Aura-Hotel Szállodaüzemeltető Kft (hereinafter: „ Hotel Aura”) as the operator of the Website accessible at domain name: www.aura-hotel.hu (hereinafter: „Website”) hereby discloses the rules, data protection and data processing principles as well as the information pertaining to data processing performed as part of the Website and the services related to the Website.
By starting to use the Website, the visitor of the Website (hereinafter: „the User”) accepts all the conditions contained herein. Accordingly, prior to using the Website, please read this Data Processing Prospectus („Prospectus”) carefully.
The Data Controller’s details
The Data Controller is Aura-Hotel Szállodaüzemeltető Kft. operating the Website ( hereinafter: „Data Controller” ).
Registered office: 8230 Balatonfüred, Szent István tér 7, ground floor no. 1
Company registration number: 19-09-518536
Represented by: Bence Rácz
Data processing registration number: …………………………………
Registration number of data processing for direct marketing purposes: …………………………………..
The data are processed by the Data Controller or Hotel Aura (registered seat: 8230 Balatonfüred, Szent István tér 7, ground floor 1, activity: hotels and similar accommodation) and Intren Kft ( registered office: 1036 Budapest, Lajos u. 80. e.g.: hosting service provider) acting on behalf of the Data Controller. Data Controller reserves the right to involve additional data processors in the data processing in the future and informs the Users thereof by modifying this Prospectus.
Users may provide information and data about themselves on the Website in two ways:
- Personal data expressly provided and made available while using the services of the Website (see section I.).
- Information made available for the Data Controller in connection with visiting and using the Website (see section II.).
I. Processing of data expressly provided by the Users
1) The personal data we ask for
When booking accommodation:
When booking accommodation, the following personal data should be provided:
- Possibly, to validate your booking, the name of the cardholder, card type, card expiration date, CVC code
When signing up for the newsletter
When signing up for the said services, the following personal data should be provided:
Only persons over 16 years of age are entitled to provide their personal data on the Website.
2) Purpose and duration of data processing
The Data Controller uses the data in order to provide the services available on the Website, so in particular for the following purposes:
- efficient provision of the services available on the Website;
- liaising, the primary objective of which is to provide proper information for the Users, and the efficient and fast resolution of any possible technical problems,
- keeping record and fulfilling the orders submitted via the Website, delivering the ordered product for the Users, and liaising with the Users in connection with the orders, trainings, etc.;
- to resolve any possible dispute in connection with the use of the Website;
- sending any communication promoting the products, services and promotions of Hotel Aura, any electronic newsletter with professional contents, other advertising messages or business communication (hereinafter jointly referred to as: „Newsletter”) provided that the User gave its express consent to that effect, while such consent is valid or until it is withdrawn.
Data Controller shall process the data until the purpose of data processing exists, so primarily during the existence of the legal relationship with the given User (after the termination of the legal relationship the data pertaining to and provided by the User shall be deleted), or until the User requests the deletion of their personal data or until they withdraw their consent.
3) Legal ground for processing personal data
Hotel Aura, as the Data Controller, shall process the data in line with Section 5 (1) of Act CXII of 2011 on Informational Self-Determination and Freedom of Information ( hereinafter: Info Act) based on the voluntary consent of the User and based on Act CVIII. of 2001 on Electronic Commerce and on Information Society Services.
In certain cases, the processing, storing and forwarding of some of the provided data is required by law; the Data Controller shall always notify the User in such cases.
If the User provides personal data other than their own, the User providing such data is liable to obtain the consent of the User.
4) Persons authorised to obtain the registered data
A Data Controller and the data processors employed by it are entitled to obtain the registered data in line with the effective legislation.
In the lack of an express legal provision, the Data Controller shall disclose the data suitable for identifying the User to a third-party only subject given User’s express sent.
5) Rights of the Users with respect to their processed data
Upon the request of the User, the Data Controller shall provide information about the personal data it manages, about their sources, the purpose, legal ground and duration of data processing, and – if the personal data of the Users are being forwarded – about the legal ground of data forwarding and the recipient of the data. Such information may be requested by verifying personal identity and indicating a mailing address. Data Controller shall provide an answer in writing within 15 days of the receipt of such request.
The Data Controller – or if it has an internal data protection officer, then the internal data protection officer – shall keep a registry for verifying the measures taken in connection with data protection incidents and for informing the Users; such registry shall contain the personal data of the User, the Users affected by the data protection incident, the date, the circumstances and impacts of such data protection incident as well as the measures taken to eliminate the incident and any other data required by the legislation necessitating data processing.
The User is entitled to request the correction of their personal data ( by providing the correct data) via email to email@example.com or mailed to Aura Hotel, 8230 Balatonfüred, Munkácsy M. Street no. 5; in both cases by verifying their personal identity and indicating their mailing address. Data Controller shall forthwith correct the data in the registry, and shall notify the User thereof in writing.
In addition to the above, the User may also request at any time the deletion or the blocking of their personal data via email to firstname.lastname@example.org or by mail sent to Aura Hotel, 8230 Balatonfüred, Munkácsy M. Street no. 5 free of charge, without any additional justification, by verifying their personal identity and indicating their mailing address. After receipt of such request, the Data Controller shall forthwith take the necessary measures for terminating data processing and shall delete the User from its records.
Instead of deletion, the Data Controller shall block the personal data if the User requests so or, if based on the available information, there is reason to believe that the deletion of the personal data would violate the lawful interests of the User. The personal data so blocked can be processed only until the data processing purpose that excluded the deletion of the data exists.
The Data Controller shall notify the User, and any other stakeholder to whom it forwarded the personal data for data processing purposes, about the correction, the blocking or the deletion. Such notification can be omitted if such does not violate the lawful interests of the User in view of the purpose of data processing.
Should the Data Controller fail to fulfil the User’s request to correct, block or delete their personal data, it is liable to notify the User in writing within 15 days of receipt of the request about the reason and the legal ground for declining such correction, blocking or deletion request. Should the request for correction, blocking or deletion be declined, the Data Controller shall inform the User about the possibilities of legal remedies and the competence of National Agency for data protection and freedom of information.
Furthermore, the User may decide and request at any point in time that the Data Controller stops sending the newsletter in the future. Users may withdraw their consent regarding newsletters at any time, free of charge, without any justification or restrictions, by clicking on the unsubscribe button placed at the bottom of the newsletters, or by way of a letter sent to email address email@example.com or mailed to the postal address of Aura Hotel at Balatonfüred, Munkácsy M. Street no. 5. (by indicating their exact personal details). Following receipt of the request to unsubscribe, the Data Controller shall forthwith delete the personal data of the User from its direct marketing database and shall not send any more newsletter to the User in the future.
If the withdrawal of consent concerns only data processing for direct marketing purposes (sending of newsletter), then the Data Controller shall delete the User only from its direct marketing database; and the Data Controller shall continue to be entitled to manage the User’s data in order to provide the services of the Website.
The User may object against the handling of their personal data,
- if the handling or the forwarding of the personal data is necessary only for complying with the legal obligations of the Data Controller, or for enforcing the lawful interests of the Data Controller, data receiver or any third party, with the exception of mandatory data processing;
- if the utilization or forwarding of the personal data takes place for direct business acquisition, public opinion survey or scientific research purposes; and
- other cases defined by law.
The Data Controller shall assess the objection within the shortest period of time possible but within no more than 15 days of the submission of the request, shall assess whether such objection is well-founded, and shall notify the requester in writing. Should the User disagree with the Data Controller’s decision or if the Data Controller fails to meet the above deadline, the User may turn to the court within three days of receipt of the decision or within three days after the last day of the deadline.
1) Information collected in connection with the use of the Website
If the User expressly does not provide their personal data on the Website as per section I, then the Data Controller shall not collect nor process any personal data of the User in such a way based on which the identity of the User may be identifiable.
II. Information otherwise collected in connection with the use of the Website
Such data include the data of the User’s computer used for logging in, generated during the use of the Website, and the data registered by the cookies used on the Website as the automatic result of the technical processes. The system automatically logs the automatically registered data without the separate declaration or action of the User to that effect, whenever visiting or leaving the Website.
These data shall not be linked to other personal User data, meaning that the User is not identifiable based on these data. Only the external service provider handling the cookies and the Data Controller have access to such data.
The Data Controller uses only the cookies of external service providers (Google, Facebook) on the Website. Cookies are short text files sent by the Website to the hard drive of the User’s computer and contain information pertaining to the User.
The Data Controller uses the services of Google Analytics in connection with the Website. Cookies managed by Google Analytics help to measure the number of visits to the Website as well as other web analytics data. Information collected by the cookies are forwarded to and stored by external servers operated by Google. Google primarily uses this information to monitor the number of visits to the Website and to prepare an analysis about the activities performed on the Website so as to provide such information for the Data Controller. Google is entitled to forward such information to third parties provided that such is made mandatory by legislation. Moreover, Google is also entitled to forward these data to the third-party employed by it for processing such data. For more details about data processing by Google Analytics, please visit Google Analytics (http://www.google.com/analytics).
Using Google cookies can be disabled under advertisement settings (for more information go to: http://www.google.hu/policies/technologies/ads/). Users may also disable the cookies of external service providers on the unsubscribe page of Network Advertising Initiative (http://www.networkadvertising.org/choices/).
Data processing by the above-mentioned external service providers is regulated by the data protection provisions applicable to these service providers, and the Data Controller does not assume any responsibility whatsoever with regards to such data processing.
2) How to use this information
The data collected with the help of the above-mentioned technologies may not be used for identifying the User and the Data Controller may not link them with any other data suitable for personal identification.
The primary purpose for using such data is to enable the Data Controller to properly operate the Website; to this end, monitoring especially the number of visitors to the site and the screening of any possible misuse in connection with the use of the Website is necessary.
In addition to the above, the Data Controller may use this information to analyse utilisation trends and to enhance and improve the Website’s functionalities, and to obtain comprehensive traffic data about the overall utilization of the Website.
The Data Controller may use the information so obtained to prepare statistics and analytics about the utilization of the Website, and to forward to third parties such statistical data not suitable for personal identification ( such as the number of visitors, the most viewed topics and content) and to disclose them in an aggregate, anonymised manner.
3) How to switch off Cookies:
4) Cookies placed by third parties:
The Website may contain information, especially advertisements coming from third parties and advertisement providers who are not in contact with the Data Controller of the Website. It may happen that these third parties also place cookies and web beacons on the User’s computer, or collect data using similar technologies to enable them to send targeted advertisement messages for the Users in connection with their own services. Data processing by the above-mentioned external service providers is regulated by the data protection provisions applicable to these service providers, and the Data Controller does not assume any responsibility whatsoever with regards to such data processing.
The Data Controller does not assume any responsibility whatsoever for the contents nor for the data and information protection practice of external Websites accessible via a link placed on the Website. If the Data Controller of the Website becomes cognizant of the fact that the page link placed on its Website violates the rights of third parties or any effective legal regulation, it shall forthwith eliminate said link from the Website.
IV. Data Security
The Data Controller shall take care of data security and shall take the technical and organizational measures and set up the procedural rules to ensure the protection of the registered, stored and processed data, and prevent their destruction and unauthorized use and unauthorized alteration. Moreover, it commits itself to draw the attention of every third party to whom it forwards or transfers data based on the User’s consent, to comply with the data security requirements.
Data Controller shall take the necessary measures to prevent any unauthorized persons from accessing, disclosing, forwarding, modifying or deleting the processed data. Only the Data Controller, its employees and the employed data processors can access the processed data; the Data Controller shall not disclose them to any third party not authorized to access such data.
Data Controller shall use his best efforts to prevent the data from being injured or lost. The Data Controller shall also require its employees taking part in the data processing activity to comply with the above commitment.
The User acknowledges and accepts that in case of providing their personal data on the Website, data security cannot be fully guaranteed on the Internet, despite the fact that Hotel Aura is equipped with up to date security devices to prevent or screen any unauthorized access to personal data. Should any unauthorized access to or acquisition of personal data occur despite our best efforts to this end, Hotel Aura shall not be held liable for any such unauthorized access or acquisition nor for any resulting loss incurred by the User. Moreover, the User may also provide their personal data to third parties who may use them for illegal purposes or in illegal ways.
Data Controller shall, under no circumstances, collect special data, that is, data pertaining to racial origin, the fact of belonging to national or ethnical minority group, to political or party views, religious or philosophical conviction, membership to trade unions, health condition, pathological conditions or criminal records.
From data security perspective it is important for the User to sign off the Website after use when using the Internet in public places or on someone else’s computer.
V. Law enforcement possibilities
Hotel Aura uses its best efforts to ensure that personal data are processed in line with legal regulations. Should you feel that we failed to comply with this statement, please write to us at firstname.lastname@example.org or send a letter to the postal address of Hotel Aura at Balatonfüred, Munkácsy M. Street no. 5.
Should you feel that your rights to the protection of personal data have been violated, you may resort to the competent bodies for legal remedies available based on the effective legislation.
- National Agency for Data Protection and Freedom of Information ( address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.) or
- you may initiate a court procedure.
The National Media and Telecommunications Authority has competence in connection with advertisements received electronically; for the detailed regulation, please refer to Act CXII of 2011 on the right of informational self-determination and the freedom of information and Act CVIII of 2001 on certain legal aspects concerning electronic commercial services, and information society services.
VI. Miscellaneous provisions
The Hungarian law, and in particular, the provisions of Act CXII of 2011 on Informational Self-Determination and Freedom of Information are authoritative for this Prospectus.
Data Controller reserves the right to unilaterally modify this Prospectus at any time, subject to notifying the Users in advance. The User is required to accept such modification on the Website in the way as provided by Hotel Aura, to ensure the continued use of the Website. The modifications shall take effect after their acceptance, on the occasion of the first use of the Website.
Dated: Balatonfüred, 1 July 2017
Aura Hotel Szállodaüzemeltető Kft