Data Management Policy
Details of service provider: Zen Garden Resort
Operator: Zánkazen Kft.
Headquarters: 1121 Budapest, Alkony út 9.
Address of Service: 8251 Zánka, Vérkúti út 152.
In connection with data management, the Resort hereby informs its customers, guests and visitors of its website about the personal data it manages, the principles and practices followed in the handling of personal data, and the ways and means of exercising the rights of those concerned.
The Resortreserves the right to change this policy at any time by notifying its partners and guests of such changes. The Customer Contacting the Resortaccepts the following and agrees to the data processing specified below. The purpose of this Policy is to ensure that the Resort complies with applicable data protection legislation. This Policy is effective as of May 1, 2014 and is valid until revoked.
The scope of this Policy extends to the Resort, the persons whose details are contained in the data processing covered by this Policy and those whose rights or legitimate interests are affected by the data management.
The scope of this Policy extends to the processing of all personal data by the Resort in all its organizational units.
The following terms are used in the application of this Policy.
Affected: any natural person identified or identified directly or indirectly by personal data;
Personal data: data relating to the data subject, in particular the name of the data subject, his or her identification mark and knowledge of one or more physical, physiological, mental, economic, cultural or social identities, and the conclusion drawn from the data subject;
Contribution: a voluntary and determined declaration of the wishes of the data subject based on appropriate information and with unambiguous consent to the processing of personal data relating to him or her, wholly or in part;
Protest: a statement by the person concerned to object to the processing of his / her personal data and requests the termination of the data management and the deletion of the data processed;
Data Controller: a natural or legal person, or an entity without legal personality, who, either individually or together with others, determines the purpose of data management, makes and implements decisions relating to data management (including equipment used), or implements it with a data processor entrusted to it;
Data management: any operation or operation performed on data, irrespective of the procedure used, including, in particular, collection, recording, recording, systematization, storage, alteration, use, querying, transmission, disclosure, coordination or interconnection, blocking, deletion and destruction; preventing the further use of the data, taking photographs, sound or images, and recording physical characteristics suitable for identifying the person.
Data Processor: any natural or legal person or organization without legal personality who, under a contract with the data controller, including the conclusion of a contract under the provisions of the law, processes data;
Data processing: performing technical tasks related to data management operations, irrespective of the method and means used to perform the operations and the location of the application, provided that the technical task is performed on the data;
Third party: any natural or legal person or entity without legal personality which is not the same as the data subject, the data controller or the data processor;
Transmission of data: making data available to a specific third party;
Disclosure: making data available to anyone;
Data deletion: making data unrecognizable in such a way that their recovery is no longer possible;
Data designation: providing the data with an identification mark to distinguish it;
Data blocking: Providing data with identification
Data blocking: for the purpose of limiting the further processing of the data with an identifier for a definitive or definite period of time;
Data Destruction: complete physical destruction of data media containing data;
THE SCOPE OF PERSONAL DATA, TITLE AND DURATION OF DATA MANAGEMENT
Personal data can be handled by the Resort if the person concerned agrees, or it is ordered by law or, under the authority of the law, within the scope specified therein, by a local government regulation for public interest purposes (mandatory data management).
Personal data may also be handled if the obtaining of the consent of the data subject would be impossible or disproportionate and the processing of personal data is necessary for the fulfillment of the legal obligation of the controller or for the legitimate interests of the data controller or a third party and the enforcement of this interest in the personal data. the protection of the rights of the child.
The declaration of a legally incapacitated minor who is under the age of 16 is required by the consent of his or her legal representative, except for those parts of the service where the declaration is aimed at massive data management in everyday life and does not require particular consideration.
If, due to the incapacity of the data subject, or for other unavoidable reasons, he is unable to give his consent, the personal data of the data subject shall, during the existence of obstacles to consent, to the extent necessary for the protection of his or her or other person’s vital interests and for the prevention or prevention of imminent danger to the life, bodily integrity or property of persons. they can be treated.
If personal data has been recorded with the consent of the data subject, the controller will not store the recorded data unless otherwise provided by law for the purpose of fulfilling his legal obligation, or for the purpose of enforcing the legitimate interests of the controller or a third party, if the enforcement of this interest is proportionate to the restriction of the right to the protection of personal data without further specific consent and may be managed after the withdrawal of the consent of the data subject.
Personal data may only be processed for a specific purpose, for the purpose of exercising rights and fulfilling an obligation. Data management must meet this objective at every stage, and the recording and processing of data must be fair.
Only personal data that is essential for the purpose of the data management are suitable for the purpose, and only to the extent and for the time necessary to achieve the purpose.
Personal data may only be processed with the appropriate consent based on information.
The data subject must be informed prior to the commencement of the data management that the processing is based on consent or mandatory. The data subject shall be informed, clearly, comprehensibly and in detail, of all facts relating to the management of his or her data, in particular the purpose and legal basis of the data management, the person entitled to data processing and data processing, the duration of the data management, and the personal data of the data subject with the consent of the data subject. and manage the legal obligation to the controller or enforce the legitimate interest of a third party, or who can know the data. The information should also cover the data processing rights and remedies available to the data subject.
During data management, the accuracy, completeness, and up-to-date data must be ensured and the data subject can only be identified for the time necessary for the purpose of data management.
Data processing personnel at the organizational units of the Resort are required to keep the personal data known as business secrets. Persons handling and accessing personal data must make a Privacy Statement.
The Data Controller handles personal data for the sole purpose of exercising the rights and fulfilling the obligation. At every stage of data management, it meets the purpose of data management. Data are recorded and handled fairly and lawfully. The Data Controller shall endeavor to process only such personal data that is essential for the purpose of the data management and is suitable for achieving the purpose. Personal data can only be managed to the extent and for the time necessary to achieve the goal.
We would like to inform the Resort informants that if they do not provide their own personal data, it is the duty of the informant to obtain the consent of the data subject.
DATA MANAGEMENT ON THE WEBSITE
The legal basis for data management on the website is the User’s consent and the CVIII of 2001 on certain aspects of electronic commerce services and information society services. Act 13 / A. (3).
Scope of data processed: date and time of the visit, IP address of the visitor’s computer, type of browser, name, phone, e-mail address, date and time, number of adults, number and age of children, type of care, and by User other personal information provided.
Deadline for data deletion: 5 years from the date of the reservation, in the case of an invitation to tender, if no contract has been made immediately; while in the case of contributions to the newsletter, until the consent is withdrawn. In the case of accounting documents, the Service Provider maintains it for 8 years pursuant to Section 169 (2) of Act C of 2000 on Accounting.
You can initiate the deletion or modification of your personal information in the following ways:
Zen Garden Resort
Hungary - 8251 Zánka, Vérkúti út 152.
We inform our Users that, on the basis of the authorization of the court, the prosecutor, the investigative authority, the infringement authority, the administrative authority, the data protection commissioner or the law, other bodies may provide information to the Service Provider for the purpose of providing information, communicating, transmitting or making available documents.
The Resort will only provide personal information to the authorities, if the authority has specified the exact purpose and scope of the data, to the extent strictly necessary for the purpose of the request.
The Resort shall provide the information, information and information required by the guests for the performance of the Service in accordance with CXII of 2011 on Information Self-Determination and Freedom of Information. law.
The Resort handles the personal data of the Users for the purpose of providing the Service (full use of the website, eg booking, sending newsletter) only to the extent and for the time required. This is the purpose of data management at all stages.
The Resort also handles the personal information that is technically necessary to provide the service. If personal data has been recorded with the consent of the User, the Resort will not store the recorded data unless otherwise provided by law:
1. for the purpose of fulfilling his legal obligation, or
2. to enforce the legitimate interest of the Resort or third party,
if the enforcement of this interest is proportionate to the limitation of the right to the protection of personal data, you may manage it without further consent and after the User’s consent has been withdrawn.
In addition, Users will only collect information about the User (IP address, date of use, webpage viewed, browser, and one or more cookies that allow the browser to be uniquely identified) used exclusively for the development and maintenance of the Services and for statistical purposes . The Service Provider uses the data processed for these statistical purposes only in a form incompatible with personal identification. In order to improve the quality of the Services, the Resort has a file containing a string on the user’s computer. places a cookie if the User agrees. If you do not agree with the User, it will be indicated in advance in the chapter “Data Management on the Website”. in the contact details set out in point 4.1.
The Resort shall only transfer personal data it manages to a third party for the purpose of developing and / or operating certain services of the Resort used by the User. The Resort does not use the personal data it manages for the purposes of a third party and does not otherwise use it for any purpose.
Websites also contain links to an external (not managed by the Resort) server; For this reason, the Resort disclaims all liability.
By using this service, the User agrees that the Resort shall collect and manage personal data in order to provide the service in full, as described in this Privacy Notice.
On the basic conditions and certain limitations of the economic advertising activity, XLVIII. Pursuant to Section 6 of the Act of 2006, the User expressly and explicitly agrees to seek out the Resort ‘s advertisements and other mailings at the contact details given at the time of registration (eg e – mail address or telephone number).
In addition, the Customer agrees, with the provisions of this Prospectus, to manage the personal data of the Resort for sending advertisements.
The Resort does not send unsolicited advertising messages, and the User may unsubscribe from sending the offers free of charge without limitation or justification. In this case, all personal data of the Resort – necessary for the sending of advertising messages – will be deleted from its register and will not contact the User with further promotional offers. Users can opt out of advertising by clicking the link in the message.
The purpose of data management is to send an electronic newsletter containing an economic advertisement message to the User, information about current information and products.
The legal basis for data processing: the voluntary contribution of the data subject and the basic conditions and certain limitations of the economic advertising activity in 2008 XLVIII. Section 6 (5) of the Act.
The range of managed data: name, email address, phone number, date, time.
Deadline for deletion of data: Until the withdrawal of the declaration of consent, ie until the date of unsubscription.
The Resort shall take all necessary safety, organizational and technical measures to ensure the highest level of security of personal data and to prevent unauthorized alteration, destruction and use.
The Resort shall take all necessary measures to ensure the integrity of the data, ie the accuracy, completeness and up-to-date status of the personal data it manages and / or processes.
The Resort shall protect the data by appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as unavailability due to accidental destruction, damage, or change in the technique used.
Therefore, the Resort reserves the right to inform its customers and partners about any vulnerability in its system if its customers or partners identify a vulnerability, and at the same time limit its access to the Service Provider’s system, services, or some of its features.
For the security of data stored on the network, the Resort avoids data loss on the server by continuous mirroring.
Active data from databases containing personal data will be saved by the Resort on a daily basis.
The personal data management network. The Resort constantly takes care of virus protection.
Data managed by the Resort network and access to data files must be provided with a user name and password.
INFORMATION ON DATA MANAGEMENT
The User may request information on the management of his / her personal data and may request the rectification of his / her personal data, or, except as provided for in the law, the deletion of the personal data in the manner indicated in the data collection or on the contact details provided by the Service Provider.
At the request of the user, the Resort provides information on the data it manages, their source, the purpose, legal basis and duration of the data management. The Resort shall provide the information in writing, in a comprehensible form, in the shortest possible time after the submission of the request, and within 30 days at the latest.
The Resort corrects the personal data if it does not correspond to reality and it is at your disposal personal information that is correct.
The Resort shall block the personal data if the User so requests or if, on the basis of the information at its disposal, it can be assumed that the deletion would violate the User’s legitimate interests. Locked personal data may be processed only for as long as there is a data management purpose that excludes the deletion of personal data.
The Resort will delete the personal data if its handling is unlawful, the User requests it, the data processed is incomplete or incorrect – and this condition cannot be legally rectified – provided the cancellation is not excluded by law, the purpose of data management has been eliminated or the data storage law has been abolished expired, the court or the National Data Protection and Freedom of Information Authority ordered it.
The data controller has 30 days to delete, block or correct personal data. If the Resort does not comply with the User’s request for rectification, blocking or cancellation, he / she shall communicate the reasons for the rejection in writing within 30 days.
The Resort will notify the Customer of the rectification, blocking and cancellation, as well as all those who have previously forwarded the data for data management purposes. The notification is ignored if this does not violate the legitimate interest of the User with regard to the purpose of the data management.
Compliance with data protection regulations, and in particular the provisions of these regulations, must always be checked by the heads of the organizational unit performing data management at the Resort.
The Resort and Operations Manager and the data protection officer entrusted to it are responsible for checking the data processed at the Resort once a year.
User may object to the processing of their personal data if
the processing or transfer of personal data is only necessary for the performance of the legal obligation of the Service Provider or for the legitimate interest of the Service Provider, the data recipient or a third party, unless the data management is prescribed by law;
the use or transmission of personal data is for direct marketing, opinion polling or scientific research;
otherwise provided by law.
The Resort will examine the protest as soon as possible after the submission of the request, but within a maximum of 15 days, decide on its validity and inform the applicant in writing of its decision. If the Resort finds that the data subject’s objection is well-founded, data management, including further data collection and data transfer, will be terminated, blocked and notified of any protest and any action taken on the basis of which the personal data subject to the protest has previously been transmitted and who are obliged to take action to enforce the right of protest.
If the User does not agree with the decision made by the Resort, he / she may appeal to the court within 30 days of its notification.
In case of violation of its rights, the user can go to court against the Resort. The court acts out of the case. You have the opportunity to appeal to the National Authority for Data Protection and Freedom of Information:
National Authority for Data Protection and Freedom of Information
1125 Budapest, Szilágyi Erzsébet fasor 22 / C.
Mailing address: 1530 Budapest, Mailbox: 5.
Phone: +36 -1-391-1400
Fax: + 36-1-391-1410