Data Management and Privacy Policy

The Hotel Castle Szidónia LTD (1124 BUDAPEST, Németvölgyi út 110, ADDRESS: 24737894-2-43, Main Business service)

Introduction

The Hotel Castle Szidónia Ltd., 1124 Budapest, Németvölgyi út 110, tax number: 24737894-2-43, whose main activity is Hotel Services.

Hotel Castle Szidónia Ltd. hereby informs its customers, guests and visitors to its website about the personal data it processes, its principles and practices regarding the processing of personal data, the way in which the data subjects exercise their rights and the way in which they exercise their rights in relation to the processing of personal data 
rights of the data subjects.
The Hotel is committed to protecting the personal data of its users and partners, and attaches the utmost importance to respecting the right to information self-determination of its customers. Hotel Castle Szidónia Ltd. declares that it respects the personal rights of its partners, customers and visitors of its website. The personal data recorded will be treated confidentially, in accordance with data protection legislation and international recommendations, in accordance with this Privacy Policy, and will take all security, technical and organizational measures to ensure the security of the data.

Information on the data management activities of Hotel Castle Szidónia Ltd. and the current version of the policy are permanently available at www.hotelwalzer.hu.
The Hotel reserves the right to change this policy at any time. Of course, the Hotel will inform its customers, partners and guests about any changes in due time and in an appropriate manner.
The partner who enters into a customer relationship with the Hotel accepts the following and consents to the processing of data as set out below.

1./ Purpose of the policy

The purpose of this Policy is to ensure that Hotel Castle Szidónia Ltd. complies with the applicable legislation on data protection, in particular the following:

2./ Scope of the code 

2.1. Temporal scope

These Regulations shall be in force from 29 July 2024 until further notice and until revoked.

2.2.This Policy applies to Hotel Castle Szidónia Kft, to the persons whose data are included in the processing covered by this Policy and to the persons whose rights or legitimate interests are affected by the processing.

2.3. The scope of this Policy covers all processing of personal data carried out by Hotel Castle Szidónia Ltd. in all its departments.

3./ Principles of data processing

Personal data may be processed if

a) with the consent of the data subject, or


b) it is ordered by law or - on the basis of the law's authorisation and within the scope specified therein - by a local government decree for a purpose in the public interest (mandatory processing).

Personal data may also be processed where obtaining the data subject's consent would involve an impossible or disproportionate effort and the processing of the personal data is necessary for compliance with a legal obligation to which the controller is subject or is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, and the pursuit of those interests is proportionate to the restriction of the right to the protection of personal data.

The declaration of an incapacitated minor or a minor under the age of 16 with limited capacity to act requires the consent of his or her legal representative, except for those parts of the service where the declaration is for processing that occurs on a massive scale in everyday life and does not require any special consideration.
Where the data subject is unable to give his or her consent due to incapacity or for other reasons beyond his or her control, the personal data of the data subject may be processed to the extent necessary to protect his or her vital interests or those of another person or to prevent or protect against an imminent threat to the life, physical integrity or property of a person, as long as the obstacles to consent persist.
Where personal data have been collected with the consent of the data subject, the controller shall, unless otherwise provided by law
(a) for the purpose of complying with a legal obligation to which it is subject; or
(b) for the purposes of the legitimate interests pursued by the controller or by a third party, where such interests are proportionate to the restriction of the right to the protection of personal data, without further specific consent and even after the withdrawal of the data subject's consent. 
Personal data may be processed only for specified purposes, for the exercise of a right and for the performance of an obligation. The processing must comply with this purpose at all stages and the collection and processing of data must be fair.
Only personal data which is necessary for the purpose of the processing, adequate for the purpose, and only to the extent and for the duration necessary for the purposes of the processing may be processed.

Personal data may only be processed with informed consent.
The data subject must be informed before the processing starts whether the processing is based on consent or whether it is mandatory. The data subject shall be informed, in a clear, plain and detailed manner, of all the facts relating to the processing of his or her data, in particular the purposes and legal basis of the processing, the identity of the controller and of the processor, the duration of the processing, whether the controller is processing the personal data of the data subject with the consent of the data subject and for the purposes of complying with a legal obligation to which the controller is subject or for the purposes of the legitimate interests of a third party, and the identity of the third parties to whom the data may be disclosed. The information should also cover the rights and remedies of the data subject in relation to the processing.
The processing should ensure that the data are accurate, complete and up-to-date and that the data subject can be identified only for the time necessary for the purposes for which the data are processed.
The employees of the Hotel Castle Szidónia Ltd. who are in charge of data processing in the departments of the Hotel Castle Szidónia Ltd. are obliged to keep the personal data they receive as business secrets. Persons who process personal data and have access to them are obliged to sign a confidentiality declaration.

4./ Scope of personal data, purpose, legal basis and duration of processing

The Data Controller processes personal data solely for specified purposes, for the exercise of rights and for the performance of obligations. At all stages of processing, the purpose of the processing is fulfilled. The data are collected and processed fairly and lawfully. The Data Controller shall endeavour to process only personal data that is necessary for the purpose of the processing and is adequate for the purpose. Personal data shall only be processed to the extent and for the duration necessary to achieve the purpose. 
We draw the attention of Hotel Castle Szidónia Ltd. to the fact that if the data subject does not provide his/her own personal data, the data subject is obliged to obtain the consent of the data subject.

4.1. Data processing on the website

a) The legal basis for the processing of data on the website is the consent of the User and Article 13/A (3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services.

b) Data processed: date and time of the visit, IP address of the visiting user's computer, browser type, name, telephone, e-mail address, date and time, number of adults, number and age of children, type of care, and other personal data provided by the User.

c) The time limit for the deletion of the data: 5 years from the booking of the room, in the case of a request for an offer, immediately if no contract has been concluded; and in the case of consent to the sending of a newsletter, until the consent is withdrawn. In the case of accounting documents, the Service Provider shall keep them for 8 years pursuant to Article 169 (2) of Act C of 2000 on Accounting.

d) You may request the deletion or modification of your personal data in the following ways:

e) We inform our Users that the court, the prosecutor, the investigating authority, the law enforcement authority, the administrative authority, the data protection commissioner, or other bodies authorized by law may contact the Service Provider to provide information, to disclose or transfer data, or to provide documents.

f) Hotel Castle Szidónia Kft. shall disclose personal data to the authorities only to the extent and to the extent that is indispensable for the purpose of the request, provided that the authorities have indicated the exact purpose and scope of the data.

g) Hotel Castle Szidónia Kft. shall process the data and information provided by the guests, necessary for the performance of the Service, in accordance with the provisions of Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information.

h) Hotel Castle Szidónia Ltd. processes the personal data of the Users for the purpose of providing the service (full use of the website, e.g. booking, sending newsletters), only to the extent and for the duration necessary for this purpose. The processing of data shall comply with this purpose at all stages.

i) Process personal data that are technically necessary for the provision of the service. If the personal data have been collected with the consent of the User, Hotel Castle Szidónia Kft. shall, unless otherwise provided by law, only process the collected data for the purposes of the technical processing of the User's personal data.

i) for the purpose of fulfilling a legal obligation to which it is subject, or
ii) for the purposes of the legitimate interest of the Hotel or a third party, if such interest is proportionate to the restriction of the right to the protection of personal data, without further specific consent and even after the withdrawal of the User's consent.

j) In addition, Hotel Castle Szidónia Ltd. collects only information about Users (IP address, time of use, website visited, browser program and one or more cookies that allow the unique identification of the browser), which is used exclusively for the development and maintenance of the Services and for statistical purposes. The Service Provider will use the data processed for these statistical purposes only in a form that does not personally identify you. In order to improve the quality of the Services, Hotel Castle Szidónia Ltd. places a file containing a series of characters, so-called cookies, on the User's computer, provided that the User consents to this. If the User does not consent, he/she shall indicate this in advance using the contact details specified in point d. of the "Data management on the website" section.

k) Hotel Castle Szidónia Ltd. shall transfer the personal data processed by it to third parties only for the purpose of developing and/or operating certain services of the Hotel used by the User. The Hotel does not use or otherwise misuse the personal data processed by it for the purposes of third parties.

l) The Sites may contain links to external servers (not managed by Hotel Castle Szidónia Ltd.), and the sites accessible through these links may place their own cookies or other files on your computer, collect data or request personal data. Hotel Castle Szidónia Ltd. excludes all liability for these.

m) By using the Service, the User consents to the collection and processing of personal data by Hotel Castle Szidónia Kft. as described in this Privacy Policy for the purpose of providing the Service in its entirety.

5.2. Processing of business cards

a) Legal basis for processing: the User's voluntary consent, which is obtained by the User's act of providing the Hotel with his/her business card containing his/her personal data.

b) Data processed: name, telephone number, address, e-mail address, workplace, work address, and other personal data on the business card.

c) Purpose of the processing: to establish contact and facilitate contact between persons.

d) The provisions of this Privacy Notice shall apply mutatis mutandis to the supply and processing of business cards.

e) Time limit for the deletion of data: until the withdrawal of consent, i.e. until the instruction to destroy the business card.

5.3 Newsletter, DM activity

a) Pursuant to Article 6 of Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activities, the User expressly consents in advance to the Hotel being contacted by advertising offers and other mailings at the contact details provided at the time of registration (e.g. e-mail address or telephone number).

b) Furthermore, the Customer, subject to the provisions of this Policy, consents to the Hotel processing his/her personal data necessary for the sending of advertising offers.

c) Hotel Castle Szidónia Ltd. shall not send unsolicited advertising messages and the User may unsubscribe from receiving such offers without any limitation and without giving any reason, free of charge. In this case, the Hotel will delete all personal data necessary for sending advertising messages from its records and will not contact the User with further advertising offers. The User may unsubscribe from advertising by clicking on the link in the message.

d) Purpose of data processing: sending electronic newsletters containing commercial advertising messages to the User, informing him/her about current information and products.

e) Legal basis for processing: voluntary consent of the data subject and Article 6(5) of Act XLVIII of 2008 on the Basic Conditions and Certain Limitations of Economic Advertising Activities.

f) Data processed: name, e-mail address, telephone number, date, time.

g) Deadline for deletion of data: until the withdrawal of the consent, i.e. unsubscription.

5./ Data security

a) The Hotel Castle Szidónia Ltd. takes all necessary security, organisational and technical measures to ensure the highest level of security of personal data and to prevent their unauthorised alteration, destruction and use.

b) The Hotel takes all necessary measures to ensure data integrity, i.e. the accuracy, completeness and up-to-date status of the personal data it handles and/or processes.

c) Hotel Castle Szidónia Ltd. shall take appropriate measures to protect the data, in particular against unauthorised access, alteration, disclosure, disclosure, deletion or destruction, accidental destruction, damage and loss of accessibility due to changes in the technology used.

d) The Hotel therefore reserves the right to inform its customers and partners of any security vulnerabilities it detects in its system and to restrict access to the Service Provider's system, services or certain of its functions until the vulnerability is remedied.

e) Hotel Castle Szidónia Ltd. shall avoid data loss by continuous mirroring on the server in order to ensure the security of the data stored on the network.

f) The Hotel Castle Szónica performs daily backups of active data from databases containing personal data.

g) The Hotel Castle Szidónia Kft. continuously ensures virus protection on the network handling personal data.

h) Access to the data and data files managed on the network of Hotel Castle Szidónia Kft. shall be secured by user name and password.

7./ Information about data management

a) The User may request information on the processing of his/her personal data, as well as request the rectification or - with the exception of data processing required by law - the deletion of his/her personal data in the manner indicated when the data was collected, or at the contact details of the Service Provider.

b) Upon the User's request, the Hotel shall provide information about the data processed by the Hotel, their source, the purpose, legal basis and duration of the processing. The Hotel Castle Szidónia Ltd. shall provide the information in writing, in an intelligible form, within the shortest possible period of time from the date of the request, but not later than 30 days from the date of the request.

c) The Hotel shall correct the personal data if it is not accurate and the accurate personal data is available to it.

d) The Hotel Castle Szidónia Ltd. shall block the personal data if the User so requests or if, on the basis of the information available to it, it is assumed that the deletion would harm the legitimate interests of the User. The blocked personal data may be processed only for as long as the data processing purpose that precluded the deletion of the personal data exists.

e) The Hotel shall delete the personal data if its processing is unlawful, the User requests it, the processed data is incomplete or inaccurate - and this situation cannot be lawfully remedied - provided that the deletion is not precluded by law, the purpose of the processing has ceased to exist, or the statutory period for storing the data has expired, or the court or the National Authority for Data Protection and Freedom of Information has ordered it.

f) The controller has 30 days to delete, block or rectify the personal data. If the Hotel fails to comply with the User's request for rectification, blocking or erasure, it shall inform the User in writing within 30 days of the reasons for the refusal.

g) The Hotel shall notify the Customer of the rectification, blocking and erasure, as well as all those to whom the data was previously transmitted for processing. The notification shall be omitted if this does not prejudice the legitimate interests of the Customer with regard to the purpose of the processing.

7./ Control

a) The compliance with the data protection regulations, in particular with the provisions of this Policy, shall be continuously monitored by the heads of the departments responsible for data processing at Hotel Castle Szidónia Kft.

b) The Hotel Castle Szidónia Kft. shall be subject to an annual audit of the data processed by the Hotel and Operations Manager and the Data Protection Officer appointed by him/her.

c) The Hotel Castle Szidónia Ltd. accepts and respects the recommendations of the National Authority for Data Protection and Freedom of Information on the "Basic requirements for electronic monitoring systems in the workplace".

8./ The data protection officer and privacy policy

a) The Hotel Castle Szidónia Kft. appoints an internal Data Protection Officer under its direct supervision, whose duties are:
i. The data controller shall be responsible for the following. i. Assisting or assisting in making decisions related to data processing and ensuring the rights of data subjects.
Ensure compliance with the provisions of this Act and other legislation on data processing, as well as with the data protection and data security requirements of the data protection and data management policy.
Investigate the notifications received and, if unauthorised processing is detected, request the head of the processing department or the data processor to cease such processing.
Keep internal data protection records.
v. Ensure data protection education.

9./ Remedies

a) Users may object to the processing of their personal data if
the processing or transfer of personal data is necessary solely for the fulfilment of a legal obligation to which the Service Provider is subject or for the purposes of the legitimate interests pursued by the Service Provider, the data recipient or a third party, unless the processing is required by law;
the personal data are used or transmitted for direct marketing, public opinion polling or scientific research purposes;
in other cases specified by law.

b) The hotel shall examine the objection within the shortest possible period of time from the date of the request, but not later than 15 days, decide whether the objection is justified and inform the applicant in writing of its decision. If the Hotel establishes that the objection of the data subject is justified, it shall cease the processing, including further collection and transmission of data, and block the data, and shall notify the objection and the measures taken on the basis of the objection to all those to whom it has previously transmitted the personal data concerned by the objection and who are obliged to take action to enforce the right to object.

c) If the User does not agree with the decision of the Hotel, the User may appeal against it to a court within 30 days from the date of its notification.

d) In case of violation of his rights, the User may take the Hotel to court. The court shall decide on the matter out of turn. A legal remedy or complaint may be lodged with the National Authority for Data Protection and Freedom of

Information:

Hotel Castle Szidónia Ltd. information about the camera system

The Hotel Castle Szidónia Ltd. has an electronic surveillance and recording system in place.
The cameras, which are part of the electronic surveillance system, have been placed in the external areas of the Hotel Castle Szidónia Ltd.
The data controller of the personal data is Hotel Castle Szidónia Kft. (1124 Budapest, Németvölgyi út 110.).
The purpose of the data processing: to prevent and detect violations of the law, to catch the perpetrator in the act and to prove the violations, to identify unauthorized persons entering the premises of Hotel Castle Szidónia Kft., to record the fact of entry, to document the activities of unauthorized persons, to investigate the circumstances of any accidents at work and other accidents that may occur, in order to protect human life, physical integrity and property.
Legal basis for data processing: the consent of the data subject by entering the premises of Hotel Castle Szidónia Kft., and Article 30 of Act CXXXIII of 2005 on the Rules of Personal and Property Protection and Private Investigation (Act on the Rules of Private Investigation).

Scope of the data processed: facial images and other personal data of persons entering the premises of Hotel Castle Szidónia Kft.
Duration of data processing: three working days in the absence of use, and thirty days in the case of cameras directed at the transport route or storage location of cash of significant value [Section 31 (3) (c) of the Act on the Protection of Personal Data].

The person recorded may request information on the processing of his/her data and may request the deletion and blocking of the recordings made of him/her or object to the processing of his/her data.
The data subject may submit his or her comments to Hotel Castle Szidónia Kft., enforce his or her rights before a court of law pursuant to Act CXII of 2011 or lodge a complaint with the National Authority for Data Protection and Freedom of Information.

If you have a problem regarding the data processing of Hotel Castle Szidónia Kft., please contact our team!