Company "Szilvia Havasréti"
Sarkcsillag Guesthouse
Privacy policy
Valid: 01.11.2021.
1.
Havasréti Szilvia - private individual with tax number" (hereinafter: Data Manager) takes extra care in the course of its activities to protect personal data, comply with mandatory legal provisions, and secure and fair data management.
Information of the Data Controller: Company name: Szilvia Havasréti - Sarkcsillag Vendégház ”
Headquarters: 8315 Gyenesdiás Csillag utca 18.
Tax number: 57689621-1-28
NTAK registration number: MA21027567
Based on the notification to the National Data Protection and Freedom of Information Authority, the data protection registration identification number of the Data Controller: "notification in progress".
The Data Controller handles the personal data made available in all cases in compliance with the applicable Hungarian and European legislation and ethical expectations, and in all cases takes the technical and organizational measures necessary for proper secure data management.
These regulations have been prepared taking into account the following laws in force:
- year CXIX. TV. name and for the purpose of research and direct business acquisition
on the management of residential address data
- year CVIII. TV. electronic commerce services, as well as information
on some issues of society-related services
- year XLVIII. TV. about the basic conditions and certain limitations of economic advertising activity
- year CXII. tv on the right to self-determination of information and freedom of information
- Regulation 2016/679/EU (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, as well as on the repeal of Regulation 95/46/EC, the Data Controller undertakes to unilaterally comply with these regulations and requests - in a notice available on its website - that its customers also accept the regulations. The Data Controller reserves the right to change its data protection policy. If the regulations are amended, the updated text will be published publicly.
2.
In our regulations, data protection technical terms have the following meaning:
- data set: the totality of the data managed in one register;
- data processor: a natural or legal person, or an organization without legal personality, who processes data on the basis of a contract - including a contract concluded under the provisions of the law;
- data controller: the body performing a public task, which produced data of public interest that must be published electronically, and which generated this data in the course of its operation;
- data management: regardless of the procedure used, any operation performed on the data or the set of operations, including in particular the collection, recording, recording, organization, storage, change, use, query, transmission, disclosure, coordination or connection, locking, deletion and destruction, as well as preventing further use of the data, taking photographs, audio or video recordings, and recording physical characteristics suitable for identifying the person (e.g. fingerprint or palm print, DNA sample, iris image);
- data controller: the natural or legal person or organization without legal personality who independently or together with others determines the purpose of data management, makes and implements decisions regarding data management (including the device used), or has them implemented by the data processor;
- data provider: the body performing a public task, which - if the data controller does not publish the data himself - publishes the data sent to it by the data controller on the website;
- data marking: providing the data with an identification mark in order to distinguish it;
- data transmission: making the data available to a specific third party;
- data deletion: rendering the data unrecognizable in such a way that its recovery is no longer possible;
- data protection incident: unlawful handling or processing of personal data, including unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage.
- data blocking: providing the data with an identification mark for the purpose of limiting its further processing permanently or for a specified period of time;
- criminal personal data: during or prior to the criminal proceedings, in connection with the crime or the criminal proceedings, the personal data related to the criminal record created by the bodies authorized to conduct the criminal proceedings or to detect crimes, as well as by the organization of the execution of sentences, which can be associated with the person concerned, as well as the criminal record;
- EEA state: on the basis of an international treaty concluded between a member state of the European Union and another state party to the Agreement on the European Economic Area, as well as the state whose citizen is the European Union and its member states, as well as a state that is not a party to the Agreement on the European Economic Area enjoys the same legal status as a citizen of a state party to the Agreement on Economic Space;
- data subject: any natural person identified or - directly or indirectly - identified on the basis of personal data;
- third country: any state that is not an EEA state;
- third party: a natural or legal person, or an organization without legal personality, who is not the same as the person concerned, the data controller or the data processor;
- consent: the voluntary and decisive declaration of the data subject's will, which is based on adequate information, and with which he gives his unequivocal consent to the processing of his personal data - in full or covering certain operations;
- mandatory organizational regulation: internal data protection regulations that are binding on the data controller or group of data controllers, accepted by a data controller or a group of data controllers operating in several countries, including at least one EEA state, and approved by the National Data Protection and Freedom of Information Authority (hereinafter: the Authority) , which ensures the protection of personal data in the case of data transfer to a third country through the unilateral commitment of the data controller or group of data controllers;
- public data in the public interest: all data that does not fall under the concept of public interest data, the disclosure, knowability or making available of which is ordered by law in the public interest;
- special data:
3.
Personal data relating to racial origin, belonging to a nationality, political opinion or party affiliation, religious or other worldview beliefs, interest-representative organization membership, sexual life,
4.
Personal data relating to health, pathological addiction, and criminal personal data;
- disclosure: making the data available to anyone;
- personal data: data that can be associated with the data subject - especially the data subject's name, identification mark, and one or more physical, physiological, mental, economic, cultural or social characteristics of the data subject - as well as conclusions about the data subject that can be drawn from the data;
- protest: the statement of the data subject objecting to the processing of his personal data and requesting the termination of the data processing or the deletion of the processed data;
5.
Personal data relating to racial origin, belonging to a nationality, political opinion or party affiliation, religious or other worldview beliefs, interest-representative organization membership, sexual life,
6.
Personal data relating to racial origin, belonging to a nationality, political opinion or party affiliation, religious or other worldview beliefs, interest-representative organization membership, sexual life,
-data processing: performing technical tasks related to data management operations, regardless of the method and tool used to perform the operations, as well as the place of application, provided that the technical task is performed on the data;
- data destruction: complete physical destruction of the data carrier containing the data;
7.
Personal data relating to health status, pathological addiction, and criminal personal data.
8.
Personal data relating to health, pathological addiction, and criminal personal data;
-data of public interest: information or knowledge recorded in any way or form, which does not fall under the concept of personal data, is managed by a body or person performing state or local government tasks, as well as other public tasks defined by law, and related to its activities or generated in connection with the performance of its public tasks, regardless of
from the manner of its management, its independent or collective nature, so in particular data relating to competence, competence, organizational structure, professional activity, its evaluation including its effectiveness, the types of data held and the legislation governing the operation, as well as management, concluded contracts;
9.
Personal data can only be processed for specific purposes, in order to exercise rights and fulfill obligations. In all stages of data management, the purpose of data management must be met, the collection and management of data must be fair and legal. Only personal data that is essential for the realization of the purpose of data management and suitable for achieving the purpose can be processed. Personal data can only be processed to the extent and for the time necessary to achieve the purpose. During data management, personal data will retain its quality as long as the relationship with the data subject can be restored. The relationship with the data subject can be restored if the data controller has the technical conditions necessary for restoration. During data management, the accuracy, completeness and - if necessary in view of the purpose of the data management - up-to-dateness of the data must be ensured, as well as that the data subject can only be identified for the time necessary for the purpose of the data management. The processing of personal data shall be considered fair and lawful if, in order to ensure the freedom of expression of the data subject, the person who wishes to know the opinion of the data subject visits the data subject at his residence or place of residence, provided that the personal data of the data subject are handled in accordance with the provisions of this law and the personal inquiry is not for business purposes is aimed at. Personal inquiries cannot be made on a holiday according to the Labor Code. Personal data can be processed if the person concerned consents to it, or if it is ordered by law or - based on the authorization of the law, within the scope defined therein - by a local government decree for a purpose based on public interest (mandatory data processing). Personal data may only be processed for a specific purpose, in order to exercise a right and fulfill an obligation. All stages of data management must comply with this purpose. Only such personal data can be processed that is essential for the realization of the purpose of data management, is suitable for achieving the purpose, and only to the extent and for the time necessary for the realization of the purpose. Personal data can be transferred, and different data processing can be linked, if the data subject has consented to it, or if the law allows it, and if the conditions for data processing are met for each individual piece of personal data. Personal data may be transferred from the country to a data controller or data processor in a third country, regardless of the data carrier or the method of data transfer, if the data subject has expressly consented to it, or if it is permitted by law, and during the handling and processing of the transferred data in the third country. an adequate level of protection of personal data is ensured. In the case of mandatory data management, the purpose and conditions of data management, the scope and accessibility of the data to be managed, the duration of data management, and the person of the data manager are determined by the law or local government decree ordering the data management. In the public interest, the law can order the disclosure of personal data by explicitly specifying the scope of the data. In all other cases, disclosure requires the consent of the data subject, or in the case of special data, written consent. In case of doubt, it must be assumed that the data subject did not give his consent. The data subject's consent shall be deemed to be given with regard to the data communicated by the data subject during his public appearances or provided by him for the purpose of disclosure. In the procedure initiated at the request of the data subject, his consent to the processing of his necessary data must be assumed. The attention of the person concerned must be drawn to this fact. The data subject may also give his consent in the framework of a written contract with the Data Controller in order to fulfill the provisions of the contract. In this case, the contract must contain all information that the data subject must know from the point of view of the processing of personal data, in particular the definition of the data to be processed, the duration of the data processing, the purpose of use, the transmission of the data, the use of a data processor. The contract must clearly state that, by signing, the data subject consents to the processing of his/her data as specified in the contract. The right to the protection of personal data and the personal rights of the person concerned cannot be violated by other interests related to data management, including the disclosure of data of public interest, unless the law makes an exception.
10.
In the course of its activities, the Data Controller handles personal data in all cases based on law or voluntary consent. In some cases, data management, in the absence of consent, is based on other legal grounds or in accordance with Art. CXII of 2011. is based on § 6 of the Act. The Data Controller does not use the cooperation and services of the following Data Processors for its activities. In the case of website visitors' data, the Data Controller does not record the user's IP address or other personal data when visiting the websites it operates. The html code of the websites operated by the Data Controller may contain independent links from and to external servers for the purpose of web analytics measurements. The measurement also covers the tracking of conversions. The web analytics service provider does not handle personal data, only browsing-related data that is not suitable for identifying individuals. Description of data protection technical solution (e.g.): the Data Controller uses the so-called Facebook and Google AdWords advertising systems. runs remarketing ads. These service providers can collect or receive data from the Data Controller's website and other internet sites using cookies, web beacons and similar technologies. Using this data, they provide measurement services and target ads: these can appear on additional websites in the partner network of Facebook and Google. The remarketing lists do not contain the visitor's personal data and are not suitable for personal identification. The use of cookies can be deleted from the user's computer or their use can be prohibited in their browser. These options depend on the browser, but are typically available in the Settings / Privacy menu. More information about the privacy policies of Google and Facebook can be found at the following addresses: http://www.google.com/privacy.html and https://www.facebook.com/about/privacy/
Newsletter - The Data Controller delivers online newsletters containing news, news and business offers and electronic direct marketing messages to the subscribers to the newsletters of the website it operates (also known as VIP members) usually monthly, but no more than twice a week.