Privacy Policy

Introduction

MRP-CONTROLL Kereskedelmi és Szolgáltató Kft. (Address: 7626 Pécs, Felsőmalom u. 24., phone: +36 72 517 770, e-mail: info@hotelsopianae.hu, tax number: 11362702-2-02, Company Registration Number: 02 09 063639) (hereinafter: Service Provider, data controller) submits to the following information.

According to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), we provide the following information.

This data management information regulates the data management of the https://hotelsopianae.hu/ website and the Boutique Hotel Sopianae.

The data management information is available on the following page: https://hotelsopianae.hu/adatvedelem

Amendments to the information will take effect upon publication at the above address.

Data controller and contact details

• Name: MRP-CONTROLL Kereskedelmi és Szolgáltató Kft.
• Headquarters: 7626 Pécs, Felsőmalom u. 24. » show on the map
• E-mail: info@hotelsopianae.hu
• Phone number: +36 72 517 770

Definition of terms

1. “personal data”: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

2. “data processing”: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

3. “data controller”: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

4. “data processor”: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

5. “recipient”: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

6. “consent of the data subject”: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

7. “data breach”: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Principles relating to processing of personal data

Personal data shall be:

• (a) processed lawfully, fairly and in a transparent manner in relation to the data subject (“lawfulness, fairness and transparency”);
• (b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (“purpose limitation”);
• (c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimisation”);
• (d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (“accuracy”);
• (e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (“storage limitation”);
• (f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (“integrity and confidentiality”).

The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (“accountability”).

Data management

Room reservation, request for quotation

1. The fact of data collection, the scope of data processed and the purpose of data processing:

The e-mail address does not necessarily have to contain personal data.

2. Scope of data subjects: All data subjects booking a room/requesting a quote on the website.

3. Duration of data processing, deadline for data deletion: The data will be deleted immediately after providing an answer to the User’s quotation request (in this case, the data controller is no longer entitled to send newsletters to him/her), if no room has been booked. If the User has booked a room in the Service Provider’s system, a contract has been created, so the deadline for deleting personal data is different in the case of accounting documents, since these data must be kept for 8 years according to § 169 (2) of Act C of 2000 on accounting.
Accounting documents directly and indirectly supporting the accounting (including general ledger accounts, analytical and detailed records) must be kept in a readable form for at least 8 years, in a way that can be retrieved based on the references in the accounting records.

4. The identity of the possible data controllers authorized to access the data, the recipients of the personal data: The personal data may be processed by the data controller’s sales and marketing staff, in compliance with the above principles.

5. Description of the data subjects’ rights related to data processing:

• The data subject may request from the data controller access to, rectification, erasure or restriction of processing of personal data concerning him or her, and
• may object to the processing of such personal data, and
• the data subject has the right to data portability, as well as to withdraw consent at any time.

6. The data subject can initiate access to, deletion, modification or restriction of processing of personal data, data portability, and objection to data processing in the following ways:

• by post to 7626 Pécs, Felsőmalom u. 24.,
• by e-mail to info@hotelsopianae.hu,
• by phone at +36 72 517 770.

7. the data subject’s consent, Article 6 (1) points a) and b), Section 5 (1) of the Infotv., Section 169 (2) of Act C of 2000 on accounting, and Section 13/A (3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services (hereinafter: Elker tv.):
For the purpose of providing the service, the service provider may process personal data that are technically indispensable for the provision of the service. The service provider must select and in any case operate the devices used in the provision of information society services in such a way that personal data are processed only if it is absolutely necessary for the provision of the service and for the fulfillment of other purposes specified in this Act, but even in this case only to the necessary extent and for the necessary period of time.

8. We inform you that

• data processing is based on your consent.
• you are obliged to provide personal data so that we can fulfill the room reservation or respond to the quotation request
• failure to provide data has the consequence that we cannot process your room reservation or quotation request.

Data processors used

Hosting provider

1. Activity performed by the data processor: Hosting service

2. Name and contact details of the data processor:

• RackForest Kft.
• Headquarters: 1132 Budapest, Victor Hugo utca 11. 5. em. B05001.
• E-mail: info@rackforest.com
• Phone number: +36 1 211 0044

3. The fact of data processing, the scope of data processed: All personal data provided by the data subject.

4. Scope of data subjects: All data subjects using the website.

5. The purpose of data processing: Making the website available, its proper operation.

6. Duration of data processing, deadline for data deletion: Data processing lasts until the termination of the agreement between the data controller and the hosting provider, or until the data subject’s deletion request addressed to the hosting provider.

7. Legal basis for data processing: Article 6 (1) points c) and f), and Section 13/A (3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services.

Management of cookies

1. The fact of data processing, the scope of data processed: Unique identification number, dates, times

2. Scope of data subjects: All data subjects visiting the website.

3. The purpose of data processing: Identifying users and tracking visitors.

4. Duration of data processing, deadline for data deletion:

5. The identity of the possible data controllers authorized to access the data: The data controller does not process personal data using cookies.

6. Description of the data subjects’ rights related to data processing: Data subjects have the option to delete cookies in the Tools/Settings menu of browsers, usually under the settings of the Privacy menu item.

7. Legal basis for data processing: The data subject’s consent is not required if the sole purpose of using cookies is to transmit communication over an electronic communications network or the service provider absolutely needs it to provide an information society service specifically requested by the subscriber or user.

Use of Google Ads (Adwords) conversion tracking

1. The data controller uses the online advertising program called “Google Ads (Adwords)”, and within its framework uses the Google conversion tracking service. Google conversion tracking is an analysis service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).

2. When a User reaches a website through a Google ad, a cookie required for conversion tracking is placed on their computer. The validity of these cookies is limited and they do not contain any personal data, so the User cannot be identified by them.

3. When the User browses certain pages of the website and the cookie has not yet expired, Google and the data controller can see that the User clicked on the ad.

4. Each Google Ads (Adwords) customer receives a different cookie, so they cannot be tracked through the websites of Ads (Adwords) customers.

5. The information obtained with the help of conversion tracking cookies serves the purpose of creating conversion statistics for Ads (Adwords) customers who choose conversion tracking. This way, customers are informed about the number of users who clicked on their ad and were forwarded to a page with a conversion tracking tag. However, they do not receive information that could be used to identify any user.

6. If you do not want to participate in conversion tracking, you can reject this by disabling the option to install cookies in your browser. After that, you will not be included in the conversion tracking statistics.

7. Further information and the Google privacy statement are available on the following page: www.google.de/policies/privacy/

Application of Google Analytics

1. This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are saved on your computer, thus helping to analyze the use of the website visited by the User.

2. The information created by cookies related to the website used by the User is usually transferred to one of Google’s servers in the USA and stored there. By activating IP anonymization on the website, Google shortens the User’s IP address in advance within the member states of the European Union or in other states that are party to the Agreement on the European Economic Area.

3. The full IP address is only transferred to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate how the User used the website, to prepare reports on website activity for the website operator, and to perform additional services related to website and internet use.

4. The IP address transmitted by the User’s browser within the framework of Google Analytics is not merged with other Google data. The User can prevent the storage of cookies by setting their browser accordingly, however, we would like to point out that in this case, not all functions of this website may be fully usable. You can also prevent Google from collecting and processing the data generated by cookies related to the User’s website use (including the IP address) by downloading and installing the browser plugin available at the following link. https://tools.google.com/dlpage/gaoptout?hl=hu

Customer relationship

1. The fact of data collection, the scope of data processed and the purpose of data processing:

2. Scope of data subjects: All data subjects who contact the data controller by phone/e-mail/in person or are in a contractual relationship.

3. Duration of data processing, deadline for data deletion: Data processing lasts until the termination of the legal relationship between the data controller and the data subject, or in the case of claims, for 5 years after the contract.

4. The identity of the possible data controllers authorized to access the data, the recipients of the personal data: The personal data may be processed by the data controller’s employees authorized to do so, in compliance with the above principles.

5. Description of the data subjects’ rights related to data processing:

• The data subject may request from the data controller access to, rectification, erasure or restriction of processing of personal data concerning him or her, and
• the data subject has the right to data portability, as well as to withdraw consent at any time.

6. The data subject can initiate access to, deletion, modification or restriction of processing of personal data, data portability in the following ways:

• by post to 7626 Pécs, Felsőmalom u. 24.,
• by e-mail to info@hotelsopianae.hu,
• by phone at +36 72 517 770.

7. Legal basis for data processing:

7.1. Article 6 (1) points b) and c) of the GDPR.

7.2. In the case of enforcing claims arising from the contract, 5 years according to § 6:21 of Act V of 2013 on the Civil Code.

7.3. According to Government Decree 383/2020. (VIII. 7.), the use of digital document readers is mandatory in accommodations from January 1, 2021. Upon check-in, we ask our guests for their identity card/passport and address card in order to scan it into the VIZA system and comply with the above government decree.

§ 6:22 [Limitation]
(1) Unless otherwise provided by this Act, claims shall be subject to a limitation period of five years.
(2) The limitation period begins when the claim becomes due.
(3) An agreement to change the limitation period must be made in writing.
(4) An agreement excluding the limitation period is void.

8. We inform you that

• data processing is necessary for the performance of the contract and for providing a quote.
• you are obliged to provide personal data so that we can fulfill your order/other request.
• failure to provide data has the consequence that we cannot process your order/request.

Request for quotation for conference organization / Personalized offers form

1. The fact of data collection, the scope of data processed and the purposes of data processing:

The e-mail address does not necessarily have to contain personal data.

2. Scope of data subjects: All data subjects requesting a quote on the website.

3. Duration of data processing, deadline for data deletion: Lasts until the data subject’s deletion request. The data controller informs the data subject electronically about the deletion of any personal data provided by the data subject, based on Article 19 of the GDPR. If the data subject’s deletion request also extends to the e-mail address provided by them, the data controller will also delete the e-mail address after providing the information.

4. The identity of the possible data controllers authorized to access the data, the recipients of the personal data: The personal data may be processed by the data controller’s employees authorized to do so, based on the provisions of this information.

5. Description of the data subjects’ rights related to data processing:

• The data subject may request from the data controller access to, rectification, erasure or restriction of processing of personal data concerning him or her, and
• the data subject has the right to data portability, as well as to withdraw consent at any time.

6. The data subject can initiate access to, deletion, modification or restriction of processing of personal data, data portability in the following ways:

• by post to 7626 Pécs, Felsőmalom u. 24.,
• by e-mail to info@hotelsopianae.hu,
• by phone at +36 72 517 770.

7. Legal basis for data processing: Article 6 (1) point b) of the GDPR.

8. We inform you that

• data processing is necessary for providing a quote.
• you are obliged to provide personal data so that we can send you a quote.
• failure to provide data has the consequence that we cannot give you a personalized offer.

Contact

1. The fact of data collection, the scope of data processed and the purpose of data processing:

The e-mail address does not necessarily have to contain personal data.

2. Scope of data subjects: All data subjects sending a message through the contact form.

3. Duration of data processing, deadline for data deletion: Lasts until the data subject’s deletion request.

4. The identity of the possible data controllers authorized to access the data, the recipients of the personal data: The personal data may be processed by the data controller’s employees authorized to do so.

5. Description of the data subjects’ rights related to data processing:

• The data subject may request from the data controller access to, rectification, erasure or restriction of processing of personal data concerning him or her, and
• the data subject has the right to data portability, as well as to withdraw consent at any time.

6. The data subject can initiate access to, deletion, modification or restriction of processing of personal data, data portability in the following ways:

• by post to 7626 Pécs, Felsőmalom u. 24.,
• by e-mail to info@hotelsopianae.hu,
• by phone at +36 72 517 770.

7. Legal basis for data processing: the data subject’s consent, Article 6 (1) points a) and b).

8. We inform you that

• this data processing is based on your consent and is necessary for contacting or providing a quote
• you are obliged to provide personal data in order to contact us.
• failure to provide data has the consequence that you cannot contact the service provider.

Newsletter, DM activity

1. 1. According to Section 6 of Act XLVIII of 2008 on the basic conditions and certain restrictions of economic advertising activity, the User may give prior and express consent to the Service Provider to contact them with advertising offers and other mailings at the contact details provided during registration.

2. 2. Furthermore, the Customer, bearing in mind the provisions of this information, may consent to the Service Provider processing their personal data necessary for sending advertising offers.

3. 3. The Service Provider does not send unsolicited advertising messages, and the User can unsubscribe from receiving offers free of charge, without restriction and justification. In this case, the Service Provider deletes all personal data necessary for sending advertising messages from its records and does not contact the User with further advertising offers. The User can unsubscribe from the advertisements by clicking on the link in the message.

4. 4. The fact of data collection, the scope of data processed and the purpose of data processing:

5. Scope of data subjects: All data subjects subscribing to the newsletter.

6. The purpose of data processing: sending electronic messages (e-mail, sms, push message) containing advertisements to the data subject, providing information about current information, products, promotions, new functions, etc.

7. Duration of data processing, deadline for data deletion: data processing lasts until the withdrawal of the consent declaration, i.e. until unsubscription.

8. The identity of the possible data controllers authorized to access the data, the recipients of the personal data: The personal data may be processed by the data controller’s sales and marketing staff, in compliance with the above principles.

9. Description of the data subjects’ rights related to data processing:

• The data subject may request from the data controller access to, rectification, erasure or restriction of processing of personal data concerning him or her, and
• may object to the processing of his or her personal data and
• the data subject has the right to data portability, as well as to withdraw consent at any time.

10. The data subject can initiate access to, deletion, modification or restriction of processing of personal data, data portability, and objection in the following ways:

• by post to 7626 Pécs, Felsőmalom u. 24.,
• by e-mail to info@hotelsopianae.hu,
• by phone at +36 72 517 770.

11. The data subject can unsubscribe from the newsletter free of charge at any time.

12. Data processor used during data processing:

• MailChimp
• The Rocket Science Group, LLC
• 675 Ponce de Leon Ave NE
• Suite 5000
• Atlanta, GA 30308 USA

13. Legal basis for data processing: the data subject’s consent, Article 6 (1) points a) and f), and Section 6 (5) of Act XLVIII of 2008 on the basic conditions and certain restrictions of economic advertising activity:

The advertiser, the advertising service provider, or the publisher of the advertisement – within the scope specified in the consent – keeps a record of the personal data of persons who have made a consent declaration with them. The data recorded in this register – relating to the addressee of the advertisement – may only be processed in accordance with the provisions of the consent declaration, until its withdrawal, and may only be transferred to a third party with the prior consent of the person concerned.

14. We inform you that

• data processing is based on your consent and the legitimate interest of the service provider.
• you are obliged to provide personal data if you want to receive a newsletter from us.
• failure to provide data has the consequence that we cannot send you a newsletter.

Complaint management

1. The fact of data collection, the scope of data processed and the purpose of data processing:

2. Scope of data subjects: All data subjects who have a quality complaint or complaint regarding the hotel’s services.

3. Duration of data processing, deadline for data deletion: The minutes, transcript and copy of the response to the recorded complaint must be kept for 5 years based on Section 17/A (7) of Act CLV of 1997 on consumer protection.

4. The identity of the possible data controllers authorized to access the data, the recipients of the personal data: The personal data may be processed by the data controller’s sales and marketing staff, in compliance with the above principles.

5. Description of the data subjects’ rights related to data processing:

• The data subject may request from the data controller access to, rectification, erasure or restriction of processing of personal data concerning him or her, and
• may object to the processing of such personal data, and
• the data subject has the right to data portability, as well as to withdraw consent at any time.

6. The data subject can initiate access to, deletion, modification or restriction of processing of personal data, data portability, and objection to data processing in the following ways:

• by post to 7626 Pécs, Felsőmalom u. 24.,
• by e-mail to info@hotelsopianae.hu,
• by phone at +36 72 517 770.

7. Legal basis for data processing: Article 6 (1) point c), and Section 17/A (7) of Act CLV of 1997 on consumer protection.

8. We inform you that

• the provision of personal data is based on a legal obligation.
• the processing of personal data is a precondition for concluding the contract.
• you are obliged to provide personal data so that we can handle your complaint.
• failure to provide data has the consequence that we cannot handle your complaint received by us.

Internal data protection (data sheet)

1. The legal basis for data processing: Article 6 (1) point c) of the GDPR.

2. The purpose of data processing: compliance with legal regulations related to tourism tax.

3. Duration of data processing, deadline for data deletion: as long as the competent authority can check the fulfillment of the obligations specified in the given legislation, and in the case of a contract, the deadline – in accordance with Section 169 (2) of Act C of 2000 on accounting – is December 31 of the 7th year following the given year.

4. Scope of data processed: name, e-mail, address, ID card number, citizenship, date of birth, license plate number, other personal data.

5. The identity of the possible data controllers authorized to access the data: The personal data may be processed by the data controller’s employees, in compliance with the above principles.

6. Description of the data subjects’ rights related to data processing:

• The data subject may request from the data controller access to, rectification, erasure or restriction of processing of personal data concerning him or her, and
• the data subject has the right to data portability, as well as to withdraw consent at any time.

9. The data subject can initiate access to, deletion, modification or restriction of processing of personal data, data portability in the following ways:

• by post to 7626 Pécs, Felsőmalom u. 24.,
• by e-mail to info@hotelsopianae.hu,
• by phone at +36 72 517 770.

Social media sites

1. The fact of data collection, the scope of data processed: name registered on Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc. social media sites, and the user’s public profile picture.

2. Scope of data subjects: All data subjects who have registered on Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc. social media sites and have “liked” the website.

3. The purpose of data collection: Sharing, “liking”, promoting certain content elements, products, promotions of the website or the website itself on social media sites.

4. Duration of data processing, deadline for data deletion, the identity of the possible data controllers authorized to access the data and description of the data subjects’ rights related to data processing: The data subject can find information about the source of the data, its processing, the method of transfer