Palov's guest house

Menu
Menu

Privacy notice

  1. GENERAL PROVISIONS

Katalin Sebestyén, 1125 Budapest, Diós árok 49/d, as the operator of Palov's Guesthouse, ensures the lawfulness and fairness of the processing of personal data processed by it. The purpose of this information is to provide our guests who book accommodation and provide their personal data with adequate information about the conditions and guarantees under which our company processes their data, and for how long, before they make a reservation or provide their personal data. We will abide by the terms of this notice in all cases involving the processing of personal data and we consider ourselves bound by the information contained herein.
However, we reserve the right to change what is described in this unilateral declaration, in which case we will inform the data subjects in advance. Please email us if you have any questions about the contents of this notice. The processing of data in our company's activities is based on voluntary consent and in some cases is necessary to take steps at the request of the data subject prior to the conclusion of the contract.
Our data management practices comply with applicable law, in particular:
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation, hereinafter "GDPR")
Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information ("Info. tv.").

Company details:

Katalin Sebestyén

1125 Budapest, Diós árok 49/d

Tax number: 8444600296

Phone number: +36 70 947 1506

E-mail: sebestyen.kata@gmail.com

The following information is provided in relation to each of our data processing activities.

ONLINE BOOKING INCLUDING ACCOMMODATION Our company offers online booking in order to book your room in Palov's Guesthouse quickly, conveniently and without any costs.
Personal data controller: Katalin Sebestyén, 1125 Budapest, Diós árok 49/d

Purpose of the processing: facilitating, reducing costs and making the booking of accommodation more efficient, contacting the guest booking the accommodation. Legal basis for processing: prior consent of the person booking the accommodation. By accepting this information, the data subject gives his/her explicit consent to the processing of his/her personal data in accordance with this point.

Scope of personal data processed: Surname and first name; address (country, postcode, city, street, house number;) telephone number; e-mail address; in the case of a company, company name and registered office, bank card number, CVC code, SZÉP card details (ID, name on card).

If you complete the online registration form, the following data will also be processed by the accommodation: identity document (identity card, passport or driving licence) number, nationality, date and place of birth, vehicle registration number.

Duration of processing: two years after the last day of the booked stay. Use of a data processor: our company uses an IT service provider for the online accommodation system as follows.

 

A személyes adatok tárolására irányuló adatfeldolgozás:

Name of service provider: Sybell Informatika Ltd.
Service provider's address: 1158 Budapest, Késmárk u. 7/B 2. floor 206.
Telephone: +36 1 707 67 27


Domainnel kapcsolatos adatkezelés:

Name of service provider: Sybell Informatika Ltd.
Service provider's address: 1158 Budapest, Késmárk u. 7/B 2. floor 206.
Telephone: +36 1 707 67 27

 

Könyveléssel kapcsolatos adatkezelés:

Name of service provider: Szarvasi Kis-Számadó Kft.
Service provider's address: 5540 Szarvas, Dózsa Gy utca 37.
Telephone: +36 70 362 1042

 

Számlázással kapcsolatos adatfeldolgozás:

Name of service provider: Katalin Sebestyén
Service provider's address: 1125 Budapest, Diós árok 49/d
Telephone: +36 70 947 1506

 

Az online fizetéssel kapcsolatos adatkezelés:

Name of service provider: Stripe Payments Europe Limited
Service provider's address: 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland
Adatkezelő weboldala: https://stripe.com/

 

Gasztro csomag összeállításához szükséges adatkezelés:

Name of service provider: Róka és Mackó Kft.
Service provider's address: Szarvas Szabadság u. 32.
Telephone: +36 30 539 96 15
Emailcíme: rokaesmacko@gmail.com

Az adatkezelés célja: az online fizetés lebonyolítása, a tranzakciók visszaigazolása és a visszaélések megelőzése.

A kezelt adatok köre: a fizetéshez szükséges adatok, különösen a tranzakció azonosító, fizetési összeg, dátum és időpont. A bankkártya-adatok nem jutnak el az adatkezelőhöz, azokat közvetlenül a fizetési szolgáltató kezeli.

OTP SZÉP-kártyás fizetés esetén:

OTP SZÉP-kártyás fizetés során az adatkezelés az adott kibocsátó bank rendszerében történik.

Lehetséges szolgáltatók:

  • OTP Bank Nyrt. (OTP SZÉP Kártya)
  • Az adatkezelés célja: a SZÉP-kártyás fizetés lebonyolítása és a tranzakciók azonosítása.

A kezelt adatok köre: a fizetéshez szükséges adatok, különösen a tranzakció azonosító, fizetési összeg, valamint a fizetés időpontja.

Az adatkezelés a kártyakibocsátó bank saját adatkezelési tájékoztatója szerint történik.

Megjegyzés:
Az adatkezelő a fizetési adatokhoz közvetlenül nem fér hozzá, azokat minden esetben a fizetési szolgáltató kezeli.

The payment service provider is contracted by the Data Controller to assist in the execution of the online payment, for which purpose data is transferred to the online payment service provider during the purchase process. In doing so, the online payment service provider will process the billing name and address of the data subject, the order number and the date of the order in accordance with its own data processing rules.

The purpose of the transfer is to provide the online payment service provider with the transaction data necessary for the payment transaction related to the purchase initiated with the online payment service provider.

Legal basis for the transfer: the performance of a contract between you and the Data Controller pursuant to Article 6(1)(b) of the Regulation, which includes payment by the customer and, in the case of online payment, the transfer of data pursuant to this point is necessary for the payment.

OTP Mobil Kft. 1093 Budapest, Közraktár u. 30-32.Handling the data communication between the merchant and the payment service provider's system, providing customer service assistance to users, confirming transactions and fraud monitoring to protect users.

Rights of the data subject: the data subject (the person whose personal data are processed by our company) may request access to, rectification of, or erasure of personal data concerning him or her, or withdraw his or her consent to the processing: in this case, the lawfulness of the processing prior to the withdrawal is not affected by the withdrawal. If the conditions of Article 18 of the GDPR are fulfilled, you may object to the processing of your personal data (i.e. our company may not delete or destroy the data until a court or public authority requests it, but for a maximum of 30 days, and may not process the data for any other purpose), exercise your right to data portability. Pursuant to the latter right, the data subject is entitled to receive personal data concerning him or her in Word or Excel format and to have these data transmitted to another controller at his or her request.

Other information about data management: By making a booking, the data subject also declares that the information provided is true and correct and that he or she is over the age of 16.

With practical and relevant information, weather forecasts, programme offers and online check-in, we aim to help guests prepare for their trip and shorten the check-in time on arrival by sending them a pre-arrival email with information about accommodation, travel and programme options before they arrive. Based on the pre-arrival email, the guest can fill in an online check-in form to speed up their check-in to the accommodation on arrival.

We will take all necessary technical and organisational measures to avoid a possible data breach (e.g. damage, loss, loss of files containing personal data, unauthorised access). In the event of an incident, we will keep records to verify the necessary measures and to inform the data subject, including the scope of the personal data concerned, the number and type of data subjects affected by the incident, the date, circumstances and effects of the incident, the measures taken to remedy the incident and other information required by the law governing the processing.

Our company has entered into a data processing contract for data processing tasks, in which NetHotelBooking Ltd. undertakes to apply the data protection and data management guarantees provided for in the data processing contract in the event of the use of an additional data processor, and in this regard we also ensure the lawful processing of personal data in the case of the data processor.

  1. DATA PROCESSING IN THE CONTEXT OF A REQUEST FOR PROPOSAL

Our company offers the possibility to request an offer electronically. The offer is made by our automated system, subject to availability.

Personal data controller: Katalin Sebestyén, 1125 Budapest, Diós árok 49/d,

Purpose of the processing: prior information on hotel prices.
Legal basis for processing: the prior consent of the person booking the accommodation, Article 6(1)(a) GDPR, or processing necessary to take steps at the request of the data subject prior to entering into the contract, Article 6(1)(b) GDPR
Scope of personal data processed: name and surname; telephone number; e-mail address; number of guests.
Duration of processing: two years after the last day of the booked stay.
Use of a data processor: our company uses the services of an IT service provider to operate the online request for proposal system as follows.

  1. COOKIE TREATMENT
    The Data Controller places a small data package, a cookie, on the user's computer and reads it back during a subsequent visit in order to provide a personalised service. When the browser returns a previously saved cookie, the cookie management service provider has the possibility to link the user's current visit to previous visits, but only in relation to its own content.
    The purpose of data processing is: to identify, track and distinguish users, to identify users' current session, to store the data provided during the session, to prevent data loss, to measure web analytics, to provide personalized service.
    Legal basis for processing: consent of the data subject. Data processed: identification number, date, time and the page previously visited. Duration of processing: maximum 90 days
    Identifying users and their current session, storing the data they provide, preventing data loss, web analytics measurements, personalised service. Additional information on data management. The cookie management is usually available in the Tools/Preferences menu of browsers under Privacy/Preferences/Custom Settings, under the menu item Cookie, Cookie or Tracking.
    Possible consequences of non-delivery: impossibility to use the service for the services described in points 2 to 5 above.
  2. WEBSITE SERVER LOGGING
    When you visit the Sybell Informatika Kft. website, the web server automatically logs your activity.
    Purpose of data management: during the visit of the website, the service provider records the visitor's data in order to monitor the operation of the services and prevent abuse. Legal basis for data processing: article 6 (1) (f) of the GDPR. Our company has a legitimate interest in the secure operation of the website. Type of personal data processed: ID number, date, time, address of the page visited. Duration of processing: up to 90 days.
    Name of the data processor Location Description of the data processing task Sybell Informatika Kft. 1158 Budapest, Késmárk u. 7/B 2nd floor 206. Recording visitor data and information necessary for the operation of the server Additional information: our company does not link the data obtained during the analysis of log files with other information, and does not seek to identify the user. The address of the pages visited and the date and time of the visit are not in themselves capable of identifying the data subject, but when combined with other data (e.g. data provided during registration) they can be used to draw conclusions about the user.
    Logging-related data processing by external service providers: the html code of the portal contains links from and to an external server that is independent of our company. The server of the external service provider is directly connected to the user's computer. Please note that the providers of these links are able to collect user data (e.g. IP address, browser, operating system data, mouse cursor movement, visited page address and time of visit) due to the direct connection to their server, direct communication with the user's browser. An IP address is a sequence of numbers that uniquely identifies the computers or mobile devices of users accessing the Internet.
    IP addresses can even be used to geolocate the visitor using a particular computer. The address of the pages visited, as well as the date and time of the visit, are not in themselves suitable for identifying the data subject, but when combined with other data (e.g. data provided during registration) they can be used to draw conclusions about the user.
  3. OTHER MISCELLANEOUS DATA PROCESSING We provide information about data processing not listed in this notice at the time of collection. We inform our customers that certain authorities, public bodies and courts may contact our company for the purpose of disclosing personal data. Our company will disclose personal data to these bodies only to the extent and to the extent strictly necessary for the purpose of the request and to the extent that the execution of the request is required by law, provided that the body concerned has indicated the exact purpose and scope of the data.
  4. HOW PERSONAL DATA ARE STORED, THE SECURITY OF PROCESSING
    Our computer systems and other data storage locations are located at our headquarters and on servers leased by the data processor. Our company selects and operates the IT tools used to process personal data in the course of providing the service in such a way that the data processed:
    be accessible to those authorised to access it (availability); its authenticity and authentication must be ensured (authenticity of data management); its integrity must be verifiable (data integrity); it must be protected against unauthorised access (data confidentiality). We take particular care to ensure the security of the data, and we take the technical and organisational measures and establish the procedural rules necessary to enforce the guarantees under the GDPR. In particular, we take appropriate measures to protect the data against unauthorised access, alteration, disclosure, disclosure, erasure or destruction, accidental destruction, damage or loss, and inaccessibility resulting from changes in the technology used.

Our company and our partners' IT systems and networks are protected against computer fraud, computer viruses, computer intrusions and denial of service attacks. The operator ensures security through both server-level and application-level protection procedures. Daily data backup is provided. To avoid data breaches, our company takes all possible measures, and in the event of such an incident, we take immediate action to minimise the risks and repair the damage, in accordance with our incident management policy.

  1. DATA SUBJECTS' RIGHTS, REMEDIES
    The data subject may request information about the processing of his or her personal data, and may request the rectification, erasure or withdrawal of his or her personal data, except for mandatory data processing, and may exercise his or her right to data portability and objection in the manner indicated when the data were collected, or by contacting the controller at the above contact details.
    At the data subject's request, we will provide the information in electronic form without delay, but no later than 30 days, in accordance with our applicable policies. We will comply with data subjects' requests to exercise the rights set out below free of charge.
    Right to information:
    We will take appropriate measures to provide data subjects with all the information on the processing of personal data referred to in Articles 13 and 14 of the GDPR and each of the disclosures referred to in Articles 15 to 22 and 34 in a concise, transparent, intelligible and easily accessible form, in a clear and plain language, but also in a precise manner.
    The right to information may be exercised in writing, using the contact details provided in point 1. The data subject may also be provided with information orally at his or her request, after verification of his or her identity. We inform our customers that, if our employees have doubts about the identity of the data subject, we may request the information necessary to confirm the identity of the data subject.
    The right of access of the data subject:
    The data subject has the right to receive feedback from the controller on whether his or her personal data are being processed. Where personal data are being processed, the data subject has the right to access the personal data and the following information listed below.
    The purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom or which the personal data have been or will be disclosed, including in particular recipients in third countries (outside the European Union) or international organisations; the envisaged period of storage of the personal data; the right to rectification, erasure or restriction of processing and the right to object; the right to lodge a complaint with a supervisory authority; information on the data sources; the fact of automated decision-making, including profiling, and clear information on the logic used and the significance of such processing and its likely consequences for the data subject. In addition to the above, where personal data are transferred to a third country or an international organisation, the data subject is entitled to be informed of the appropriate safeguards for the transfer.
    Right of rectification:
    Under this right, any person may request the rectification of inaccurate personal data relating to him or her processed by our company and the completion of incomplete data.
    Right to erasure:
    The data subject shall have the right to have personal data relating to him or her erased without undue delay at his or her request if one of the following grounds applies:
    the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing; the data subject objects to the processing and there is no overriding legitimate ground for the processing; unlawful processing of personal data can be established; the personal data must be erased in order to comply with a legal obligation under Union or Member State law applicable to the controller; the personal data were collected in connection with the provision of information society services. The erasure of data may not be initiated if the processing is necessary for the following purposes:
    for the exercise of the right to freedom of expression and information; for compliance with an obligation under Union or Member State law to which the controller is subject to process personal data or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for archiving purposes, scientific or historical research purposes, or statistical purposes in the public interest; or for the establishment, exercise or defence of legal claims. Right to restriction of processing:
    We restrict processing at the request of the data subject in the circumstances set out in Article 18 of the GDPR, i.e. if:
    the data subject contests the accuracy of the personal data, in which case the restriction applies for the period of time necessary to allow the accuracy of the personal data to be verified; the processing is unlawful and the data subject opposes the erasure of the data and requests instead that the use of the data be restricted the controller no longer needs the personal data for the purposes of the processing but the data subject requires them for the establishment, exercise or defence of legal claims; or the data subject has objected to the processing; in this case, the restriction shall apply for a period of time until it is established whether the legitimate grounds of the controller override the legitimate grounds of the data subject. Where processing is subject to restriction, personal data, other than storage, may be processed only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the European Union or of a Member State. The data subject shall be informed in advance of the lifting of the restriction on processing.
    Right to data retention:
    The data subject shall have the right to obtain the personal data concerning him or her which he or she has provided to the controller in a structured, commonly used, machine-readable format and to transmit such data to another controller. Our company can fulfil such a request in word or excel format.
    Right to object:
    Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such purposes, including profiling, where it is related to direct marketing. In the event of an objection to the processing of personal data for direct marketing purposes, the data shall not be processed for those purposes.
    Automated decision-making on individual cases, including profiling:
    The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. The above right shall not apply where the processing is necessary for entering into, or the performance of, a contract between the data subject and the controller; is permitted by Union or Member State law applicable to the controller which also lays down appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; or is based on the data subject's explicit consent.
    Right of withdrawal:
    The data subject has the right to withdraw his or her consent at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal.
    Rules of Procedure:
    Without undue delay and in any event within one month of receipt of the request, the controller shall inform the data subject of the action taken on the request pursuant to Articles 15 to 22 of the GDPR. Where necessary, taking into account the complexity of the request and the number of requests, this period may be extended by a further two months. The controller shall inform the data subject of the extension, stating the reasons for the delay, within one month of receipt of the request.
    If the data subject has made the request by electronic means, the information will be provided by electronic means unless the data subject requests otherwise.
    If the controller fails to act on the data subject's request, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for the failure to act and of the right to lodge a complaint with the supervisory authority and to seek judicial remedy.
    The controller shall inform any recipient to whom or with whom the personal data have been disclosed of any rectification, erasure or restriction of processing that it has carried out, unless this proves impossible or involves a disproportionate effort. The controller shall inform the data subject, at his or her request, of these recipients.
    Compensation and damages:
    Any person who has suffered pecuniary or non-pecuniary damage as a result of a breach of the Data Protection Regulation shall be entitled to receive compensation from the controller or processor for the damage suffered. A processor shall be liable for damage caused by processing only if it has failed to comply with the obligations expressly imposed on processors by law or if it has disregarded or acted contrary to lawful instructions from the controller. Where more than one controller or more than one processor, or both controller and processor, are involved in the same processing and are liable for the damage caused by the processing, each controller or processor shall be jointly and severally liable for the total damage.

The controller or processor shall be exempt from liability if it proves that it is not in any way responsible for the event giving rise to the damage.
Right to apply to the courts and data protection authority procedure:
The data subject may take the controller to court if his or her rights are infringed. The court shall rule on the case out of turn.

You can lodge a complaint with the National Authority for Data Protection and Freedom of Information. The address of the Authority is: 1055 Budapest, Falk Miksa u. 9-11., postal address: 1374 Budapest, PO Box 603., Telephone: +36 1 391 1400, E-mail ugyfelszolgalat@naih.hu

Delicacies from Sarvas in Falada
Booking