top of page

PRIVACY POLICY

DATA PROTECTION AND DATA MANAGEMENT POLICY

Effective: 2021. from 15.06

 

 

General provisions

Amatrine Creative Agency (Opra-Szabó Zsuzsa EV, registered office address: 8243 Balatonakali, Csárdás u. 26. 1., tax number: 66220192-1-39, e-mail:info@lunarossa-balaton.eu,phone: +36 30 082 9252) (hereinafter: Service Provider, Data Controller), as the operator of the Luna Rossa Boutique Apartment, submits to the following information.

 

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL On the protection of natural persons with regard to the processing of personal data and on the free flow of such data and on the repeal of Regulation 95/46/EC (General Data Protection Regulation) (April 2016) 27.), I provide the following information.

 

The policy is available from the following page:

 

https://www.lunarossa-balaton.eu/adatvedelmi_tajekoztato

 

Amendments to the regulations will come into effect upon publication at the above address. By entering the website and using the website, the Customer accepts these provisions as binding.

 

The purpose of the regulations is to define the scope of personal data managed by the Data Controller, the method of data management, and to ensure the enforcement of the constitutional principles of data protection and data management, the requirements of data security in order to ensure that the privacy of natural persons of the user is respected and that the personal data of the data subjects are processed automatically. , or during treatment.

 

This data protection regulation by the Service Provider awww.lunarossa-balaton.eurecords the data protection and data management principles applied on its website and related social media sites (hereinafter: websites), as well as at its location as an accommodation facility, and informs customers about this in an understandable form. The data protection policy can only be interpreted in connection with the activities of the accommodation provider.

 

  1. 1.    Interpretative provisions

    1. 1.1.    Data manager:

 

A natural or legal person, or an organization without legal personality, who independently or together with others determines the purpose of data management, makes and implements decisions regarding data management (including the tool used), or implements them with the data processor.

 

  1. 1.2.    Data management:

 

Regardless of the procedure used, any operation performed on the data or the set of operations, including in particular the collection, recording, recording, organization, storage, alteration, use, query, transmission, disclosure, coordination or connection, locking, deletion and destruction of the data, as well as further use

preventing it, taking photographs, audio or video recordings, and recording physical characteristics suitable for identifying the person (e.g. fingerprints or palm prints, DNA samples, iris images).

 

  1. 1.3.    Personal data:

 

Any information relating to an identified or identifiable natural person ("data subject"); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as a name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable;

 

  1. 1.4.    Contribution:

 

The voluntary and decisive declaration of the data subject's will, which is based on adequate information, and with which he gives his unequivocal consent to the processing of his personal data - in full or covering certain operations.

 

  1. 1.5.    Data processing:

 

Performing technical tasks related to data management operations, regardless of the method and tool used to perform the operations, as well as the place of application, provided that the technical task is performed on the data.

 

  1. 1.6.    Data processor:

 

the natural or legal person or organization without legal personality who processes data on the basis of a contract - including a contract concluded on the basis of the provisions of the law.

 

  1. 1.7.    Concerned:

 

any natural person identified or - directly or indirectly - identifiable on the basis of specific personal data.

 

  1. 2.  The data controller and his contact details:

Name: Amatrine Creative Agency - Zsuzsa Opra-Szabó EV 

Headquarters: 8243 Balatonakali, Csárdás utca 26. 1. 

Address of the apartment: 8243 Balatonakali, Csárdás u. 26. 2.

E-mail:info@lunarossa-balaton.eu

Phone: +36 30 082 9252

 

  1. 3.  Data management

This regulation covers only the processing of the data of natural persons, given that personal data can only be interpreted in relation to natural persons.

  1. 3.1    Website

 

THEwww.lunarossa-balaton.eu during visits to the website, we send one or more cookies - a small packet of information that the server sends to the browser, and then the browser sends back to the server for every request directed to the server - to the Customer's computer, through which (s) the browser can be uniquely identified will be These cookies work exclusively to improve the user experience and for statistical purposes.

  • 1.    The fact of the data management, the scope of the managed data: Unique identification number, dates, times

  • 2.  Stakeholders: All stakeholders visiting the website.

  • 3.  Purpose of data management: Identification of users and tracking of visitors.

  • 4.  Duration of data management, deadline for data deletion:

 

Cookie type:            

Session cookies (session: PHPSESSID)

Legal basis for data management:

CVIII of 2001 on certain issues of electronic commercial services and information society services. Act (Elkertv.) 13/A. (3) of §

Description:

(session cookie) identifies the logged-in user's computer

Data management duration:

The period until the relevant visitor session is closed

 

Cookie type:

_ga (Google Analytics cookie)*

Legal basis for data management:

CVIII of 2001 on certain issues of electronic commercial services and information society services. Act (Elkertv.) 13/A. (3) of §

Description:

Used to distinguish users

Data management duration:

2 years

 

Cookie type:   

_gid (Google Analytics cookie)*

Legal basis for data management:

CVIII of 2001 on certain issues of electronic commercial services and information society services. Act (Elkertv.) 13/A. (3) of §

Description:

Used to distinguish users

Data management duration:

24 hours

 

Cookie type:   

_gat (Google Analytics cookie)*

Legal basis for data management:

CVIII of 2001 on certain issues of electronic commercial services and information society services. Act (Elkertv.) 13/A. (3) of §

Description:

It is used to reduce the request rate

Data management duration:

1 minute

*Source:https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

  • 5.  The person of the possible data controllers entitled to access the data: The data controller does not manage personal data through the use of cookies.
  • 6.  Description of the rights of data subjects related to data management: The data subject has the option to delete cookies in the Tools/Settings menu of browsers, usually under the settings of the Data Protection menu item.

  • 7.  Legal basis for data management: Consent from the data subject is not required if the sole purpose of using cookies is the transmission of information via an electronic communication network or if the service provider absolutely needs it to provide a service related to the information society specifically requested by the subscriber or user.

 

Use of Google Analytics

 

This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are saved on your computer, thus facilitating the analysis of the use of the website visited by the User.

 

The information created by cookies related to the website used by the User is usually sent to and stored on one of Google's servers in the USA. By activating IP anonymization on the website, Google shortens the User's IP address beforehand within the member states of the European Union or in other states that are parties to the Agreement on the European Economic Area.

 

The full IP address is transmitted to a Google server in the USA and shortened there only in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate how the User used the website, to prepare reports related to website activity for the website operator, and to provide additional services related to website and Internet use.

 

Within the scope of Google Analytics, the IP address transmitted by the User's browser is not combined with other Google data. The User can prevent the storage of cookies by setting their browser accordingly, but please note that in this case, not all functions of this website may be fully usable. You can also prevent Google from collecting and processing the User's website usage data (including IP address) through cookies by downloading and installing the browser plugin available at the following link:https://tools.google.com/dlpage/gaoptout?hl=en

 

  1. 3.2     On-line quote request/booking

 

  • 1.    The fact of data collection, the scope of the processed data:

 

Personal data / Purpose of data management

Time of arrival/price offer/booking required for calculation

Date of departure / Price offer/booking required for calculation

Number of adults / Required for price quote/booking calculation

Number of children / Price offer/booking required for calculation

Children's age / Required for price quote/booking calculation

Supply / Price offer/reservation required for calculation

Surname / Required for identification

First name / Required for identification

Phone number / Required for contact

E-mail / Necessary for keeping in touch and sending reply messages

Street, house number / Required to issue an advance invoice

Settlement / Down payment is required to issue an invoice

Postal code / Required for issuing an advance invoice

Country / Required to issue an advance invoice

Note / Required to answer

Time of contact / Necessary to perform a technical operation

In the case of the e-mail address, it is not necessary that it contain personal data.

  • 2.  Stakeholders: All stakeholders who send a message via the form under the Reservation menu item.

  • 3.  The duration of data management, the deadline for data deletion: It lasts until the data subject's request for deletion.

  • 4.  The person of the possible data controllers entitled to access the data, the recipients of the personal data: The personal data can be processed by the data controller.

  • 5.  Description of the rights of data subjects related to data management: The data subject may request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and the data subject has the right to data portability and to withdraw consent at any time.

  • 6.  The person concerned can initiate access to personal data, its deletion, modification or limitation of processing, data portability in the following ways:

  • by post: 8243 Balatonakali Csárdás u. 26.1.

  • by phone: +36 30 082 9252,

  • by email:info@lunarossa-balaton.euat e-mail address.

  • 7.  The legal basis for data management: the consent of the data subject, Article 6(1)(a) and (b) GDPR.

  • 8.  We inform you that this data management is based on your consent and for booking accommodation

 required.

  • you are required to provide personal data in order to contact us. Failure to provide data results in the inability to contact the Service Provider.

 

  1. 3.3     Registration obligation, tourism tax registration book

 

  • 1.    The fact of data collection, the scope of the processed data:

    • Name

    • Address

    • Place of birth, date

    • ID number

    • Date of arrival

    • Date of departure

    • Signature

  • 2.  Stakeholders: All stakeholders using the Service Provider's boarding house as accommodation.

  • 3.  Purpose of data management: XCII of 2003 on the taxation system. Maintenance of the tourist tax register book with the data content and format specified as a record, as prescribed in paragraph (8) of § 46 of the Act.

  • 4.  Duration of data management, deadline for deletion of data: data that must be managed according to legal regulations will be kept until the deadline prescribed by law.

  • 5. 57/2011 of the representative body of the Gyula City Municipality. (XII. 16.) may be managed by the tax authority of the Gyula City Municipality.

  • 6.  Description of the rights of data subjects related to data management the data subject may request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and the data subject has the right to data portability.

  • 7.  Legal basis of data management: data management is a legal obligation for the data controller necessary for its fulfillment, Article 6 (1) point c) of the GDPR

  1. 3.4    Billing

 

    • 1.    The fact of data collection, the scope of the processed data:

      • Billing name

      • Billing address

    • 2.  Stakeholders: All stakeholders using the Service Provider's boarding house as accommodation.

    • 3.  Purpose of data management: Issuance of invoices in accordance with accounting legislation.

    • 4.  Duration of data management, deadline for deletion of data: 8 years based on Section 169 (2) of Act C of 2000 on accounting.

    • 5.  The person of the possible data controllers entitled to access the data: personal data can only be processed by the data controller.

    • 6.  Description of the rights of data subjects related to data management: the data subject may request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and the data subject has the right to data portability.

    • 7.  The legal basis for data management: data management is necessary to fulfill the legal obligation of the data controller, Article 6 (1) point c) of the GDPR, and CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. Act 13/A. (3) of §

 

  1. 3.5  Accounting tasks

 

    • 1.    The fact of data collection, the scope of the processed data:

      • Name

      • Address

      • Place of birth, date

      • ID number

      • Date of arrival

      • Date of departure

      • Billing name

      • Billing address

    • 2.  Stakeholders: All stakeholders using the Service Provider's boarding house as accommodation.

    • 3.  Purpose of data management: accounting tasks

    • 4.  Duration of data management, deadline for deletion of data: 8 years based on Section 169 (2) of Act C of 2000 on accounting.

    • 5.  The person of the possible data controllers entitled to access the data: personal data can only be processed by the data controller and the accountant as data processor.

    • 6.  Description of the rights of data subjects related to data management:  the data subject may request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and the data subject has the right to data portability.

    • 7.  The legal basis for data management: data management is necessary to fulfill the legal obligations of the data controller, Article 6 (1) point c) of the GDPR, and CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. Act 13/A. (3) of §

 

  1. 3.6    Contact

 

    • 1.    The fact of data collection, the scope of the processed data:

    • •    Name

    • •    Phone number

    • 2.  Stakeholders: All stakeholders using the Service Provider's boarding house as accommodation.

    • 3.  Purpose of data management: Contact

    • 4.  The duration of data management, the deadline for data deletion: It lasts until the data subject's request for deletion.

    • 5.  The person of the possible data controllers entitled to access the data: personal data can only be processed by the data controller.

    • 6.  Description of the rights of data subjects related to data management:

    • •    the data subject may request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and the data subject has the right to data portability, as well as the right to withdraw consent at any time.

    • 7.  The legal basis for data management: the consent of the data subject, Article 6 (1) points a) and b) of the GDPR.

 

  1. 3.7    Employees' employment-related data management

 

    • 1.    The fact of data collection, the scope of the processed data:

 

The Data Controller manages data for the establishment of facts related to the employment relationship of employees, payroll, social security administration and statistical data provision. Data processed:

 

    • •    employee name;

    • •     birth name of employee;

    • •    place of birth;

    • •    date of birth;

    • •    mother's birth name;

    • •    residence;

    • •    tax identification number;

    • •    social security identification number (TAJ number);

    • •    identity card number;

    • •    number of the official ID card confirming residential address;

    • •    current account number;

 

    • 2.  The range of stakeholders: All employees of the data controller.

    • 3.  The purpose of data management: establishing, fulfilling or terminating an employment relationship.

    • 4.  Duration of data management, deadline for deletion of data: storage deadline determined by applicable legislation.

    • 5.  The person of the possible data controllers entitled to access the data: personal data can only be handled by the employee of the data controller dealing with labor matters, the owner exercising employer rights and the accounting/payroll company.

    • 6.  Description of the rights of data subjects related to data management:

    • •    the data subject may request from the data controller access to the personal data concerning him, their correction, deletion or restriction of processing, and the data subject has the right to data portability, as well as the right to withdraw consent at any time.

    • 7.  The legal basis for data management: fulfillment of a contract (employment contract) and fulfillment of a legal obligation, Article 6 (1) point b) and c) of the GDPR.

 

Relevant legal requirements:

 

    • •    Section 10 (1) and (3) of Act I of 2012 on the Labor Code

    • •    The    social insurance     about your services    and    for private pension     about those entitled,    as well as     LXXX of 1997 on the coverage of these services. law

    • •     LXXXIII of 1997 on compulsory health insurance. law

    • •    The Personal Income Tax Act of 1995. CXVII law

 

  1. 4.  Requested Data Processors

  2. 4.  4.1    Hosting provider

 

    • 1.    Activity provided by data processor: Storage service

    • 2. Name and contact information of data processor:

 

Wix.com, Inc, 40 Namal Tel Aviv St., Tel Aviv, Israel, at Wix.com Inc. , 500 Terry A. Francois Boulevard, 6th Floor, San Francisco, CA, 94158, or at Wix.com Luxembourg S.a.r.l, 5, rue Guillaume Kroll, L-1882 Luxembourg

 

    • 3.  The fact of the data management, the scope of the managed data: All personal data stored by the data controller on the website, as well as thewww.lunarossa-balaton.euall personal data and cookies provided on the website.

    • 4.  Stakeholders: All stakeholders using the website.

    • 5.  The purpose of data management: Making the website available and operating it properly.

    • 6.  Duration of data management, deadline for data deletion: Data management lasts until the termination of the agreement between the data controller and the storage provider, or until the deletion request addressed to the storage provider by the data subject.

    • 7.  The legal basis for data processing: Article 6, paragraph (1) point f) of the GDPR, and CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. Act 13/A. (3) of §

    • 8.  The rights of the data subject:

    • the.    You can find out about the conditions of data management,

    • b.    You are entitled to receive feedback from the data controller as to whether your personal data is being processed, and to access all information related to data processing.

    • c.    You are entitled to receive your personal data in a segmented, widely used, machine-readable format.

    • d.    You are entitled to have your inaccurate personal data corrected without undue delay upon your request.

    • e.    You can object to the processing of your personal data.

 

 

The Customer's data is handled exclusively by data processing carried out with a computer technology device. The purpose of the automatically recorded data is to create statistics, the technical development of the IT system, and the protection of users' rights. The automatically recorded data (log files, log files) are as follows: the dynamic IP address of the customer's computer, depending on the settings of the customer's computer, the type of computer operating system and browser used by the customer, the customer's activity on the Website. On the one hand, the use of this data serves technical purposes - e.g. secure operation and subsequent control of the servers, on the other hand, the Data Controller uses this data to prepare page usage statistics and analyze user needs in order to improve the quality of services. The above data are not suitable for identifying the customer, and the Service Provider does not connect them with other personal data.

 

  1. 4.2    Community pages

 

    • 1.    The fact of the data collection, the scope of the processed data: Facebook, Google+, Twitter, Pinterest, Youtube, Instagram, etc. the name registered on social networking sites and the user's public profile picture.

 

    • 2.  Stakeholders: All stakeholders who have registered on Facebook, Google+, Twitter, Pinterest, Youtube, Instagram, etc. on social networking sites and "liked" the website.

    • 3.  The purpose of data collection: To promote the sharing or "liking" of certain content elements, products, promotions or the website itself on social networks.

 

    • 4.  The duration of the data management, the deadline for deleting the data, the identity of the possible data managers entitled to access the data and the description of the rights of the data subjects related to data management: The data subject can find information about the source of the data, its management, the method of transfer and its legal basis on the given social site. Data management takes place on social media sites, so the duration and method of data management, as well as the options for deleting and modifying data, are governed by the regulations of the given social media site.

 

    • 5.  The legal basis for data management: the voluntary consent of the concerned person to the management of his personal data on social media sites.

 

  1. 4.3    Bookkeeping and payroll

 

    • 1.    Activity provided by data processor: Accounting and payroll tasks

    • 2. Name and contact information of data processor:

 

Gábor-Ker-Conto Kft.
1093-H, Budapest
19 Lónyay Street I./1-2.

 

    • 3.  The fact of the data management, the scope of the managed data: Name, billing name, billing address.

    • 4.  Stakeholders: All stakeholders using the Service Provider's apartment as accommodation.

    • 5. Purpose of data management: Accounting and payroll tasks

    • 6.  Duration of data management, deadline for deletion of data: 8 years based on Section 169 (2) of Act C of 2000 on accounting.

    • 7.  The legal basis for data processing: Article 6 (1) point c) of the GDPR, and CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. Act 13/A. (3) of §

    • 8.  The rights of the data subject:

    • the.    You can find out about the conditions of data management,

    • b.    You are entitled to receive feedback from the data controller as to whether your personal data is being processed, and to access all information related to data processing.

    • c.    You are entitled to receive your personal data in a segmented, widely used, machine-readable format.

    • d.    You are entitled to have your inaccurate personal data corrected without undue delay upon your request.

    • e.    You can object to the processing of your personal data.

 

 

  1. 4.4    Invoicing - use of online invoicing software, Newsletters

 

    • 1.    Activity performed by data processor: Invoicing tasks

    • 2. Name and contact information of data processor:

 

Online invoicing software name: Billingo.hu

Billing contact: https://www.billingo.hu/ Name of service provider: Billingo Technologies Zrt.

Headquarters: 1133 Budapest, Árbóc utca 6. I. floor

 

Newsletter sending system service: Mailchimp

www.mailchimp.com 

    • 3.  The fact of data management, scope of managed data: Name, billing name, billing address

    • 4.  Stakeholders: All stakeholders using the Service Provider's boarding house as accommodation.

    • 5.  Purpose of data management: Invoicing tasks

    • 6.  Duration of data management, deadline for deletion of data: 8 years based on Section 169 (2) of Act C of 2000 on accounting.

    • 7.  The legal basis for data processing: Article 6 (1) point c) of the GDPR, and the electronic

CVIII of 2001 on certain issues of commercial services and services related to the information society. Act 13/A. (3) of §

    • 8.  The rights of the data subject:

    • the.    You can find out about the conditions of data management,

    • b.    You are entitled to receive feedback from the data controller as to whether your personal data is being processed, and to access all information related to data processing.

    • c.    You are entitled to receive your personal data in a segmented, widely used, machine-readable format.

    • d.    You are entitled to have your inaccurate personal data corrected without undue delay upon your request.

e.    You can object to the processing of your personal data. 5. Customer relations and other data management

 

    • 1.    If a question arises when using our data controller services, or if the person concerned has a problem, you can contact the data controller using the methods provided on the website (telephone, e-mail, social media sites, etc.).

    • 2.  Data manager for received e-mails, messages, on the phone, on Facebook, etc. data provided, together with the name and e-mail address of the interested party, as well as other voluntarily provided personal data, will be deleted after a maximum of 2 years from the date of data communication.

    • 3.  We provide information on data management not listed in this information when the data is collected.

    • 4.  In the case of an exceptional official request, or in the case of requests from other bodies based on the authorization of the law, the Service Provider is obliged to provide information, communicate and transfer data, and make documents available.

    • 5.  In these cases, the Service Provider only releases personal data to the requester - if he has specified the exact purpose and the scope of the data - to the extent and to the extent that is absolutely necessary to achieve the purpose of the request.

 

 

    • 6.  The rights of those concerned

    • 1.    The right of access

You are entitled to receive feedback from the data controller as to whether your personal data is being processed, and if such data processing is underway, you are entitled to access the personal data and the information listed in the regulation.

 

    • 2.  Right to rectification

You have the right to request that the data controller correct inaccurate personal data concerning you without undue delay. Taking into account the purpose of data management, you are entitled to request the completion of incomplete personal data, including by means of a supplementary statement.

 

    • 3.  The right to erasure

You have the right to request that the data manager delete your personal data without undue delay, and the data manager is obliged to delete your personal data without undue delay under certain conditions.

 

    • 4.  The right to be forgotten

If the data controller has made the personal data public and is required to delete it, it will take reasonable steps, including technical measures, taking into account available technology and the costs of implementation, to inform the data controllers that you have requested the personal data in question the deletion of links or duplicates of these personal data.

 

    • 5.  The right to restrict data processing

You have the right to have the data controller restrict data processing at your request if one of the following conditions is met:

 

    • •    You dispute the accuracy of the personal data, in which case the limitation applies to the period that allows the data controller to check the accuracy of the personal data;

    • •    the data processing is unlawful and you object to the deletion of the data and instead request the restriction of its use;

    • •    the data controller no longer needs the personal data for the purpose of data management, but you require them to present, enforce or defend legal claims;

    • •    You objected to data processing; in this case, the restriction applies to the period until it is determined whether the data controller's legitimate reasons take precedence over your legitimate reasons.

 

    • 6.  The right to data portability

You have the right to receive the personal data about you that you have provided to a data controller in a segmented, widely used, machine-readable format, and you have the right to transfer this data to another data controller without hindrance from the data controller whose provided the personal data to you (...)

 

    • 7.  The right to protest

You are entitled to object at any time to the processing of your personal data by (...), including profiling based on the aforementioned provisions, for reasons related to your own situation.

 

    • 8.  Protest on the evening of direct business acquisition

If personal data is processed for direct business acquisition, you have the right to object at any time to the processing of your personal data for this purpose, including profiling, if it is related to direct business acquisition. If you object to the processing of personal data for direct business purposes, then the personal data may no longer be processed for this purpose.

 

    • 9.  Automated decision-making in individual cases, including profiling

You have the right not to be subject to the scope of a decision based solely on automated data management, including profiling, which would have legal effects on you or would similarly significantly affect you. The previous paragraph does not apply if the decision:

    • •     Necessary to conclude or fulfill the contract between you and the data controller;

    • •     is made possible by EU or member state law applicable to the data controller, which also establishes appropriate measures for the protection of your rights and freedoms, as well as your legitimate interests; obsession

    • •    Based on your express consent.

 

    • 7.  Data security

The data manager and the data processor implement appropriate technical and organizational measures, taking into account the state of science and technology and the costs of implementation, as well as the nature, scope, circumstances and purposes of data management, as well as the variable probability and severity of the risk to the rights and freedoms of natural persons. , to guarantee a level of data security appropriate to the degree of risk, including, among others, where applicable:

 

    • a)    pseudonymization and encryption of personal data;

    • b)     ensuring the continuous confidentiality, integrity, availability and resilience of the systems and services used to manage personal data;

    • c)    in the event of a physical or technical incident, the ability to restore access to personal data and the availability of data in a timely manner;

    • d)    a procedure for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures taken to guarantee the security of data management.

 

During e-mail contact, personal data is stored in the mail system, which can be accessed from a computer or phone. We take appropriate measures to ensure that a

we protect personal data against, among other things, unauthorized access or unauthorized changes. Regular backup data is part of the hosting service.

Personal data is stored on computers, telephones and storage space owned and exclusively used by Zsuzsa Opra-Szabó EV  -  Amatrine Creative Agency. Use of computers and telephones is password protected. Access to the storage space and the administration interface of the website is possible with a username and password known to the data controller.

 

In terms of paper-based data storage, there is an appointment diary for the exclusive use of the data controller, in which telephone numbers are stored, as well as the tourist tax registration book, which is kept locked away from unauthorized persons. Notification sheets and account blocks containing personal data are also stored in a lockable place.

 

In order to ensure the security of paper-based personal data, the z Data Controller applies the following measures:

    • •    the data can only be seen by those authorized to do so, no one else can access them, they cannot be disclosed to others;

    • •    the    documents    good    lockable,    dry,     asset protection    with equipment    places it in a provided room;

    • •    only those in charge can access documents in continuous active processing;

    • •    During the day, the employee of the Data Controller performing data management can only leave the room where data management is taking place by blocking the data carriers entrusted to him or by closing the office;

    • •    the employee of the Data Controller who performs data management closes the paper-based data carrier after completing the work;

 

Safe    data transfer    we operate with a channel    the    www.lunarossa-balaton.eu    website:     With SSL certificate, using HTTPS protocol. For an HTTPS connection, if the user

 you must provide personal information via a data entry form, the user and the host computer

Communication between   takes place via an encrypted channel with special coding. So to a minimum

 it is possible that this personal information falls victim to phishing.

 

 

    • 8.   NOTIFICATION OF THE DATA PROTECTION INCIDENT

If the data protection incident likely involves a high risk for the rights and freedoms of natural persons, the data controller shall inform the data subject of the data protection incident without undue delay.

 

In the information provided to the data subject, the nature of the data protection incident must be clearly and comprehensibly described, and the name and contact details of the data protection officer or other contact person providing additional information must be provided; the likely consequences of the data protection incident must be described; the measures taken or planned by the data controller to remedy the data protection incident must be described, including, where appropriate, measures aimed at mitigating any adverse consequences resulting from the data protection incident.

The data subject does not need to be informed if any of the following conditions are met:

 

    • •    the data controller has implemented appropriate technical and organizational protection measures and these measures have been applied to the data affected by the data protection incident, in particular those measures - such as the use of encryption - that would be unintelligible to persons not authorized to access personal data they make the data;

    • •    after the data protection incident, the data controller has taken additional measures to ensure that the high risk to the rights and freedoms of the data subject is unlikely to materialize in the future;

    • •    information would require a disproportionate effort. In such cases, the data subjects must be informed through publicly published information, or a similar measure must be taken that ensures similarly effective information to the data subjects.

 

 

If the data controller has not yet notified the data subject of the data protection incident, the supervisory authority, after considering whether the data protection incident is likely to involve a high risk, may order the data subject to be informed.

 

    • 9.  REPORT OF DATA PROTECTION INCIDENT TO THE AUTHORITY

The data controller shall report the data protection incident to the competent supervisory authority pursuant to Article 55 without undue delay and, if possible, no later than 72 hours after becoming aware of the data protection incident, unless the data protection incident is likely to pose no risk to the rights of natural persons and freedoms. If the notification is not made within 72 hours, the reasons justifying the delay must also be attached.

 

    • 10.  POSSIBILITY TO COMPLAINT

You can file a complaint with the National Data Protection and Freedom of Information Authority against possible violations of the data controller:

 

National Data Protection and Freedom of Information Authority

Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Mailing address: 1530 Budapest, PO Box: 5. Phone: +36 -1-391-1400

Fax: +36-1-391-1410

E-mail:ugyfelszolgalat@naih.hu

bottom of page