Data Processing Notice

I/1. Data of the service provider as data controller

Patak Dream House Guesthouse

Registered at: 2624 Szokolya, Török Patak utca 151.

Tax number: 90930456-1-33

Ntak registration number: MA25111796

Electronic contact: info@patakdreamhouse.com

Telephone contact: +36 30 44 00193

Representative: Atri-Eöri Szilvia

(hereinafter referred to as: "Data Controller")

The Data Controller, Patak Dream House Guesthouse, hereby informs its customers, guests and visitors to its website (hereinafter collectively referred to as: data subjects, user(s) or guest(s)) that it respects the personal rights of its Guests, and therefore acts in accordance with the following Data Management Policy when processing its data. The Data Controller reserves the right to change the Regulations due to the coordination of the Regulations with the legal background and other internal regulations that may be amended in the meantime. The current version of the data protection regulations is available on the website www.patakdreamhouse.com, and the Regulations are also available in paper form at the Guesthouse.

This regulation regulates the data processing activities related to the services provided by the other accommodation facility called Patak Dream House Guesthouse, located at 2624 Szokolya, Török Patak 151, and accessible via the website.

I/2. PURPOSE OF THE REGULATION

1. The purpose of this regulation is to define and comply with the basic principles and provisions regarding the processing of data of natural persons and Guests who come into contact with the Accommodation in order to protect the privacy of natural persons in accordance with the relevant data protection legal provisions.

2. With reference to the provisions of point I.1, the purpose of these regulations is to ensure that the Accommodation complies in all respects with the provisions of the applicable laws on data protection, in particular, but not exclusively, with Act CXII of 2011 on the right to information self-determination and freedom of information, Act CVIII of 2001 on certain issues of electronic commerce services and services related to the information society, Act XLVII of 2008 on the prohibition of unfair commercial practices towards consumers, Act XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activities.

3. The Data Controller therefore considers it important and is committed to ensuring that the data provided by the data subject via the website or other forum or in any other way complies with the provisions of Act CXII of 2011 on the right to information self-determination and freedom of information. protect the data specified by law and respect the right of information self-determination of the data subjects. By fully complying with the relevant applicable laws, it contributes to creating safe internet access for the data subjects.

II. SCOPE OF THE POLICY

1. Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) - on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation 95/46/EC (General Regulation, hereinafter referred to as "GDPR")

2. Personal scope: The scope of this Policy covers the Guesthouse, those persons whose data is included in the data processing covered by this Policy, as well as those persons whose rights or legitimate interests are affected by the data processing.

3. Subject matter scope: The scope of this Regulation covers all personal data

processing of the Guesthouse.

III. DEFINITION

User, Data Subject or Guest: any specific natural person identified or directly or indirectly identifiable on the bass of personal data.

Personal data: data that can be linked to the data subject, such as the name, passport or identity card number of the data subject, and one or more physical, physiological, mental, economic, cultural or social identity.

Guesthouse: Patak Dream House Guesthouse located at 151 Török Patak, 2624 Szokolya, operated by the Data Controller.

Consent: the voluntary and definite declaration of the data subject's will, which is based on appropriate information and by which he gives his unambiguous consent to the processing of personal data relating to him in full or in part.

Data controller: the natural or legal person or an organization without legal personality who, or which, independently or jointly with others, determines the purpose of data processing, makes and implements decisions regarding data processing, or has them implemented by a data processor commissioned by him.

For the purposes of this policy and the Accommodation, the data controller is: Atri-Eöri Szilvia

Registered at: 2624 Szokolya, Török Patak 151.

Data management: any operation or set of operations performed on data, regardless of the procedure of the owner, such as collection, recording, use, organization, storage, recording, alteration, retrieval, transmission, disclosure, alignment,

linking, blocking, erasure and destruction, as well as preventing further use of data, taking photographs, audio or video recordings, and recording physical characteristics suitable for identifying a person.

Data transfer: making data accessible to a specific third party.

Data processing: performing technical tasks related to data processing operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data.

Data erasure: rendering data unrecognizable in such a way that their recovery is no longer possible.

Data storage: providing data with an identification mark for the purpose of permanently or for a specific period of time restricting further processing.

Data destruction: complete physical destruction of the data medium containing the data.

Data file: the totality of data processed in a register.

Third party: a natural or legal person or an organization without legal personality who is not the same as the data subject, the data controller or the data processor.

Data protection incident: unlawful processing or processing of personal data, in particular unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage.

Website: the www.patakdreamhouse.com portal and all its subpages, operated by the Data Controller;

IV. PRINCIPLES OF DATA PROCESSING

1. Principle of proportionality, necessity: Only personal data that is essential for the purpose of data processing and suitable for achieving the purpose may be processed. Personal data may only be processed to the extent and for the period necessary to achieve the purpose.

2. Principle of purpose limitation: Personal data may only be processed for a specific purpose, in order to exercise a right and fulfill an obligation. Data processing must comply with the purpose of data processing at all stages, and the collection and processing of data must be fair and lawful.

3. Personal data shall retain this quality during data processing as long as its relationship with the data subject can be restored. The relationship with the data subject can be restored if the data controller has the technical conditions necessary for restoration.

4. During data processing, the accuracy, completeness and – if necessary with regard to the purpose of data processing – up-to-dateness of the data must be ensured, and the data subject must only be identified for the period necessary for the purpose of data processing.

5. Principle of voluntariness: The provision of data by the data subject is voluntary. The Data Controller processes personal data with the consent of the data subject. Voluntary consent, as consent, should be understood as the user behavior by which the user accepts that all regulations related to the use of the website automatically apply to him/her.

V. DATA CONTROLLER DECLARATIONS

1. The Data Controller declares:

a. during data processing, it acts in accordance with the provisions of Act CXII of 2011 on the right to informational self-determination and freedom of information.

b. during data processing, personal data that the Data Controller has come to know may only be accessed by those persons employed by the Data Controller who have a task related to the given data processing.

c. ensures that the regulations in force at all times are continuously accessible to the data subject, thereby enforcing the principle of transparency.

d. the website processes the personal data of visitors confidentially, in accordance with the applicable legal provisions, ensures their security, takes technical and organizational measures, and develops procedural rules in order to fully comply with the principles of data protection.

e. handles the personal data of Guests staying at the guesthouse confidentially, in accordance with the applicable legal regulations, ensures their security, takes technical and organizational measures, and develops procedural rules in order to fully comply with the principles of data protection.

f. takes and ensures all measures to facilitate IT and other secure data management related to data storage, processing and data transmission in order to preserve the data it manages.

g. does everything that can be expected of it to protect the personal data it manages against unauthorized access, alteration, disclosure, deletion, damage and destruction, and to ensure the necessary technical conditions for this.

h. does not verify the personal data provided to it, and excludes its liability for their accuracy.

i. transmits personal data to third parties only exceptionally and in such cases, and connects the database it manages with another data controller only if the data subject expressly consents to it or if the law permits it, and if the conditions for data management are met for each personal data item.

j. operates exclusively in Hungary, does not belong to a multinational hotel chain, and therefore does not need to introduce and operate mandatory organizational regulations.

k. does not transmit personal data to a data controller or data processor in a third country.

l. keeps a register for the purpose of monitoring measures related to the data protection incident and informing the data subject, which contains the scope of the personal data concerned, the scope and number of those affected by the data protection incident, the date, circumstances, effects of the data protection incident and the measures taken to remedy it, as well as other data specified in the law prescribing data management.

2. The Data Controller excludes liability for the lawfulness of the data processing of a contractual partner in a legal relationship with the Data Controller.

3. In order to protect personal data stored in automated data files by applying appropriate security measures, the Data Controller ensures the prevention of accidental or unlawful destruction or accidental loss, as well as unlawful access, alteration or dissemination.

VI/1. SCOPE OF ACTIVITIES AND DATA AFFECTED BY DATA PROCESSING

1. Use of guesthouse services

2. In the context of providing guesthouse services, the processing of all data related to the data subject is based on voluntary consent and is aimed at ensuring the provision of the service and maintaining contact. The Data Controller, with the exceptions set out in the individual sub-points, stores the personal data contained in this point for a period in accordance with the current tax and accounting regulations and deletes them after the deadline has expired.

3. For certain services, it is possible to provide additional data that helps to fully understand the Guest's needs, but these are not conditions for using hotel services.

VI/2. REQUEST FOR A QUOTE

1. In the event of a request for a quote via the website, the Data Controller requests/may request the following data from the Guest:

Name

Email*

Telephone number*

Arrival date*

Departure date*

Number of adults*

Number of children*

Note

The data marked with * are mandatory.

2. The request for a quote is voluntary.

3. The activity and process affected by the data management are as follows:

a. The data subject, by clicking on the "Booking" button on the main page of the website, will reach the interface of the website where he/she has the opportunity to provide the data specified in point VI.2. and accept the booking and cancellation conditions and this data management policy. After providing the data, accepting the conditions and the policy, the data subject can send the named data to the Data Controller by clicking the "Send" button.

b. The data sent to the Data Controller is recorded in the G-mail system and an offer is developed for the data subject.

Feedback geben

Seitenleisten

Verlauf

Gespeichert

VI/3. RESERVATION

1. During the reservation, the Data Controller requests/may request the following data from the Guest:

Name*

E-mail*

Phone number*

Arrival date*

Departure date*

Number of adults*

Number of children*

Szép-Kártya data

Note

The data marked with * are mandatory.

2. The activity and process affected by the data processing are as follows:

a. If the data subject accepts the offer and informs the Data Controller orally or in writing, the Data Controller will take the steps related to the reservation.

b. The data sent to the Data Controller are recorded in the data received by the Data Controller in the g-mail mailing system, thus creating the reservation.

c. The Data Controller will notify the data subject in writing about the reservation of the room.

VI/4. CHECK-IN AND GUEST LIST

1. Upon arrival at the Accommodation, the Data Subject shall complete a guest list prior to occupying the accommodation, in which he/she consents to the Data Controller processing the data provided below for the purpose of fulfilling the obligations specified in the relevant legislation (in particular the legislation relating to immigration control and tourism tax) and proving such fulfillment, as well as for the purpose of identifying the Guest, as long as the competent authority can verify the fulfillment of the obligations specified in the given legislation:

Surname*

First name*

Address*

Citizenship*

Date of birth*

Date of arrival*

Date of departure*

Number of nights*

ID card number*

Data marked with * are mandatory.

2. The provision of the mandatory data by the Guest is a condition for using the accommodation services.

By signing the guest list, the guest agrees that the data provided by filling out the guest list will be processed and archived by the Data Controller within the deadline specified above for the purpose of establishing and fulfilling the contract, proving its fulfillment, and for the purpose of asserting any claims.

VI/5. MANDATORY RECORDING OF PERSONAL DATA

After September 1, 2021, in accordance with the applicable laws, the personal data of those using accommodation services in Hungary as specified by law will be recorded by the accommodation provider in its accommodation management software via a document reader and forwarded to a storage location, the Guest Information Closed Database (VIZA).

In the interests of the rights, safety and property of the data subject and others, as well as for the purpose of checking compliance with the provisions on the stay of third-country nationals and persons with the right of free movement and residence, the accommodation provider will record the following data of the user in its accommodation management software upon check-in:

surname and first name;

his/her surname and first name at birth,

place of birth;

date of birth;

gender;

citizenship;

mother's surname and first name at birth,

identification data of personal identification or travel document;

in the case of a third-country national*, the number of the visa or residence

permit, date and place of entry.

*third-country national: persons pursuant to Act II of 2007 on the entry and residence of third-country nationals.

The person using the accommodation service shall present the identification document to the accommodation service provider for the purpose of recording the data. Data not contained in the document shall not be recorded. In the absence of presentation of the document, the accommodation service provider shall refuse to provide the accommodation service. Based on legal regulations, the accommodation service provider is entitled to request the guest's identity document, and the guest is obliged to present it.

The accommodation provider processes the data of the users until the last day of the year following the date of receipt of the data for the purpose specified in the law. The police may search the data stored in the VIZA system, i.e. in the storage location specified by law, with asymmetric encryption, for the purpose of crime prevention, public order, public security, state border order, the protection of the rights, safety and property of the person concerned and others, and the conduct of the wanted procedure.

APPLICABLE LEGISLATION:

Act CLVI of 2016 on the state tasks of the development of tourist areas;

Government Decree 235/2019. (X. 15.) on the implementation of the Act on the state tasks of the development of tourist areas;

Government Decree 414/2015. (XII. 23.) on the rules for issuing identity cards and uniform facial image and signature capture.

VI/6. DATA PROCESSING RELATED TO BANK DATA:

1. The Data Controller enables the Data Subject to pay the consideration for the services and the advance payment by bank transfer.

2. The transfer via bank, and thus the disclosure of the related data to the Data Controller, is based on voluntary consent.

3. Data Subject: All natural persons who wish to pay by bank transfer.

4. Data processed:

• account holder name

• bank account number

• message

• amount

5. The purpose of data management is to facilitate and monitor financial performance by the data subject.

6. In order to preserve banking and business secrets, the Data Controller will do everything possible to ensure that the above data is only known to the owner.