Solva Property Kft. Privacy Policy

Relating to hotel management and guests

This Privacy Policy (“Policy”) is to inform data subjects in compliance with Article 13 AND 14 of Regulation (EU) 2016/679 (General Data Protection Regulation) of the EU Parliament and Commission in relation to the processing of personal data during the course of providing and preparing hotel services.

1. Data Controller’s contact details

 

2. Processing of data subjects’ personal data

2.1 Scope of data subjects

During the pursuit of its hotel management activities the Controller shall process the personal data of the following natural persons (hereinafter referred to as: Data Subjects): guests

2.2 Categories of personal data processed

The Controller shall process the following personal data relating to the Data Subject:

  1. family name and first name
  2. address
  3. nationality
  4. date and place of birth
  5. mother’s maiden name
  6. sex
  7. email address (personal or created by OTA)
  8. phone number
  9. date of arrival
  10. date of departure
  11. number of rooms
  12. number of adults
  13. number of children
  14. codes (promotion, group)
  15. passport / personal identification document number
  16. visa number
  17. date and place of entering Hungary
  18. preferences
  19. payment information, type of card, card number, expiration date, CVV code
  20. purpose of travel
  21. data related to dietary sensitivities
  22. name, phone number, email address of contact person (in case of events)
  23. flight number
  24. room number
  25. description of lost and found items with guest name and room number
  26. guest feedback information
  27. bar consumption details
  28. health issues (separate document to be filled out before a massage upon the masseur’s request)
  29. date of invoicing
  30. length of stay
  31. method of payment
  32. amount paid, date of crediting payment
  33. car registration number, value of possible fines

The Data Subject shall disclose the data to be processed to the Controller by the following channels:

The Controller shall obtain personal data for processing from the following source(s):

Please note that the Controller shall be considered to be a separate data controller and it is only responsible for the data controlling it performed. Controller is not responsible for the data processing and data transfer performed by any third party, in case the personal data have been sent by a third party to the Controller – includingany  re-seller and travel agent.  

2.3 Legal grounds, purpose and duration of data processing

2.3.1 Preparation and performance of a contract for the provision of hotel services

Personal data processing is necessary for the purpose of preparing and performing a contract for the provision of hotel services (hereinafter referred to as: the “Contract”).

Purpose of personal data processing:

The duration of data processing shall be the same as the preparation and in case of concluding a contract the performance thereof, except for the following cases:

With regard to the fact that the Controller is unable to prepare and perform the contract without disclosure of the above personal data the Data Subject shall be obliged to provide them to the  Controller. Failure to do so may result in the Controller refusing to prepare or perform the contract with the Data Subject.

In the event of failure to conclude a contract or the termination of a contract the Controller shall not erase the personal data from its database.  Data entered into Hostware shall be  anonymized after 1 year.

The Controller processes the following data from the list detailed in Section 2.2 in accordance with Article 6. Section 1 b) of the GDPR:

  1. family name and first name
  2. address
  3. nationality
  4. date and place of birth
  5. mother’s maiden name
  6. sex
  7. email address (personal or created by OTA)
  8. phone number
  9. date of arrival
  10. date of departure
  11. number of rooms
  12. number of adults
  13. number of children
  14. codes (promotion, group)
  15. passport / personal identification document number
  16. visa number
  17. date and place of entering Hungary
  18. payment information, type of card, card number, expiration date, CVV code
  19. name, phone number, email address of contact person (in case of events)
  20. room number
  21. description of lost and found items with guest name and room number
  22. bar consumption details
  23. date of invoicing
  24. length of stay
  25. method of payment
  26. amount paid, date of crediting payment
  27. car registration number

2.3.2 Performance of legal obligations:

The Controller shall control the Data Subject’s personal data defined in the applicable legistlation for the purpose of compliance with the following legal regulations for the following lengths of time:

With consideration to the fact that the data processing described in this section is the Controller’s legal obligation, the provision of such personal data is mandatory and refusal to provide the data may result in refusal to conclude the Contract or execute the Contract.

2.3.3 Legitimate interests of the Controller AND/OR a third party

The Controller shall control the Data Subject’s personal data detailed above on the grounds of legitimate interests for the following purposes and for the following lengths of time:

The purpose of data processing under this section is to enable the Controller to exercise his legitimate interests.

The duration of data processing shall be the same as the preparation and in case of concluding a contract the validity thereof, furthermore in case of data controlling  for compliance with a legal obligation, the time period defined by law.

With consideration to the fact that the data processing described in this section is the Controller’s or third party’s legitimate interest, the provision of such personal data is mandatory and refusal to provide the data may result in refusal to conclude the Contract or execute the Contract.

2.3.4 Consent of the Data Subject

Personal data shall be processed in certain cases on the basis of the Data Subject’s consent (voluntary expression of explicit will, based on specific and proper information). The Data Subject shall give his or her consent to the Controller on the Controller’s website, the check-in card or the guest satisfaction questionnaire.

Consent shall be voluntary and the Data Subject shall have the right to revoke his or her consent at any time without restrictions via a written notification to the Controller. The Data Subject may send his or her written notification to either of the contact details contained in section 1 of the Privacy Policy.

Revoking his or her consent shall result in no consequences to the Data Subject. However, revoking his or her consent shall not affect the lawfulness of data processing on the grounds of consent prior to revoking it.

The Controller processes the following data upon consent: 

  1. preferences
  2. purpose of travel
  3. data related to dietary sensitivities
  4. name, phone number, email address of contact person (in case of events
  5. guest feedback information
  6. health issues (separate document to be filled out before a massage upon the masseur’s request)
  7. car registration number, value of possible fines
  8. e-mail address for purpose of direct marketing

2.4 Right to decide on automated individual decision-making, including profiling

The Controller does not pursue automated decision-making, including profiling.

3. Recipients of personal data

The Controller shall transmit the Data Subject’s personal data to the following persons and organizations (data processors):

4. Data Subject rights

The Controller examines any request of the Data Subjects within 72 hours from its receipt and answers it within 30 days. 

4.1 Right of access

The Data Subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and if so, access to the personal data and the following information:

Where the Data Subject makes the request by electronic means, and unless otherwise requested by the Data Subject, the information shall be provided in a commonly used electronic form.

The Controller shall have the right to request clarification or specification of the requested information or data processing activities from the Data Subject prior to responding to the Data Subject’s request.

In the event that the Data Subject’s right of access set forth in this section adversely affects the rights and freedoms of other persons, especially their business secrets or intellectual properties, the Controller shall have the right to refuse the  Data Subject’s request to the extent that is necessary and proportionate.

Where the Data Subject requests several copies of the above information, the Controller may charge a reasonable and proportionate fee based on administrative costs.

If the Controller does not process the personal data specified by the Data Subject, the former shall also inform the Data Subject of this fact in writing.  

4.2 Right to rectification

The Data Subject shall have the right to request the rectification of inaccurate personal data concerning him or her. The Data Subject shall have the right to have incomplete personal data completed.

Upon exercising his or her right of rectification/completion the Data Subject shall indicate exactly which data are inaccurate or incomplete and shall also communicate to the Controller the correct and complete data. The Controller has the right to request that the  Data Subject provide proper proof of the rectified data, primarily with proper documentation.

The Controller shall perform the rectification of inaccurate personal data without undue delay the.

Following rectification of the Data Subject’s personal data the Controller shall inform the persons to whom he had transferred the data without undue delay, assuming that such communication is not impossible and does not require disproportionate effort from the Controller. The Controller shall inform the Data Subject of such recipients upon the latter’s request.

4.3 Right to erasure (“right to be forgotten”)

The Data Subject shall have the right to request that the Controller erase his or her personal data without undue delay where one of the following grounds applies:

The Data Subject shall submit his or her request relating to erasure in writing and shall specify the reason for requesting the erasure of each personal data.

In the event that the Controller grants the Data Subject his or her request of erasure, the former shall erase the specified personal data from all databases and duly inform the Data Subject of it.

Where the Controller is obliged to erase the personal data, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the Data Subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data. In its communication the Controller is obliged to inform the other controllers that the Data Subject had requested the erasure of all links to or copies of his or her personal data, as well as any copies thereof.

Following erasure of the Data Subject’s personal data the Controller shall inform the persons to whom he had transferred the data without undue delay, assuming that such communication is not impossible and does not require disproportionate effort from the Controller. The Controller shall inform the Data Subject of such recipients upon the latter’s request.

The Controller is not obliged to erase the personal data in cases where the processing is necessary:

4.4 Right to restriction of processing

The Data Subject shall have the right to request that the Controller restrict the processing or use of his or her personal data without undue delay where one of the following grounds applies:

Where processing has been restricted, such personal data shall, with the exception of storage, shall only be processed with the Data Subject’s consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the EU or of a Member State.

A  Data Subject who has obtained restriction of processing shall be informed by the Controller before the restriction of processing is lifted.

Following restriction of the Data Subject’s personal data the Controller shall inform the persons to whom he had transferred the data without undue delay, assuming that such communication is not impossible and does not require disproportionate effort from the Controller. The Controller shall inform the Data Subject of such recipients upon the latter’s request.

4.5 Right to object

Considering that the Controller does not perform any data processing carried out in the public interest and has no official authority, does not pursue scientific or historical research and does not process data for statistics purposes, the right to object may be exercised on the grounds of data processing on the grounds of legitimate interests.

In the event that the the personal data of the Data Subjects are processed on the grounds of legitimate interests it is an imperative guarantee that the Data Subject shall be ensured proper information regarding the data processing of his or her data and his or her right to object. The Data Subject shall be expressly informed of this right latest at the time of initial contact.

The Data Subject is entitled to object to the processing of his or her personal data on the above grounds and in such cases the Controller shall no longer have grounds to lawfully process the Data Subject’s personal data, except in cases where it can be demonstrated that:

4.5.1 Right to object to direct marketing

The Data Subject is entitled to object to the processing of his or her personal data for direct market purposes.

Where the Data Subject objects to processing for direct marketing purposes, the Controller shall no longer process the Data Subject’s personal data for such purposes.

4.6 Right to data portability

The Data Subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Controller.

The right to data portability may only be exercised in relation to the personal data provided by the Data Subject to the Controller and

Otherwise, in cases where it is technically possible, the Controller shall directly transmit the Data Subject’s personal data to another controller designated in the Data Subject’s written request. The right to portability as defined in this section does not give rise to an obligation for the controllers to introduce or maintain technically compatible data processing systems.

With regard to data portability the Controller shall provide the data media required to transfer the data to the Data Subject free of charge.

In the event that the Data Subject’s right to data portability adversely affects the rights and freedoms of other persons, especially their business secrets or intellectual properties, the Controller shall have the right to refuse the  Data Subject’s request to the extent that is necessary and proportionate.

Measures taken in relation to data portability do not mean the erasure of the data.  The Controller shall store the data up to the point that the Controller has relevant purposes and sufficient legal grounds to do so.

4.7 Right to legal remedies

In case of any question regarding data controlling the employees of the Data Controller may be contacted via the following e-mail address: hotel@hotelvision.hu.

4.7.1 Right to lodge a complaint

The Data Subject shall have the right to lodge a complaint with the National Authority for Data Protection and Freedom of Information if he or she considers that the processing of his or her personal data by the Controller infringes on the effective data protection legislation, especially the GDPR.

The contact details for the National Authority for Data Protection and Freedom of Information:

The Data Subject shall have the right to lodge a complaint with other supervisory authorities, in particular in the EU Member State of his or her habitual residence, place of work or place of the alleged infringement.

4.7.2 Right of access to the courts (Right of legal action)

Without prejudice to his or her right to lodge a complaint, the Data Subject shall have the right of access to the courts where he or she considers that his or her rights under the GDPR have been infringed as a result of the processing of his or her personal data.

Proceedings against the Controller shall be brought before the courts of Hungary, as its activities are based in Hungary.

Pursuant to § 22. (1) of the effective Information Act, the Data Subject may also bring proceedings before the courts where the Data Subject has his or her place of habitual residence. The contact details of the Hungarian courts are available at: http://birosag.hu/torvenyszekek.

Since the Controller does not qualify as a public authority acting as an official authority of any member state, the Data Subject may bring proceedings before the courts with jurisdiction and authority at the place of the Data Subject’s place of residence in the event that his or her habitual residence is in another EU member state.

4.7.3 Other recourse options

The Data Subject shall have the right to mandate a not-for-profit body, organization or association which has been properly established in accordance with the law of an EU Member State, has statutory objectives which are in the public interest, and is active in the field of the protection of data subjects’ rights and freedoms with regard to the protection of their personal data to lodge the complaint on his or her behalf, to exercise on his or her behalf the right to receive compensation, the right to an effective judicial remedy against a supervisory authority or to bring a legal suit in front of the courts.

5. The principles of data provessing

The Controller processes the personal data lawfully, fairly and in a transparent manner, in accordance with the applicable legislation and the regulations of this Privacy Policy.

Personal data is processed by the Controller only for a specific purpose.

The Controller processes the personal data only in accordance with the purposes specified in the Privacy Policy and the applicable legislation. The scope of the personal data processed is adequate to the purposes for which they are processed. Where the Controller intends to process the personal data for a purpose other than that for which they were collected, the Controller should provide the data subject prior to that further processing with information on that other purpose and other necessary information, should  collect its express consent and provide the opportunity to prohibit the further process.

The Controller does not verify the given personal data. The accuracy of the given personal data is the sole responsibility of the person providing it, nevertheless the Controller makes reasonable efforts to delete or correct the inaccurate personal data essential with regards to the purpose of the processing. 

This Privacy Policy does not apply to the use of data in a statistically aggregated form, which may not contain any other data suitable for the identification of the Data Subject, therefore it shall not be considered as data processing or data transfer

The Controller shall ensure the security of the personal data and to ensure the protection of the collected, stored and processed personal data and to prevent their accidental loss, unauthorized destruction, unauthorized access, unauthorized use and alteration, unauthorized disclosure it shall implement appropriate technical and organisational measures and appropriate procedures. To comply with this obligation, the Controller shall oblige any third party to whom it transfers personal data.

Subject to the relevant provisions of the GDPR, the Controller is not obliged to nominate a data protection officer.

6. Miscellaneous

Where the Controller has reasonable doubts regarding the identity of the person making the request relating to sections 4.1 – 4.6 of this Policy, the Controller may request that the Data Subject provide access to additional information needed to verify his or her identity.

The Controller reserves the right to modify this Policy at any time. The Controller shall notify the Data Subject of such modifications at least 8 days prior to their entering into force via publishing on its website.

7. Record identification documents

According to the amendment of the 2016 CLVI. law , from 1st September 2021, all accommodation service providers are obliged to record identification documents (e.g. ID cards, passports)  of all guests using the document reader upon check-in. The system is protect the rights, security and property of the data subject and others. In the absence of presenting the document, the accommodation provider will refuse the accommodation service.

Esztergom, 1 Szeptember, 2021


Solva Property Ltd.

Represented by: Dargó Balázs - Managing Director

Give Experiences

Details

Pepper Recreation Park

Details

Frequently asked questions

Details

Special offers

#senior

Senior offer

Enjoy the comfort of our hotel and discover the capital of the Danube Bend!

30.08.2024. - 23.12.2024.
2 night
from 64 EUR /person/night
Details