Zásady ochrany osobných údajov

General Data Protection Regulation Policy

The protection of your personal data is also very important to us; therefore, during their processing we continuously ensure their security. From now on, our data processing is governed by a regulatory framework that is mandatory for all economic entities within the European Union, officially entitled Regulation (EU) 2016/679 of the European Parliament and of the Council, known as the General Data Protection Regulation (GDPR). We process your data in accordance with our renewed Privacy and Data Management Policy based on this regulation, until you decide otherwise.

Privacy and Data Management Policy

Calimbra Wellness Hotel data processing registration number: NAIH-81092/2014
www.calimbrawellnesshotel.hu

Privacy and data management policy

I. Introduction

  • Name: AURA GOLD Commercial and Service Limited Liability Company
  • Company registration number: 05 09 014852
  • Registered office: 3519 Miskolc, Bencések útja 9–11.
  • Place of actual administration: 3519 Miskolc, Bencések útja 9–11.
  • Represented by: Imre Ostorházi, Managing Director
  • Telephone: +36 (46) 799-200
  • Fax: +36 (46) 799-201
  • E-mail: calimbra@calimbrahotel.hu

(hereinafter referred to as the Data Controller) acts in accordance with the following data management policy (hereinafter referred to as the Policy) during its data processing activities. The currently effective version of the Privacy Policy is always available on the website www.calimbrawellnesshotel.hu.

The Data Controller reserves the right to amend this Policy in order to harmonize it with changes in the legal environment and internal regulations.

II. Purpose of the Policy

In connection with the content published on the website www.calimbrawellnesshotel.hu (hereinafter referred to as the Website), the Data Controller considers it of paramount importance and is committed to protecting the personal data provided by visitors to the Website and to respecting their right to informational self-determination. In this context, by fully complying with the applicable legal regulations, the Data Controller contributes to ensuring secure internet usage for visitors.

The Data Controller treats personal data provided by visitors through the portal directly accessible from the “booking/request for quotation” menu item of the Website confidentially and in accordance with applicable legal requirements, ensures their security, implements technical and organizational measures, and establishes procedural rules in order to fully comply with data protection principles.

The purpose of this Policy is therefore to comprehensively regulate the processing of all facts, information and data falling within the scope of Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (hereinafter referred to as the Infotv.), as defined in Section 2 (1), arising in connection with the operation and appearance of the Website, relating to the user, contractual partners of the Data Controller, and all other data subjects (hereinafter collectively referred to as personal data), as well as to protect such data against unauthorized acquisition, use or disclosure by third parties.

The Data Controller takes and ensures all necessary IT and other security measures related to data storage and processing in order to preserve data.

This Policy has been established in accordance with the provisions of the Infotv., taking into account online ordering, online booking and the online payment system, as well as all other data disclosures related to the operation of the Website and the video surveillance system.

III. Definitions

  • Data subject: any identified or identifiable natural person, directly or indirectly, based on personal data;
  • Personal data: any data relating to the data subject, in particular the name, identification number, or one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of the data subject, as well as conclusions drawn from such data;
  • Consent: the freely given, specific and informed indication of the data subject’s wishes by which he or she signifies agreement to the processing of personal data relating to him or her;
  • Data Controller: the natural or legal person or organization without legal personality who determines the purposes and means of the processing of personal data;
  • Data processing: any operation or set of operations performed on personal data, including collection, recording, organization, storage, alteration, use, retrieval, transmission, disclosure, alignment or combination, restriction, erasure or destruction, as well as preventing further use, image, audio or video recording, and recording of physical characteristics suitable for personal identification;
  • Data transfer: making personal data available to a specific third party;
  • Data processing activity: the performance of technical tasks related to data processing operations;
  • Data set: the totality of data processed in a registry;
  • Third party: any natural or legal person or organization other than the data subject, the Data Controller or the data processor.

IV. The Data Controller

The Data Controller is the operator of the Website (hereinafter referred to as the Operator):
(company details repeated unchanged as in the original text)

The Data Controller ensures that all provisions of this Policy are made known and accessible to the data subjects (principle of transparency). The Data Controller does not verify the accuracy of the personal data provided and excludes liability for their correctness.

The Data Controller takes all measures reasonably expected to protect the personal data it processes against unauthorized access, alteration, disclosure, deletion, damage or destruction.

V. Principles of Data Processing

Personal data may only be processed for a specific purpose, for the exercise of rights and fulfillment of obligations. Data processing must comply with its purpose at all stages and must be fair and lawful.

  • Principle of purpose limitation
  • Principle of proportionality and necessity

Personal data retain their personal nature as long as their connection to the data subject can be restored. Accuracy, completeness and, where necessary, up-to-dateness of data must be ensured.

Appropriate security measures must be applied to protect automated data files against accidental or unlawful destruction, loss, unauthorized access, alteration or dissemination.

Data provision by the data subject is voluntary. Personal data are processed based on the data subject’s consent.

Personal data are not transferred to data controllers or processors in third countries.

VI. Data Processing Activities and Scope of Data

1. Request for quotation / booking:

Mandatory fields marked with *:

  • Name*
  • Company name
  • E-mail*
  • Telephone*
  • City*
  • Address*
  • Postal code*

During booking, the data subject may optionally subscribe to the newsletter. No data are processed regarding the selected payment method.

2. Video surveillance system

A camera-based surveillance system operates on the hotel premises for personal and property protection purposes, indicated by information signs.

VII. Storage of Personal Data and Information Security

VIII. Legal Remedies

The data subject may request information, rectification, erasure, restriction, object to processing, or seek legal remedy as described in the original Hungarian text.

Issued in: Miskolc, 25 May 2018
Imre Ostorházi
Managing Director
Fields marked with* are mandatory