ARCadia Hotel Budapest
BOUTIQUARC-HOTEL LTD. – DATA MANAGEMENT GUIDE
3. BASIC PRINCIPLES OF THE BOUTIQUARC-HOTEL LTD. ABOUT DATA MANAGEMENT
4. SCOPE OF THE PERSONAL DATA, AIM, ITEM AND DURATION OF DATA MANAGEMENT
4.1. DATA OF WEBSITE VISITORS
4.2. DATA COLLECTION ABOUT EXTERNAL PROVIDERS ON THE WEBSITE
4.3. REGISTRATION DATABASE
4.5. ROOM RESERVATION REQUEST
4.6. HOTEL SERVICES REQUEST
4.8. OTHER DATA MANAGEMENTS
5. THE WAY OF STORAGE OF PERSONAL DATA, SECURITY OF DATA MANAGEMENT
6. LEGAL REMEDY
The BOUTIQUARC-HOTEL LTD. (1075 Budapest, Madách Imre tér 3-4) as data controller, is bound by the content of this legal declaration. It undertakes to guarantee that its data management related to its service corresponds to the expectations defined in this guide and current legislation.
The scope of this guide covers the management of the personal data of the provider on the www.arcadiahotelbudapest.com website and by using the service in the hotels of BOUTIQUARC-HOTEL LTD.
The hotels of the BOUTIQUARC-HOTEL LTD. and their online portals or websites including the www.arcadiahotelbudapests.com.
This data management guide about the personal data on the websites and by using the hotel services is always available on the above-specified websites.
The BOUTIQUARC-HOTEL LTD. reserves the right to change this guide anytime. The modifications of the guide enter into force by their publication on the websites. If this guide does not answer one of the questions, then please write us and you will get a precise answer.
The BOUTIQUARC-HOTEL LTD. does not take the responsibility for defaults due to the use of the system.
The BOUTIQUARC-HOTEL LTD. manages all personal data confidentially and takes all technical and organizational measures to guarantee the security of the data.
2.1. personal data: data related to the client – particularly the name, identification number, one or more special knowledge about physiological, mental, economic, cultural, or social identity, or a conclusion derived from the personal data. The person can be considered particularly identifiable if he/she can be directly identified based on factors related to name, ID number, or one or more physical, physiological, mental, economic, cultural, or social characteristics.
2.2. approval: the client declares voluntary and clear after he/she is properly notified that he/she agrees to the general or special management of personal data;
2.3. objection: declaration of the client, in which he takes an objection about the management of his/her personal data or he/she asks for the termination or cancellation of data management;
2.4. controller: the natural or legal person or certain types of entity that lack legal personality, who defines the goal of the data management and takes the decisions about data management (including the applied method) and carries out or makes carry out by an authorized controller;
2.5. data management: operation or set of operations on the data independently of the applied method, like collection, registration, archiving, organization, storage, modification, utilization, transfer, publication, modulation or association, blocking or delete, and blocking of future utilization.
The production of photo, voice, or video material, or archiving of physical features (like finger or palm print, DNA sample, iris picture) is considered data management.;
2.6. transmission of data: if the data is transferred to the third party;
2.7. publication: if the data is published;
2.8. data erasure: such a modification of the data, that they cannot be restored anymore;
2.9. data blocking: transfer, understand, publication, modification, erasure, association, modulation, or utilization for an unlimited or limited period of time;
2.10. data erasure: the erasure of data or physical destruction of the data storage system;
2.11. data elaboration: completion of technical tasks related to the data management independently of the applied method or device of the data management or the place of the application;
2.12. data processor: natural or legal person, certain types of entity which lack legal personality, who performs the processing of personal data authorized by the controller;
2.13. third party: natural or legal person, certain types of entity which lack legal personality, who is different from the client, data controller, or data processor;
2.14. third country: all countries outside the European Economic Area.
3. BASIC PRINCIPLES OF THE BOUTIQUARC-HOTEL LTD REGARDING DATA MANAGEMENT
The personal data can be managed
a) if the client approves, or
b) a law or regulation of the local municipality with the power in therein specified scope orders.
The approval of the legal representative of a legally incapacitated and restricted capacitated minor is not required, because the declaration aims at the registration in everyday life and does not require any special consideration or knowledge.
The personal data can be managed only for specific reasons, for legal obligation or performance of duty.
Data management should always fill this requirement. Only such data can be managed where the goal of the data management requires this activity and is suitable for reaching the aim within the required extent and period.
Personal data can be managed with the agreement based on the proper notification.
The client should be notified – unambiguously, clear and detailed – about all facts related to the data management, particularly about the person authorized for data management and processing, the duration of the data management, and the group of people with a right to access the data.
The notification should cover the laws and legal remedies of the client as well.
The personal data of the management have to fill the following requirements:
a) their collection and management are fair and legitimate;
b) precise, complete, and up-to-date if it is required;
c) the way of their storage makes it possible to identify the client only during the period required for the storage.
It can be applied without any restriction, and it is prohibited to apply for general and personal ID numbers.
The personal data can be transferred to a third party and different data managements can be associated, if the client approves or the law allows this action and the requirements of the data management are filled for all personal data.
The personal data (including the special data as well) can be transferred from the country to the data controller or data processor in a third country if the client approves or the law allows this action and the proper protection of the personal data related to the management or processing of transferred data is ensured in the third country independently of the data storage device and the way of data transfer.
The data transfer to the countries of the European Economic Area can be considered as data transfer within Hungary.
4. SCOPE OF PERSONAL DATA, AIM, ITEM, AND DURATION OF DATA MANAGEMENT
In the frame of the service, the management of all personal data related to the client is based on personal approval. The BOUTIQUARC-HOTEL LTD. does not take responsibility for the accuracy of the transferred data of the user or guests.
4.1. THE DATA OF THE WEBSITE VISITORS
The BOUTIQUARC-HOTEL LTD. stores the IP address, the time of the visit, and the title of the website during the visit of any website by the client for technical reasons, for a reason to make statistics about user’s habits, and for a reason to define and follow all basic principles and regulations about the management of personal data of all-natural persons contacted to the hotel, guests to protect the private sphere of the natural person according to the corresponding regulatory requirements.
The server stores the data for a week. The provider sets a small data package, a so-called cookie on the user’s computer to customize the service. The primary goal of this function is to distinguish between new and returning users and to give support for the login.
The user can delete the cookie on his computer or set his/her browser to block the cookies.
4.2. DATA COLLECTION OF EXTERNAL PROVIDERS ON THE WEBSITE
The HTML code of online portals contains references inherited from an external server and pointing to an external server independent of the BOUTIQUARC-HOTEL LTD.
4.3. REGISTRATION DATABASE
One part of the service of the BOUTIQUARC-HOTEL LTD. requires registration.
Registration means a reservation of a room on the online portal and the given personal data in case of reservation of the room.
Any activity on the portal is not possible without registration.
By the successful registration on the online portal of the BOUTIQUARC-HOTEL LTD. the data provided by the user during the registration are stored in the registration database. The goal of the management of the data in the registration database provided by the user is to ensure services are available on the website of the BOUTIQUARC-HOTEL LTD. for registered users. The user can get information about the scope of services required for registration on the website of the BOUTIQUARC-HOTEL LTD.
The client approves by the registration that the provider manages his/her personal data to fill the requirement defined above.
The provider manages the personal data provided during the registration according to the goal defined at this point for an undefined period of time and terminates the data management if the client declares in written form the withdrawal of his/her approval about the management of data aiming the goal defined in this point. In this case, all data of the client in the registration database are deleted.
By the registration, the client agrees according to the 6 paragraph of Act XLVIII of 2008 about the basic requirements and certain restrictions of commercial advertisement that the BOUTIQUARC-HOTEL LTD. is authorized to use the data received by the BOUTIQUARC-HOTEL LTD. also for marketing purposes during the period of the data management. On the basis of this approval, the BOUTIQUARC-HOTEL LTD. is (not exclusively) authorized to send to the client his/her post, e-mail or other messages, packages, newsletters or electronic advertisements, other notifications including the concierge electronic mail, which is sent by the BOUTIQUARC-HOTEL LTD. once automatically for all hotel guests after the booking to the provided e-mail address before the arrival of the guest in the hotel.
A concierge’s electronic mail might contain the following information:
Program recommendation for Budapest including prices.
Hop-On Hop-Off bus, baths, Budapest Card etc.
Airport shuttle and taxi
Possibility to register a newsletter
The BOUTIQUARC-HOTEL LTD. is authorized to use the personal data of the client for marketing purposes until the client withdraws this approval and informs the BOUTIQUARC-HOTEL LTD. in written form about his/her decision. It is considered also a withdrawal of the approval of the utilization of personal data for marketing purposes if the client withdraws his/her approval about the use of his/her personal data by the provider in the registration database.
The provider manages the first and family name, e-mail address, phone, address, password, time of registration, and IP address of the client.
The database contains information, about whether the client has requested a newsletter or not. The user can decide about the registration of the newsletter during the registration. The data management related to the newsletter is described in a separate section.
The modification of the majority of the provided data can be performed on the website. The complete erasure of the data, which can be considered as the withdrawal of the approval of the management of personal data, can be requested electronically indicated on the website or in other way in a written form defined in this guide.
The user has the possibility to register for the newsletter service on the website of the BOUTIQUARC-HOTEL LTD. by providing his/her name and e-mail address. The subscription for the newsletter service can be done also in a special menu point or by receiving other services as well.
The provider informs the users, who are registered to the newsletter service, about recent news, recommendations, and novelties. The content of the newsletters might be different according to the specified data by the users.
By providing his/her name and e-mail address during the registration to the newsletter service the user accepts that the provider sends the user a newsletter as an e-mail message, or other recommendations, and information materials and manages the personal data of the user according to the specified goal. According to this guide, the provider is authorized to manage the data until the client declares in written form the withdrawal of his/her approval about the data management for the goal specified at this point.
The provider can send occasionally other messages related to the service.
It can be unsubscribed from this newsletter service by clicking the –Unsubscribe from the newsletter (Leiratkozás a hírlevélről) menu point available in all newsletters. The un-subscription is considered as a withdrawal of the approval of the management of the e-mail address provided by the user.
4.5. ROOM RESERVATION REQUEST
The user has the possibility to request a room reservation in the hotel operated by the BOUTIQUARC-HOTEL LTD. with the form available on the website. The user enters in the form for room reservation besides the data of the reservation (particularly the time of arrival and leave, number of guests, etc.) his/her name, phone, e-mail address, and address. The user can declare on the form of the reservation request to subscribe to the newsletter. The rules related to the newsletter service are defined in a separate point.
4.6. HOTEL SERVICES REQUEST
The guest fills in a hotel registration form by requesting hotel services.
The guest agrees by signing the hotel registration form that the provider manages the obligatory data specified below to fill the requirements of the corresponding regulations (special regulations related to the public prosecutor’s office, and tax of tourism) and to prove the performance of the obligations until the competent authority could check the performance of duties specified by regulations.
The obligatory specified data are the name, address, citizenship, place, and time of birth. The specification of the obligatory data by the guest is a prerequisite for the hotel service request.
By signing the hotel registration form the guest allows the provider also to manage and archive his/her personal data by filling in the form in order to prove the validity and the completion of the contract for the possible claim within the limitation period.
There is a possibility for the guest to approve the utilization of his/her personal data for marketing purposes until the BOUTIQUARC-HOTEL LTD. is authorized to manage his/her personal data. On basis of this approval, the BOUTIQUARC-HOTEL LTD. is (not exclusively) authorized to send to the client his/her mails, e-mail, or other messages, packages, or other notifications.
The BOUTIQUARC-HOTEL LTD. is authorized to manage the personal data of the client for marketing purposes until the client withdraws in written form his/her approval about the data utilization for marketing purposes.
By sending the form including the name, the e-mail address, and the message available on the website you can contact the provider. The messages are utilized by the provider under normal conditions by archiving after completion of the request.
4.8. OTHER DATA MANAGEMENT
You are informed about the data management not enlisted in this guide during the data collection.
You are informed that the court, public prosecutor, and investigating authority are authorized to ask the provider to show and give your personal data and documents over (71st paragraph of the criminal proceeding).
The BOUTIQUARC-HOTEL LTD. gives to the authority –after the authority defined the aim and scope of the data precisely- only such a personal data over in the meaning of quantity and quality, which is inevitable to reach the goal of the request.
5. THE WAY OF STORAGE OF PERSONAL DATA, SECURITY OF DATA MANAGEMENT
The BOUTIQUARC-HOTEL LTD. chooses and operates the informatics devices in such a way that the during the service the personal data:
a) should be accessible for the eligible person (availability);
b) authenticity and validation should be ensured (authenticity of data management);
c) steadiness should be justified (data integrity);
d) protected against illegal access (confidentiality of the data).
The BOUTIQUARC-HOTEL LTD. ensures the protection of your data with such technical and organizational measures, which provides proper protection against the risks associated with data management.
The BOUTIQUARC-HOTEL LTD. maintains during the data management:
a) confidentiality: protects the information, only the eligible person can get access;
b) integrity: protects the accuracy and integrity of the information and the processing method;
c) availability: ensures the eligible person access to the desired information and the availability of the required devices.
The informatics system and the network of the BOUTIQUARC-HOTEL LTD are protected against computer fraud, espionage, sabotage, vandalism, fire and flood, viruses, intrusions, and attacks leading to refuse service.
The provider ensures security with measures on the server and application level. We inform the users that the electronic messages are vulnerable to such threats- independently of the protocol (e-mail, web, ftp, etc.)- that lead to illegal activity, contract conflicts or disclosure, or modification of information.
The provider takes all possible measures and precautions against these threads. The systems are controlled to fix all security defaults and to provide proof for all security events. The control enables also checking the efficiency of the precautions.
6. APPEAL POSSIBILITIES
The client has the right to ask for information about the management of his/her personal data, request their correction- in exception of statutory data management- or erasure through the services on the website or via electronic contact on the website, or via formal request in written form sent to the provider’s headquarter.
According to the request of the client the BOUTIQUARC-HOTEL LTD. as a data manager gives information about the managed data, the goal, plea and period of data management, name and address (headquarter) of the data processor, the activity related to the data management, the list of persons who received the data and the goal of the data transfer. The data processor gives information in written form as soon as possible, within 30 days after the request is received.
The information is free of charge if the client has not requested it from the data controller in the same year for information about the same topic. In other cases, the BOUTIQUARC-HOTEL LTD. requests a data management fee.
The BOUTIQUARC-HOTEL LTD. erases the personal data if the data management is illegal, the client requests the erasure of his/her data, the goal of the data management is not actual anymore, the period of the statutory data management has expired, the authority, or the court or data protection supervisor has requested the erasure.
The BOUTIQUARC-HOTEL LTD. informs the client and all other people who received the data about the modification, correction, or erasure of the data.
The notification can be omitted if the omission does not undermine the legitimate interest of the client in respecting the goal of the data management.
The client has the right to protest against the management of his/her personal data, if
a) the management (transfer) of personal data is required exclusively for the purposes of the legitimate interest of the data controller or processor, except if it is about a statutory data management;
b) utilization and transfer of personal data is for direct marketing, opinion polls, or scientific research;
c) nevertheless the law allows the exercising of the right of protest.
The BOUTIQUARC-HOTEL LTD. investigates the protest – with the simultaneous suspension of the data management – as soon as possible, within 15 days after the request is a receipt, and informs the client about the result of the investigation. If the protest is justified the data controller suspends and blocks the data management including the collection and transfer of further data and informs the third parties who received the transferred data and the clients who are obliged to take measures to assert their rights, about the protest request and the measures taken thereafter (suspension of data management).
If the client does not agree with the decision of the data controller, has the right to apply to the court within 30 days after receipt of the order.
The BOUTIQUARC-HOTEL LTD. has no right to erase the data of the client if it is about statutory data management. It is not allowed to transfer the data to the receiver if the data controller approved the protest or the competent court accepted the justification of the protest.
In case of infringement of the client’s right by the data controller, the client has the right to apply to the court. The court orders the case with a priority.
The BOUTIQUARC-HOTEL LTD. refunds all damages, caused by illegal management of the client’s data or infringement of the requirements of technical data protection.
The data controller does not take the responsibility for the damage if it is caused by any unavoidable circumstances outside the scope of the data management.
The data controller does not take the responsibility for the damage if it is caused intentionally or with gross negligence.