Kristály Imperial Hotel**** deems the protection of personal data of the utmost importance in the course of its activity. The hotel ensures that all personal data made available will be processed in any event in accordance with current legislation, will be protected, all technical and organizational measures will be taken, and procedural rules that are necessary to be in accordance with relevant legislation will be created.
Kristály Imperial Hotel**** describes its policy on data handling in the below regulation, and holds itself bound by its content.
The regulation has been created under the following legislation:
Act LXIII of 1992 on the Protection of Personal Data and Disclosure of Data of Public Interest
Act CXIX of 1995 on the Use of Name and Address Information Serving the Purposes of Research and Direct Marketing
Act VI of 1998 on the Protection of Individuals with regard to Automatic Processing of Personal Data
Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services
Act XLVIII of 2008 on the Essential Conditions and Certain Limitations to Business Advertising Activities
Kristály Imperial Hotel**** reserves the right to amend the data protection rules, in which case – naturally – it will notify all those who are affected in advance.
Personal data shall mean any information relating to an (identified or identifiable) natural person (hereinafter referred to as the “data subject”) and any reference drawn, whether directly or indirectly, from such information. In the course of data processing, such information shall be treated as personal data as long as the data subject remains identifiable through it. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factor specific to his physical, physiological, mental, economic, cultural or social identity;
Consent shall mean any freely given specific and informed indication of the data subject’s wishes by which the data subject signifies his unambiguous agreement to personal data relating to him/her being processed without limitation or with regard to specific operations;
Objection shall mean an indication of the data subject’s wishes by which the data subject objects to the processing of his/her data, and requests that the processing of data relating to him/her be terminated and/or the processed data be deleted.
Controller shall mean a natural or legal person or unincorporated organization that determines the purpose of the processing of personal data, makes decisions regarding data management (including the means) and implements such decisions itself or engages a processor to implement them.
Data management shall mean any operation or set of operations that is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, deletion or destruction, and blocking them from further use. Photographing, sound and video recording, and the recording of physical attributes for identification purposes (such as fingerprints and palm prints, DNA samples and retinal images) shall also be deemed as data management.
Disclosure by transmission shall mean making data available to a specific third party.
Public disclosure shall mean making data available to the general public.
Data deletion shall mean making data unrecognizable in a way that it can never again be restored.
Blocking of data shall mean preventing – permanently or for a predetermined period – the transmission, access to, disclosure, adaptation or alteration, destruction, deletion, alignment or combination, and the use of data.
Destruction of data shall mean the total physical destruction of data or data carrier recording the data.
Data processing shall mean performing technical tasks in connection with data processing operations, irrespective of the method and means used for executing the operations, as well as the place of execution.
Data processor shall mean a natural or legal person, or an organisation without legal personality who or which carries out the technical processing of personal data, either on commission by the data controller or pursuant to a rule of law.
Third party shall mean any natural or legal person, or organization without legal personality other than the data subject, the controller or the processor;
3.1 Personal data may be processed if the data subject has given his/her consent, or decreed by law or by a local authority based on authorization conferred by law concerning specific data defined therein.
3.2 Where data processing is mandatory, the purpose and the conditions of processing, the scope and access of data to be processed, the duration of processing, and the controller shall be specified by the statute or municipal decree in which it is ordered.
3.3 Legislation may order the disclosure of personal data for reasons of public interest by expressly indicating the scope of data. In all other cases, the data subject’s consent or written consent in case of special data, is needed for disclosure. If there is any doubt, it is to be presumed that the data subject did not consent to allow free access.
3.4 The consent of the data subject shall be considered granted in connection with any personal data she/he has conveyed to the public or has supplied for dissemination when making a public appearance.
3.5 In proceedings launched upon the data subject’s request, as regards the personal data necessary to carry out the proceedings, the data subject’s consent shall be deemed to have been granted. The data subject shall be informed about this fact.
3.6. The data subject may give his/her consent by concluding a written contract with Kristály Imperial Hotel**** for the performance of said contract. In this case, the contract shall contain all information that is to be made available to the data subject in connection with the processing of personal data, especially the description of data involved, the duration of data processing, the purpose of processing, the transmission of data, and the usage of a data processor. The contract must clearly indicate the data subject’s signature and explicit consent for having his data processed as stipulated in the contract.
3.7. Other interests relating to data handling, including the public access to data of public interest, may not prejudice the data subject’s right to the protection of personal data and his/her personal rights, unless legislation makes any exceptions.
3.8. Personal data shall be processed only for a specified purpose, in order to exercise a right or perform an obligation. This purpose shall be complied with in all phases of the data processing.
3.9. No personal data shall be processed unless indispensable and suitable for the achievement of the purpose of the data processing, and only to the extent and for the duration necessary to achieve that purpose.
3.10. Personal data may be transferred, whether in a single or in a set of operations, if the data subject has given his/her consent or if the transfer is legally permitted, and if the conditions for data processing are met with regard to each and every personal data.
3.11. Personal data may only be transferred to a controller or data processor of a third country – without regard to the data carrier or the method of transferring data – if the data subject explicitly has given his/her consent, or it is permitted by law, and the necessary quality of the protection of personal data provided during the handling and processing is ensured in the third country.
Scope of Personal Data
4.1. In the course of the activities of Kristály Imperial Hotel****, personal data handling is based on voluntary consent in any event.
4.2. Data of the visitors of the webpage
4.2.1. Kristály Imperial Hotel**** does not record the IP address or any other personal data of the visitors of their webpage.
4.2.2. Service provider may place so-called cookies during the visitors’ stay on their website. These can be deleted by the user from their computer, or the browser can deny their usage.
4.3.1. Kristály Imperial Hotel**** sends online newsletters and electronic direct marketing messages with news, special offers, and novelties, usually on a monthly basis, but at a weekly maximum of one such message, to those who subscribe on the webpage.
4.3.2. Name and e-mail address is mandatory for subscription, as those are essential for sending out the messages.
4.3.3. Data provided are being handled until the data subject requests their deletion.
4.3.4. A direct link for unsubscribing is provided in all newsletters.
4.3.5. User is responsible for the validity of provided personal data.
4.6. We inform our users that the court, the prosecutor, and the investigating authorities may request the service provider to communicate information, transfer data or make documents available. Kristály Imperial Hotel**** only provides personal data in the quantity and to the extent that is strictly necessary for the fulfilment of the purpose of the request.
5.1. The webpage of Kristály Imperial Hotel**** can be found on the server of MAXER Hosting, which is in the BIX internet centre.
5.2. Newsletters are being sent through Webgalamb software. Further Details (Legal Notice)
5.3. Kristály Imperial Hotel**** protects data especially against unauthorised access, modification, transfer, disclosure, deletion or destruction, and against accidental destruction or compromise.
5.4. Kristály Imperial Hotel****, together with the operators of the server, takes such technical, organizational and structural measures for the protection of data, that ensures an adequate level of protection against risks related to data handling.
6.1. Data subjects may request information about the handling of their personal data, and ask for the correction, or – with the exception of data handling regulated by legislation – deletion using the link provided in the footer of the newsletters or any contact details of Kristály Imperial Hotel****.
6.2. Kristály Imperial Hotel**** shall provide information on data handled by them upon the data subject’s request, on the purpose of data handling, its legal basis, duration, on the data processor’s name, address (registered seat) and activity in connection with data processing, and also on those who receive or have received the data, and the purpose of said transfer.
6.3. Kristály Imperial Hotel**** shall provide the information in a comprehensible manner, in writing, free of charge, as soon as possible (but within a maximum period of 30 days) from the submission of the request.
6.4. Kristály Imperial Hotel**** shall correct invalid data.
6.5. Kristály Imperial Hotel**** shall delete personal data if the handling of that is unlawful, the data subject requests them to do so, data are incomplete or incorrect – and they cannot be corrected in a legal manner – provided that the deletion is not forbidden by law, the purpose of data handling has ceased, the period for storing data defined by law has expired or the court or the Data Protection Commissioner ordered them to do so.
6.6. Data subject and all those to whom the data have been transferred for the purpose of data handling, will be notified about correction and deletion. Notification may be omitted, if it does not affect the data subject’s legitimate interest regarding the purpose of data handling.
6.7. Data subjects may object against the handling of their personal data if the handling (transferring) of their personal data is only necessary for the enforcement of the right or legitimate interest of the controller or data importer, unless the data handling has been ordered by legislation, the use or transfer of personal data is allowed by other legislation for the purpose of direct marketing, public opinion research or scientific research.
6.8. Kristály Imperial Hotel**** shall investigate the objection within the shortest possible time inside a fifteen-day period, together with the suspension of data handling, and to notify the data subject about the results in writing. If the objection is justified, the controller shall terminate all procession operations – including further data collection and transmission –, block the data involved and notify all recipients to whom any of these data had previously been transferred concerning the objection and the ensuing measures, upon which these recipients shall also take measures regarding the enforcement of the objection.
6.9. If the data subjects’ rights are prejudiced, they can turn to court against the controller.
6.10. Kristály Imperial Hotel**** shall reimburse all damages caused to others as a result of unlawful processing of the data subject’s data, or by any breach of data security requirements. The data controller may be exempted from liability if he proves that the damage was caused by reasons beyond his control. No compensation shall be paid where the damage was caused by intentional or serious negligent conduct on the part of the aggrieved party.
6.11. Legal remedies, complaints can be taken to the office of the Data Protection Commissioner, using the following contact details:
Address: 2890 Tata, Ady Endre u. 22
Phone: +36 34 383 614
Fax: +36 34 383 577
Hotel management Company: Gasztro-Kristály Zrt.
Address: 2800 Tatabánya II., Árpád u. 17
Registration number: 11-10-000387
Tax number: 10337666-2-11
Representative Person: György Beiermeiszter director