Data protection

DATA PROTECTION INFORMATION

 where we are informing you as the visitor of our webshop and the user of our services about the data handling and data protection rules of our company.

  1. The principles we are applying during our data management

During the data management our company pursues the following principles:

a)      we are handling the personal data lawfully and honestly, in a way that is transparent for you.

b)      we are collecting the personal data for certain, clear and lawful purpose and we are not handling them in a way that is not compliant with the objectives.

c)      the personal data collected and managed by us are corresponding and relevant from data management perspective, and they are limited to the necessary extent only.

d)      our company takes all the reasonable measures to have the data handled by us accurate and up-to-date if required; we are immediately deleting or correcting the inaccurate personal data.

e)      we are storing the personal data in such a format that you can be identified for the period required to reach the objectives of handling the personal data.

f)       through the proper technical and organisational measures we are assuring the proper safety of the personal data against the unauthorised or illegitimate handling, accidental loss, annihilation or damaging of the data.

Regarding your personal data our company proceeds as follows 

a)      we are managing the personal data based on your prior information and your voluntary consent and only at the extent that is necessary and always related to an objective, meaning the collection, recording, systemising, storing and utilisation of data.

b)      in certain situations the management of your data is based on the legal provisions and it is mandatory; in such cases we are drawing your attention to this specific fact.

c)      respectively in certain cases our company or a third party is legitimately interested in managing your personal data, such as the operation, development and safety of our website.

  • 2. Who we are

The name of the Company: Hungarospa Hajdúszoboszlói Gyógyfürdő és Egészségturisztikai Zártkörűen Működő Részvénytársaság

Seat of the Company: 4200 Hajdúszoboszló, Szent István park 1-3.

Sites of the Company:     4200 Hajdúszoboszló, Böszörményi út 35/A

                                               4200 Hajdúszoboszló, Böszörményi út 35.

                                                4200 Hajdúszoboszló, Böszörményi út 37

                                               4200 Hajdúszoboszló, Rózsa u. 9.

                                               4200 Hajdúszoboszló, József Attila u. 25.

                                               4200 Hajdúszoboszló, Mátyás király sétány 3.

                                               4200 Hajdúszoboszló, Mátyás király sétány 14.

                                               4200 Hajdúszoboszló, Mátyás király sétány 25.

                                               4200 Hajdúszoboszló, Rákóczi u. 184.

                                               4200 Hajdúszoboszló, Szép Ernő u. 16.

                                               4200 Hajdúszoboszló, Hőforrás u. 4.

                                               4200 Hajdúszoboszló, Mátyás király sétány 23.

                                               4200 Hajdúszoboszló, 3524 hrsz,

                                               4200 Hajdúszoboszló, 3529 hrsz

                                               4200 Hajdúszoboszló, Debreceni útfél 3.

                                               4200 Hajdúszoboszló, József Attila u. 5-7.

 

Website of the Company: www.hungarospa.hu

Postal address: 4200 Hajdúszoboszló, Szent István park 1-3.

Phone number: 06-52-558-558

E-mail address: info@hungarospa.hu

Tax number: 10605125-2-09

Company registration number: 09-10-000045

The contact details of our company’s data protection official (e-mail address): serfozo.zsuzsa@hungarospa.hu

The name, address and contact detail of the company’s host: MCONet International Kft.

1052 Budapest, Piarista u. 4, e-mail: mconet@mconet.eu

During the management of the data our company – in order to provide quality service to our clients – is using the following data processors:

 

NAME

 

ADDRESS

 

ACTIVITY

 

MCOnet International Kft.

 

1052 Budapest, Piarista u. 4.

 

IT service providing, storage service, database maintenance and processing, reporting

 

Should we modify the scope of our data processors, we are updating the changes in the present information.

The data handled by us: 

Name of activity and the purpose of data handling

Legal base

Handled data

Duration

Registration number

Using the webshop’s services

Objective: registration and recording of the buyers,

Handling and fulfilling the orders,

Handling the purchases, the invoicing and the delivery,

Handling the complaints, dealing with the returning of calls, keeping contact with the buyers.

 

Consent

contract

legal provision

(GDPR article 6. (1) c),

Eker act: 13/A §,

Accounting act: 169. §).

Full name,

Phone number and e-mail address,

Order-identifying number,

The data of your purchases (product, quantity, price, date),

Payment-related data (payment deadline, bank account number, bank or credit card number, etc.),

invoicing name, full name in case of natural person,

your tax number or tax identification number (if these data are required for the invoicing)

invoicing address (ZIP code, settlement, name of street / square, etc, number of house/apartment, floor, door).

During the operation of the webshop for an indefinite time, but maximum till the withdrawal of the data handling consent

 

The period of storage of the data related to fulfil the contracts is 5 years.

 The storage period of the issued invoices and the documents based on which the invoices had been issued is 8 years.

 

 

 

Asking for offer/booking

Objective: by completing the form on the website you may ask for an offer about our accommodation respectively you can send a booking for the selected date by specifying the number of nights, type of accommodation and number of people

voluntary

consent

name, e-mail address, phone number

 

If after the request for quotation the offer is being not accepted, then the data get deleted in 5 days from the refusal.

If the offer is being accepted and the booking takes place, then the data will be stored for 5 years, and for 8 years if there is an invoice being issued.

 

Registration for the newsletter service (direct marketing)

Objective: we are informing you about our new promotions, products, events in e-mail

consent

Full name,

e-mail address

 

Till being unsubscribed from the newsletter

 

Winning game

  • Objective: positive influencing of the Company’s business by drawing one’s attention  and by offering valuable awards, increasing the satisfaction of the buyers

consent

legal obligation

  • full name
  • e-mail address
  •  
  • in case of participants till the end of the game, in case of winners for 5 respectively 8 years
  •  
   

 We are asking for the personal data of the visitors of our website if they wish to ask for an offer, intend to book, buy through the webshop, subscribe to the newsletter respectively participate in a winning game.

We can’t connect the personal data – that were provided during the registration or when using our marketing services – and the identification of our visitors is basically not our purpose.

Regarding your data-management questions you can obtain further information by writing to the info@hungarospa.hu e-mail address or by post, and we are replying in 15 days (in maximum 1 month) to the contact supplied by you. 

 

  1. What are the cookies and how we are handling them?

 

The cookies are small data files (further on: cookies) that get onto your computer through the website by using the website so that they are saved and stored by your Internet browser. The majority of the most often used Internet browsers (Chrome, Firefox, etc.) is accepting and permitting by default the downloading and use of the cookies, but it is on you whether you are rejecting or banning them through the modification of the browser, respectively you can also delete the cookies that are stored on your computer. The “help” menu point of the browsers provides further information on the use of cookies.

There are cookies that do not require your primary consent. Our website informs you accordingly during the first visit, they are the authentication, multimedia-player, burden-equalising cookies and the work session cookies assisting in the customisation of the user platform as well as the user-centred safety cookies.

Our company is informing you about the cookies that require consent – if the data handling commences right when visiting the site – when commencing the first visit and we are asking for your consent.

Our company is not using and is not permitting cookies with which third parties can collect data without your consent.

It is not mandatory to accept the cookies, however our Company can’t be held liable if our website does not function properly when the cookies were not accepted.

Usually it is possible to handle, delete the cookies, ban their planting in the browser’s Tools/Settings menu, under the Data protection settings, under cookies.

What cookies are we using?

Type

Name

Consent

Description

Goal

Validity

System cookies

(required cookie)

 

Not required

The session cookie of the web-based application’s firewall that serves for the prevention of the misuse of cross-references

Assuring the functioning of the website

temporary

till the end of the browsing

Functional cookies

 

required

permanent cookies

For assuring the better utilisation experience

Till withdrawal

Tracking cookies

(ad-cookie)

 

required

 For customisation

e.g. Facebook pixel code

Memorising your settings, so that we can send the ads that correspond to your personal interest

 

Till the deletion of the cookie

 

Tracking cookie

(from third party)

 

required

 

For the identification of new sessions and visitors, it is saved by the Google Analytics’ web-based tracking service

During the visiting of the website it is related to the services of third parties (e.g.. Google)

 

 Till deletion

 Our Cookies:

 

Cookie 

feladata

Necessary?

session / president

PHPSESSID

aktuális munkamenetet tárolja

yes

(session)

__lang

Az oldalon kiválasztott aktuális nyelvet tárolja (pl. hu_HU - magyar)

yes

(persistent)

cookiebar

A Cookie szabályzat elfogadásával kapcsolatos sáv elrejtése

yes

(persistent)

_ga

Google Analytics statisztikai rendszer azonosító cookie

no

(persistent)

_gid

Google Analytics statisztikai rendszer azonosító cookie 2.

no

 (persistent)

__atuvs, __atuvc

AddThis megosztó modul azonosító Cookie-k

no

 (persistent)

TAUnique

tripadvisor azonosító cookie

no

 (persistent)

ServerPool

tripadvisor azonosító cookie

no

(session)

TASession

tripadvisor munkamenet azonosító cookie

no

 (session)

TACds

tripadvisor azonosító cookie

no

 (persistent)

ssc

AddThis Megosztó modul azonosító / tároló cookie

no

 (persistent)

um

AddThis Megosztó modul azonosító / tároló cookie

no

 (persistent)

di2

AddThis Megosztó modul azonosító / tároló cookie

no

 (persistent)

ssh

AddThis Megosztó modul azonosító / tároló cookie

no

 (persistent)

vc

AddThis Megosztó modul azonosító / tároló cookie

no

 (persistent)

uvc

AddThis Megosztó modul azonosító / tároló cookie

no

 (persistent)

loc

AddThis Megosztó modul azonosító / tároló cookie

no

 (persistent)

sshs

AddThis Megosztó modul azonosító / tároló cookie

no

 (persistent)

uid

AddThis Megosztó modul azonosító / tároló cookie

no

 (persistent)

 

Further information on the cookie deriving from third party:https://www.google.com/policies/technologies/types/,   and the data protection is detailed here https://www.google.com/analytics/learn/privacy.html?hl=hu

 

  1. What else can be known about the data management that is related to our website?

 

You are supplying your personal data voluntarily during the registration respectively when keeping contact with our Company therefore we are asking you to make sure your data are real, correct and accurate when you are providing them because you are responsible for these. The incorrect, inaccurate or incomplete data can hinder the services.

If you are supplying somebody else’s personal data then we suppose you are possessing the required authorisation.

You can any time withdraw your consent to the data management free of charge:

  • by deleting the registration,
  • by withdrawing the consent for the data handling, respectively
  • by withdrawing the consent given to the handling or utilisation of the data that were definitely required during the registration or by asking for blocking.

We are assuming the registration of the withdrawal of the consent – due to technical reasons – with a 15-day deadline however we are drawing your attention that for the completion of our legal obligation or for the enforcement of our legitimate interests we still can handle certain data even after the withdrawal of the consent.

In case of the use of misleading personal data respectively if one of our visitors commits a crime or he/she is attacking our Company’s system, we are immediately deleting his/her data simultaneously with the termination of the visitor’s registration, respectively – if required – we keep them during the period of determining the civil liability or carrying out the criminal proceedings.

 

  1. What should you know about the data handling with newsletter (direct marketing) purpose?

 

By providing your personal data on the newsletter registration platform (that is by clearly declaring your consent) you may give your consent to enable us in using your personal data for marketing purpose, too. In such case – till the withdrawal of the consent – we are handling your data for newsletter sending (direct marketing), too and we are sending you promotional and other information and offers in newsletter form (GDPR. 6. §).

You may any time withdraw your consent free of charge.You may delete your data any time from the database by clicking on the unsubscribe link in the newsletter.

We are always considering the deletion of the registration as the withdrawal of the consent.

We assume to register the withdrawal or cancellation of the consent – due to technical reasons – with a 15-day deadline.

 

  1. What should you know about the winning games?

 

Our company may organise campaign-like winning games where the occasional terms and conditions are specified in a separate regulation. The regulation of the actual action will always be found in the opening page of our website, under a link situated in a central position.

 

  1. Other data management issues

 

We can forward your data only within conditions specified by law, and in case of our data processors there are contractual conditions to assure they can’t use your personal data for a purpose that is against your will. There is further information in article 2.

Our company is not forwarding data to abroad.

The court, the prosecutor1s office and other authorities (e.g. police, tax authority, National data protection and information liberty authority) may contact our company in order to get information, to provide information or to make documents available. In such cases we have to meet our data supplying obligation but only at the extent that is definitely required to realise the objective of the contacting.

The companies contributors and employees participating in the data handling and/or data processing are entitled to get to know your personal data – at a pre-defined extent and under the confidentiality obligation.

We are protecting your personal data with the proper technical and other measures, and we are assuring the safety of the data, their availability, and we are protecting them from unauthorised access, modification, corruption and disclosure and any other illegitimate use.

Within organisational measures we are checking the physical access in our buildings, we keep training our employees and we are storing the paper-based documents locked away with proper protection. Within the technical measures we are using encryption, password protection and antivirus software. However we are drawing your attention that the data transfer through the Internet can’t be considered fully safe data transfer. Our company takes every step to make the processes as safe as possible, but we can’t assume full responsibility for transferring the data through our website, but regarding the data received by our company we have strict provisions in order to keep your data safe and prevent the unauthorised access.

Regarding the safety issues we are asking for your help in carefully storing your password to our website and do not share that password with anybody.

 

  1. What are your rights and possibilities to remedy?

 

Regarding the data management

  • you may ask for information,
  • may ask for the correction, modification or completion of the personal data handled by us,
  • may object against the data management and may ask for the deletion and blocking of your data (except for the mandatory data management),
  • may use the remedies before the court,
  • may file a complaint at the supervisory authority respectively may initiate proceedings (https://naih.hu/panaszuegyintezes-rendje.html).

Supervisory authority: National data protection and information liberty authority

  • Seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
  • Postal address: 1530 Budapest, Pf.: 5.
  • Phone: +36 (1) 391-1400
  • Fax: +36 (1) 391-1410
  • E-mail:  ugyfelszolgalat@naih.hu
    Website: https://naih.hu/

If requested by you we are providing information

  • about your data that are handled, by us respectively processed by us or by our assigned data-processor
  • their source,
  • purpose and legal base of the data management,
  • duration, and if this is not possible then the criteria of defining the duration,
  • name, address of our data processors and their activities related to the data management,
  • circumstances of the data protection incidents, the impacts and the measures taken to avoid or prevent them, and
  • the legal base and the addressee in case of forwarding your personal data.

In 15 days (in maximum 1 month) from submitting the application we are giving our information. The information is free of charge except when in the subject year and related to the same issue you have already submitted an application for information. We are reimbursing the cost already paid by you if we had handled the data illegitimately or the request for information led to correction. We can refuse the information only in cases specified by law by specifying the law and by informing about the possibility about court remedy or contacting the Authority.

Our Company is notifying you about the correction, blocking, marking and deletion of the personal data and the Company also notifies the parties to whom he had earlier forwarded the data for data handling except when the lack of notification does not damage your righteous interests.

If we are not fulfilling your application for correction, blocking or deletion, we are telling in writing or electronically (if permitted by you) the reasons of the rejection in 15 days from receiving the application (however in maximum 1 month) and inform you about the possibility of court-based remedy or contacting the Authority.

If you are objecting against the handling of your personal data, we are examining the objection in 15 days from the submittal of the application (and within maximum 1 month) and we are informing you in writing about our decision. If we decide that your objection is sound, then we are terminating the data handling – including the further data collection and data forwarding – and we are blocking the data, and about the objection and the related measures we are notifying the parties to whom we had earlier forwarded the objection-related personal data and who are obliged to take measures in order to enforce the right to object.

We are refusing to fulfil the request if we are proving that the data handling is justified by coercive legitimate reasons that have priority over your interests, rights and liberties or that are related to the submittal, enforcement or protection of legal claims. If you are not agreeing about our decision, respectively if we are missing the deadline, you can contact the court in 30 days from receiving the decision respectively from the last day of the deadline.

The judging of the data protection suits falls under the scope of the court, the suit – according to the concerned party’s choice – can be launched at the court that corresponds to the concerned party’s domicile or residence. The foreign citizens can contact the competent supervisory authority that corresponds to the domicile.

We ask you to contact our Company - prior to contacting the supervisory authority or the court with your complaints – for discussion and for the soonest solution of the incurred problem.

 

  1. What are the main legal provisions that characterise our activity?

 

  • the 2016/679 decree (GDPR) of the European Parliament and the Council on the handling of personal data of natural persons
  • the 2011/CXII act on the information-related self-governing right and the freedom of information - (Info tv.)
  • the 2013/V act on the civil Code (Ptk.)
  • the 2001/CVIII act on certain issues related to electronic commercial services and the services related to the information society (Eker tv.)
  • the 2003/C act on electronic telecommunication - (Ehtv)
  • the 1997/CLV act on consumer protection (Fogyv tv.)
  • the 2013/CLXV act on complaints and notifications of public interest. (Pktv.)
  • the 2008/XLVIII act on basic conditions and certain limits of the business-related advertising (Grtv.)

 

  1. Modification of the data management information

Our company reserves the right to modify the present data management information and it will properly notify the interested parties about the change. The publishing of the information related to the data management takes place on the https://www.hungarospa.hu/Egyeb-tajekoztatassite.

 

Made on: May 24, 2018