data processing
Name |
Headquarters |
Scope of data submitted for processing |
Data processing task |
SMB BEST ADMIN Kft. |
1144 Budapest, Ormánság u. 4. B. step. Fszt. 17. |
any and all of the conditions set out in point 3.3.2. The data specified in point |
IT service |
SMB CLOUD SYSTEM Kft. |
1144 Budapest, Ormánság u. 4. B. step. Fszt. 17. |
any and all of the conditions set out in point 3.3.2. The data hosting |
service specified in |
thePass Kft. |
1061 Budapest, Király u. 30-32. A. ép. 105. |
any and all of the conditions set out in point 3.3.2. data provided in point |
cloud hotel management system operation (Sabee app) |
3.5. Guest questionnaire and evaluation system, including personal data processed in connection with complaint handling
3.5.1. Stakeholder
Any natural person who gives an assessment in connection with the hotel’s services on the form provided and communicates his / her opinion / complaint in another way, either orally or in writing.
3.5.2. Scope of data managed
personal data |
is the purpose of data processing |
Name |
Identifying the person evaluating our service, commenting on it or making a complaint in connection with it, providing the opportunity to keep in touch, including information on the measures taken in connection with the complaint. |
e-mail address |
|
signature |
|
other personal data provided by the Data |
Subject during the complaint Ensuring a factual, full investigation of the complaint, which may be significantly affected by the “content” elements submitted by the Data Subject. . |
3.5.3. Purpose of data management
Collecting comments related to the quality of the services provided by the Hotel, measuring and evaluating customer satisfaction, as well as the proper investigation and handling of complaints.
3.5.4. Legal basis for data management
The legal basis of the data processing is your consent, which is also the basis for our Hotel to take further measures at its request in order to properly deal with or remedy your complaint.
3.5.5. Duration of data management
The data according to point 3.5.2 will be kept for 1 year, in case of a complaint for 5 years from the submission of the complaint or the provision of the response to the complaint.
3.5.6. Data processors performing data processing
With regard to the data processing according to point 3.5, the involvement of the data processor shall take place only for the purpose of handling electronically submitted submissions that qualify as a complaint, in order to provide its technical background.
Name |
Headquarters |
Scope of data submitted for processing |
Data processing task |
SMB BEST ADMIN Kft. |
1144 Budapest, Ormánság u. 4. B. léph. Fszt. 17. |
any and all of the conditions set out in 3.2.2. The data specified in point |
IT servic |
SMB CLOUD SYSTEM Kft. |
1144 Budapest, Ormánság u. 4. B. léph. Fszt. 17. |
any and all of the conditions set out in 3.2.2. The data hosting |
service specified in |
3.6. Personal data processed in connection with the operation of a closed-loop camera system
3.6.1. Stakeholders
Any natural person entering a hotel building or its camera area / part of a building.
3.6.2. Scope of data managed
personal data is the purpose of data processing
image, including the person’s clothing, movement, behavior Protection of persons and property, protection of high-value assets and hotel guests’ values, prevention, deterrence and detection of infringements (provision of evidence for use in proceedings by competent and competent authorities and other bodies) )
For more information on the data management of the camera system, please contact the staff of the Hotel Reception, or if you have any questions, please contact reception@smarthotelbudapest.com.
3.6.3. Purpose of data management
The purpose of using the camera system is to ensure the safety of persons and property, the prevention, deterrence and detection of emergencies (dangerous situations due to technical and other reasons), infringements, and the protection of the property of the Hotel and its Guests by recording camera recordings on the Hotel premises.
The recordings may serve as a legal remedy for either the Data Subject or the Hotel in criminal, infringement or other official, court proceedings initiated for violations committed at the place of recording, in particular a criminal offense or violation, in which case the camera recordings may be used in law enforcement. between.
The location of the areas monitored by each camera (location and angle of view of the cameras) and the purpose and reason for using each camera are specified on a separate camera map, which is also available in printed form at the Hotel Information Desk.
- Locations of cameras and areas they monitor
- basement
Camera ID |
Observed area |
Legal basis for data management |
Purpose of data management |
K1 |
Staff entrence |
The legitimate interest of the controller and the protection of property |
providing the competent and competent authorities with a means of proof in order to prevent unauthorized intrusion and other offenses and to establish the identity of the perpetrator in the event of the detection of an offender |
K2 |
Dining area |
the legitimate interest of the controller and the protection of property- |
providing the competent and competent authority with a means of proof for the prevention, detection, confirmation of acts endangering the personal and property security of hotel guests and the security of hotel property, in order to establish the identity of the perpetrator in the event of infringing conduct |
K3 |
Hotel main entrence |
the legitimate interest of the controller and the protection of property |
providing the competent and competent authorities with a means of proof in order to prevent unauthorized intrusion and other offenses and to establish the identity of the perpetrator in the event of the detection of an offender |
K4 |
Elevator and stairway |
the legitimate interest of the controller and the protection of property |
providing the competent and competent authority with a means of proof for the prevention, detection, confirmation of acts endangering the personal and property security of hotel guests and the security of hotel property, in order to establish the identity of the perpetrator in the event of infringing conduct |
K5 |
Elevator and stairway |
the legitimate interest of the controller and the protection of property |
providing the competent and competent authority with a means of proof for the prevention, detection, confirmation of acts endangering the personal and property security of hotel guests and the security of hotel property, in order to establish the identity of the perpetrator in the event of infringing conduct |
K6 |
Bar and Hall |
the legitimate interest of the controller and the protection of property |
providing the competent and competent authority with a means of proof for the prevention, detection, confirmation of acts endangering the personal and property security of hotel guests and the security of hotel property, in order to establish the identity of the perpetrator in the event of infringing conduct |
K7 |
Elevator and Staircase, corridor |
The legitimate interest of the controller and the protection of propery |
providing the competent and competent authority with a means of proof for the prevention, detection, confirmation of acts endangering the personal and property security of hotel guests and the security of hotel property, in order to establish the identity of the perpetrator in the event of infringing conduct |
K8 |
Roof |
The legitimate interest of the controller and the protection of property |
providing the competent and competent authority with a means of proof for the prevention, detection, confirmation of acts endangering the personal and property security of hotel guests and the security of hotel property, in order to establish the identity of the perpetrator in the event of infringing conduct |
K9 |
Weather camera (wathcing the sky) |
no data managament takes place |
providing the competent and competent authority with a means of proof for the prevention, detection, confirmation of acts endangering the personal and property security of hotel guests and the security of hotel property, in order to establish the identity of the perpetrator in the event of infringing conduct |
3.6.5. Legal basis for data management
The legal basis of the data management is the legitimate interest of Laradom Kft., As the responsible operator of the hotel, in the security of persons and property, which was substantiated by the performance of a data processing interest balance test. The data management also serves the legitimate interests of the guests and visitors of the Hotel.
3.6.6. Duration of data management
30 (thirty) calendar days from the recording of the closed-circuit camera system (ie 30 x 24 hours), after which the unused recordings are immediately (automatically) deleted by the camera system so that they can no longer be restored.
The place of storage of the images taken by the camera system is the server equipment located in the Hotel building.
3.6.7. Who can get to know the data?
The Hotel Operator, as the Data Controller, ensures that the Personal Data of the Data Subject recorded by the camera system is protected from unauthorized access at all times.
For the recordings recorded by the camera system, only the data controller ‘s manager, or the person authorized by him / her and the authorized – 3.6.8. may be accessed by a data processor, only to the extent necessary for the latter to fulfill its obligations under its contract for the operation of the camera system.
The person (s) authorized to access the data shall take the recordings in order to prevent situations of danger to life, limb or health and to remedy such situations as soon as possible, and to prevent or interrupt the offense for property protection reasons and to detect the perpetrator (s), is entitled to get to know it in an unavoidable case and may forward the recordings only to the Data Subject, the Operator, a court, an infringement or other authority.
A third party whose rights or legitimate interests are affected by the recording recorded by the camera system may, within 30 (thirty) days from the recording of the recording, request that the data not be destroyed or deleted by the data controller.
The recordings made by the camera system may be handed over to an authority or court only in cases required by law and after the legal basis of the data management requesting the recording has been duly substantiated.
The data controller shall keep a systematic record of the restriction and transfer / transmission of data (the latter means the transfer of the camera recordings subject to the restriction on a mobile data carrier / USB, DVD). Recordings must be deleted immediately after the transfer.
If a request to the data controller to prevent the deletion of the camera recording, ie to restrict the recording, is received before the expiry of the 30-day storage period of the recordings, we restrict (copy to external media) the requested recording and hand it over to the data requester.
If the person or authority requesting the restriction does not appear within 6 (six) months from the receipt of the request for restriction to receive or send the data subject to the restriction, we will destroy the data subject to the restriction immediately after the expiry of the 6 month period. ).
A report is made on the acquaintance of the recordings made by the camera system, which must contain the data necessary for the identification of the recorded recording, the name of the person authorized to examine it, as well as the reason and time of the acquaintance with the data.
A pictogram at the entrances of the Hotel draws attention to the application of the camera system, which also indicates the contact details of the Data Controller (Hotel).
3.6.8. Data processors performing data processing
Name |
Headquarters |
Scope of data submitted for processing |
Data processing task |
SMB BEST ADMIN Kft. |
1144 Budapest, Ormánság u. 4. B. léph. Fszt. 17. |
any and all of the conditions set out in 3.2.2. The data specified in point |
IT servic |
SMB CLOUD SYSTEM Kft. |
1144 Budapest, Ormánság u. 4. B. léph. Fszt. 17. |
any and all of the conditions set out in 3.2.2. The data hosting |
service specified in |
3.7. Community sites
Our hotel is also available on social media sites. (Facebook, Instagram, Twitter)
For feeds posted on social networking bulletin boards, you have a “like” on the page; You can unsubscribe by clicking the “follow” link and unsubscribe by clicking the “dislike” link there, or you can use the message board settings to delete unwanted news that appears on the message board.
With the prior and voluntary consent of our hotel (subscription) you can access your profile created on the social network, but it is not recorded for data management purposes or you do not perform any data management operations with it.
Facebook, Instagram and Twitter are separate data controllers independent of us, and you can find information about their data management at the links below.
https://www.facebook.com/policies/cookies/
https://www.facebook.com/about/privacy/update
https://twitter.com/en/privacy
3.8. Management of cookies
Some websites use cookies to help you operate, use, track activity, and display relevant offers.
3.8.1. What is a cookie?
A cookie is a small piece of data that is stored in a browser by Internet services. It is an essential technology for the operation of an online service that provides an efficient and modern user experience and is supported by all browsers today.
3.8.2. What cookies and what do data controllers use?
Data Controllers may use cookies for the following purpose
- website development,
- make it easier for you to navigate the site and use the features of the site, thus ensuring a seamless user experience,
- Gather information about how you use the Site – by assessing which parts of our Website you visit or use the most – so we can learn how to provide you with an even better user experience when you visit our site again.
3.8.3. Types of cookies used by the Hotel
Our hotel does not use cookies to operate the website.
You can read about the cookies used by the social networking sites referred to in section 3.7 as independent data controllers in the data management information provided in the referenced section.
3.8.4. How can you check and disable cookies?
All modern browsers allow you to change your cookie settings. Most browsers automatically accept cookies by default, but these settings can usually be changed so that the browser can prevent automatic acceptance and offer the option to allow cookies each time.
Please note that because cookies are intended to facilitate or enable the use and processes of our website, to prevent or delete the use of cookies, you may not be able to use the full functionality of a website or the website may work differently in your browser.
You can find information about the cookie settings of the most popular browsers at the following links:
- Google Chrome
- Firefox
- Microsoft Internet Explorer
- Microsoft Edge
- Safari
- Data security measures
4.1. Ensuring basic conditions for data security
As a data controller, our hotel ensures internal data protection (by defining the rules on data and confidentiality, information security, access rights), the operation of an IT system in accordance with the technical standards of the age, and the organization and training measures.
We choose and operate the computer equipment used for data management in such a way that you and other Stakeholders are always provided with the following in relation to the managed data:
- access (availability),
- authenticity,
- data integrity (integrity)
- protection against unauthorized access (confidentiality of data).
During data management we provide the IT system:
- closedness (taking into account possible sources of data processing risks),
- the completeness of its protection (protection covers all elements of the IT system),
- continuity of protection (protection is continuous over time),
- proportionality with the potential risks.
Our IT system and network are highly protected against computer intrusions.
4.2. Persons entitled to access the data
Our hotel ensures that your personal data is protected from unauthorized access at all times.
A court, prosecutor’s office, investigating authority, infringement authority, administrative authority, National Data Protection and Freedom of Information Authority, and other authorized authorities may contact the Data Controller in connection with data processing for the purpose of transferring data and making documents available. In all cases, the data controller shall provide the courts and authorities only with data and only to the extent that is absolutely necessary for the fulfillment of the request.
- The data subject’s rights and enforcement possibilities
In all cases, we allow the Data Subject to exercise the rights provided for in the Decree and in the Info TV, taking into account the restrictions specified therein.
- Do you, as a Data Subject, have to justify the legal basis of your application?
You do not need to prove the legal basis of your request, data protection rights are a fundamental right of natural persons.
- Do you have to identify yourself as a Data Subject?
Yes, identification is required! Lack of identification leads to the refusal of the application.
Identification can take place:
- in case of personal submission of the application (or receipt of the data): by presenting an official document suitable for proving identity / the card will not be copied! /;
- in case of submitting the application online, we prepare the fulfillment of the application, however, the data will be handed over to the applicant only after the identification. (please do not send a copy of an official document suitable for proof of identity, given that sending a document by e-mail does not identify the Data Subject / you, but results in unnecessary data processing!)
- Do you, as a Data Subject, have to refer to your relationship with the data that is the subject of the request?
Yes, you need to refer to the link to the data that is the subject of the request! Your request may be refused without reference to a precise and clear link.
– Place and method of submitting the application:
You, as the Data Subject, may submit your application by letter sent to the postal address of the Data Controller indicated in this Prospectus, or by electronic (e-mail) message sent to our e-mail address, or in person (minutes of the oral request will be recorded).
As a data subject, you are entitled to:
- for prior information, and may request that you be informed about the processing of your personal data and / or access to your data – in which case we will provide information on whether we process personal data about you and, if so, its exact purpose, legal basis, scope of data processed, and the main rules of data management (set out in this Prospectus), and upon request we will provide you with a copy of the personal data of the data subject;
The data subject’s right to request a copy must not adversely affect the rights and freedoms of others (Article 15 (4) GDPR). (Thus, for example, a request for a copy of a camera image may be complied with if no person other than the Data Subject is present on the camera image, or other persons are unrecognizable, or making them unrecognizable (“obscuring”) is technically reasonably expected and resolvable.
Such a request may be refused only in cases specified by law.
In the event of a refusal to provide information, we will inform you on the basis of which provision of the law the refusal of your application was made, and we will also inform you about the possibility of legal redress and recourse to the Authority.
If the data subject’s request is manifestly unfounded or, in particular because of its repetitive nature, excessive, having regard to the administrative costs involved in providing the information or information requested or in taking the action requested:
- a reasonable fee may be charged, or
- refuse to act on the request.
The burden of proving that the request is manifestly unfounded or excessive is on the controller.
- correcting your data, ie correcting or correcting inaccurate personal data concerning you, supplementing your incomplete data;
- erasing your data, ie making the data unrecognizable in such a way that it is no longer possible to recover it;
A request for cancellation may be granted if one of the following reasons exists:
- personal data are no longer required for the purpose for which they were processed;
- You withdraw your consent on which the data processing is based and there is no other legal basis for the data processing;
- You object to the processing of your data and there is no overriding legitimate reason to process the data, or you object to the processing of your data processed for business purposes;
- we process your personal data unlawfully;
- (e) personal data must be deleted in order to fulfill a legal obligation under Union or Member State law applicable to us;
- (f) personal data have been collected in connection with the provision of information society services referred to in Article 8 (1) of the Regulation.
Deletion of data cannot be performed if the data processing is necessary for the submission, validation or protection of our legal claim.
- exercise your right to data portability in accordance with the provisions of the GDPR, which entitles you to receive your data processed by us in a structured, widely used machine-readable format and to transmit this data to another data controller.
- a restriction on the processing of your data, on the basis of which we restrict the processing of your data upon request, one of the following conditions is met
- if, as a Data Subject, disputes the accuracy of the personal data, in which case the restriction shall apply for a period which allows us to verify the accuracy of the personal data;
- if the data processing is unlawful and you, as the Data Subject, object to the deletion of the data and instead request a restriction on their use;
- if our Hotel, as a data controller, no longer needs personal data for the purpose of data processing, but you, as a Data Subject, request them in order to submit, enforce or protect legal claims;
- if you, as a Data Subject, object to the processing of data on the basis of a legitimate interest, in which case the restriction shall apply until it is established that the legitimate reasons of our Hotel take precedence over your legitimate reasons.
If the processing is restricted, such personal data may be processed, with the exception of storage, only with your consent or for the purpose of bringing, enforcing or protecting legal claims, protecting the rights of another natural or legal person or in the important public interest of the Union or a Member State.
Our hotel informs the Data Subject in advance about the lifting of the data management restriction.
Regardless of the Data Subject’s request, data processing may be restricted, in particular, but not exclusively, in the following cases:
(a) if ordered by the supervisory authority (National Data Protection and Freedom of Information Authority),
(b) if the controller is subject to a restriction by a competent authority, a court
- c) at the discretion of the data controller, if it considers that the deletion of the data would harm the legitimate interests of the Data Subject or of a third party (especially if it is necessary to keep the data as evidence (eg pending investigation or proceedings)).
- in the event of a data protection incident, the Data Controller shall provide information on the data protection incident at the request of the Data Subject:
- its circumstances,
- its effects; and
- the measures taken to remedy it.
- if data is transferred, in addition to the exceptions specified in the legislation, we will provide information on the legal basis and addressee at the request of the Data Subject.
5.1. Withdrawal of consent:
In the case of data processing based on your consent, you may withdraw your consent at any time, which, however, does not affect the lawfulness of data processing based on your consent prior to that date.
5.2. Protest of the person concerned
You, as a Data Subject, have the right to object at any time for reasons related to your own situation to the processing of your personal data necessary to enforce the legitimate interests of the Data Controller or a third party, including the “profiling” defined in the GDPR.
In the event of a protest, our Hotel, as Data Controller, will no longer process personal data, unless justified by compelling legitimate reasons that take precedence over your interests, rights and freedoms, or related to the submission, enforcement or protection of legal claims.
Our hotel will examine the protest within the shortest time from the submission of the application, but not later than within 30 (thirty) days, make a decision on its merits, and inform the Applicant in writing about its decision.
With this Prospectus, we would like to draw your attention to the fact that – Section 3.6.3 of the Prospectus. for the purposes of data management specified in Section 3.6.5. In view of the legal basis (legitimate interest) specified in point 1. the camera was taken from a place and its rights have been violated, which is prohibited by the legal provisions with a camera / e.g. washbasin, toilet.
5.3. Procedures for the exercise of data management rights
Our hotel shall inform the Data Subject of the measures taken on the basis of the GDPR’s request pursuant to Articles 15 to 22 no later than 30 days after receipt of the Data Subject’s request. . /) may be extended by two months.
Our Hotel is obliged to extend the deadline within the deadline open for the procedure
5.4. REMEDIES:
SUBMISSION OF A COMPLAINT:
it is recommended that the Data Subject take the opportunity to submit a request, complaint, protest (and all related consultations) to the Data Controller before initiating official or court proceedings.
The telephone number, e-mail address and postal address of the Data Controller available for this purpose can be found in the Introductory Part of this Prospectus!
OFFICIAL PROCEDURE
INITIATION:
to initiate the data protection authority procedure
if it considers that the Data Controller has breached its obligations regarding the processing of the data subject’s personal data.
The competent authority shall:
National Data Protection and Freedom of Information Authority
address: 1125 Budapest, Szilágyi Erzsébet avenue 22 / c., telephone number: +36 (1) 391-1400,
electronic mail address: ugyfelszolgalat@naih.hu , website address: http://naih.hu
JUDICIAL PROCEEDING
INITIATIVE:
If you, as the Data Subject, do not agree with our decision regarding your application or protest, or fail to comply with the mandatory deadline for replying to you, you may go to court within 30 days of notification of the decision or the last day of the deadline.
You can also bring a case before the court of your choice, where you live or where you live.
If you have any further questions or comments regarding this Prospectus, please indicate them at the telephone number or e-mail address indicated in the Introduction to this Prospectus or in writing to the postal address of the Hotel.
Laradom Limited Liability Company
the Smart Hotel Budapest
operator