I agree to the Privacy policy.
- Home
- Contact
HOTEL ÓZD
Hotel, Restaurant, Coffee
H-3600 ÓZD, Ív út 9.
Tel.: (+36) 48-570-010
Fax: (+36) 48-570-018
Information: info@hotelozd.hu
Reservation: reservation@hotelozd.hu
Hotel Ózd Kft.
PRIVACY STATEMENT
This privacy policy describes the processing activities of HOTEL ÓZD Kft. (hereinafter: “Controller”) through the website of www.hotelozd.hu, especially the nature of data collection, storage and use.
1. Particulars of the Controller
Name of the Controller: Hotel Ózd Vendéglátóipari és Szállodai Korlátolt Felelősségű Társaság
Registration number of the Controller: 05 09 012358
Registered address of the Controller: 3600 ÓZD, Ív út 9.
Representative of the Controller: Adatvédelmi referens, adatvedelem@hotelozd.hu
2. Rules of processing
This privacy policy is valid from 09.01.2018 until withdrawn.
The definitions of this privacy policy is equivalent to the definitions specified in article 4 of the General Data Protection Regulation (hereinafter: GDPR) and on certain occasions, these are supplemented with the interpreting provisions in section 3 of Act CXII of 2011 on the right of informational self-determination and on freedom of information (hereinafter: Information Act).
Accordingly:
personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; consent means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her; controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law; processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. Personal data must be processed lawfully, fairly and in a transparent manner in relation to the data subject. The Controller provides for the continuous accessibility of the policy on its website. Acceptance of the Privacy Policy (ticking the appropriate checkbox) confirms that the user is aware of it, and it constitutes consent for processing. Accordingly, consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means. The Controller may only collect data for specified, explicit and legitimate purposes and data may not be further processed in a manner that is incompatible with those purposes; moreover, data must kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. During their work, the employees of the Controller ensure that unauthorised persons cannot view personal data and that the storage and location of personal data are designed in a way that prevents unauthorised persons to access, view, change or destroy it.
3. Processing during the use of the Controller’s website
3.1. Cookies
Cookies are placed on the user’s computer by visited websites, and they contain information like the settings of the site. Using cookies allows the Controller to query certain pieces of the visitor’s data, and to monitor his use of the internet. Certain cookies are essential for the appropriate operation of the site, others collect statistical data to facilitate making the site easier to use, while there are cookies aimed at personalised advertisements.
Purpose of processing: to assess the habits of the visitors of the website, facilitating contact with the Controller
Scope of processed data: the internet protocol address (IP address) of the computer, domain name (URL), access details, customer file query (file name and URL), HTTP response code, particulars of the webpage the query originates from, the quantity of the transferred bytes during the visit, the time of the visit, the particulars of the viewed pages.
Legal basis of processing: consent of the data subject under article 6 (1) a) of GDPR.
Time limit of processing: not more than one year following the collection of data
Method of data storage: electronic
3.2. Processing regarding applications for work
In the case of the so-called “incoming CVs” received over the online interface of the Controller, by post, or in person directly from the data subject are received directly on the registered address or sites of the Controller or to the job@hotelozd.hu email address operated by the Controller.
Purpose of processing: selection of the appropriate prospective employees for vacancies, processing the personal data of candidates.
Scope of processed data: name, date of birth, mother’s name, address, education-related data, employment history, photo and other information provided by the data subject in the CV.
Legal basis of processing: consent of the data subject under article 6 (1) a) of GDPR.
Time limit of data storage: until the appropriate candidate is selected
Method of data storage: electronic
3.3. Customer contact
On the http://http://www.hotelozd.hu/en/home/contact interface, the Controller provides an opportunity for the users visiting the website to contact the Controller using the form on the page. The subject of the correspondence may be: request for information, contact etc.
The Controller also provides an opportunity for its customers and users visiting the website to send a message to the Controller to the adatvedelem@hotelozd.hu email address, or to contact the Controller on the (+36) 48 575-500 or the (+36) 48 575-510 phone numbers. In the case of contact by phone, the phone calls are not recorded.
Purpose of processing: making and maintaining contact with the customers.
Scope of processed data: the name, address and email address of the data subject, other data regarding the contact.
Legal basis of processing: consent of the data subject under article 6 (1) a) of GDPR.
Time limit of data storage: until the objective is achieved, not longer than deletion at the request of the data subject.
Method of data storage: electronic
4. The exercise of the rights of data subjects
The data subject may request information about the processing of his personal data, request the rectification or deletion of his personal data and request the restriction of processing on the adatvedelem@hotelozd.hu email address, and he has a right to data portability and remedy. In case of a complaint, he may, within his discretion, seek remedy at the National Authority for Data Protection and Freedom of Information or in court. In case of court proceedings, the regional court has jurisdiction. Please find below the detailed description regarding the rights of data subjects:
4.1. Right to receive
information and right of access The data subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and access to the following information: - the purpose of the processing; - the categories of personal data concerned; - the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; - where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; - The data subject is entitled to receive information about the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing, or to submit a complaint to a supervisory authority. - The data subject is also entitled to receive any available information where the personal data are not collected from him. - Moreover, the data subject is also entitled to know about the logic of automated decisionmaking, about the significance of such processing and about the expected consequences on the data subject. The Controller shall provide information to the data subject on action taken on a request made in line with the right to receive information without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The controller shall provide information on action taken on a request under Articles 15 to 22 to the data subject without undue delay and in any event within one month of receipt of the request. The main rule is that the information is provided free of charge, the Controller may only charge for costs in the cases specified in articles 12 (5) and 15 (3) of the GDPR. If the Controller does not take action on the request of the data subject, the Controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
4.2. Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. The personal data may be restricted in accordance with term 5.4 of this document for the time period while the Controller verifies the accuracy of personal data.
4.3. Right to object
The data subject may object to the processing of his personal data with a notice submitted to the Controller if the legal basis of processing is - public interest under Article 6 (1) (e) of the GDPR; or - legitimate interest under Article 6 (1) (f) of the GDPR. If the right to object is exercised, the Controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. The managing director of the Controller makes a decision whether processing is justified based on compelling legitimate interests. He shall inform the data subject about his position in this regard.
4.4. Right to restriction of processing
Processing may be restricted if - the data subject disputes the accuracy of information; the Controller restricts the processing of personal data for the period while the correctness of data is established; - the processing is unlawful and the data subject requests the restriction of their use instead of the erasure of the personal data; - the Controller no longer needs the data, but they are required by the data subject for the establishment of legal claims; - the data subject objects to the processing of personal data under article 21 of GDPR until the objection is considered. For the period while the objection of the data subject against the processing of his personal data, but not longer than 5 days, the head of the organisational unit conducting the processing shall suspend this activity, assess whether the objection is justified, make a decision and inform the applicant in this regard. If the objection is justified, the head of the organisational restricts the data, so the only allowed type of processing of this data is storage, while - the data subject consents to processing; - the processing of personal data is necessary for enforcing legal claims; - the processing of personal data becomes necessary for the protection of rights of other natural persons or legal entities; or - legislation prescribes processing in the public interest. If the data subject requested the restriction of processing, the head of the relevant organisational unit shall inform the data subject if such restriction is being withdrawn.
4.5. Right to erasure (‘right to be forgotten’)
The data subject shall have the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay, and the Controller shall have an obligation to erase personal data without undue delay where one of the following grounds applies: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) the data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing; c) the data subject objects to the processing pursuant to Article 21(1) of the GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2); d) the personal data have been unlawfully processed; e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject; OR f) the personal data have been collected in relation to the offer of information society services. The data subject’s right may only be restricted if the exceptions prescribed by the GDPR are satisfied, so if the above reasons exist, further retention of the personal data should be lawful if it is necessary a) for exercising the right of freedom of expression and information; or b) for compliance with a legal obligation (i.e. in the case of an activity or legal duty legitimately recorded in the Processing Register, for the period appropriate for the purposes of processing); or c) for the performance of a task carried out in the public interest; or d) in the exercise of official authority vested in the Controller; or e) on the grounds of public interest in the area of public health; or f) for archiving purposes in the public interest; or g) for scientific or historical research purposes or statistical purposes; or h) for the establishment, exercise or defence of legal claims.
4.6. Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Controller without hindrance from the Controller to which the personal data have been provided, where: - the legal basis of processing is the consent of the data subject or processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; [Articles 6 (1) (a) and 9 (2) of the GDPR] AND - the processing is carried out by automated means. The Controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed unless this proves impossible or involves a disproportionate effort. The Controller shall inform the data subject about those recipients if the data subject requests it.
4.7. Remedy
The Controller shall compensate any damages caused by the unlawful processing of the data subject’s data or by breaching the requirements of data security as well as any injury to feelings caused by the breach of personal rights by the Controller or a Processor contracted by it. A Controller shall be exempt from liability to pay damages or injury to feelings if it proves that it is not in any way responsible for the event giving rise to the damage. The data subject may submit a complaint regarding the processing procedure of the Controller to supervisory authority, which is the National Authority for Data Protection and Freedom of Information in Hungary: name: National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság)
registered address: 1024 Budapest, Szilágyi Erzsébet fasor 22/C.
website: www.naih.hu
The data subject may, within his discretion, enforce his claim in court. The claim is within the jurisdiction of the regional court. At the data subject’s own discretion, proceedings may as well be initiated at the regional court competent at the permanent address or temporary place of residence of the data subject.
5. Processors
During the processing of personal data, the Controller uses the following Processors for exclusively technical tasks:
name of the Data Processor: InterNetX GmbH
address: Johanna-Dachs-Str. 55, 93055 Regensburg, Germany
purpose of processing: hosting service
Processors must process data according to the instructions of the Controller, they may not make substantive decisions involving processing, they may only process the personal data they became aware in line with the instructions of the Controller, they may not process data for their own purposes, and they must store and retain personal data according to the instructions of the Controller.
6. Variation of the statement
The Controller reserves the right to vary the statement. If a variation affects the use of personal data provided by the data subject, the user will be notified about the changes by an information notice sent by email. If the details of processing also change due to the variation of the statement, the Controller will ask the consent of the data subject again.
7. Issues not covered by this policy
In the case of issues not covered by this policy, the provisions of GDPR apply, and when it is allowed by such pieces of legislation, as supplemented by the rules of Information Act.