We process personal data only in accordance with the applicable legal requirements.
We take care to ensure that your data is treated as securely as possible.
We provide the possibility to inform you about the data we hold about you and to delete your data from our database on request, taking into account the relevant legal provisions.
We will only transfer data to third parties on the basis of a legal obligation and consent.
Company name: KÖRÖSPARTI NYÁR Kft.
18. Szent Erzsébet street, Békésszentandrás 5561, Hungary
Tax number: 14630019-2-04
hereinafter referred to as: data controller
Within the framework of this privacy notice, we comply with our legal obligation to inform you as the data subject that we are processing your data on the basis of your consent before the processing formally starts.
In this notice, we provide you with detailed information about the purposes of the processing, the legal basis, the duration of the processing, any processing operations and the rights and remedies available to you in relation to the processing.
This privacy statement governs the processing of data on the www.bordurhotel.hu website.


REGISTER


Data Subject/Respondent: any natural person identified or otherwise identifiable, directly or indirectly, on the basis of specified personal data. In particular, a person is identifiable if he or she can be identified, directly or indirectly, by name, an identifier or one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity.
Data file: The set of data managed in a register.
Data Processing: The performance of technical tasks related to data processing operations, irrespective of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data. In particular, for the purposes of this Policy, processing means any technical processing operation not involving a substantive decision and carried out by a processor on behalf of the controller.
Data Processor: a natural or legal person or unincorporated body who or which processes data on the basis of a contract with the controller, including a contract concluded pursuant to a legal provision.
Data Controller: With regard to personal data processed in a given department, the head of the department who is responsible for the processing of all personal data processed by his or her department in accordance with this Policy (hereinafter referred to as the Data Controller). Where a decision needs to be taken in relation to personal data processed in an IT system and affects the responsibility of the Data Controller under the Information Security Policy, the Personal Data Controller shall take its decision with the consent of the Data Controller designated under the Information Security Policy.
Data Medium: the physical form in which the data is presented and stored, including documents.
Data Subject: a natural or legal person or an unincorporated body that submits a request to the Organisation for the processing, rectification, erasure or blocking of personal data concerning him or her.
Data processing: any operation or set of operations which is performed upon data, regardless of the procedure used, in particular any collection, recording, recording, organisation, storage, alteration, use, consultation, disclosure, transmission, alignment or combination, blocking, erasure or destruction of data, prevention of their further use, taking of photographs, audio or video recordings, or any other physical means of identification of a person (e.g. fingerprints, palm prints, DNA samples, iris scans). For the purposes of this Policy, processing means, in particular, the taking of decisions and the issuing of instructions in relation to certain processing operations.
Data Controller: a natural or legal person or an unincorporated body which, alone or jointly with others, determines the purposes for which the data are to be processed, takes and executes decisions concerning the processing (including the means used) or has them executed by a processor on its behalf.
Personal Data: data that can be associated with a data subject, in particular the name, the identification mark and one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of the data subject, and the inferences that can be drawn from the data relating to the data subject.
Processing incident: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed.


INFORMATION ON DATA MANAGEMENT


Pursuant to Article 20. § (4) of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information and the requirements of the new EU GDPR Regulation, we are obliged to inform you about the following in connection with data processing:
Purpose of processing and scope of data processed
Purpose of the processing and purposes of the data processing
Data subjects, data controllers or data processors who process or handle the stored data
Where the data are stored
Your rights as data subject/ data subject in relation to the processing
Purpose of processing and scope of data processed
In this form of processing, we process the personal data listed below in order to contact and keep in touch with you in connection with our accommodation and other services and to provide you with information in response to your request.
We will send our information letters in the form of an e-mail to the e-mail address you have provided, from which you can unsubscribe at any time, or you can request to unsubscribe via our company central e-mail address (info@bordurhotel.hu).


We store the following data you have provided: (Personal Data - Purpose of Processing)
Name - Data stored for the purpose of contacting you
E-mail address - Data stored for the purpose of technical contact
Data processing - Technical contact details
The personal data stored for the purpose of contacting you will cease to be stored upon deletion, as described in our data management procedure.
Data Subjects, Data Controllers or Data Processors who handle or process the stored data
Data subjects/contacted persons: persons who have registered for the GDPR Preparation Club on the website and who have requested the free downloadable guide.
Data controllers: the company operating the website www.bordurhotel.hu and its authorised staff.
Data processors: the data stored will be stored on the server of the website hosting provider. The data stored will be transferred to the newsletter service provider's system for the purpose of sending out electronic information letters. We will not disclose your data to third parties other than the hosting company, except in the case of a request from a public authority.
Place of data storage
The data is stored on the web server of the website www.bordurhotel.hu.
Your rights as data subject/ data subject in relation to data processing
You may request information about your rights in relation to data processing and may also request the deletion or modification of your data.
- by e-mail: info@bordurhotel.hu
- by post to: 4. Szent András street, Békésszentandrás 5561, Hungary.


DATA PROCESSORS


Hosting provider
Activity of the data processor: Hosting
Name and contact details of the data processor:
Futureweb Design Kft.
22. Szabadság street, Szabolcs 4467, Hungary
info@futureweb.hu
Newsletter provider
Data processor activity: newsletter service
Name and contact details of the data processor:
Sales Autopilot
6-A Zsolt street 5. floor 1, Budapest 1016, Hungary
+36 1 490 0172
https://www.salesautopilot.hu/
Purpose of data processing: sending informative e-mails to newsletter subscribers.
Data processed: data provided by the data subject (name, e-mail address).
Data subjects: persons registered for the newsletter.
Duration of processing: the data of the persons registered for the newsletter are stored until the registration is cancelled.
Legal basis for processing: consent of the data subject/contacted person.
Purpose of data processing: to ensure the availability of the website on the World Wide Web.
Data processed: the data provided by the data subject (name, e-mail address) and the entire data file of the website.
Data subjects: visitors to the website.
Duration of processing: The hosting provider is responsible for the ongoing maintenance of the website data. 
Legal basis for processing: consent of the data subject/contacted person.

USE OF COOKIES


We are obliged to inform you about the use of cookies on our website in accordance with the legislation in force.
The website uses cookies of the following types: 'password-protected session cookies' and 'security cookies', the use of which does not require the prior consent of the data subject.
Purpose of processing: to identify users and track visitors.
Scope of data processed, fact of processing: unique identifier, dates, times
Data subjects/contactees: All data subjects/contactees visiting the website.
Duration of data processing: the duration of data processing is stored until the website is left/closed in the case of session cookies, up to 1 year in the case of other cookies.
For cookies, no personal data are processed and handled.
Data subjects/contacted persons have the possibility to delete cookies in the browser settings menu.
Information on cookie settings for the most commonly used browsers can be found at the links below:
Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=hu
Mozilla Firefox: https://support.mozilla.org/hu/kb/weboldalak-altal-elhelyezett-sutik-torlese-szamito
Safari: https://support.apple.com/hu-hu/HT201265
Opera: http://help.opera.com/Windows/10.20/hu/cookies.html
Legal basis for processing: consent is not required.

GOOGLE ADWORDS


We use Google's advertising system known as Google Adwords, which provides conversion tracking and analytics.
When an internet user clicks on a google ad and is taken to our website, a conversion tracking cookie is sent to their computer. These cookies do not contain any personal data and their validity is limited.
The Google Adwords cookie is not able to identify you.
The information obtained through the Google Adwords cookie is used to allow Google to compile statistics on the number of visitors to its Google Adwords advertising system, and does not analyse any data that could identify the user.
If you do not wish to participate in the analysis provided by the Google Adwords analytics application, you can disable the installation of cookies in your browser.
More information on this can be found here: http://www.google.com/policies/privacy/

GOOGLE ANALYTICS


We use Google's statistics system, known as Google Analytics, which provides website statistics and website analytics.
When you visit our website, Google Analytics saves a cookie on your computer to collect statistical data about your use of the website and to measure activity, which is used to generate statistics for website owners to analyse.
Within Google Analytics, the IP address transmitted by the internet browser of the internet user is not merged with other data and is therefore not used for identification purposes.If you do not wish to participate in the analysis of Google Analytics web statistics, you can disable the storage of cookies in your browser settings and prevent Google from processing your website usage data and IP address. To do this, you need to install the program at this link: https://tools.google.com/dlpage/gaoptout?hl=en

SOCIAL MEDIA SITES


Pursuant to Article 20. § (4) of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information and the requirements of the new EU GDPR regulation, we are obliged to inform you about the following in connection with data processing:
Purpose of processing and scope of data processed
Purpose of the processing and purposes of the data processing
Data subjects, data controllers or data processors who process or handle the stored data
Where the data are stored
Your rights as data subject/ data subject in relation to the processing
Purpose of processing and scope of data processed
To promote the service and the website to the social networking sites (Facebook, Google+, Linkedin, Twitter, Pinterest, Youtube, Instagram etc.) registered and to the social networking site/profile followers/likers who can be linked to the website or service provider.
Scope of data processed: the names and public profile data of users registered on social networking sites, including their pictures.
Data subjects, data controllers or data processors who process or handle the stored data
Data subjects/contacted parties: the users registered on the social networking sites mentioned.
Data controllers: the company operating the www.bordurhotel.hu website and its authorised staff.
For other information on data processing, such as the duration of data processing, the time limit for deletion of data, legal remedies, legal basis for processing, etc., please consult the aforementioned social networking sites. These activities are not under the authority of the controller of the website www.bordurhotel.hu.

DATA AND INFORMATION SECURITY


We have designed our data management processes to ensure the protection of the personal data and privacy of data subjects/contactees. We take care of the measures and procedures that are required by the data protection and information security regulations in the Information Law, the EU GDPR and other applicable regulations.
We attach particular importance to the following security issues:
·         unauthorised access
·         data breach
·         data loss
·         data deletion
·         data leakage
·         designing an appropriate technical environment
·         employee data protection training
·         adherence to and expectation of reasonable security measures from data processors

DATA SUBJECTS' / DATA SUBJECTS' RIGHTS - INFORMATION


At your request, we will provide you with information about the processing of your personal data, and you may request the rectification, erasure, blocking or transfer of your personal data. In the event that the processing of your personal data is not legally binding, we will not be able to delete your data in accordance with your request.
We keep a register for the handling of data breaches, in which we record the following information: the scope of personal data concerned, the scope and number of data subjects affected by the data breach, the circumstances of the data breach, the date, the impact analysis and the measures taken to mitigate the damage caused by the breach, as well as other mandatory data.We will provide you with information on the data processing procedures within a maximum of 25 days of your request. The information is free of charge.
If your request is not lawful, we will inform you within 25 days and inform you of your legal remedies.

GENERAL DATA PROCESSING PROVISIONS


In the case of contacts not detailed in this privacy policy or in a separate privacy policy, we will delete the data stored after a maximum of 2 years from the date of processing.
We are obliged to provide information and data in response to requests from official bodies and authorities to the extent appropriate for the purpose of the request.

LEGAL REMEDY


If you wish to lodge a complaint about the processing of your data, you can do so with the National Authority for Data Protection and Freedom of Information (NAIH).
National Authority for Data Protection and Freedom of Information
22/C. Szilágyi Erzsébet fasor, Budapest 1125, Hungary
Postal address: P.O. Box 5., Budapest 1530, Hungary
Phone: +36 -1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu

JUDICIAL ENFORCEMENT


If you wish to take legal action in relation to the processing of your data, you must initiate legal proceedings. The court has jurisdiction to hear the case. The court of the data subject's or data subject's choice may be the court of the place of residence or domicile.

CERTIFICATION

If your data may be unlawfully processed or your privacy rights may be infringed, you may claim damages. The controller shall be exempted from the payment of damages and compensation if it can prove that the damage or infringement of personality rights was caused by an unforeseeable cause outside the scope of the processing, and also in the case where the damage or infringement of personality rights was caused by the negligence of the data subject/affected party.