1. NAME AND CONTACT DETAILS OF THE DATA CONTROLLER
Company name: Malomkert Kft.
Registered office: 2890 Tata, Tópart u 19
Company registration number: Cg. 11-09-026534
Tax number: 26575412-2-11
Website: www.malomeskacsa.hu
(hereinafter referred to as the Data Controller)
If you have any questions about our Privacy Notice, you can contact us using the following contact details:
Email address: sales@malomeskacsa.hu
Phone number: 06-30-4888-180
2. CONTENT AND PURPOSE OF THE PROSPECTUS
This Privacy Notice (hereinafter the "Privacy Notice") summarizes how and for what purpose the Controller collects, uses and protects the personal data of users (hereinafter the "User" or "you") of the websites (hereinafter the "Website") available at https://www.malomeskacsa.hu operated by the Controller. This Privacy Notice is written in Hungarian and covers the processing of personal data of natural persons only.
We are committed to protecting your personal data and respect your right to self-determination. The purpose of this notice is to provide information on how we handle and protect the personal data entrusted to us and to show how you can contact us if you have any questions about our data handling.
The Privacy Notice sets out:
- the identity of the Data Controller,
- the scope of your personal data processed by the Controller,
- the legal basis for processing the data,
- the legal basis for processing the data,
- the purposes of the processing,
- the duration of the data processing,
- the requirements of data protection and data security; and
- the means by which Users may exercise their rights.
3. THE LAW ON WHICH THE PROCESSING IS BASED
- REGULATION (EU) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation or GDPR)
- Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (Information Act)
This Privacy Notice is governed by Hungarian law. If the law in force in your country imposes more stringent rules on the parties than those set out in this Privacy Notice, you shall comply with them. You acknowledge and agree, however, that the Controller's liability shall be based on the law applicable to this Privacy Notice and excludes its liability to the fullest extent possible under applicable law and court decisions for non-compliance with the provisions of the User's country.
4. BASIC CONCEPTS
Personal dataany information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data processing: any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Controller: a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or specific criteria for the designation of the controller may also be determined by Union or Member State law;
Processing: the totality of processing operations carried out by a processor acting on behalf of or under the instructions of the controller.
Processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.
Transfer: the making available of data to a specified third party.
Third party:any natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or the processor, are authorised to process personal data.
Consent of the data subject: a freely given, specific and informed and unambiguous indication of the data subject's wishes by which he or she signifies, by a statement or by an act unambiguously expressing his or her consent, that he or she signifies his or her agreement to the processing of personal data concerning him or her.
Recipient: a natural or legal person, public authority, agency or any other body with whom or to which personal data are disclosed, whether or not a third party.
Erasure: the rendering of data unrecognisable in such a way that it is no longer possible to retrieve it.
Data breach: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
5. BASIC PLANTS
We process personal data lawfully, fairly and transparently (principles of legality, fairness and transparency).
Personal data are collected only for specified, explicit and legitimate purposes and are not processed in a way incompatible with those purposes. Further processing for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes is not considered incompatible with the original purpose (purpose limitation principle).
The personal data we collect and process are adequate, relevant and limited to what is necessary for the purposes for which they are processed (data minimisation principle).
We will take all reasonable steps to ensure that the data we process is accurate and, where necessary, kept up to date, and inaccurate personal data will be promptly deleted or rectified (accuracy principle).
We store your personal data in a form which allows you to be identified only for the time necessary to achieve the purposes for which the personal data are processed (principle of limited storage).
We use appropriate technical and organizational measures to ensure the security of personal data against unauthorized or unlawful processing, accidental loss, destruction or damage, commensurate with the risks involved (integrity and confidentiality).
The Data Controller is responsible for compliance with the above and demonstrates compliance with the principles (accountability principle).
6. LEGAL GROUNDS FOR PROCESSING
We process personal data provided that at least one of the following conditions is met:
(a) the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes;
(b) the processing is necessary for the performance of a contract to which the data subject is a party or for taking steps at the request of the data subject prior to entering into that contract;
(c) (d) processing is necessary for the protection of the vital interests of the data subject or of another natural person;
(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.
7. DATA PROCESSING LINKED TO OUR GUESTS
Below you will find information about when we ask for or collect personal data from you, for how long and how we process it.
Camera surveillance
Please note that we use camera surveillance, whereby we record your image and your movements within our premises. The legal basis for processing is your consent (Article 6(1)(a) GDPR).
|
DATA PROCESSORS |
PURPOSE OF PROCESSING |
NAME OF AREA |
STORAGE PERIOD |
DATA PROCESSORS |
|
Malomkert Kft. |
The Data Controller uses a video surveillance system to protect the movable and immovable property of the Data Controller, to protect the property of guests using its services, to protect large sums of cash and to prevent fire and accidents. |
2890 Tata, Tópart street 19. |
3 working days |
Derik Technika Kft. 2890 Tata, Almási street 32. |
Data processing related to our website
|
PURPOSE OF DATA PROCESSING |
LEGAL BASIS |
DATA PROVIDERS |
ACCESS |
STORAGE PERIOD |
|
A honlap rendeltetésszerű és színvonalas működésének biztosítása, a szolgáltatásaink minőségének ellenőrzése és javítása, a rosszindulatú, weboldalunkat támadó látogatók azonosítása, a látogatottság mérésére, egyéb statisztikai célok |
Consent of the data subject (Article 6(1)(a) GDPR) |
– IP cím |
Designated staff and designated staff of the website operator |
As stated in the cookie policy |
Számlázáshoz kapcsolódó adatkezelés
|
PURPOSE OF DATA PROCESSING |
LEGAL BASIS |
DATA |
ACCESS |
STORAGE PERIOD |
|
For the purpose of recording accounting documents that directly and indirectly support accounting and complying with the Accounting Act and other tax legislation. |
Consent of the data subject (GDPR Article 6 (1) point c) based on the legislation on accounting (Act C of 2000 § 169 (1)-(2)) |
- Name |
Designated staff |
8 years from the date of issue of the invoice |
Data management related to customer service or complaint handling
|
PURPOSE OF DATA PROCESSING |
LEGAL BASIS |
DATA |
ACCESS |
STORAGE PERIOD |
|
To identify you and your case, investigate and resolve complaints, issues and related procedures |
The data subject's consent (Article 6(1)(c) GDPR) pursuant to Article 17/A(7) of Act CLV of 1997 on Consumer Protection |
- Name - E-mail address - Phone number |
Designated staff |
3 years from notification |
Send newsletter
|
PURPOSE OF DATA PROCESSING |
LEGAL BASIS |
DATA PROVIDERS |
ACCESS |
STORAGE PERIOD |
|
To contact the User, to present services and promotions |
Consent of the data subject (Article 6(1)(a) GDPR) |
- Name |
Designated staff and designated staff of the website operator |
Until consent is withdrawn. You can unsubscribe from our newsletters at any time by using the link at the bottom of the emails or any of our contact details. |
Reservation
|
PURPOSE OF DATA PROCESSING |
LEGAL BASIS |
DATA PROVIDERS |
ACCESS |
STORAGE PERIOD |
|
Room reservation, venue reservation, contact management |
Performance of contract (Article 6 (1) (b) GDPR), processing based on law (Articles 30-31 of the 1990 C. tv.) (Article 6 (1) (c) GDPR) |
name, e-mail address, telephone number, address, number of persons who wish to use the service (number of children, age) |
Designated staff |
For the duration of the contractual relationship with the data subject |
Data processing pursuant to § 9/H of the Tourism Act NTAK
|
PURPOSE OF DATA PROCESSING |
LEGAL BASIS |
DATA PROVIDERS |
ACCESS |
STORAGE PERIOD |
|
Protection of the rights, safety and property of the data subject and of other persons, and monitoring of compliance with the provisions on the residence of third-country nationals and persons enjoying the right of free movement and residence |
To comply with the legal obligation pursuant to Article 9/H of Act CLVI of 2016 on State Tasks for the Development of Tourist Areas (Article 6(1)(c) GDPR) |
1. the guest using the accommodation service |
Designated staff and the Hungarian Tourism Agency |
Last day of the first year following the date of notification |
On the website, the Data Controller may also request other personal data of Users for certain activities (e.g. for prize draws, promotions), however, the provision of such data is voluntary, the Data Controller will inform Users about the data management in the form of ad hoc information, and the personal data provided will be used only for the purpose and for the duration necessary for the activity in question. Such processing shall also be governed by this Privacy Notice.
Where the User voluntarily consents to the sharing of his/her personal data on other websites (e.g. sharing, liking, etc.), he/she acknowledges that other websites are subject to their own privacy policies, for which the Data Controller is not liable.
Visitors to the website will only be asked to provide their personal data if they wish to use our services. We do not profile our visitors.
If you have any questions about the processing of your data, you may request further information by e-mail or by post, and we will reply to you without delay, but within 25 days at the latest, to the contact details you have provided.
8. THE DATA PROCESSORS USED FOR DATA PROCESSING
Our agents and employees involved in the processing of your personal data are entitled to access your personal data to the extent provided in advance, subject to confidentiality obligations.
|
DATA PROCESSOR |
PURPOSE OF DATA TRANSFER |
DATA PROCESSING OPERATIONS |
LEGAL BASIS FOR THE TRANSFER |
DATA FIELDS TRANSFERRED |
DURATION OF ACCESS |
|
Batori Group Ltd. 1136 Budapest Tátra street 5/a |
Website hosting and website maintenance |
View, backup, storage, destruction |
Consent of the data subject (Article 6(1)(a) GDPR) |
IP address |
As stated in the cookie policy |
|
Facebook (META Inc.) |
Facebook pixel, cookie |
Data collection, recording, use, retrieval, storage, destruction |
Consent of the data subject (Article 6(1)(a) GDPR) |
IP address used by the visitor, browser type, operating system characteristics (language set), time of visit, (sub)page visited |
Up to 3 months |
|
Google LLC |
|
Data collection, recording, use, retrieval, storage, destruction |
Consent of the data subject (Article 6(1)(a) GDPR) |
IP address used by the visitor, browser type, operating system characteristics (language set), time of visit, (sub)page visited |
Advertising cookies for up to 2 years Analytical cookie up to 1 day or 1 minute |
|
Elementor Inc. |
Elementor cookie |
Responsible for website dynamics |
Consent of the data subject (Article 6(1)(a) GDPR) |
IP address used by the visitor, browser type, operating system characteristics (language set), time of visit, (sub)page visited |
No expiry date |
|
Kuula Inc. |
Kuula cookies |
Load balancing |
Consent of the data subject (Article 6(1)(a) GDPR) |
IP address used by the visitor, browser type, operating system characteristics (language set), time of visit, (sub)page visited |
Up to 7 days |
9. COOKIE MANAGEMENT
We inform our visitors that our website uses cookies. The computer of the website visitors is identified by a so-called cookie.
An anonymous user identifier (cookie) is a unique set of signals, which can be used to identify you and store profile information, which is placed on your computer by the service providers. It is important to note that such a sequence of signals is not in itself capable of identifying the User in any way, but only of recognising the User's computer. In the networked world of the Internet, personalised information and customised service can only be provided if service providers can identify their customers' habits and needs. Service providers are turning to anonymous identification to learn more about their customers' information usage patterns in order to further improve the quality of their services and to offer their customers customisation options.
Most of the most commonly used web browsers (Chrome, Firefox, etc.) accept and allow the download and use of cookies by default, but it is up to you to modify your browser settings to refuse or block them, or to delete cookies already stored on your computer. For more information on the use of cookies, please see the "help" section of each browser.
Some cookies do not require your prior consent and are briefly explained to you when you first visit our website, such as authentication cookies, multimedia player cookies, load balancing cookies, session cookies for customising the user interface and user-centric security cookies.
Cookies that require your consent, where the processing starts as soon as you visit the site, will be notified to you and your consent will be requested at the start of your first visit.
Our Company does not use or allow cookies that enable third parties to collect data without your consent.
If you accept cookies, you can access information about your use of the site. Through the analysis of statistical data measured in Google Analytics, we are able to optimise the structure and content of the site according to your needs, while ensuring the anonymity of users in all circumstances.
The Data Controller may record the data of the websites from which the User accessed the website and those visited from the website, as well as the time and duration of the visit. The identity and profile of the data subject cannot be inferred from these data.
Technical data are used by the Data Controller exclusively for the technical operation of the website and for statistical purposes. On our websites, we use cookies to record
- display settings, e.g. font size settings, language usage;
- Whether you have acknowledged that you have read the Website's cookie warning;
- You have acknowledged that you have read our cookies, whether you have read our cookies, whether you have acknowledged that you have read our cookies, whether you have read our cookies, whether you have read our cookies, and so on.
This data is collected for internal and statistical purposes only and is not disclosed to third parties or used for identification or profiling purposes.
Visitor analysis. No personal data of the data provider can be reproduced from this data by any process. The data collected on the website will not be linked to any data from other sources.
Cookies used on the website
Google cookies
You can find out more about Google cookies here: www.google.com/intl/en/policies/privacy. www.google.com/intl/en/policies/privacy.
|
Name |
Description |
Expiration date |
|
1p_JAR |
This cookie collects website statistics and measures conversions according to the google.com privacy policy. Anonymous |
1 month |
|
APISID |
Google plus like and share cookie, as per google.com's privacy policy. Anonymous.l |
2 years |
|
HSID |
An identifier associated with a user's Google Account to store digitally signed and encrypted data and last login time. This cookie is used to prevent a number of attacks, including attempts to steal the content of forms you fill out on websites. Anonymous. cookie-nak a segítségével számos támadást meg tudunk akadályozni, például a weboldalakon kitöltött űrlapok tartalmának ellopására irányuló kísérleteket is. Anonim. |
2 years |
|
NID |
This helps us to show you tailored ads on Google, in accordance with the google.com privacy policy. Anonymous. |
6 months |
|
SAPISID |
Google plus like and share, as per google.com's privacy policy. Anonymous. |
2 years |
|
SIDCC |
Security cookie to protect user data, as per google.com privacy policy. |
3 months |
|
SSID |
Used to save Google map data, according to google.com's privacy policy. Anonymous |
2 years |
|
CONSENT |
Cookies required for Google maps, according to the google.com privacy statement. Anonymous statistics. |
20 years |
WordPress sütik
|
Name |
Description |
Expiration date |
|
iw_mobile_menu |
Notes whether the mobile menu is shown or the desktop view menu, and whether the mobile menu is closed or open |
End of session |
|
wordpress_test_cookie |
Queries whether cookies have been enabled or not. |
End of session |
Social sites (Facebook.com, Twitter.com, accounts.google.com)
You can share the content of our website with your friends on social networking sites. These services may leave cookies on your computer over which we have no control. It is not possible for us to identify you personally.
Advertising sites (Google Ads, Facebook, Instagram)
Our Websites use remarketing tracking codes from advertising sites. The remarketing code uses cookies to tag visitors. This allows third-party service providers, including Google and Facebook, to display advertisements on their websites after a visit to our Website, so-called interest-based advertisements. Users of the Website have the option to disable these cookies. It is not possible for us to identify the user. The Website uses so-called conversion tracking to measure the effectiveness of Google Ads ads. The conversion tracking cookie is limited in time, acceptance is optional and does not record or use any personal information.
Allow, restrict or block cookies
You can enable or disable cookies in your browser settings. Before changing your settings, please note that some websites, including our Company's website, can only provide the maximum user experience through the use of cookies and the full functionality of the website can only be achieved if cookies are enabled.
Disabling cookies. Acceptance of cookies is not mandatory, but our Company is not responsible if our website does not function as expected without cookies being enabled.
All browser software allows you to delete previously stored cookies, so you can delete them at any time. To do this, please refer to the instructions for the browser you are using. However, if you delete your cookies, you may not be able to access certain Services or may not be able to access them in the way you were used to.
You can find information about the most popular browsers and how to manage cookies in the help and support menu of your browser.
10. 10. DATA TRANSMISSION
Our Company may be contacted by courts, prosecutors and other authorities for information, data or documents. In such cases, we must comply with our obligation to provide information to the extent strictly necessary to achieve the purpose of the request.
No other data will be transferred to a 3rd party in the course of the processing activities referred to in this notice.
11. TRANSFER TO 3RD PARTY COUNTRY
The data you provide on this website will not be transferred by our Company to a 3rd country, but Google Cookies 3rd data will be transferred by Google to a 3rd country. You can find out more about Google cookies here: www.google.com/intl/en/policies/privacy. www.google.com/intl/en/policies/privacy.
12. AUTOMATED DECISION-MAKING AND PROFILING
The data controller does not use automated decision-making and profiling when using the website.
13. DATA SECURITY
The Data Controller will make every effort to ensure the security of data in accordance with Article 32 of the General Data Protection Regulation (GDPR), and will take the necessary technical and organisational measures and establish the necessary rules of procedure to enforce the General Data Protection Regulation and other data protection and privacy rules.
The Data Controller shall store personal data in a paper locked and computerised manner, at the Data Controller's headquarters, on its own servers or on the servers of data processors.
The Data Controller ensures an adequate level of data security by:
The Company classifies and treats personal data as confidential, links access to the data to job title and authorisation, and imposes confidentiality obligations on employees, and does not make them available to the public. Only authorised administrators have access to documents in the course of work or processing, in accordance with the instructions of the Data Controller, and in any case the administrator keeps documents containing personal data securely locked away when leaving.
The Company shall carry out electronic data processing and record-keeping using a computer program which guarantees that the data are accessed only for the purpose for which they are intended, under controlled conditions and only by those persons (with password, logging of access and operations, etc.) who need to do so in the course of their duties (job duties).
The Company shall ensure an appropriate physical protection of data and the devices and documents carrying them, as well as a secure technical environment.
When processing personal data by automated means, the Company takes measures to ensure that:
Please note, however, that the transfer of data over the Internet cannot be considered a fully secure transfer.
We will make every effort to ensure that our processes are as secure as possible, but we cannot accept full responsibility for any transmission of data via the website or the Internet.
Data incident: if an incident occurs with your data, the Data Controller will take all necessary measures to mitigate the risks after becoming aware of it. If an event occurs in relation to your data that is likely to result in a high risk to your rights and freedoms, despite the safeguards taken by the Controller (or its processor), we will inform you and the competent authority of this event without delay and free of charge.
Links. Users should be aware that clicking on such links may lead them to other providers' sites. In such cases, we recommend that you read the privacy policy applicable to the use of those sites. This Privacy Policy applies only to the Website operated by the Data Controller. If the User modifies or deletes any of his/her data on other external websites, this will not affect the data processing by the Data Controller, such modifications must also be made on the Website.
14. HOW YOU ACCEPT AND WHAT IT MEANS IF YOU ACCEPT THE PRIVACY NOTICE
If you use our website, you confirm that you have read, understood and understood the entire content of this Privacy Policy.
When you choose to fill in the mandatory data on the form(s) on the website and click on the Submit (or equivalent) button, you consent to the Controller's processing of your data in accordance with this Privacy Notice.
If you do not agree to the above, please do not fill in the form with your personal data, do not submit the form by clicking on the appropriate button and do not use the website.
Even if you make a reservation on paper, by email or by other means, it is important that your data is processed in accordance with this notice.
15. RIGHTS OF USERS
You may request the following in relation to your personal data processed by the Data Controller (each of which is detailed below):
A.) Pursuant to Article 15 of the GDPR, the data subject may request access to personal data concerning him or her as follows:
(1) The data subject shall have the right to obtain from the Controller feedback as to whether or not his or her personal data are being processed and, if such processing is ongoing, the right to obtain access to the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
(c) the recipients or categories of recipients to whom or which the personal data have been or will be disclosed, including in particular recipients in third countries or international organisations;
(d) where applicable, the envisaged duration of the storage of the personal data or, where this is not possible, the criteria for determining that duration;
(e) the right of the data subject to obtain from the controller the rectification, erasure or restriction of the processing of personal data relating to him or her and to object to the processing of such personal data;
(f) the right to lodge a complaint with a supervisory authority;
(g) where the data have not been collected from the data subject, any available information on the sources;
(h) the fact of automated decision-making, including profiling, and, at least in those cases, the logic used and clear information on the significance of such processing and its likely consequences for the data subject.
(3) - (4) The Data Controller shall provide the data subject with a copy of the personal data processed. For any additional copy requested by the data subject, the Controller may charge a reasonable fee based on administrative costs. Where the data subject has made the request by electronic means, the information shall be provided in a commonly used electronic format, unless the data subject requests otherwise. The right to request a copy shall not adversely affect the rights and freedoms of others.
B.) Pursuant to Article 16 of the GDPR, the data subject shall have the right to obtain from the controller the rectification of personal data relating to him or her.
The data subject shall have the right to obtain from the Controller, upon his or her request and without undue delay, the rectification of inaccurate personal data relating to him or her. Having regard to the purposes of the processing, the data subject shall have the right to obtain the rectification of incomplete personal data, including by means of a supplementary declaration.
C.) Pursuant to Article 17 of the GDPR, the data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her as follows:
(1) The data subject shall have the right to obtain from the controller the erasure of personal data relating to him or her without undue delay at his or her request, and the controller shall be obliged to erase personal data relating to him or her without undue delay if one of the following grounds applies:
(a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
(b) the data subject withdraws the consent on the basis of which the processing was carried out and there is no other legal basis for the processing;
(c) the data subject objects to processing for reasons of public interest, in the exercise of official authority or in the legitimate interest of the controller (third party) and there are no overriding legitimate grounds for the processing or the data subject objects to processing for direct marketing purposes;
d) the personal data have been unlawfully processed;
(e) the personal data must be erased in order to comply with a legal obligation under Union or Member State law (Hungarian law) applicable to the controller;
f) the personal data have been collected in connection with the provision of information society services.
(2) Where the controller has disclosed the personal data and is required to erase them pursuant to paragraph 1, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the controllers that have processed the data that the data subject has requested the deletion of the links to or copies or replicas of the personal data in question.
(3) The right of the Data Subject to erasure may be limited only if the following exceptions in the GDPR apply, i.e. if the above grounds apply, the continued retention of the personal data may be considered lawful:
a) for the exercise of the right to freedom of expression and information,
b) to comply with a legal obligation, or
c) for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or
e) where it is in the public interest in the field of public health,
f) for archiving purposes in the public interest or for scientific or historical research purposes or statistical purposes; or
(h) where necessary for the establishment, exercise or defence of legal claims.
D.) Pursuant to Article 18 of the GDPR, the data subject shall have the right to obtain from the Controller the restriction of the processing of personal data concerning him or her, as follows:
(1) The data subject shall have the right to obtain, at his or her request, the restriction of processing by the controller where one of the following conditions is met:
(a) the data subject contests the accuracy of the personal data, in which case the restriction shall apply for a period of time which allows the Controller to verify the accuracy of the personal data;
(b) the processing is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use;
(c) the controller no longer needs the personal data for the purposes of the processing but the data subject requires them for the establishment, exercise or defence of legal claims; or
(d) the data subject has objected to processing in the public interest, in the exercise of official authority or in the legitimate interest of the controller (third party); in this case, the restriction shall apply for a period of time until it is established whether the legitimate grounds of the controller prevail over the legitimate grounds of the data subject.
(2) Where processing is restricted on the basis of the above, such personal data may be processed, except for storage, only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the Union or of a Member State.
(3) The controller shall inform the data subject at whose request the processing has been restricted pursuant to paragraph 1 in advance of the lifting of the restriction.
The rectification, erasure or restriction of processing shall be communicated to all those to whom the personal data have been disclosed, unless this proves impossible or involves a disproportionate effort. You can obtain a list of such recipients upon request.
E.) Pursuant to Article 20 of the GDPR, the data subject has the right to the portability of personal data relating to him or her as follows:
(1) The data subject shall have the right to obtain the personal data concerning him or her which he or she has provided to a controller in a structured, commonly used, machine-readable format and the right to transmit those data to another controller without hindrance from the controller to which he or she has provided the personal data, if:
a) where the legal basis for the processing is the consent of the Data Subject or the performance of a contract with the Data Subject
b) and the processing is carried out by automated means.
(2) In exercising the right to data portability, the data subject shall have the right to request, where technically feasible, the direct transfer of personal data between controllers.
(3) The exercise of the right to data portability shall be without prejudice to the right to erasure. The right to data portability shall not apply where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
(4) The right to data portability shall not adversely affect the rights and freedoms of others.
F.) Pursuant to Article 21 of the GDPR, the Data Subject shall have the right to object to the Controller processing personal data concerning him or her as follows:
(1) The Data Subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data on grounds of public interest, for the exercise of official authority or for the legitimate interests of the controller (third party), including profiling based on such processing. In such a case, the Controller may no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
(2) - (3) Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such purposes, including profiling, where it is related to direct marketing. If the data subject objects to the processing of personal data for direct marketing purposes, the personal data may no longer be processed for those purposes.
(4) The right to object shall be explicitly brought to the attention of the data subject at the latest at the time of the first contact with the data subject and the information shall be clearly displayed and separately from any other information.
(5) In the context of the use of information society services and by way of derogation from Directive 2002/58/EC, the data subject may exercise the right to object by automated means based on technical specifications.
(6) Where personal data are processed for scientific or historical research purposes or statistical purposes, the data subject shall have the right to object, on grounds relating to his or her particular situation, to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
G.) Pursuant to Article 7(3) of the GDPR, the data subject shall have the right to withdraw consent to the processing of his or her personal data at any time, as follows:
The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of the processing based on consent prior to its withdrawal. The right to withdraw consent does not affect the right to the processing of personal data that has not been obtained prior to the withdrawal of consent.
16. ENFORCEMENT OPTIONS
The Data Controller will inform you of the action taken on your request or the reasons for non-action within 25 days of receipt of the request, without undue delay and in any event within 25 days of receipt of the request. If the request is complex or if a large number of requests are received, the time limit may be extended by one month. Where possible, the information will be provided electronically. The information and action will be provided free of charge, except for requests which are clearly unfounded or excessive, in particular because of their repetitive nature. In such cases, we will charge an administrative fee of HUF 10,000 or refuse to take the requested action. We may ask you for information necessary to confirm your identity in connection with your request. Copies of your personal data that we hold will be free of charge in the first case, and we will charge you an administrative fee for any further copies.
You may lodge a complaint with the supervisory authority or exercise your right to judicial redress in the event of unlawful processing in relation to our actions or if you become aware of unlawful processing. A court of law has jurisdiction to hear the case. The action may also be brought, at the data subject's choice, before the courts for the place where he or she resides or, failing that, where he or she is domiciled.
You have the right to a judicial remedy against a legally binding decision of the supervisory authority concerning you, or if the authority does not deal with the complaint or does not inform you of the procedural developments or the outcome of the complaint within three months. Proceedings against the supervisory authority must be brought before the courts of the Member State where the supervisory authority is established. You may also bring proceedings against the supervisory authority before the court of your domicile or, failing that, of your place of residence or, at your choice, before the court of the place where you are domiciled.
Without prejudice to any other administrative or judicial remedy, any data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement, if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.
|
Name of authority: |
National Authority for Data Protection and Freedom of Information (NAIH) |
|
Address: |
1055 Budapest, Falk Miksa street 9-11. |
|
Address for correspondence: |
1363 Budapest, PO Box 9. |
|
E-mail: |
ugyfelszolgalat@naih.hu |
|
Phone: |
+36 (1) 391-1400 |
|
Fax: |
+36 (1) 391-1410 |
|
Website: |
www.naih.hu |
If you have any questions that are not clearly answered in this Privacy Notice, please write to the email address of the Data Controller given at the beginning of this document.
17. AMENDMENT OF THIS NOTICE
The Data Controller may unilaterally amend this Privacy Notice. The current version of the Privacy Notice will be made available on the website.
information
contact details
OPENING HOURS
Monday – ZÁRVA
Tuesday – 11:00-22:00 (kitchen 12:00-21:30)
Wednesday – 11:00-22:00 (kitchen 12:00-21:30)
Thursday – 11:00-22:00 (kitchen 12:00-21:30)
Friday – 11:00-23:00 (kitchen 12:00-21:30)
Saturday – 11:00-23:00 (kitchen 12:00-21:30)
Sunday – 11:00-21:00 (kitchen 12:00-20:30)
