Privacy Policy
Introduction
Hotel Solero (SOLERO Kft., headquarters: 1094 Budapest, Páva utca 13. VI./606, adress: 8600 Siófok, Batthány utca 25., Tax number: 14090853-2-43).
Data Controller (hereinafter referred to as: Company or Solero Kft.)
Solero Kft. as data controller declares that in the course of data processing, he will act in accordance with the provisions of Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter referred to as "Info Act").
Solero Kft. respects the personal rights of the Guests and has therefore prepared the following Information about Data Management (hereafter referred to as "Brochure"), which is available on the Company’s official website electronically, or in the hotels on paper.
This Brochure provides general guidance about the data handling during the services provided by the Company. The method of data handling may differ from those contained in this Brochure, however, Solero Kft. will inform the Guests of such deviations and the exact way of data management in advance. The Company will give information of any data management not included in the Brochure prior to the potential data processing.
Personal data are handled by the Company only for the predetermined purpose and for the necessary time to exercise its rights and obligations. The Company only handles personal data that is essential for the purpose of data management, and is suitable for reaching this goal.
The validity of the legal declaration made by minor children (under sixteen years of age) shall be subject to the consent or subsequent approval of his/her legal representative.
In all the cases when the Company uses the data provided for purposes other than the purpose of the original data recording, the Company will inform the data subject and requests his prior, express consent, or offers him the option to prohibit its use.
The personal data obtained in the course of data processing by the Company should only be disclosed to persons who act on behalf of the Company or to the persons employed by the Company, who have a task in connection with the given data management.
1./ Definitions
Data subject: shall mean any natural person directly or indirectly identifiable by reference to specific personal data;
Personal data: shall mean data relating to the data subject, in particular by reference to the name and identification number of the data subject or one or more factors specific to his physical, physiological, mental, economic, cultural or social identity as well as conclusions drawn from the data in regard to the data subject;
Special data: shall mean personal data revealing racial origin or nationality, political opinions and any affiliation with political parties, religious or philosophical beliefs or trade-union membership, and personal data concerning sex life, and personal data concerning health, pathological addictions, or criminal record;
Consent: shall mean any freely and expressly given specific and informed indication of the will of the data subject by which he signifies his agreement to personal data relating to him being processed fully or to the extent of specific operations;
Objection: shall mean a declaration made by the data subject objecting to the processing of their personal data and requesting the termination of data processing, as well as the deletion of the data processed;
Data controller: shall mean the natural or legal person, or organisation without legal personality which alone or jointly with others determines the purposes and means of the processing of data; makes and executes decisions concerning data processing (including the means used) or have it executed by a data processor;
Data management: shall mean any operation or the totality of operations performed on the data, irrespective of the procedure applied; in particular, collecting, recording, registering, classifying, storing, modifying, using, querying, transferring, disclosing, synchronising or connecting, blocking, deleting and destructing the data, as well as preventing their further use, taking photos, making audio or visual recordings, as well as registering physical characteristics suitable for personal identification (such as fingerprints or palm prints, DNA samples, iris scans);
Data transfer: shall mean ensuring access to the data for a specified third party;
Disclosure: shall mean ensuring open access to the data;
Data deletion: shall mean making data unrecognisable in a way that it can never again be restored; Tagging data: shall mean marking data with a special ID tag to differentiate it;
Blocking of data: shall mean marking data with a special ID tag to indefinitely or definitely restrict its further processing;
Data processing: shall mean performing technical tasks in connection with data processing operations, irrespective of the method and means used for executing the operations, as well as the place of execution, provided that the technical task is performed on the data;
Data processor: shall mean any natural or legal person or organisation without legal personality processing the data on the grounds of a contract, including contracts concluded pursuant to legislative provisions;
Third party: any natural or legal person, or organisation without legal personality other than the data subject, the data controller or the data processor;
Privacy incident: unauthorized management or processing of personal data, including unauthorized access, alteration, transmission, disclosure, deletion or destruction, and any incidental destruction or damage.
Third-country national: Any citizen other than a Hungarian citizen who is not a national of a member of the European Economic Area, including the stateless persons.
European Economic Area (EEA): the Member States of the European Union, Iceland, Liechtenstein and Norway as party Member States, and Switzerland as a state of identical legal status.
2./ The purposes of data management
2.1 Hotel services
During the provision of services, all data management relating to the data subject is based on voluntary contribution, and its purpose is to provide the service, to maintain contact and to present the services of the Company. The personal data contained in this section will be stored by the Company for the time specified in the relevant tax and accounting regulations, and will be erased after such deadline.
For certain services, it is possible to enter additional information in the comments box, which helps to fully understand the Guest's needs, but it is not a requirement for the reservation of rooms or the use of other services.
2.1.1. Ask for a quotation, Room reservation
For online, personal (paper-based) or telephone inquiries and book reservations, the Company requests / may request the following information from the Guest
- surname,
- name,
- home address (address, town, postal code, country),
- e-mail address,
- phone number
2.1.2. Registration form
When using certain hotel services, the Guest fills in a hotel registration form, and, by handing it to the employees of the Company, gives his consent to the Company to use the following mandatory information in order to satisfy its obligation detailed in the relevant statutory requirements (in particular, the law on alien policing and tourist tax) as long as the competent authority may check its compliance with the obligations set out in the relevant legislation:
- surname,
- name,
- home address,
- place and date of birth,
- personal identification number,
- citizenship
Providing the mandatory data by the Guest is the precondition of using the hotel’s services.
By signing and handing over the registration form, the guest agrees to the handling and archiving of the personal information indicated on the registration form for the necessary duration so that the Company can exercise its rights and obligations.
2.2. Camera system
For the personal and financial security of the Guests, surveillance cameras are used in the hotels operated by the Company.
By entering the hotel, the data subject accepts that the Company will take motion pictures of him, and will manage and archive them for the necessary time (168 hours) in order to exercise its rights and meet its obligations.
2.3. Newsletter
The Company sends a newsletter only with the consent of the data subject. The data subject, by subscribing to the newsletter through the websites of the hotels, by e-mail, on paper, on the Facebook or by other means, and by giving his name and email address, accepts that the Company will send electronic newsletters to him to the e-mail address or the Facebook account give by him.
The personal data you have provided will be stored separately from the data provided for other purposes. The Company is entitled to forward the list or the data to a third party so that the recipient can receive full-scale general or personalized information about the Company's latest discounts.
The Company only manages personal data for this purpose until it intends to inform the data subject through the newsletter, or until the data subject does not unsubscribe from the newsletter list. The data subject can unsubscribe from the newsletter at any time at the bottom of the newsletters, or by sending a request to unsubscribe to info@solerohotel.hu, or to the Company’s postal address: 8600 Siófok, Batthyány str. 25.
2.4. Facebook site
The Company or the hotels etc. operated by the Company are on the Facebook Community portal separately.
The purpose of data management is to share the content found on the Company's websites and any exclusive content not found there. Using the Facebook account, the Guests can book a room, participate in prize games and find information about the latest discounts and promotions.
In the case of reservation, the system automatically redirects the Guest to the Company's website, and in such case, the data is processed as specified in Section 2.1.
You can find information on the data handling on the Facebook site in the privacy policies and regulations of the Facebook at www.facebook.com
2.5. Website visit data
The Company's website may contain links that are not operated by the Company, and are intended only to inform the visitors. The Company has no influence on the content and security of the websites operated by its partner companies, so it does not assume any responsibility for them.
The Company uses so called cookies to track its websites. When visiting the site, the system creates a cookie to record information about the visit (visited sites, time spent on our sites, browsing data, exits, etc.), which cannot be connected to the visitor's person. This tool helps to develop the website so that the Company's websites are user-friendly according to the current needs. The Company does not use the cookies to collect any personal information.
The visitors of the Company’s websites can enable or disable the cookies. Most web browsers automatically enable cookies, however, by modifying the browser settings, they can be disabled or, if set in the browser, the user can receive a warning before the cookie is stored.
However, if cookies are not enabled in the browser, you may not be able to fully use the functions of the Company's websites.
On the website, we use session cookie (small data package) that is valid until the end of the given session, so it is created for the duration of the visit, and will be automatically deleted from the user's computer afterwards. The so-called cookie is required for the website’s security, for the user-friendly solutions and for better user experience.
No personal data is stored using the cookies. The visitor can delete the cookies from his computer / browser device at any time, or the browser can be set to disable the use of cookies without which the webpage is still functional, however, the user acknowledges that his browsing experience will not be complete afterwards.
2.6. E-mail
The Company provides that anyone can contact Solero Kft. via e-mail.
The Company stores the messages until the questions are answered, and then archives the emails and stores them for 5 years.
3./ Data security
The Company manages the personal information confidentially, and does not disclose it to unauthorized persons. It protects the personal data, against, in particular, unauthorized access, change, forwarding, disclosure, deletion or destruction, as well as from inaccessibility cased by accidental destruction, damage and any change in the used technology. The Company shall take all the necessary security measures to ensure the technical protection of the personal data.
The Company’s employees can use the personal data only to the necessary extent, and only for the permitted purpose. To ensure this, they have undertaken a confidentiality obligation, which also applies after the activity is finished.
4./ Data transmission
The Company reserves the right to forward the personal data it manages to the competent authorities and courts, in the cases specified by law, without the special consent of the data subject.
The Company, to check the lawfulness of the data transfer and for informing the data subject, maintains a record of data transfer for the purposes of informing the data subject, which includes the date of transfer of the personal data it manages, the legal basis and the addressee of the data transfer, the definition of the scope of the transferred personal data and other data specified in the statutory provisions.
The Company reserves the right to forward the personal data it manages to the competent authorities and courts, in the cases specified by law, without the special consent of the data subject.
5./ Data processors
A specific list of the Company's data processors can be requested by e-mail at info@solerohotel.hu, which request will be responded to in writing within 30 (thirty) days.
6./ Legal remedy
6.1. Information
Within 25 days of the day the data subject sends a request to the email address info@solerohotel.hu or to the Company's name and address (Solero Kft., 8600 Siófok, Batthyány str. 25.), the Company shall notify the data subject about the data subject’s data managed by it or by the data processor he has mandated, their source, the purpose, the legal basis, and the duration of the data processing, the name and address of the data processor, his activity connected to data processing, the circumstances of the privacy incident, its effects, the measures taken to remedy it, and the legal basis and addressee of the legal transfer.
The Company keeps a record of the measures taken in connection with the data protection incident and to inform the data subject, including the scope of the concerned personal data, the scope and number of the persons involved in the data protection incident, the date, the circumstances, the effects and the measures taken for the data protection incident, and other statutory provisions which order the data processing.
In the event of any refusal to provide information, the Company shall inform the data subject in writing of the provisions of the law which allow him to refuse to give information, and informs the data subject of the remedies available to him.
6.2. Correction
If the personal data does not correspond to reality, and the proper personal data is available to the Company, the personal data will be corrected by the Company. The Company shall notify the data subject of the correction, and any person whom it has previously forwarded the data for data processing purposes. The notification may not be necessary if it does not violate the legitimate interests of the data subject in terms of the purposes of data handling. The correction on request, the deadline for action and the remedy options are set out in section 7.1.
6.3. Erasure and blocking, objection
For the erasure and blocking of personal data and for the objections against data processing, the provisions from section 17§ to section 21§ of the Info.tv. shall govern.
6.4. Judicial enforcement
In case of violation of the personality rights of the data subject, he may turn to a court. For the court proceedings, Section 22 of Info. tv, First 2:51 § – 2:54 § of Act V of 2013 on the Civil Code, as well as other relevant legal provisions shall apply.
6.5. Compensation for damages and grievance fee
If the Company causes harm with the unauthorized handling of the data, or by breaching the requirements of data security, or violates the personality rights of the data subject, the data subject may demand grievance fee from the data subject.
The data controller is exempt from the liability for damages and from the payment of the grievance fee if he proves that the damage or the violation of the personality rights of the data subject was caused by an unavoidable cause outside the scope of data processing. The Company is also liable for the damage caused by the data processor to the data subject, and the Company is obliged to pay grievance fee to the data subject in respect of the violation of personal data caused by the data processor. The Company shall be exempt from liability and from the payment of the grievance fee if he proves that the damage or the violation of the personality rights of the data subject was caused by an unavoidable cause outside the scope of data processing. No compensation shall be payable and no damages can be claimed in so far as it was caused by the intentional or gross negligence of the data subject.
7./ Other provisions
The Company reserves the right to modify this Brochure, of which it will notify the data subjects. The Company does not assume any responsibility for the accuracy of the information provided by the visitors of the websites, or for the data provided by the Guests.
In data protection issues, you can ask for help from the National Authority for Data Protection and Freedom of Information at any time.
Nemzeti Adatvédelmi és Információszabadság Hatóság
1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Levelezési cím: 1530 Budapest, Postafiók: 5.
Telefon: +36 -1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
8./ Technical background
For the http://hotelsiofok.hu technological background of the hosting required for the operation of the website MORGENS Design Kft. (Headquarters: 8800 Nagykanizsa, Csányi László u. 2., Tax number: 23964710-2-20) ensure.
Changes, modifications, precise data protection definitions effective from 25 May 2018 in accordance with the GDPR data protection regulations:
| TITLE OF DATA MANAGEMENT ACTIVITIES | ONLINE BOOKING / ONLLINE REQUEST |
|---|---|
| Name of the controller | Solero Kft. |
| Accessibility of the data controller | 1094 Budapest, Páva utca 13. VI./606 8600 Siófok, Batthyány utca 25. |
| The purpose of data management | simplifying the call for proposals without obligation, viewing the personalized offer made by the data controller |
| The legal basis for data handling | the express and voluntary consent of the person initiating the online call for proposals |
| Name of treated personal data | Personal information of the contracting authority as follows: name / e-mail address / phone number / address (country, postal code, city, street, house number) / IP-address (online ID) |
| The estimated duration of the processing of personal data | until the withdrawal of the consent or 360 days after the departure date of the online booking |
| Need for personal data provided by the person concerned | Online booking: the implementation of the online call for tenders initiated by the interested party, the making of a subsequent online booking process smooth, efficient and quicker in case of compliance of the bid. Online request: the possibility of a simple and convenient implementation of the order process of the gift voucher initiated by the interested party. |
| Data processing requires the use of data processors | yes |
| TITLE OF DATA PROCESSORS | |
|---|---|
| The name of the data processor | MORGENS Design Kft. |
| The address of the data processor | 8800 Nagykanizsa, Csányi László utca 2. |
| The purpose of data processing on behalf of the data controller | the operation of the online request inquiry module on the server of Tárhely.Eu Szolgáltató Kft. (1144 Budapest, Ormánság utca 4th X. floor 241.), the storage of incoming online call requests in a closed system and the possibility of answering requests for quotations |
| The name of the data processor | Rocket Science Group |
| The address of the data | 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 |
| The purpose of data processing on behalf of the data controller | Mandrill's software provides electronic mailing service for recording the online call for proposals, making a bid, validity |
| The name of the data processor | OTP Mobil Kft. |
| The address of the data processor | 1093 Budapest, Közraktár u. 30-32. |
| The purpose of data processing on behalf of the data controller | Provision of data communication for the online payment transaction between the accommodation company / enterprise and SimplePay by OTP Mobil (payment service provider) electronic system, the status of the transaction status |
| The name of the data processor | OTP Bank Nyrt. |
| The address of the data processor | 1051 Budapest, Nádor utca 16. |
| The purpose of data processing on behalf of the data controller | Provision of data communication for the online payment transaction between the accommodation company / enterprise and the electronic system of OTP Bank Nyrt. (Payment service provider), confirmation of transaction status |
| TITLE OF DATA MANAGEMENT ACTIVITIES | SIGN UP FOR NEWSLETTER |
|---|---|
| Name of the controller | Solero Kft. |
| Accessibility of the data controller | 1094 Budapest, Páva utca 13. VI./606 8600 Siófok, Batthyány utca 25. |
| The purpose of data management | contact, information |
| The legal basis for data handling | the explicit and voluntary, prior consent of the person who initiated the newsletter subscription |
| Name of treated personal data | Personal information handled for subscribing to the Newsletter as follows: subscriber's name, subscriber's e-mail address, subscriber's e-mail address (online id, subscription date, subscribe source, subscription status, subscription status date |
| The estimated duration of the processing of personal data | until the consent is withdrawn, until the newsletter is unsubscribed |
| Need for personal data provided by the person concerned | learn about the special offers of your accommodation, your current programs, and the opportunity to get information on possible individual promotions |
| Data processing requires the use of data processors | yes |
| TITLE OF DATA PROCESSORS | |
|---|---|
| The name of the data processor | MORGENS Design Kft. |
| The address of the data processor | 8800 Nagykanizsa, Csányi László utca 2. |
| The purpose of data processing on behalf of the data controller | Providing a secure, secure, online, identi- ficated and password-protected Zadir MailR system on the server of DotRoll Computing Kft. (1148 Budapest, Fogarasi út 3-5.) to the data controller for the account of the account |
| The name of the data processor | Mailgun Technologies, Inc. |
| The address of the data processor | 535 Mission St., 14th Floor, San Francisco, California 94105. |
| The purpose of data processing on behalf of the data controller | providing electronic mail functionality through Mailgun Technologies, Inc. mail delivery servers |