Privacy notice

to visitors and registered users of the website www.zsambekivendeghaz.hu

Introduction

The service provider / data controller processes the data of the persons registered on the site in the course of the operation of the website in order to provide them with an appropriate service.

The service provider intends to fully comply with the legal requirements for the processing of personal data, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council.

This privacy notice is based on Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of personal data of natural persons and on the free movement of such data, in the light of the 2011. CXII. the content of the law on the right to information self-determination and freedom of information.

Name of the service provider, data controller:

Name / company name:RegSana Pharmaceutical and Health Services Ltd.
Seat:2092 Budakeszi, Arany János u. 19.
Tax number:13596590-2-13
Company registration number:13-09-105450
Website name, address:www.zsambekivendeghaz.hu

Contact details of the controller:

Name / company name:RegSana Pharmaceutical and Health Services Ltd.
Seat:2092 Budakeszi, Arany János u. 19.
Mailing address:2092 Budakeszi, Arany János u. 19.
E-mail:info@regsana.hu 
Telephone:+36 20 924 4912

Definitions

  • the GDPR (General Data Protection Regulation) is the European Union’s new Data Protection Regulation;

  • Processing: any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

  • processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;

  • personal data: any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

  • data controller: the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the controller’s designation may also be determined by Union or Member State law;

  • data subject’s consent: a voluntary, specific, informed and unambiguous indication of the data subject’s wishes by which he or she signifies his or her agreement to the processing of personal data concerning him or her by means of a statement or an unambiguous act of affirmation;

  • data breach: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

  • recipient: the natural or legal person, public authority, agency or any other body, whether or not a third party, to whom or with whom the personal data are disclosed. Public authorities that may have access to personal data in the context of an individual investigation in accordance with Union or Member State law are not recipients; the processing of those data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;

  • third party: a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Scope of activities covered by the processing

Request a quote and send a message (Have a question?)

Data processed

name, e-mail, telephone number, postal code, town, address (street, house number), planned arrival and departure dates and their possible flexibility, number of adults, number and age of children, type of room (including preferred room type), services offered and their prices, comments from the applicant

Duration of processing

– In case of rejection of the offer until the date of rejection

– If no reply to the offer is received, until the day after the deadline for submission of tenders

Purpose of data processing

To prepare the most perfect quotation according to the needs of the contracting authority.

Legal basis for processing

Consent (Article X(x)(x) GDPR)

Duration of processing

  • In the case of a successful bid, the rules for reservations are as follows
  • In case of rejection of the offer until the date of rejection
  • If no reply to the offer is received, until the day after the deadline for submission of tenders

“Online booking sites and travel agencies are considered as independent data controllers and do not use a data processor in this process.

The activity and process concerned by the processing are the following:

If the data subject accepts the offer and informs the Data Controller orally or in writing, the Data Controller will take the necessary steps to make the reservation.

The front office manager, reservation agent, and sales employee of the Data Controller will enter the data provided by the data subject into the Hostware Front Office program and link them to the hotel room in question, thereby creating the room reservation. In case of direct Hostware / Hotrest / D-Edge chanenl manager connection, the process is automatic.

The employee working in the above-mentioned position will inform the person concerned in writing of the reservation of the room, in the form of a confirmation sent by the system.”

Reservations

Data processed

name, e-mail, telephone number, postcode, town, address (street, house number), date of birth, names and relatives of relatives provided by the regular, names and e-mail addresses of persons invited to the programme by the regular, the level of the regular and the associated discounts, points collected during data entry and booking, points redeemed during bookings, requests for offers, previous and current bookings of the regular.

Purpose of data processing

Providing the ordered service to the guest booking the room, fulfilling the reservation

Legal basis for processing

Contract performance and consent (GDPR 6. Article 2(1)(a))

Duration of processing

The personal data obtained during the reservation will be processed for the duration of the contractual relationship with the data subject, except for the purposes of the provisions of the Act on Accounting 2000. Data to be kept pursuant to Act C of 2017 for 8 years, and data to be kept pursuant to Act CL of 2017 on the Rules of Taxation for 5 years after the end of the year in question. by the last day of the year, or in accordance with the rules in force for the regular guest programme

Data will be transferred to the following service providers

  • During billing, in the samlazz.hu system

“Online booking sites and travel agencies are considered as independent data controllers and do not use a data processor in this process.

The activity and process concerned by the processing are the following:

If the data subject accepts the offer and informs the Data Controller orally or in writing, the Data Controller will take the necessary steps to make the reservation.

The front office manager, reservation agent, and sales employee of the Data Controller will enter the data provided by the data subject into the Hostware Front Office program and link them to the hotel room in question, thereby creating the room reservation. In case of direct Hostware / Hotrest / D-Edge chanenl manager connection, the process is automatic.

The employee working in the above-mentioned position will inform the person concerned in writing of the reservation of the room, in the form of a confirmation sent by the system.”

Romsome Loyalty

Data processed

name, e-mail, telephone number, postcode, town, address (street, house number), date of birth, names and relatives of relatives provided by the regular, names and e-mail addresses of persons invited to the programme by the regular, the level of the regular and the associated discounts, points collected during data entry and booking, points redeemed during bookings, requests for offers, previous and current bookings of the regular.

Purpose of data processing

Provide special discounts, unique offers and promotions to regular hotel guests, rewarding loyalty.

Legal basis for processing

Consent (GDPR 6. Article 2(1)(a))

Duration of data processing

From the time of registration in the loyalty programme until the time of withdrawal.

For guests registered in the loyalty program, the discounts, redeemed and credited points corresponding to the level of the loyalty will be included in the confirmation, and in the case of a direct PMS or channel manager connection, as comments in the PMS and D-Edge system. Regulars have their own user profile, which they can access with the email address and unique password they provide. The registration of guests imported by the hotel into the program is only successful when the imported guest has confirmed it and specified his/her password.

Principles of data management

The controller declares that it will process personal data in accordance with the provisions of the Privacy Notice and will comply with the applicable laws, in particular with regard to:

The processing of personal data must be lawful, fair and transparent for the data subject.

Personal data may only be collected for specified, explicit and legitimate purposes.

The purposes for which personal data are processed must be adequate, relevant and limited to what is necessary.

Personal data must be accurate and up to date. Inaccurate personal data must be deleted immediately.

Personal data must be stored in a form which permits identification of data subjects for no longer than is necessary. Personal data may be stored for longer periods only if the storage is for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes.

Personal data must be processed in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, by using appropriate technical or organisational measures.

The principles of data protection apply to all information relating to an identified or identifiable natural person.

Important information about data management

The purpose of data processing is to enable the service provider / data controller to provide additional services to the persons registered on the website.

The legal basis for processing is the consent of the data subject.

The data subjects are the registration users of the website.

Duration of processing and erasure of data. The duration of data processing will always depend on the specific purpose of the user, but data must be deleted immediately once the original purpose has been achieved. The data subject may withdraw his or her consent to the processing at any time by sending an e-mail to the contact e-mail address. If there is no legal obstacle to deletion, your data will be deleted.

The data controller and its employees are entitled to access the data.

The data subject may request the controller to access, rectify, erase or restrict the processing of personal data relating to him or her and may object to the processing of such personal data and the data subject’s right to data portability.

The data subject may withdraw his or her consent at any time, but this does not affect the lawfulness of the processing carried out on the basis of the consent prior to its withdrawal.

The person concerned may exercise the right to lodge a complaint with the supervisory authority.

If the data subject wishes to benefit from the registration, i.e. to use the services of the website, he or she must provide the requested personal data. The person concerned is not obliged to provide personal data, and there are no adverse consequences for him or her if he or she does not provide such data. However, you cannot use certain features of the website without registration.

The data subject shall have the right to obtain from the controller, upon his or her request and without undue delay, the rectification or integration of inaccurate personal data relating to him or her.

The data subject shall have the right to obtain from the controller, upon his or her request, the erasure of inaccurate personal data relating to him or her without undue delay and the controller shall be obliged to erase personal data relating to him or her without undue delay, unless there is another legal basis for the processing.

You may request the modification or deletion of your personal data by e-mail, telephone or letter using the contact details provided above.

Registration on the website

The purpose of the processing is to provide additional services and to contact you.

The legal basis for registration data processing is your consent.

 The data subjects are the registration users of the website.

Duration of processing. The data will be processed until consent is withdrawn. You can withdraw your consent to the processing of your data at any time by sending an e-mail to the contact e-mail address.

The data will be deleted when consent to data processing is withdrawn. You may withdraw your consent to the processing at any time by sending an e-mail to the contact e-mail address.

The data controller and its employees are entitled to access the data.

Data storage method: electronic.

You may request the modification or deletion of your personal data by e-mail, telephone or letter using the contact details provided above.

The provision of personal data is strictly necessary for identification in databases and contact purposes. The exact company name and address are required for invoicing, which is a legal obligation.

Scope of data processedSpecific purposes of the processing of data
NameIdentification, contact, billing.
Company nameIdentification, contact, billing.
AddressIdentification, contact, billing.
E-mailIdentification, contact.
PhoneIdentification, contact.
Date of registrationTechnical information operation.
IP addressTechnical information operation.

The user can give his consent to the processing of his data by deliberately ticking the empty checkbox on the website, which is specifically for this purpose.

As a data subject, you have the right to object to the processing of your personal data, in accordance with the procedure set out in the processing information detailed above and in this notice and the legislation described in this notice.

Place an order

The purpose of data processing is to provide additional services, contact, send confirmation e-mails. We will only be able to fulfil your order if you provide us with your contact and billing details, which are absolutely necessary for contact and billing purposes.

The legal basis for processing is your consent. In the case of invoicing, data processing is based on a legal requirement.

 The data subjects are the registration users of the website.

Duration of processing. The processing is carried out until consent is required by law or withdrawn. You can withdraw your consent to the processing of your data at any time by sending an e-mail to the contact e-mail address.

The data will be deleted when consent to data processing is withdrawn. You may withdraw your consent to the processing at any time by sending an e-mail to the contact e-mail address. The deletion of billing data may be required by law.

The data controller and its employees are entitled to access the data.

Data storage method: electronic.

You may request the modification or deletion of your personal data by e-mail, telephone or letter using the contact details provided above.

Scope of data processedSpecific purposes of the processing of data
NameIdentification, contact, billing.
Company nameIdentification, contact, billing.
AddressIdentification, contact, billing.
E-mailIdentification, contact.
PhoneIdentification, contact.
Ordered product detailsIdentification of the product.
Date of registrationTechnical information operation.
IP addressTechnical information operation.

The user can give his consent to the processing of his data by deliberately ticking the empty checkbox on the website, which is specifically for this purpose.

The data subject may object to the processing of his or her personal data, in which respect he or she has the right to the procedure set out in the processing information detailed above and in this notice and the legislation described in this notice.

Setting up an account

The purpose of the processing is to issue and send an electronic invoice as an e-mail attachment.

The legal basis for processing is mandatory processing based on law.

 The data subjects are the service provider’s customer partners.

Duration of processing. The processing is carried out until consent is required by law or withdrawn. You can withdraw your consent to the processing of your data at any time by sending an e-mail to the contact e-mail address.

The data will be deleted when consent to data processing is withdrawn. You may withdraw your consent to the processing at any time by sending an e-mail to the contact e-mail address. The deletion of billing data may be required by law.

The data controller and its employees are entitled to access the data.

Data storage method: electronic.

Changes or deletions to your account details can be initiated by e-mail, telephone or letter using the contact details above.

Scope of data processedSpecific purposes of the processing of data
NameIdentification, contact, billing.
Company nameIdentification, contact, billing.
AddressIdentification, contact, billing.
E-mailIdentification, contact.
PhoneIdentification, contact.
Tax number / tax identification numberIdentifying the buyer.
Account detailsIdentification of the account.
Invoice issue dateTechnical information operation.

The user can give his consent to the processing of his data by deliberately ticking the empty checkbox on the website, which is specifically for this purpose.

The data subject may object to the processing of his or her personal data, in which respect he or she has the right to the procedure set out in the processing information detailed above and in this notice and the legislation described in this notice.

Send newsletter

As the operator of this website, we declare that the information and descriptions published by us fully comply with the relevant legal provisions. We also declare that when subscribing to a newsletter, we are not able to verify the authenticity of the contact details or to determine whether the details provided relate to an individual or a company. We treat all businesses that contact us as a client partner.

The purpose of data processing is to send you professional brochures, electronic messages containing advertising, information and newsletters, from which you can unsubscribe at any time without any consequences. You can also unsubscribe without any consequences if has ceased to exist, has been terminated or if someone has provided us with your contact details.

The legal basis for processing is your consent. Please be informed that the user may expressly consent in advance to being contacted by the service provider with promotional offers, information and other mailings to the e-mail address provided at registration. As a consequence, the user may consent to the processing of the necessary personal data by the service provider for this purpose.

Please note that if you wish to receive a newsletter from us, you must provide the necessary information. We will not be able to send you a newsletter if you do not provide this information.

Duration of processing. The data will be processed until consent is withdrawn. You can withdraw your consent to the processing of your data at any time by sending an e-mail to the contact e-mail address.

The data will be deleted when consent to data processing is withdrawn. You may withdraw your consent to the processing at any time by sending an e-mail to the contact e-mail address.

Consent can also be withdrawn by following the link in the newsletters sent.

The data controller and its employees are entitled to access the data.

Data storage method: electronic.

Changes or deletion of data may be initiated by e-mail, telephone or letter using the contact details provided above.

The data processor used:http://………………..

Scope of data processedSpecific purposes of the processing of data
NameIdentification, contact.
E-mailIdentification, contact.
Date of subscriptionTechnical information operation.
IP addressTechnical information operation.

Please note that neither the username nor the e-mail address need to contain any personally identifiable information. For example, it is not necessary that your username or email address contains your name. You are entirely free to choose whether to provide a user name or email address that contains information that identifies you. The e-mail address – which is used to contact you – is absolutely necessary to ensure that any newsletter or professional information sent to you will be received.

Cookies (cookies)

 cookies are placed on the user’s computer by the websites visited and contain information such as the page settings or login status.

Cookies are therefore small files created by the websites you visit. They improve the user experience by saving browsing data. Cookies help the website to remember your website settings and offer you locally relevant content.

A small file (cookie) is sent by the provider’s website to the website visitors’ computer in order to establish the fact and time of the visit. The provider will inform the website visitor of this. 

The data subjects are the visitors of the website.

The purpose of data processing is to provide additional services, identification and tracking of visitors.

Legal basis for processing. The user’s consent is not required if the use of cookies is strictly necessary for the service provider.

The scope of the data: unique ID number, time, configuration data.

The user has the option to delete cookies from browsers at any time by going to the Settings menu.

The data may be accessed by data controllers. By using cookies, no personal data is processed by the data controller.

Data storage method: electronic.

Community sites

The community site is a media tool where the message is spread through community users. Social media use the internet and online publishing to transform users from content consumers to content editors.

Social media is the interface of web applications that hosts user-generated content, such as Facebook, Google+, Twitter, etc.

Social media can take the form of public speeches, presentations, demonstrations, product or service launches.

The information published on social media can take the form of forums, blog posts, images, video, audio, message boards, email messages, etc.

As stated above, the scope of the data processed may include, in addition to personal data, the public profile picture of the user.

Data subjects: all registered users.

The purpose of data collection is to promote the website or a related website.

The legal basis for processing is the voluntary consent of the data subject.

Duration of data processing: according to the rules available on the relevant community site.

Deadline for deletion of data: according to the rules available on the relevant Community site.

Those entitled to access the data: according to the rules available on the relevant Community site.

Data processing rights: according to the rules available on the relevant community site.

Data storage method: electronic.

It is important to note that when a user uploads or submits personal information, he or she is giving the social networking site operator worldwide a valid permission to store and use such content. Therefore, it is very important to make sure that the user has full authority to disclose the information posted.

Google Analytics

Our website uses Google Analytics            .          

When using Google Analytics:

Google Analytics uses internal cookies to compile reports for its customers on the habits of website users.

Google uses the information on behalf of the website operator to.

evaluate how users use the website. As an additional service, it generates reports related to website activity for the website operator to provide additional services.

Data is stored on Google’s servers in encrypted format to make it more difficult and prevent misuse.

You can disable Google Analytics by. Quote from the page:

Site users who do not want Google Analytics to generate JavaScript reports about their data can install the Google Analytics browser add-on to disable it. The extension disables Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sending information to Google Analytics. The browser extension can be used in most recent browsers. The Google Analytics browser add-on does not prevent data from being sent to the website itself and other web analytics services.

https://support.google.com/analytics/answer/6004245?hl=hu

Google Privacy Policy: https://policies.google.com/privacy?hl=hu

More information on the use and protection of data can be found in the links above.

Data protection in detail:

https://static.googleusercontent.com/media/www.google.com/en//intl/hu/policies/privacy/google_privacy_policy_hu.pdf

Data processors

Shared space provider:

Name / company name: 
Seat: 
Telephone: 
E-mail: 

The data you provide is stored on a server operated by the hosting provider. Only our staff or the staff operating the server have access to the data, but they are all responsible for the security of the data.

The activity is called hosting, server services.

The purpose of the processing: to ensure the functioning of the website.

Data processed: personal data provided by the data subject

Duration of data processing and time limit for deletion of data. Data processing until the end of the website’s operation or in accordance with the contractual agreement between the website operator and the hosting provider. If necessary, the data subject may also request the deletion of his or her data by contacting the hosting provider.

The legal basis for processing is the consent of the data subject or processing based on law.

Rights in relation to data processing

The right to request information

You can request information from us via the contact details provided about what data our company processes, on what legal basis, for what purpose, from what source and for how long. Upon your request, we will send you information without delay, but within a maximum of 30 days , to the e-mail address you have provided.

The right to rectification

You can ask us to change your or details using the contact details provided. Upon your request, we will do so without delay, but no later than within 30 days , by sending you an email to the email address you have provided. 

The right to erasure

You can ask us to delete your data using the contact details provided. Upon your request, we will do so without delay, but within a maximum of 30 days , by sending you an email to the email address you have provided. 

The right to blocking

You can request us to block your data via the contact details provided. The blocking will last as long as the reason you have given requires the data to be stored.   We will do this immediately upon your request, but within 30 days at the latest, and we will send you information to the email address you have provided. 

The right to protest

You may object to the processing of your data by using the contact details provided. We will examine the objection within the shortest possible time from the date of the request, but not later than 15 days, decide whether it is justified and inform you of our decision by e-mail .

Enforcement possibilities in relation to data processing

In the event of unlawful processing, please notify us so that we can remedy the situation within a short period of time. We will do our best to resolve the problem in your interest.

If you consider that the lawful status cannot be restored, please notify the authority using the following contact details:

President of the National Authority for Data Protection and Freedom of Information (NAIH):

Dr. Attila Péterfalvi

NAIH’s postal address:1363 Budapest, Pf. 9.

address: 1055 Budapest, Falk Miksa u. 9-11.

telephone number: +36 1 391 1400

fax: +36 1 391 1410

Website: http://www.naih.hu

your e-mail address. ugyfelszolgalat@naih.hu

Legislation on which the processing is based

  • 2019. XXXIV. Act – on ensuring coherence for the implementation of the GDPR
  • REGULATION (EU) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation).

  • 2011. CXII. Act on the Right to Information Self-Determination and Freedom of Information.

  • The 1995 Act on public records, public archives and the protection of private archives. LXVI. Act.

  • The general requirements for the document management of public bodies pursuant to Decree 335/2005. (29.XII.) Korm. Regulation.

  • 2001. CVIII. Act on certain aspects of electronic commerce services and information society services.

  • 2003. Act C of 2007 on electronic communications.

  • The 2016 Act on the State Tasks of the Development of Tourist Areas. CLVI. Law
  • Decree No 235/2019 on the implementation of the Act on the State Tasks of the Development of Tourist Areas. (X. 15.) Korm. Regulation;
  •  Decree No 414/2015 on the issuance of identity cards and the rules for the uniform taking of facial images and signatures. (XII. 23.)