DATA PROTECTION INFORMATION

Informing you, as a visitor to our website, a customer of our webshop, a reader of our newsletter and a user of our services, about our company’s data management and data protection rules.

  1. The principles we are applying during our data management

During the data management our company pursues the following principles:

a) we are handling the personal data lawfully and honestly, in a way that is transparent for you.

b) we are collecting the personal data for certain, clear and lawful purpose and we are not handling them in a way that is not compliant with the objectives.

c) the personal data collected and managed by us are corresponding and relevant from data management perspective, and they are limited to the necessary extent only

d) our company takes all the reasonable measures to have the data handled by us accurate and up-to-date if required; we are immediately deleting or correcting the inaccurate personal data.

e) we are storing the personal data in such a format that you can be identified for the period required to reach the objectives of handling the personal data..

f) through the proper technical and organisational measures we are assuring the proper safety of the personal data against the unauthorised or illegitimate handling, accidental loss, annihilation or damaging of the data

Regarding your personal data our company proceeds as follows

a) we are managing the personal data based on your prior information and your voluntary consent and only at the extent that is necessary and always related to an objective, meaning the collection, recording, systemising, storing and utilisation of data.

b) in certain situations the management of your data is based on the legal provisions and it is mandatory; in such cases we are drawing your attention to this specific fact.

c) respectively in certain cases our company or a third party is legitimately interested in managing your personal data, such as the operation, development and safety of our website.

  1. 2. Who we are

The name of the Company: Hungarospa Hajdúszoboszlói Gyógyfürdő és Egészségturisztikai Zártkörűen Működő Részvénytársaság

Seat of the Company: 4200 Hajdúszoboszló, Szent István park 1-3.

Sites of the Company: 4200 Hajdúszoboszló, Böszörményi út 35/A

4200 Hajdúszoboszló, Böszörményi út 35.

4200 Hajdúszoboszló, Böszörményi út 37

4200 Hajdúszoboszló, Rózsa u. 9.

4200 Hajdúszoboszló, József Attila u. 25.

4200 Hajdúszoboszló, Mátyás király sétány 3.

4200 Hajdúszoboszló, Mátyás király sétány 14.

4200 Hajdúszoboszló, Mátyás király sétány 25.

4200 Hajdúszoboszló, Rákóczi u. 184.

4200 Hajdúszoboszló, Szép Ernő u. 16.

4200 Hajdúszoboszló, Hőforrás u. 4.

4200 Hajdúszoboszló, Mátyás király sétány 23.

4200 Hajdúszoboszló, 3524 hrsz,

4200 Hajdúszoboszló, 3529 hrsz

4200 Hajdúszoboszló, Debreceni útfél 3.

4200 Hajdúszoboszló, József Attila u. 5-7.

Website of the Company: www.hungarospa.hu

Postal address: 4200 Hajdúszoboszló, Szent István park 1-3.

Phone number: 06-52-558-558

E-mail address: info@hungarospa.hu

Tax number: 10605125-2-09

Company registration number: 09-10-000045

TThe contact details of our company’s data protection official (e-mail address): serfozo.zsuzsa@hungarospa.hu

Name, address and contact details of our hosting provider: beks Kommunikációs Technika Kft.

4024 Debrecen, Rákóczi u.
21.
info@beks.hu

During the management of the data our company – in order to provide quality service to our clients – is using the following data processors:

Name

Address

Activity

Morgens Design Ltd.

8800 Nagykanizsa, Csányi László u.
2.

Database maintenance and processing

Should we modify the scope of our data processors, we are updating the changes in the present information.

The data handled by us:

Name of activity and the purpose of data handling

Legal base

Handled data

Duration

Registration number

Using the webshop’s services

Objective: registration and recording of the buyers,

Handling and fulfilling the orders,

Handling the purchases, the invoicing and the delivery,

Handling the complaints, dealing with the returning of calls

keeping contact with the buyers.

contract

legal provision

(GDPR 6.cikk (1) bek. c) pont,

Eker tv. 13/A §,

Számv. tv. 169.
§).

Full name,

Phone number and e-mail address

Order-identifying number,

The data of your purchases (product, quantity, price, date),

Payment-related data (payment deadline, bank account number,

invoicing name, full name in case of natural person,

your tax number or tax identification number (if these data are required for the invoicing)

invoicing address (ZIP code, settlement, name of street / square, etc, number of house/apartment, floor, door).

During the operation of the webshop for an indefinite time, but maximum till the withdrawal of the data handling consent

The period of storage of the data related to fulfil the contracts is 5 years.

The storage period of the issued invoices and the documents based on which the invoices had been issued is 8 years.

Asking for offer/booking

Objective: by completing the form on the website you may ask for an offer about our accommodation respectively you can send a booking for the selected date by specifying the number of nights, type of accommodation and number of people

voluntary

keeping contact with the buyers.

name, e-mail address, phone numbe

If after the request for quotation the offer is being not accepted, then the data get deleted in 5 days from the refusal.

If the offer is being accepted and the booking takes place, then the data will be stored for 5 years, and for 8 years if there is an invoice being issued.

Registration for the newsletter service (direct marketing)

Objective: we are informing you about our new promotions, products, events in e-mail

keeping contact with the buyers.

Full name,

e-mail address

till unsubscribe from the newsletter

Winning game

  • Objective: positive influencing of the Company’s business by drawing one’s attention and by offering valuable awards, increasing the satisfaction of the buyers

keeping contact with the buyers.

legal obligation

  • full name
  • e-mail address
  • n case of participants till the end of the game,
  • in case of winners for 5 respectively 8 years

We are asking for the personal data of the visitors of our website if they wish to ask for an offer, intend to book buy through the webshop, subscribe to the newsletter respectively participate in a winning game..

We can’t connect the personal data – that were provided during the registration or when using our marketing services – and the identification of our visitors is basically not our purpose.

Regarding your data-management questions you can obtain further information by writing to the info@hungarospa.hu e-mail address or by post, and we are replying in 15 days (in maximum 1 month) to the contact supplied by you.

  1. What are the cookies and how we are handling them?

The cookies are small data files (further on: cookies) that get onto your computer through the website by using the website so that they are saved and stored by your Internet browser. The majority of the most often used Internet browsers (Chrome, Firefox, etc.) is accepting and permitting by default the downloading and use of the cookies, but it is on you whether you are rejecting or banning them through the modification of the browser, respectively you can also delete the cookies that are stored on your computer. The “help” menu point of the browsers provides further information on the use of cookies.

There are cookies that do not require your primary consent. These are briefly disclosed by our website at the start of your first visit, such as authentication cookies, multimedia player cookies, load balancing cookies, session cookies to help you customise the user interface, and user-centric security cookies.

Our Company will inform you and ask for your consent about cookies that require your consent – if the processing starts when you visit the site – at the beginning of your first visit.

We do not use or allow cookies that enable third parties to collect data without your consent.

Acceptance of cookies is not mandatory, but our Company is not responsible if our website does not function as expected without cookies.

You can usually manage, delete or disable cookies by going to the Tools/Preferences menu of your browser and selecting Privacy settings, then selecting the cookie.

What cookies do we use?

Type

Name

Contribution

Description

Target

Validity

system cookies

(cookies required)

not required

the session cookie of the web application firewall, used to prevent cross-referencing abuse

ensuring the functioning of the website

Transitional

browse until the end of the session

functional cookies

requires

persistent cookies

ensure a better user experience

until revoked

tracking cookie

(ad cookies)

requires

for personalisation

e.g. facebook pixel code

Remember your preferences so that we can send you an ad that matches your personal interests

until the cookie is deleted

tracking cookie

(from third parties)

requires

to identify new sessions and visitors, saved by the Google Analytics web tracking service

Google remarketing code

when you visit this website, you are connected to services provided by third parties (e.g. Google)

until cancellation


List of Cookies

Cookie name

responsibility

absolutely necessary?

Temporary / permanent

PHPSESSID

stores the current session

yes

temporary (session)

__lang

Stores the current language selected on the page (e.g. hu_HU – Hungarian)

yes

permanent (persistent)

cookiebar

Hide the bar for accepting the Cookie Policy

yes

permanent (persistent)

_ga

Google Analytics statistical system identification cookie

not

permanent (persistent)

_gid

Google Analytics statistical system identification cookie 2.

not

permanent (persistent)

__atuvs, __atuvc

AddThis Sharing Module Identification Cookies

not

permanent (persistent)

TAUnique

tripadvisor identification cookie

not

permanent (persistent)

ServerPool

tripadvisor identification cookie

not

temporary (session)

TASession

tripadvisor session ID cookie

not

temporary (session)

TACds

tripadvisor identification cookie

not

permanent (persistent)

ssc

AddThis Sharing module ID/storage cookie

not

permanent (persistent)

at

AddThis Sharing module ID/storage cookie

not

permanent (persistent)

di2

AddThis Sharing module ID/storage cookie

not

permanent (persistent)

ssh

AddThis Sharing module ID/storage cookie

not

permanent (persistent)

vc

AddThis Sharing module ID/storage cookie

not

permanent (persistent)

uvc

AddThis Sharing module ID/storage cookie

not

permanent (persistent)

loc

AddThis Sharing module ID/storage cookie

not

permanent (persistent)

sshs

AddThis Sharing module ID/storage cookie

not

permanent (persistent)

uid

AddThis Sharing module ID/storage cookie

not

permanent (persistent)

Third-party cookies (Facebook, Google, AddThis, Tripadvisor, etc.) may be changed without prior notice to the service providers, as the service is not provided by Hungarospa and its partners.

You can read more about third party cookies here https://www.google.com/policies/technologies/types/ and about data protection here https://www.google.com/analytics/learn/privacy.html?hl=hu.

  1. What else do you need to know about our data management on our website?

The personal data you provide to us voluntarily when registering or contacting our Company, we therefore ask you to gradually take care of their truthfulness, correctness and accuracy when providing us with your data, for which you are responsible.
Incorrect, inaccurate or incomplete data may prevent you from using our services.

If you do not provide your own personal data but that of another person, we will assume that you have the necessary authorisation to do so.

You may withdraw your consent to data processing at any time, free of charge

  • by deleting the registration,
  • by withdrawing consent to the processing; or
  • by withdrawing or requesting the blocking of any consent to the processing or use of data that must be completed during registration.

For technical reasons, we have a 15-day deadline for registering the withdrawal of consent, but please note that we may process certain data after the withdrawal of consent in order to comply with a legal obligation or to pursue our legitimate interests.

In the event of the use of misleading personal data, or if one of our visitors commits a crime or attacks our Company’s system, we will delete your data immediately upon termination of your registration or, if necessary, retain it for the duration of the civil liability or criminal proceedings.

  1. What do you need to know about our data management for newsletter (direct marketing) purposes?

By entering your personal data in the newsletter registration area (i.e. by clearly indicating your intention to consent), you can give your consent to us using your personal data for marketing purposes.
In this case, we will also process your data for the purpose of sending you newsletters (direct marketing) and will send you advertising and other information and offers in our newsletter (GDPR § 6).

You can withdraw your consent at any time, free of charge.You can delete your data from the database at any time by clicking on the unsubscribe link in our newsletter.

In any case, the cancellation of the registration will be considered as a withdrawal of consent.

For technical reasons, a 15-day deadline is set for the registration of the withdrawal or cancellation of individual consents.

  1. What do you need to know about prize draws?

Our Company may organise prize draws as part of a campaign, the terms and conditions of which are set out in a separate policy.
The rules of the current promotion can always be found on the home page of our website, centrally located link.

  1. Other data management issues

We may only transfer your data within the limits set by law and, in the case of our data processors, we ensure that they cannot use your personal data for purposes that are not in accordance with your consent by setting contractual conditions.
For more information, see 2.
Please see section 2.

Our company does not transfer data abroad.

The court, the prosecution and other authorities (e.g. police, tax authorities, National Authority for Data Protection and Freedom of Information) may contact our Company for information, data or documents.
In such cases, we must comply with our obligation to provide information, but only to the extent strictly necessary to achieve the purpose of the request.

Our contractors and employees involved in the processing of your personal data are entitled to have access to your personal data to the extent specified in advance, subject to confidentiality obligations.

We will take appropriate technical and other measures to protect your personal data and to ensure its security, availability and to protect it from unauthorised access, alteration, damage or disclosure and any other unauthorised use.

As part of our organisational measures, we control physical access in our buildings, provide continuous training for our employees and keep paper documents locked away with appropriate protection.
Technical measures include encryption, password protection and anti-virus software.
Please note, however, that data transmission via the Internet cannot be considered a fully secure transmission.
While we make every effort to ensure that our processes are as secure as possible, we cannot accept full responsibility for the transmission of data via our website, but we do maintain strict standards for the security of your data and the prevention of unlawful access to data received by us.

In relation to security issues, we ask for your help in carefully remembering your password to access our website and not to share this password with anyone.

  1. What are your rights and remedies?

About data processing

  • request information on,
  • may request the rectification, modification or integration of their personal data processed by us,
  • may object to the processing and request the erasure and blocking of their data (except for mandatory processing),
  • have a right of appeal to a court,
  • lodge a complaint or take action with the supervisory authority (https://naih.hu/panaszuegyintezes-rendje.html).

Supervisory Authority: National Authority for Data Protection and Freedom of Information

  • Office: 1055 Budapest, Falk Miksa u.
    9-11.
  • Postal address: 1363 Budapest, PO Box 9.
  • Phone: +36 (1) 391-1400
  • Fax: +36 (1) 391-1410
  • E-mail:ugyfelszolgalat@naih.hu
    Website:https://naih.hu/

At your request, we will provide you with information about the personal data that we process about you or that we – or our data processors – process.

  • about your data,
  • their source,
  • the purposes and legal basis of the processing,
  • and, if this is not possible, the criteria for determining this period,
  • the names and addresses of our data processors and their data processing activities,
  • the circumstances and effects of data breaches and the measures we have taken to prevent and respond to them; and
  • the legal basis and recipient of the transfer of your personal data.

We will provide you with information within 15 days (but not more than 1 month) of the request.
The information will be provided free of charge unless you have already submitted a request for information on the same data in the current year.
We will reimburse you for any charges you have already paid if we have processed the data unlawfully or if the request for information has led to a correction.
We may only refuse to provide information in cases provided for by law, by indicating the legal position and by informing you of the possibility of judicial remedy or recourse to the Authority.

Our Company will notify you and all those to whom it has previously disclosed the data for processing purposes of the rectification, blocking, marking and erasure of personal data, unless the non-notification is not in your legitimate interest.

If we do not comply with your request for rectification, blocking or erasure, we will provide you with the reasons for our refusal in writing or, with your consent, by electronic means within 15 days (but not more than 1 month) of receipt of your request and inform you of the possibility of judicial remedy and of recourse to the Authority.

If you object to the processing of your personal data, we will consider your objection within 15 days of your request (but not later than 1 month) and inform you in writing of our decision.
If we decide that your objection is justified, we will stop the processing, including any further collection and further transfer, and block the data, and notify the objection and any action taken in response to it to all those to whom we have previously disclosed the personal data to which the objection relates and who are under a duty to act in order to exercise the right to object.

We will refuse to comply with the request if we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
If you do not agree with our decision or if we fail to comply with the time limit, you have 30 days from the date of notification of the decision or the last day of the time limit to take legal action.

Data protection litigation falls within the jurisdiction of the courts, which may, at the option of the data subject, be brought before the courts of the place of residence or domicile of the data subject.
A foreign national may also lodge a complaint with the supervisory authority of his/her place of residence.

Please contact our Company before lodging a complaint with the supervisory authority or the courts to discuss and resolve the problem as quickly as possible.

  1. What is the main legislation governing our activities?
  • Regulation (EU) 2016/679 of the European Parliament and of the Council on the processing of personal data of natural persons (GDPR)
  • on the right of information self-determination and freedom of information of 2011. évi CXII. law – (Info tv.)
  • the Civil Code 2013.
    V of 2013 (Civil Code)
  • on certain aspects of electronic commerce services and information society services of 2001. évi CVIII. law – (Eker tv.)
  • the Electronic Communications Act 2003.
    C. of 2003 – (Ehtv)
  • the 1997 Act on consumer protection. évi CLV. law (Fogyv tv.)
  • on complaints and notifications of public interest 2013.
    CLXV.
    Act of 2013 on.
    (Pktv.)
  • on the basic conditions and certain limitations of commercial advertising activities of 2008. évi XLVIII. Act (Grtv.)
  1. Amendments to the Privacy Notice

Our Company reserves the right to modify this Privacy Notice and will inform the data subjects accordingly.
The publication of information on data management on the https://www.hungarospa.hu/Egyeb-tajekoztatas website.

2018.
05.24