HOTEL ÁTRIUM KFT. PRIVACY POLICY
1. GENERAL PROVISIONS
Hotel Átrium Kft., located at 9700 Szombathely, Bernstein u. 20, as the operator of Hotel Tihany Átrium, ensures the legality and appropriateness of the handling of personal data it processes. The purpose of this notice is to provide our guests, who are booking accommodations and providing their personal data, with adequate information before booking or providing their personal data about the conditions and guarantees under which we handle their data and for how long. Our company adheres to the content of this notice in all cases involving the processing of personal data and considers it binding.
We reserve the right to change the terms described in this unilateral legal notice, in which case we will inform the affected parties in advance. If you have any questions regarding the content of this notice, please write to us. The data processing activities of our company are based on voluntary consent and, in some cases, are necessary for taking steps at the request of the data subject prior to entering into a contract.
Our data processing activities comply with the relevant laws, particularly:
Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter "GDPR")
Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information
Our company’s details and contact information are as follows:
Name: Hotel Átrium Kft.
Headquarters: HU-9700 Szombathely, Bernstein u. 20.
Company registration number: 18-09-111475
Tax number: 24206293-2-18
Phone number: +36-70-408-4458
E-mail: [email protected]
We provide the following information regarding our data processing activities.
DATA PROCESSING RELATED TO ONLINE ACCOMMODATION BOOKING
Our company provides the opportunity for online accommodation booking to enable guests to book rooms at Hotel Tihany Átrium quickly, conveniently, and free of charge.
Data controller: Hotel Átrium Kft., 9700 Szombathely Bernstein u. 20.
Purpose of data processing: to facilitate, make cost-free, and efficient accommodation booking.
Legal basis for data processing: the prior consent of the person booking the accommodation.
Scope of processed personal data: title; surname and first name; address (country, postal code, city, street, house number); phone number; email address; company name and headquarters in the case of business entities, bank card number and expiration date, SZÉP card details (identifier, name on the card).
Our company provides the option to confirm room bookings electronically. The booking becomes valid upon the inclusion of bank card details. Card details are deleted from the online system and emails immediately upon receipt and are not stored on computer servers. For the security of data provided over the phone, no phone calls are recorded. Bank card details are used solely as a guarantee for the booking; no charges or pre-authorizations are made before arrival. Paper-based data is destroyed upon guest departure. We handle all data with the utmost care and security.
Use of data processors: our company uses the assistance of IT service providers for the online accommodation system as follows.
| Data processor name: | Headquarters: | Description of data processing tasks: |
| Previo Kft. | 1119 Budapest, Petzvál József utca 4/A. | Client management tasks using the Previo Front Office hotel system |
Possible consequences of failure to provide data: no contract for the hotel room will be established.
Rights of the data subject: the data subject (the person whose personal data our company processes)
can request access to their personal data,
can request rectification,
can request cancelation,
can request the restriction of data processing under the conditions specified in Article 18 of the GDPR (i.e., that our company does not delete or destroy the data until a court or authority requests it, but for no longer than thirty days, and beyond this, does not process the data for other purposes),
can object to the processing of their personal data,
can exercise the right to data portability. This right entitles the data subject to receive their personal data in a word or excel format.
Additional information regarding data processing: our company takes all necessary technical and organizational measures to avoid potential data protection incidents (e.g., damage to, loss of, or unauthorized access to personal data files). In the event of an incident, we maintain a record for monitoring necessary measures and informing the affected parties, including the scope of personal data involved, the individuals and number affected, the date, circumstances, and effects of the incident, the measures taken to address it, and other data specified by law.
DATA PROCESSING RELATED TO QUOTATION REQUESTS
Our company provides the option for guests to request quotes electronically. The quotes are provided by an automated system, considering available capacities.
Data controller: Hotel Átrium Kft., 9700 Szombathely Bernstein u. 20.
Purpose of data processing: preliminary information on hotel prices.
Legal basis for data processing: the prior consent of the person booking the accommodation, GDPR Article 6 (1) (a), and steps necessary for entering into a contract at the data subject’s request before the contract is concluded – GDPR Article 6 (1) (b)
Scope of processed personal data: title; surname and first name; address; phone number; email address; number of guests.
Possible consequences of failure to provide data: the hotel cannot provide an offer.
Rights of the data subject: the data subject (the person whose personal data our company processes)
can request access to their personal data,
can request rectification,
can request cancelation,
can request the restriction of data processing under the conditions specified in Article 18 of the GDPR (i.e., that our company does not delete or destroy the data until a court or authority requests it, but for no longer than thirty days, and beyond this, does not process the data for other purposes),
can object to the processing of their personal data,
can exercise the right to data portability. This right entitles the data subject to receive their personal data in a word or excel format.
COOKIE MANAGEMENT
To provide personalized service, the data controller places a small data package called a cookie on the user's computer and reads it back during later visits. If the browser sends back a previously saved cookie, the cookie provider can link the user’s current visit with previous ones, but only concerning its own content.
Purpose of data processing: identification, tracking, and distinguishing of users, identifying the current session of users, storing the data provided during that session, preventing data loss, web analytics measurements, personalized service.
Legal basis for data processing: the consent of the data subject.
Scope of processed data: identifier number, date, time, and the previously visited page.
Duration of data processing: a maximum of 90 days
Additional information regarding data processing: the user can delete the cookie from their own computer and can disable the application of cookies in their browser. Cookie management is usually possible under the Tools/Settings menu in the Privacy/History/Custom settings section, under the name cookie, tracking, or tracking protection.
Possible consequences of failure to provide data: inability to use the services described in points 2-5.
OTHER DATA PROCESSING
Data processing activities not listed in this notice will be disclosed at the time of data collection. We inform our clients that certain authorities, public bodies, and courts may request personal data from our company. Our company will provide personal data to these bodies only to the extent necessary to fulfill the request and only if the purpose and scope of the request are specified and required by law.
METHODS OF PERSONAL DATA STORAGE, DATA SECURITY
Our company's IT systems and other data retention locations are located at the headquarters and on servers rented by the data processor. Our company selects and operates IT tools used for personal data processing in providing the service so that the data handled is:
accessible to authorized persons (availability);
authenticated and verified (data processing authenticity);
verifiable in its integrity (data integrity);
protected against unauthorized access (data confidentiality).
The data controller stores personal data on paper and IT tools at the data controller's headquarters, on its servers. Paper documents are kept secure by the data controller, ensuring only authorized persons have access. The data can primarily be accessed by the company's management and staff. According to this notice, certain data is transferred to data processors and other data controllers (e.g., accountant) to achieve the purposes specified in this notice.
Furthermore, the personal data of the user may only be transferred in cases specified by law (e.g., request by a legally authorized authority) or based on the user's consent.
The data controller protects the processed data against unauthorized access, alteration, transmission, deletion, and destruction. The data controller maintains a record of personal data processing activities, which includes the scope of processed personal data, the individuals and number of those affected by potential data protection incidents, the date, circumstances, and effects of the incident, the measures taken to address it, and other data specified by law.
7. SECURITY OF OUR WEBSITE AND EMAIL SYSTEM
Name of the data controller: Wakelite Kft. Mailing address of the data controller: 9700 Szombathely, Bezerédi A.u. 5, Hungary Email address of the data controller: [email protected] Phone number of the data controller: +36 70 316-9849 Company registration number of the data controller: 18-09-111137 Tax number of the data controller: 23974874-2-18 VAT number of the data controller: HU23974874
Data disclosure is voluntary. The data subject is not obligated to provide personal or credit card information; however, in the absence of such data, in certain cases (e.g., when placing an order as a private individual), they may not be able to use the services provided by our company.
E-mail címekre küldött, nem szolgáltatáshoz köthető, érdeklődő e-mail kapcsán tárolt adatok és kezelésük
Kezelt adatok: e-mail cím, név, telefonszám, amennyiben a levélíró ezt is közölte.
Az adatkezelés célja: kapcsolattartás.
Az adatkezelés jogalapja: az érintett hozzájárulása.
Az adatkezelés időtartama: a hozzájárulás visszavonásáig.
Data stored and processed in relation to inquiry emails sent to email addresses, which are not tied to a service: Processed data: Email address, name, phone number (if provided by the sender). Purpose of data processing: Maintaining contact. Legal basis for data processing: The data subject’s consent. Duration of data processing: Until the consent is withdrawn.
Our company’s and our partners’ IT systems and networks are protected against computer-assisted fraud, computer viruses, computer hacking, and denial-of-service attacks. The operator ensures security through server-level and application-level protective measures. Daily data backups are in place. To prevent data protection incidents, our company takes all possible measures. In the event of such an incident, we act immediately in accordance with our incident management policy to minimize risks and mitigate damages.
The data controller takes all necessary steps to ensure the security of the personal data provided by the data subject, both during network communication and during the storage and retention of the data. Access to personal data is strictly limited to prevent unauthorized access, unauthorized alteration, or unauthorized use of personal data. The servers hosting the data controller’s website are located in the data centers of Hetzner GmbH and Contabo GmbH. The data controller maintains confidentiality during data processing: protecting information so that only authorized individuals can access it; ensuring integrity: protecting the accuracy and completeness of the information and its processing methods; and ensuring availability: ensuring that authorized users can access the required information when needed, and that the necessary tools are available. The data controller imposes these obligations on its employees involved in data processing activities, as well as on data processors acting on behalf of the data controller.
8. RIGHTS OF DATA SUBJECTS AND LEGAL REMEDIES
The data subject may request information about the processing of their personal data and may request the correction or—except for mandatory data processing—the deletion or withdrawal of their personal data. They may also exercise their right to data portability and objection as indicated at the time of data collection or through the contact details provided above.
Upon request, we will provide the information in electronic form without delay, but no later than within 30 days, in accordance with our relevant policy. We fulfill data subjects’ requests for the exercise of their rights free of charge.
Right to information:
Our company takes appropriate measures to ensure that all information related to the processing of personal data, as mentioned in Articles 13 and 14 of the GDPR, as well as all information under Articles 15–22 and 34, is provided to data subjects in a concise, transparent, understandable, and easily accessible form, clearly and comprehensibly formulated, yet precise.
The right to information can be exercised in writing through the contact details provided in Section 1. Upon request, information may also be provided orally after verifying the data subject’s identity. We inform our clients that if our staff has doubts about the data subject’s identity, we may request additional information to confirm their identity.
Right of access:
The data subject has the right to obtain confirmation from the data controller as to whether their personal data is being processed. If processing is ongoing, the data subject has the right to access their personal data and the following information:
Az adatkezelés céljai;
The purposes of the processing;
The recipients or categories of recipients to whom the personal data has been or will be disclosed, including recipients in third countries (outside the European Union) or international organizations;
The planned storage period of the personal data;
The right to request rectification, erasure, or restriction of processing, and the right to object;
The right to lodge a complaint with a supervisory authority;
Information about the source of the data. The existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
Right to rectification:
Under this right, anyone may request the correction of inaccurate personal data or the completion of incomplete data processed by our company.
Right to erasure:
The data subject has the right to request the erasure of their personal data without undue delay if one of the following grounds applies:
The personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
The data subject withdraws consent on which the processing is based, and there is no other legal ground for the processing;
The data subject objects to the processing, and there are no overriding legitimate grounds for the processing;
The personal data has been unlawfully processed;
The personal data must be erased to comply with a legal obligation under EU or member state law applicable to the data controller;
The personal data was collected in relation to the offer of information society services.
Right to data portability:
The data subject has the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller without hindrance from the current controller.
English 
Hungarian