Data controller: Relako Tourism and Catering Bt. (Short: Relako Bt.)
Address: H – 3519 Miskolc, Csaba u. 2.
Company registration number: Cg. 05-06-005258
Tax number: 21298273-2-05
Phone number: 00 46 432 345
Representative: Adrien Kovács Rejtőné
This Prospectus provides general information on all identifiable natural persons / persons involved in the operation of the Data Controller – persons using the service, performing work and becoming in partnership during operation – and on the handling of personal data that may be contacted with them.
Our Company handles personal data only for a predetermined operational purpose, for the performance of its activities, for the time necessary for the exercise of rights and for the fulfillment of obligations, which data management is essential for the realization of the purpose related to its activities.
The processing of data of minors under the age of 16 requires the consent or approval of their legal representative.
If personal data is used for a purpose other than the purpose for which it was originally collected, we will inform the data subject in advance and ask for their prior consent, or provide the data subject with the opportunity to prohibit the use.
The personal data that came to our knowledge during the processing of data may only be disclosed to those who have a contractual contract with our Company or to persons who have an employment relationship with the Company and who have a duty in connection with the given data processing.
- Concept explanation
Data subject: any natural person identified or identifiable, directly or indirectly, on the basis of personal data;
Personal data: data which can be contacted with the data subject – name of the data subject, identification mark, knowledge of one or more physical, physiological, mental, economic, cultural or social identities – and a conclusion to be drawn from the data concerning the data subject;
Specific data: personal data relating to racial origin, nationality, political opinion or party affiliation, religious or other beliefs, membership of an advocacy organization, sexual data, and personal data relating to health status, pathological passion, and criminal personal data;
Consent: the voluntary and explicit expression of the will of the data subject, based on adequate information and giving his or her unambiguous consent to the processing of personal data concerning him or her, in full or in part;
Objection: a statement by the data subject objecting to the processing of his or her personal data and requesting the termination of the processing or the deletion of the processed data;
Data controller: a natural or legal person or an organization without legal personality who, alone or together with others, determines the purpose of data processing, makes and implements decisions on data processing (including the means used), or implements it with a data processor entrusted by it.
Data management: any operation or set of operations on data, regardless of the procedure used, in particular the collection, recording, recording, systematisation, storage, alteration, use, interrogation, disclosure, coordination or aggregation, blocking, erasure and destruction of data, and to prevent further use of the data, to take photographs, sound or images and to record physical characteristics capable of identifying the person (eg fingerprint or palm print, DNA sample, iris image);
Data transfer: making the data available to a specific third party;
Disclosure: making data available to anyone;
Data erasure: making data unrecognizable in such a way that it is no longer possible to recover it;
Data marking: the identification of the data in order to distinguish it;
Data blocking: the provision of an identifier for the purpose of restricting the further processing of data for a definitive or specified period of time;
Data processing: the performance of technical tasks related to data management operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;
Data processor: the natural or legal person or legal entity a non-regulated organization that processes data on the basis of a contract concluded with the data controller, including the conclusion of a contract on the basis of a provision of law;
Third party: a natural or legal person or entity without legal personality who is not the data subject, the controller or the processor.
Data protection incident: unlawful handling or processing of personal data, in particular unauthorized access, alteration, transmission, disclosure, deletion or destruction, and accidental destruction and damage.
III. Data management
III.1. Use of hotel services
In the scope of the provision of services, the processing of all data related to data subjects is based on voluntary consent, the purpose of which is to ensure the provision of services related to the activity and operation and to maintain contact. In order to protect the data, the Company will keep the personal data for a period of time in accordance with tax and accounting regulations, and will delete it after the deadline.
Due to the individual services, it is possible to provide additional exceptional data, which helps to meet the needs of our stakeholders – guests, employees, partners – but this is not a condition for booking a room and using other services.
III.1.1. Room reservation / Request for quotation
In the case of online, personal, paper-based or telephone room reservations, the Company requests / may request the following data from the Guest:
- address (address, town, postcode, country);
- e-mail address;
- telephone number (optional field);
- credit card / credit card details (if required for using the service)
- Nice card details
For more information on the handling of room reservation data, please send a request to email@example.com.
III.1.2. Application form
In order to use the hotel service, the Guest fills in a notification form upon arrival, by which the hotel agrees to the fulfillment of the following mandatory data and the proof of fulfillment of the obligations specified in the relevant legislation (especially the legislation on immigration and tourist tax), and for the purpose of identifying the Guest, as long as the competent authority is able to verify compliance with the obligations laid down in the relevant legislation:
- family and first name;
- citizenship (data processed for statistical purposes only, not traceable to the individual);
- ID number / passport number
- place and time of birth
Third-country national: Any person other than a Hungarian national who is not a national of a Member State of the European Economic Area, including a stateless person.
EEA Member States: the Member States of the European Union, Iceland, Liechtenstein and Norway as participating Member States, and Switzerland as a State with the same status.
The provision of the mandatory data by the Guest is a condition for the use of the hotel service. By signing the application form, the guest agrees that the personal data provided by filling in the application form will be processed and archived by our Company for the purpose of proving the fulfillment of the contract and the fulfillment of the claim within the deadline indicated above.
Only the employees of the Data Controller entrusted with data management or the data processors have the right to access the personal data, unless another person or body, including the authorities entitled to control, has the right to access the data in accordance with legal regulations.
We will send you information about the data handled in connection with the room reservation upon your request to the email address firstname.lastname@example.org.
III.1.3. Bank details
The bank, credit card / bank account data provided during the room reservation and the Nice Card data are used by our data processing officer and the Data Processors in a contractual relationship with our Company only to the extent and for the time necessary to exercise their rights and fulfill their obligations. Data generated during banking operations are handled by the Company’s contractual banking partners. Information on this data management can be found on the websites of the competent Bank (Budapest Bank, OTP Bank, MKB Bank, K&H Bank in the case of Szép cards).
For more information on the data incurred during banking operations, please send a request to the email address email@example.com.
III.2. Camera system
Fortuna Hotel, operated by Relako Bt, has cameras in place for the personal and property safety of guests and the operator. The purpose of camera surveillance is personal security and protection of property. The protection of devices, equipment and the personal values of those concerned which represent significant values, given that the detection of infringements, the prevention of the perpetrator and the prevention of such infringements are not otherwise possible or can be proved by other means. Camera surveillance covers the indoor communal areas as well as the courtyard area. The interiors that mean personal freedom – rooms, changing rooms, restrooms – are not camera-packed.
You can get more information about the data management related to the camera system from our hotel.
Our company does not send newsletters.
III.4. Facebook page
The Fortuna Hotel in Miskolctapolca is available on the Facebook community portal. On the Company’s Facebook page, click on the “like” link By doing so, the data subject consents to the publication of our news and offers on their own message board. The Company will also post pictures of the hotel on its Facebook page. In the case of non-mass filming, our company will always ask for the consent of the data subject before publishing the images. For information about the privacy practices of the Facebook page, please refer to the privacy policies and regulations on the Facebook website at www.facebook.com.
III.5. Other internet booking sites (eg www.booking.com, szallas.hu… )
The Fortuna Hotel in Miskolctapolca, operated by Relako Bt, is listed on several online booking intermediaries. These sites only transmit booking data to our Company and do not pass it on to third parties. Their privacy information can be found on their booking page. We treat the personal data transmitted to us in the same way as those on direct bookings.
III.6. Website traffic data
Personal data is provided on our website when booking online, which is a condition of using the services. The scope of data controllers, the security of data management, the time of data retention is done as described above.
We do not process personal data in any other form.
Our website may also contain links that are not operated by the Company but are intended to provide more information to visitors. The Company has no influence on the content and security of the websites operated by the partner companies and is therefore not responsible for them. Please review the privacy statements and privacy statements of the sites you visit before submitting your data in any form on that site.
III.6.2. Analytics, cookies
Cookies / cookies are used on the data controller’s websites. A cookie is a text file placed on a user’s terminal device – computer, mobile phone – that stores information about the user, the operation of the website, or even the connection between the user and the web server. Cookies can be permanent or temporary. Persistent cookies are stored on the terminal by the browser for a specified period of time, provided that the user has not previously deleted them. Temporary cookies are automatically deleted when you end your session or close your browser.
The purpose of cookies is to ensure the operation of the website and to increase the user experience.
The Data Controller uses the cookie / cookie to process the personal data voluntarily provided by the data subject. Accepting cookies is recommended but not required.
Disabling or disabling cookies may affect the usability of the website and prevent the user from taking advantage of it.
Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. Because each browser is different, the visitor can set their cookie preferences individually using the browser toolbar. You may not be able to use certain features of our website if you choose not to accept cookies.
III.6.3. Online booking system
The online booking and invoicing module can be found on the website of our Company: www.fortuna-hotel.hu. The data required to use the service is provided exclusively by our Company. When booking online, personal information will be provided on a voluntary basis for the use of these services the condition. The scope of data controllers, the security of data management, the time of data retention is done as described above.
It is possible for anyone to contact our hotel in writing by post or email. It handles the given letter or messages until the given request / question is resolved / answered, after closing the request / question, such e-mails are archived if necessary and stored for 2 years if necessary.
ARC. Management of job applicant data
For more information, please contact: firstname.lastname@example.org
- Found objects
We keep records of the objects found in the Fortuna Hotel area of Miskolctapolca, the purpose of data management is to inform the owner and the finder. The legal basis for data processing is § 5: 54, § 5:59 and § 5: 61 of Act V of 2013 on the Civil Code. The scope of the managed data: the date and place of the find, the name and contact details of the finder, the data of the found object. Duration of data processing: two years.
- Data security
Our company ensures that it is possible to verify and establish to which bodies personal data has been or may be transmitted using a data transmission device, and when and by whom the personal data were entered into the system. Errors in automated processing are reported. We treat personal data confidentially and do not disclose it to unauthorized persons. We protect personal data against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction or damage, as well as becoming inaccessible due to an error or change in the technology used. In order to ensure the technical protection of personal data, our Company takes all security measures.
VII. Data transmission
VII.1. The Company reserves the right to transfer the personal data processed by it to the competent authorities and courts in accordance with the law of the data subject, even without the special consent of the data subject.
VII. 2. Digitization of the accommodation sector
VIZA is an IT system protected by multiple, asymmetric encryption, in which the personal data of all guests staying at the Hungarian accommodation from 1 September 2021 is stored in an encrypted manner. The accommodation provider processes the data of the guests until the last day of the first year after becoming aware of it, the VIZA system keeps the data sent there for a maximum of two years. The data may be searched for purposefully and exclusively by the police in order to carry out their crime prevention and law enforcement tasks.
The purpose of the VIZA is to protect the rights, security and property of the data subject and others, as well as third-country nationals and persons enjoying the right of free movement and residence.
the primary purpose of the VIZA is to promote the protection of public order, public security, the order of the state border, the rights, security and property of the data subject and others.
The VIZA system is a closed and protected data warehouse for the common interest and security of all of us, which is subject to particularly strict security regulations by law.
The VIZA system only accepts data packets where the personal data has been encrypted by the accommodation provider using an encryption key as defined by law.
When logging in to the accommodation service provider, the accommodation provider shall record the following data with the help of the document reader and in the storage provided by the hosting provider designated by the government decree through the accommodation management software.
- family and first name;
- birth surname and first name;
- place and time of birth;
- mother’s birth surname and first name;
- identification of the personally identifiable document or travel document.
Data that the document reader cannot read or reads incorrectly must be recorded in the accommodation management software by manual data entry. The devices used by the accommodation providers and the VIZA system cannot store the image of the scanned documents. According to the law, the recording of data is equally obligatory for all guests, the recording of data cannot be waived. The guest using the accommodation service shall present the personally identifiable document to the accommodation provider for the purpose of recording the data. If the document is not presented, the accommodation provider will refuse the accommodation service. In the recording and transmission of data in the VIZA system, the accommodation provider is the data controller of the guest’s personal data, and the MTÜ is the data processor of the accommodation provider.
VIII. Coronavirus information
Depending on the restrictive provisions of the coronavirus epidemic, both as a host and an employer, we are forced to learn different types of information that relate to the health status of those affected. Health data are special personal data under data protection laws that, given their sensitive nature, enjoy enhanced protection.
As a service provider and employer, we can prove that the management of the situation is legal, fair, necessary and proportionate to the circumstances, so the measures introduced cannot be considered a data protection obstacle.
According to the current regulation, the existence of the protection certificate as a public document must be checked by the accommodation provider, if required by the current regulations.
Guests without a security clearance who use the accommodation for work, study, competitive sports or service must prove their right to stay and declare their own state of health and whether or not they have been in contact with a coronavirus patient prior to arrival. If government decision requires the accommodation to have a valid PCR test, so its presentation is mandatory upon arrival.
In the case of foreign guests, guests may be admitted in accordance with the intergovernmental agreements on the corona virus in accordance with the health and hygiene rules and regulations in force.
The service provider may refuse entry to anyone who does not provide proof of security in any way.
Forgery or unauthorized use of a security clearance is a criminal offense and has legal consequences.
The goal of data management has already been achieved in the interests of the health of all of us, even if we become aware only of the fact that the security certificate / resp. according to the statement, the data subject is suitable for the use of the service and the natural person performing the work / task is suitable for the work. Given our duty to ensure the health and safety of all concerned, you should obviously let us know if someone feels at risk of infection. However, the communication may only and to a limited extent and be limited to the information required.
Due to its obligation to create conditions for safe working and hospitality, a pandemic action plan has been developed due to the epidemic situation, in which the measures have been defined.
- Data processors
The Company’s data processors are all partners who become part of the service through their activities. The specific list of data processors can be requested at the contact details of the employee of the Company responsible for data protection, written to email@example.com or recorded in point I. The company shall respond to such requests in writing within 30 days.
- Rights and Remedies
The data subject has the right to request information about the personal data processed by the Data Controller at any time. The data subject has the right, at the request of the Data Controller, to delete personal data concerning him or her without undue delay, unless the breach is not required under the GDPR. Within a maximum of 30 days from the submission of the request, the Company free of charge and in addition for a fee – provides the data subject with information on the data processed by the data controller he / she handles or the circumstances of the incident, its effects and the measures taken to remedy it, and, in the case of transfers of personal data of the data subject, the legal basis and the recipient of the transfer. If the Data Controller has doubts about the identity of the natural person submitting the request, he / she may request the provision of additional information necessary to confirm the identity of the requester.
The Company maintains a record of the data protection incident, the related measures and the purpose of informing the data subject, which includes the scope of the personal data concerned, the scope and number of data subject incidents, the date, circumstances, effects of the data protection incident and the measures taken to prevent it, and other data specified in the legislation requiring data processing.
In the event of a refusal to provide information, the Company shall notify the data subject in writing of the provisions of the law on which the refusal of information was made and shall inform the data subject of the legal remedies.
The data subject has the right at any time to request the correction of incorrectly recorded data. If the personal data does not correspond to reality and the personal data corresponding to reality is available to the Company, the personal data will be corrected by the Company. The Company shall notify the data subject of the rectification, as well as any data controllers to whom it may have previously transmitted the data for processing. The notification may be omitted if it does not harm the legitimate interests of the data subject with regard to the purpose of the processing. The rectification of the application, the time limit for settlement and the possibility of appeal are set out in Annex VII.1. shall apply.
X.3. Delete and lock, protest
The deletion and blocking of personal data and the protest against data processing are governed by the provisions of §§ 17-21 of the Data Protection Act. Our company provides information on the legal regulations contained in this section upon request to the e-mail address firstname.lastname@example.org.
X.4. Judicial enforcement
In the event of a violation of the rights of the person concerned, the Company may sue the Company. The court proceedings are governed by Section 22 of the Data Protection Act, Act V of 2013 on the Civil Code, Part Three, Part XII. Its title (§ 2:51 – § 2:54) and other relevant legal regulations apply. The Company provides information on the legal requirements contained in this section upon request to email@example.com.
X.5. Compensation and damages
If our Company causes damage by violating the data of the data subject or violating the requirements of data security, or violates the data subject’s right to privacy, a damages fee may be claimed. The controller shall be released from liability for the damage caused and the obligation to pay damages if it proves that the damage or the violation of the data subject’s personal rights was caused by an unavoidable cause outside the scope of data processing. The Company is also liable to the data subject for any damage caused by the data processor. No damages shall be awarded and no damages shall be payable if they result from the person’s intentional or grossly negligent conduct.
- Other provisions
The Company reserves the right to amend this Prospectus, which will inform the parties concerned. Information on data processing not listed in this prospectus will be provided at the time of data collection. The Company is not responsible for the accuracy of the data voluntarily provided by the visitors of the websites or the users of the service.
You can always ask the National Data Protection and Freedom of Information Authority for help with data protection issues. Mailing address: 1534 Budapest, Pf .: 834 address: 1125 Budapest, Szilágyi Erzsébet fasor 22 / c Telephone: +36 (1) 391-1400 Fax: +36 (1) 391-1410 http://www.naih.hu e-mail: firstname.lastname@example.org