3. Principles for ABBAZIA Data Management
4. Scope of personal data, purpose, title and duration of data management
4.1. Details of website visitors
4.2. Data for accommodation nights
4.2.1. Offer and confirmation of accommodation nights
4.2.2. Recording of guest nights
4.3. Security cameras for hotels
4.6. Details of website visitors
4.7. Managing websites "cookies"
4.8. Lost and found
4.9. ABBÁZIA customer requests
4.10. Data holding of holiday makers
4.10.1. OLCI (online check-in) system
4.13. RCI guests
4.14. Mailchimp Mail System
5. How to store personal data, security of data management
6. Details of data controller, availability
7. Rights of the data subject, to enforce their own rights
7.1. The right to information
7.2 Right to access
7.3 Right of Correction
7.4 Right to Cancellation
7.5 Right to Restrict Data Management
7.6 Right to data storage
7.7 Right to protest
7.8 Automated decision making in individual cases, profiling
7.9 Right to Court
7.10 Right to Justice
8. Other provisions
The Abbázia Group, hereinafter referred to as ABBÁZIA (provider data controller) as a data controller, is obliged to accept the content of this legal notice. It is responsible for ensuring that all data management related to your activity meets the requirements set out in this document and the applicable legislation. ABBÁZIA reserves the right to change this information. Current status information is available at http://abbaciagroup.com/index.php?lang=english&page=av. This brochure is developed by the "HELIKON" Utazási Iroda Kft. (Hereinafter referred to as "the Company") belonging to the Abbázia Group. Given that the group produces its activities for its customers at a group level, it is justified to introduce and maintain a uniform regulation for the entire group of companies by providing complex services for the individual customers by the participating group members.
ABBÁZIA is committed to protecting the privacy of its clients' information, in order to protect the privacy of their dedicated customers and partners. Personal data is handled confidentially and we will take all security, technical and organizational measures that guarantee the security of your data. ABBÁZIA will outline its data management principles below, present the expectations that it has formulated and complies with itself as a data controller. The data management principles are in line with existing data protection legislation, in particular:
Personal data can be handled if:
a) the person concerned agrees or
b) it is governed by a law or by a decree of the local government on the basis of the authority of the law and within the scope defined therein for the purpose of public interest (mandatory data management).
Personal data may also be handled if the acquisition of the person concerned is impossible or disproportionate and the processing of personal data is necessary for the fulfilment of the legal obligation of the data controller, or for the legitimate interests of the data controller or third party and for the protection of the rights of the defence. A declaration by a legal representative of a minor who is unable to act and is under 16 years of age, with a limited legal capacity, is required except for those parts of the service where the statement is intended to be mass-produced in everyday life and does not require any particular consideration. If the person concerned is unable to give his consent due to incapacitation or for other unavoidable reasons, the protection of the vital interests of that person or of the life of the person, to the extent necessary to prevent a direct threat to his / her physical or mental integrity, the personal data of the person concerned may be handled during the existence of any obstacles to consent. If the personal data has been collected with the consent of the data subject, the data controller shall record the data unless otherwise provided by law:
(a) with a view to fulfilling a legal obligation on him, or
(b) in order to enforce the legitimate interests of the data controller or a third party, where the enforcement of this interest is proportionate to the limitation of the right to the protection of personal data without further special consent, and following the withdrawal of the consent of the person concerned.
Personal data can only be handled for a specific purpose, in order to exercise rights and to fulfil obligations. At all stages of the data handling, the company must comply with this objective, and data capture and handling must be fair. Only personal data that is essential for achieving the purpose of data management can be used and only to the extent and time necessary to attain it. Personal data can only be handled with appropriate informed consent. Before the data is processed, the data subject shall be informed that the data is based on consent or is compulsory. The data subject must be informed, in a clear, unambiguous and detailed manner, of all the facts related to his or her data management, in particular the purpose and legal basis of the data handling, the data controller and the person entitled to be processed, the duration of the data handling and whether the personal data of the data subject is required to fulfil a legal obligation for the data controller or to enforce a legitimate interest of a third party, who will be able to access the data. The information should also include the rights and remedies available to the data subject in question. Data management must ensure the accuracy, completeness and up-to-dateness of the data as well as the identity of the data subject for the time needed for the purpose of data management. Personal data may be transmitted to a data processor or data processor performing data processing in a third country, only if the data subject explicitly agrees or the above conditions for data processing are met and the data protection level in the third country is managed and processed to an adequate level of protection of personal data. Data transmission to EEA States shall be deemed to be the transfer of data within the territory of Hungary.
The data management of ABBÁZIA activity is based on a voluntary contribution. In some cases, however, the management, storage and transmission of a particular set of data makes it compulsory for contracts, legislation or safe operation, which is specifically notified to our partners. We call ABBÁZIA to the attention of all informants that, if they do not provide their personal data, the data supplier is obliged to obtain the consent of the person concerned.
www.abbaziagroup.com www.clubdobogomajor.hu www.hotelkalma.hu www.petnehazy-clubhotel.hu www.abbazia-nemesnep.hu www.abbazia-clubhotel.hu www.clubhotel-marotta.com Purpose of data management: During a visit to the site, the service provider records the visitor data to monitor the operation of the service, to provide personalized service and prevent abuse. Legal Basis for Data Management: Contribution of the Participant in accordance with the 2001. CVIII. Act 13/A. § (3) of certain aspects of electronic commerce services and information society services. The range of data processed is: Date, Time, IP Address, Title of the visited page, Title of the page you have visited, User's operating system, and Browser data. The duration of the data management is 30 days from the date of viewing the site. ABBÁZIA does not link data generated by the analysis of logs with other information and does not seek to identify the user. (The IP address is a series of numbers that can be uniquely identified by the computers of users on the Internet, and IP addresses can also geographically locate a visitor using that computer. The address of the pages visited and the date and time data are not sufficient to identify the person, (such as those provided during registration) however, combined with data can help to draw conclusions about users.) Data service of external service providers: The portal html code also contains references to an external server that is independent of ABBÁZIA and links to an external server. The external service provider is connected directly to the user's computer. We remind our visitors that the providers of these links are able to collect user data by direct connection from their server, by direct communication with the user's browser. Potentially personalized content for the user is served by the external service provider. The link between the ABBÁZIA and the external service provider only covers the insertion of the latter code, so no personal data is transferred or forwarded. The following webpages: Www.abbaziagroup.com, www.clubdobogomajor.hu, www.hotelkalma.hu, www.petnehazy-clubhotel.hu, www.abbazia-nemesnep.hu, www.abbazia-clubhotel.hu, www.clubhotel-marotta.com carry out independent measurement and auditing of sites visited and other web analytics data from websites, such as an external service provider,( www.google.com.) For details on managing measurement data, contact the data administrator at http://www.google.com/analytics/. To facilitate user experience and ease of use, the service provider's code at www.chat4support.com has been embedded into the site. To facilitate access to community services, the service provider's code at www.facebook.com has been affixed.
The purpose of data management is to register the reservation of accommodation guests, to distinguish between them and to manage and follow bookings, as well as providing accommodation services. The legal basis for data handling is the voluntary contribution of the concerned person, in accordance with: Section 169 (2) of Act C of 2000 on Accounting and the Act XLVIII of 2008 on the Fundamental Terms and Limitations of Economic Advertising Activity. (5) of the Act.
The range of managed data is: name, phone number, e-mail address, booking date, credit card details. Duration of data handling:
The purpose of data management is to provide accommodation services, register, distinguish between hotel guests, provide services to guests, maintain contacts, analyse guest habits, provide more targeted service, make reservations, fulfil payment, fulfilment of accounting obligations, and direct marketing inquiries. For guests coming from a non-EU country or EEA Member State, the recorded data will be supplemented with the following data: birth name, passport number, gender, date and place of birth, nationality, mother's birth name, place and time of entry into the country, visa number. These data will be sent to the immigration authorities on the basis of a statutory provision (Act II of 2007 on Entry and Stay of Third-Country Nationals).
The legal basis for data handling is the voluntary contribution of the concerned person, in accordance with: Section 169 (2) of Act C of 2000 on Accounting and the Act XLVIII of 2008 on the Fundamental Terms and Limitations of Economic Advertising Activity. (5) of the Act. Details of managed data: name, address, e-mail address, telephone number, date, time, caravan serial number, nationality, identity card or passport number, date of birth, data on the use of the services (e.g.: arrival, (number, name, validity, signature), payment card details (date, time, name on the invoice, amount), voucher / coupon / payment slips/ voucher number, system, and the related date and time, as well as the contribution to direct marketing requests.
Duration of data handling:
The legal basis for the transfer of data is as follows, in accordance with the 1990 Act C on Local Taxes for Tourism Tax and the 2017 Act CL of the Code of Taxation. In all other cases the consent of the person concerned acts as a legal basis. In the case of the consent of users for direct marketing requests, the details of the person concerned (name, e-mail address, date, and in Section 4.5. in the DM Mail database as described above.
Information on the forbidding of forwarding direct marketing messages and deleting or modifying personal data can be obtained from the following contact information:
In order to ensure the safety of operation, the protection of property and accident protection, Club Dobogómajor, the Hotel Kalma, the Petneházy Club Hotel and the Abbazia Club Hotel Keszthely have all been installed with camera surveillance systems. All relevant camera location points are notified by the signs of camera surveillance. Camera recordings are kept for three days.
The aim of data management is to send e-mail newsletters containing commercial advertisement to the interested parties, providing information about current information. The legal basis for data handling is the voluntary contribution of the concerned person and in accordance with the 2008 Act XLVIII. on the Fundamental Terms and Limitations of Economic Advertising Activity. (5) . Data managed: name, email address, IP address, date, time, consent for direct marketing purposes. Duration of data management: Unsubscribe. Information on the forbidding of forwarding direct marketing messages and deleting or modifying personal data can be obtained from the following contact information:
Using the Unsubscribe button links in the posted newsletters. Data Management Registration Number: NAIH-60578/2012
The purpose of data management is for guests to participate in the prize draw, organized by ABBÁZIA. Managed data is used for the drawing, notification, publication, and accounting obligation of the winners. The legal basis for data handling is the volunteer's contribution. Data managed: name, address, e-mail address, date, time, and different data fields per game, provided when announcing a given prize draw. Deadline for data deletion: data of non-winners will be deleted immediately after the lottery, with 6 months for the winners' disclosed data, and in the case of accounting records related to prizes, eight years, in accordance with Article 169 of the Constitution,. Disclosure: the name of the winner, the settlement and the order number for 6 months after the draw. Data Management Registration Number: NAIH-60578/2012
Domains owned by ABBÁZIA abbazia-apartman.hu, budapest-accomodation.hu, petnehazy-clubhotel.com, abbazia-clubhotel.com, clubdobogomajor.com, petnehazy-clubhotel.eu, abbazia-clubhotel.eu, clubdobogomajor.eu, petnehazy-udulofalu.hu, abbazia-clubhotel.hu, clubdobogomajor.hu, planinvest.hu, abbaziagroup.com, clubhotel-marotta.eu, planinvest-broker.hu, abbaziagroup.cz, heviz-accomodation.hu, ristorante-abbazia.com, abbazia-idegenforgalmi.hu, hotelkalma.com, szallas-hevizen.hu, abbazia-nemesnep.com, hotelkalma.eu, szalloda-budapest.hu, abbazia-nemesnep.eu, hotelkalma.hu, szalloda-hevizen.hu, abbazia-nemesnep.hu, keszthely-accomodation.hu, szalloda-keszthely.hu, apartment-heviz.hu, klubdobogomajor.hu, ts-apartman-club.hu, apartmentsbudapest.hu, lovasclub-dobogomajor.com
The purpose of data management: When visiting the website, the service provider records the visitor data to check the functionality of the services, to provide personalized service and prevent abuse. Legal Basis for Data Management: Contribution of the Contributor, in addition to and in accordance with Act 13 / A. § (3). The range of data processed is the date, time, address of the page you visited, previously visited page title, user's operating system and browser data, user's computer IP address, and geographic location of the user. Data management duration: The IP address of the user's computer will be deleted at the end of the visit, with the remaining data stored for one month. ABBÁZIA does not link data generated by the analysis of logs with other information and does not seek to identify the user. The IP address is a series of numbers that can uniquely identify users of Internet users. IP addresses can also geographically locate a visitor using that computer. The title of the pages you visit, as well as the date and time information are not sufficient for the identification of the user but are linked to other data (such as those provided during filling in the contact form) to help draw conclusions about the user. Data management of external service providers: The html code of the portal contains links to external servers that are independent of ABBÁZIA and refer to an external server. The external service providers are connected directly to the user's computer. We remind our visitors that the providers of these links are capable of collecting user data by direct connection to their server and by direct communication with the user's browser. Potentially personalized content for the user is provided by the servers of external service providers. The link between ABBÁZIA and third-party servers only covers the insertion of the latter's codes, so no personal data is transferred or forwarded. Independent measurement and auditing of site visitation and other webanalytic data are assisted by Google Analytics, who server as external service providers. The data controller can provide detailed information on how to handle measurement data at www.google-analytics.com. In order to fulfil their service, a small data packet or cookie is placed on the user's computer at the following external servers: google.com, facebook.com, chat4support.com, gpe.cz for detailed information on how to manage data see the above addresses. For a tailor-made service, external service providers have a small data packet, Cookies are placed and read back. If your browser returns a previously saved cookie, the service providers that handle it will have the ability to link the user's current visit to the previous one, but only for their own content. More information about cookies can be found at: http://www.adatvedelmiszakerto.hu/cookie. Cookies can be deleted from your computer or disabled in your browser. Cookies can usually be accessed under the Privacy settings in cookies or cookies in the Tools / Preferences menu of browsers.
The web site operator has a small data packet, so called " cookies are placed and read back. If your browser returns a previously saved cookie, the cookie operator can link the user's current visit with the past, but only for their own content. The purpose of data management is to identify, distinguish between users, identify user's current session, store data, prevent data loss, identify users, track user-generated bids (__utma, __utmb, __utmc, __utmt, __utmz, PHPSESSID, _C4vId).
Legal Basis for Data Management: Contribution of the Contributor. The range of data processed: identification number, date and time. Duration of data handling:
More information on cookies can be found at http://www.adatvedelmiszakerto.hu/cookie. Cookies can be deleted from your computer or disabled in your browser.
Cookies can usually be accessed under the Privacy settings in cookies or cookies in the Tools / Preferences menu of browsers. The site has a graphical point of measurement, the measurement results of which are recorded by the website's server. Based on graphical metrics, website visitors can not be identified later.
The purpose of data management is to register lost objects found on the properties of the following: Abbazia Club Hotel, Abbazia Country Club, Petneházy Club Hotel, Club Dobogómajor, Hotel Kalma, Kalma Villa, Abbazia Club Hotel (Marotta, Italy). Legal Basis for Data Processing: 2013 Act V on the Civil Code, §§ 54, §§ 5: 59 and §§ 5: Data managed: date and location, name of the finder, availability, details of the object found. Duration of data management: one year.
If you have any questions or comments about using our services, you can contact the data administrator as stated on the website. ABBÁZIA will delete all mail received by post, received emails with the sender's name, address or e-mail address and other voluntarily entered personal data will be deleted after a maximum of 5 years from the date of communication if there is no legal relationship, based on which data management is required.
The purpose of data management is to fulfil contractual obligations arising out of holiday legislation and to guarantee rights. The legal basis for data handling is the contract and the voluntary contribution of the concerned person. The range of data to be processed: name, address, possibly - if you have entered - email address, phone number, nationality, identity card or passport number, date of birth, place of birth, birth name, mother's name, tax identification number. Duration of data processing: 10 years after termination of the contract. Data transfer: none. A direct marketing request is made based on the volunteer's consent.
Business inquiry: enforcing contractual rights. Those booking holidays with the hotel, must complete the registration form entitled: cardex card. This can be done for them on an open online platform. In general, the rules on data management of the contract on holiday law apply to the handling of identification data on the registration page, with the addition that the notifying party is sent to the local authority for the purpose of settling tourism tax. (see 4.2.2)
An online sign-up system for the owners of the Cardex card. Holidaymakers can check in online at the following online interface: http://abbpdf.ddns.net/on_line_check_in_6.php With this option, it's easier for guests to check in at ABBÁZIA hotels, thus reducing waiting times at reception. After checking the data, the guest receives confirmation by email, 1-2 weeks before the holiday begins, a PIN will be received by the guest also by e-mail, guests are required to print this out. On arrival, guests receive the apartment key or key card at reception without waiting. All data is retained by statutory regulations until the end of the fifth year following the year of expiry. The provided phone number and email will be stored until the time of check out, unless the partner agrees to use this information for marketing purposes.
ROOMSOME is a reservation and booking system that helps guests to book online from hotels. Personal data is not stored in the ABBÁZIA system on this interface. The operation of the system is carried out by Morgens Design Kft. On its own servers in accordance with the data protection rules. For more information, see www.morgens.hu and http://roomsome.hu/adatvedelem.
Window pop up. Provides data (name and email address) to ABBÁZIA marketing database based on voluntary data. For more information, see Optimonk: https://www.optimonk.hu/privacy_policy
Technical datasheet for bookings. Your information is based on your consent: name, email address, phone number, membership number. It is for data input to the Timeshare system. The list is deleted weekly by an overwrite.
A motor used to send marketing emails. See Mailchimp for more information: https://mailchimp.com/legal/privacy/
ABBÁZIA s computing systems and other data retention centres at its headquarters, locations, branches, data processors and ATW Internet Kft. Headquarters: 1132 Budapest, Victor Hugo u. 11-15. ABBÁZIA selects and manages the IT tools used to manage personal data in the provision of the service so that the data treated: (a) is accessible to the authorized persons (availability); (b) has authenticity and authentication (credibility of data management); (c) so its unambiguousness can be verified (data integrity); (d) so it can be protected against unauthorized access (confidentiality of data). ABBÁZIA protects the data by appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as unavailability due to accidental destruction, damage, and other techniques used.
ABBÁZIA will ensure, by means of an appropriate technical solution, that data stored in its various electronically managed registers data cannot be directly linked to the data subject, except where permitted by law. ABBÁZIA provides technical, organizational and organizational measures to protect the security of data management in view of the current state of the art, providing a level of protection appropriate to data management risks. The Company maintains in the course of data management: (a) confidentiality: it protects the information so that it can only be accessed by the person who is entitled to it; (b) integrity: it protects the accuracy and completeness of the information and the method of processing; (c) availability: Ensures that when the eligible user needs it, he / she can actually access the information required and have access to the related tools. ABBÁZIA and its partners' IT systems and networks are both protected against computer-aided fraud, espionage, sabotage, vandalism, fire and flood, as well as computer viruses, computer burglaries, and attacks leading to service denial. The operator provides security through server-level and application-level security procedures. We inform the users that electronic mails, protocols (email, web, ftp, etc.) transmitted over the Internet are vulnerable to network threats that lead to dishonest activity, controversy or disclosure or modification of information. To protect such threats, the data controller will take all the precautionary measures he or she may have to take. Systems are monitored to capture all security dangers and provide evidence of any security incident. System monitoring also allows checking of the effectiveness of the precautions used.
You may request all information concerned with handling your personal data and may request the rectification of your personal data or, with the exception of mandatory data, cancellation or blocking as indicated in the data entry or the contact details of the data controller.
ABBÁZIA as a data controller shall take appropriate measures to ensure that all information referred to in Articles 13 and 14 of the GDPR Decree on the management of personal data, as well as Articles 15 to 22, and Article 34, is in a concise, transparent, comprehensible and easily accessible form and is presented in a clear and unambiguous manner.
The data subject is entitled to receive feedback from the data controller as to whether his or her personal data is being processed and, if such data is being processed, has access to personal data and the following information: the categories of personal data concerned, the categories of recipients with whom or which personal data will be communicated, including, in particular, third country recipients or international organizations; the intended duration of the storage of personal data; the restriction of rectification, deletion or data handling and the right of protest; the right to file a complaint addressed to the supervisory authority; data sources; the fact of automated decision making, including profiling, as well as the logic used and the understandable information on the significance of such data management and the likely consequences for the data subject. The data controller shall provide the information within a maximum of one month from the submission of the application. This information is free of charge.
ABBÁZIA will correct any inaccurate personal data to ensure it holds the right personal information. The person concerned may request rectification of the inaccurate data processed by ABBÁZIA and the incomplete data. Methods of this: In our newsletter list, our partners can automatically change their information within the newsletter. By personal contract; by post, signed letter; or electronically delivered in a pdf document containing two witnesses' signature, name and address.
You may at any time request the deletion of your personal information except if data management is required: - for the purpose of exercising the right to freedom of expression and information; - the fulfilment of an obligation to comply with the law of the Union or of the Member States applicable to the data controller for the processing of personal data and the performance of a task carried out in the exercise of public authority exercised in the public interest or data controller; - for public health or for archival, scientific and historical research purposes or for statistical purposes on the public interest; - to present, enforce or protect legal claims.
At ABBÁZIA request, ABBÁZIA will restrict the processing of data if one of the following conditions is met:
- the person concerned challenges the accuracy of personal data. In this case, the restriction refers to the time period that allows the accuracy of personal data to be verified. - data processing is illegal and the data subject is opposed to the deletion of the data and instead calls for their use to be restricted; - the data controller no longer needs personal data for data management but the data subject requires it to submit, enforce or protect legal claims; - the person concerned objected to data handling. In this case, the restriction applies to the period when it is not established whether the data controller's legitimate reasons prevail over the legitimate reasons of the party concerned. If data management is restricted, personal data may be handled only with the consent of the person concerned or with the submission or legal claim of the legal person or with the public interest of the Union or of a Member State except for storage.
The data subject shall have the right to receive the personal data that he or she has accessed to the data controller in a fragmented, widely used machine-readable format and transmit such data to another data controller.
The person concerned is entitled to object, at any time, to the processing of personal data of a public interest or for the exercise of a public authority exercised on the data controller for the purposes of his or her own situation, or the treatment of the data controller or a legitimate interest of a third party, including those provisions based on profiling. In the event of protest, the data controller may not process the personal data unless it is justified by compelling reasons of legitimate interest in the interests of the person concerned, their rights to freedom, or relating to the submission, enforcement or defence of legal claims.
The person concerned has the right not to include any effect on a decision based solely on automated data processing, including profiling, which would have a legitimate effect on them or would significantly affect the concerned party.
The person concerned has the right to withdraw his consent at any time.
In case of breach of rights, the data subject may turn to the court.
ABBÁZIA will compensate for any damage caused to others by unlawful handling of the data concerned or breach of the requirements of data security. The data controller is exempted from liability if the damage is caused by an unavoidable phenomenon outside the scope of data management. It does not compensate for damage insofar as it is due to the intentional or gross negligence of the injured party.
An appeal can be lodged with the National Data Protection and Freedom Authority:
Name: National Data Protection and Freedom Authority
We inform our clients that, for the purpose of providing information, transmitting information or submitting documents, other bodies may be contacted by the courts, the prosecution office, the investigating authority, the offender authority, the administrative authority, the National Data Protection and Information Security Authority, controller. ABBÁZIA for the authorities - provided the authority has indicated the exact purpose and scope of the data - issues personal data only to and to the extent that it is indispensable to achieve the purpose of the request.
Keszthely, May 24, 2018