Privacy Policy

 

The purpose of this Privacy Policy is to define the data processing activities relating to personal data carried out by Queen Elisabeth Apartment and Queen Emma’s Place, acting as the Data Controller (hereinafter referred to as Data Controller, Service Provider). It defines the principles of data protection and processing, the Service Provider’s data protection and processing policy, which the Service Provider acknowledges as binding, with special regard to the protection of personal data provided by Users.

By using the website operated by the Service Provider or by using one of the Service Provider’s services, the User consents to the processing of their personal data in accordance with the provisions of this Data Processing Policy.

The scope of the Policy also extends to the processing of personal data processed by Data Processors who have entered into a Data Processing Agreement with the Service Provider.

I. DATA OF THE SERVICE PROVIDER AS DATA CONTROLLER

Queen Elisabeth Apartman Queen Emma’s Place
Name: Erzsébet Halász Pál Kovács
Registered Office: 25 Szárcsa u., Debrecen 23 Vörösmarty u., Gyenesdiás
Tax Number: 91289265-1-29 7488-1-40
Website: www.queensdebrecen.hu
E-mail Address: queensdebrecen@gmail.com
Registering Authority: Debrecen Local Government Office
Registration Number: Queen Elisabeth Apartman: 545/2025. Queen Emma’s Place: coming soon 316/1997.AK reg.szám Queen Emma’s Place MA25117326, Queen Elisabeth Apartman MA25116899 MA19015733

Basic Concepts

  • personal data: any information relating to an identified or identifiable natural person (data subject) – in particular, the data subject’s name, identification number, and one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that natural person, as well as conclusions drawn from the data concerning the data subject.
  • data file: the totality of data managed in a single register;
  • data subject: any natural person who is identified or identifiable, directly or indirectly, based on any information;
  • data processing: the performance of technical tasks related to data management operations, regardless of the method and means used for the execution of the operations, and the place of application, provided that the technical task is performed on the data;
  • third party: a natural or legal person, or a non-legal entity, who or which is not the same as the data subject, the data controller, or the data processor;
  • data protection: the totality of technologies and organizational methods that enable the inviolability, integrity, usability, and confidentiality of the collected data assets;
  • personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
  • data management/processing: any operation or set of operations which is performed on data, irrespective of the procedure used, such as collection, recording, systematisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, as well as preventing their further use, the taking of photographs, sound or image recordings, and the recording of physical characteristics suitable for identifying a person (e.g. finger or palm print, DNA sample, iris image).
  • data controller: the natural or legal person, or the non-legal entity, who or which, alone or jointly with others, determines the purposes and means of the processing of personal data, makes and executes decisions concerning the data processing (including the used tools), or has them executed by a data processor.
  • data transfer: making data accessible to a specified third party.
  • data erasure: making data unrecognisable in such a way that their recovery is no longer possible.
  • restriction of processing: the marking of stored personal data with the aim of limiting their processing in the future;
  • consent: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her, whether in whole or for specific operations.
    • Consent includes the data subject checking a relevant box or carrying out relevant technical settings when viewing the website or finalising the booking, as well as any other statement or action that clearly indicates the data subject’s consent to the intended processing of their personal data in the given context.
  • mandatory data processing: when data processing is ordered by law or, based on authorisation by law, by a local government regulation for a purpose based on public interest, within the scope defined therein.
  • disclosure: making data accessible to anyone.
  • profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

II. Purpose of Data Processing

The Data Controller processes the Guests’ personal data for the following purposes, based on the voluntary consent of the user:

  • For the purpose of requesting an offer and making a booking for accommodation.
  • For the purpose of issuing an invoice before the Guest’s departure from the accommodation.
  • For the purpose of communication regarding the booking.
  • When subscribing to the website’s newsletter, the user voluntarily provides their data, which is stored for the purpose of the Service Provider occasionally sending promotional newsletters about the accommodation. The user can unsubscribe from the newsletter at any time.

III. Legal Basis for Data Processing

The Data Controller processes the Guests’ personal data based on the following legal grounds:

  • For the purpose stated in point II. a), the legal basis is Article 6 (1) (b) of the GDPR, namely the performance of a contract to which the Guest, as the data subject, is a party.
  • For the purpose stated in point II. b), the legal basis is Article 6 (1) (c) of the GDPR, namely compliance with a legal obligation to which the Data Controller is subject, specifically the obligation of the Data Controller to prepare documents and invoices.
  • For the purpose stated in point II. c), data processing takes place based on Article 6 (1) (a) of the GDPR, in order to be able to adequately inform about essential circumstances arising from the contractual relationship.
  • If the necessity of data processing for other purposes or on other legal bases arises beyond the above, the Data Controller is obliged to individually inform the data subject about all important information regarding the intended data processing and their rights related thereto before commencing the data processing.

IV. Scope of Processed Data

Guest Inquiry:

  • Scope of personal data processed: Name (Family and First Name), E-mail address, Phone number

Use of the online booking interface operating on the Data Controller’s website is not subject to separate registration, however, the provision of the following personal data is necessary for the booking.

  • Scope of personal data processed: Name (Family and First Name), Phone number, E-mail address, Billing address

Guest Check-in:

  • Scope of personal data processed: Name (Family and First Name), Date of Birth, Address, ID card/Passport number

Tourism Discount Card Registration:

  • Scope of personal data processed: Name (Family and First Name), Year of Birth, Address

Invoicing:

  • Scope of personal data processed: Name (Family and First Name), Billing address

Complaint Handling:

  • Scope of personal data processed: Name (Family and First Name), E-mail address, Phone number, Address

V. Duration of Data Processing

The processing of the Guest’s personal data begins from the time of providing the booking date and will be erased 5 years after the Guest’s departure from the accommodation.

The Guest’s name and billing address will be processed for the period specified in the Accounting Act, 8 (eight) years, after which the Data Controller will destroy them.

VI. Data Security

The Data Controller takes all necessary steps to ensure the security of the personal data provided by the Guests, both during the network system, and the storage and safeguarding of the data.

The booking system operating through the Data Controller’s website is placed on an external, protected hosting provider, and the provider cannot access the data managed on this hosting. The Data Controller carries out its work processes on computers protected by passwords and anti-virus software.

VII. Data Processors

The Data Processor processes personal data on behalf of the Data Controller under the terms stipulated in the Data Processing Agreement. The conditions for the processing of and access to personal data by the Data Processor are regulated by the Data Processing Agreement concluded between the Data Controller and the Data Processor.

Data Processor(s) during online booking/request for quote: MediaCenter Hungary Kft.????

It operates the server used for storing the website, ensuring digital data storage and processing.

VIII. Rights of the Guest and Possibilities for Legal Redress

  • The Guest is entitled to obtain confirmation from the Data Controller as to whether or not personal data concerning him or her are being processed, and, where that is the case, to access the personal data and receive information about the data processed and all relevant information concerning the data processing.
  • The Guest may request the Data Controller to rectify inaccurate personal data concerning him or her without undue delay. Taking into account the purposes of the processing, the Guest may request the completion of incomplete personal data.
  • The Guest may request the erasure of their personal data, unless the processing is necessary for compliance with the Data Controller’s legal obligations or for the establishment, exercise, or defence of legal claims. The Data Controller shall erase the personal data without undue delay if the data processing is unlawful, the data is incomplete or erroneous, the purpose of data processing has ceased, or the storage period has expired, or erasure has been ordered by a court or authority, or is necessary for compliance with a legal obligation to which the Data Controller is subject.
  • If the Data Controller processes personal data based on the data subject’s consent, the data subject may withdraw this consent. If there is no other legal basis for the data processing, the Data Controller shall erase the personal data affected by the withdrawn consent.
  • The Guest has the right to request the Data Controller to restrict processing where:
    • the accuracy of the personal data is contested by the Guest, for a period enabling the Data Controller to verify the accuracy of the personal data;
    • the processing is unlawful, but the Guest opposes the erasure of the personal data and requests the restriction of their use instead;1

       

    • the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the data s2ubject for the establishment, exercise or defence of legal claims; or

       

    • the data subject has objected to processing carried out in the public interest or for the legitimate interests of the Data Controller or a third party.
    • During the period of restriction, the Data Controller shall not use the personal data for any purpose other than storage.
  • In case of exercising the Guest’s rights, the Data Controller shall examine the data subject’s request, take the necessary measures, and inform the Guest about these measures or the reasons for their failure to act within one month of receiving the request.
  • Legal Redress:
    • The Guest may submit their request regarding data processing in writing to the Data Controller’s postal address or e-mail address.
    • In case of violation of their rights, the data subject may turn to the competent Regional Court (Törvényszék) according to the Data Controller’s address, or, at their choice, to the Regional Court competent according to their place of residence, or, in the absence thereof, their place of stay, and file a lawsuit.
    • The Service Provider reserves the right to modify this Policy at any time by unilateral decision. As the Data Controller, in the event of modification of this Policy, it is entitled (but not obliged) to inform the data subjects about the modification by sending a system message. The data subject is entitled to exercise their rights related to data processing in the manner described in this Policy and in the currently valid legislation.
    • The Guest may also file a complaint with the National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság, 1125 Budapest, Szilágyi Erzsébet Fasor 22/c, hereinafter: NAIH) and initiate an investigation, claiming that a violation of law has occurred or there is an imminent danger of it in connection with the processing of their personal data.

Relevant Legislation

  • Regulation (EU) 2016/679 of the European Parliament and of the Council (“General Data Protection Regulation” or “GDPR”).
  • Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (“Infotv.”).
  • Act V of 2013 on the Civil Code (“Ptk.”), and Act XLVIII of 2008 on the basic conditions and certain limitations of commercial advertising (“Grtv.”).
  • Act CXXX of 2016 on the Code of Civil Procedure

Gyenesdiás, November 15, 2022

Information on the Use of Cookies

What is a cookie?

The Data Controller uses so-called cookies during the visit to the website. A cookie is a package of information consisting of letters and numbers that our website sends to your browser with the aim of saving certain settings, making it easier to use our website, and contributing to the collection of some relevant, statistical information about our visitors.

Some cookies do not contain personal information and are not suitable for identifying the individual user, but some of them contain an individual identifier – a secret, randomly generated sequence of numbers – that is stored by your device, thereby also ensuring your identifiability. The duration of operation of each cookie is contained in the relevant description of each cookie.

Legal background and legal basis for cookies:

The legal basis for data processing is your consent, based on Article 6 (1) (a) of the Regulation.

Main characteristics of cookies used by the website:

  • Cookie Acceptance: When arriving at the page, you accept the statement regarding the storage of cookies in the warning window. Its lifespan is 365 days.