Privacy statement

Introduction

In accordance with the provisions of Decree 2016/679 of the European Parliament and of the Council, Act V of 2013 (Civil Code) on the right to information self-determination and Act Act CXII of 2011 on freedom of information, Act I od 2012 on the Labour Code of 2012 (LC), Act CXVII of 1995 on Personal Income Tax Act CL on of 2017 on the order of Taxation and Act CLV on Consumer Protection, R & G Smart Event Bt. ( hereinafter referred to as Company) creates a Policy for the Management and Protection of Personal Data (hereinafter referred to as Privacy Statement). The Policy provides information on the issues of managing the data emerge in handling the personal information related to the business activity of Swim Life Ltd before the commencement of managing the data concerned. These issues include the facts, the purpose, legal basis and duration of the data management. This policy covers the rights and remedies of the people affected regarding data management.

I. Definitions, concepts

1. Person Affected

Any natural person identified or identifiable based on the personal details.

2. Personal details

Information related to the person affected – in particular the name, identifying code, other physical, physiological, mental, economic, cultural or social information identitying the person concerned and the conclusion that may be deduced from the data related to the person afected.

3. Special data

Data related to

3.1. racial origin,
3.2. nationality,
3.3. political opinion or party affiliation,
3.4. religious or other ideological beliefs,
3.5. sexual orientation,
3.6. health status,
3.7. harmful / abnormal passions,
3.8. criminal record

Special Data is not requested by the Data Manager and is not handled. Any special data entered or received in any way by the Data Manager is deleted immediately by the Data Manager.

4. Owner of personal data

All natural persons who contact the Data Manager and request information from the Data manager by providing their personal information.

5. Data Manager

A natural or legal person or a non-legal entity that independently or with others determines the purpose of data management, makes and enforces decisions on data handling (including the equipment used) or has a data processor perform it.

6. Data processor

A natural or legal person, or an organization without legal personality, who works on the basis of a contract, including a contract concluded under the provisions of the law carries out the data processing. Data processor must not make a substantive decision on data management. If a decision of the data processor regarding the execution of the technical task affects one of the essential circumstances of data management, he shall no longer be considered a data processor, but a data manager in terms of for that decision.

6.1. Data manager under this Policy:

Name:
Swim Life Ltd.

Represented by
József Németh managing director

Company registry nr.:
01-09-720392

Tax ID.:
12591262-2-43

Registered Office:, 17. 4/19.Puli sétány Budapest 1213

Email address:
info@relaxhotelheviznel.hu

Activity performed:
Providing accommodation services

6.2. As an accountant (data processor)

Name:
Mavalor Ltd.

Represented by
Kálmánné Szabó managing director
Péter Szabó managing director

Company registry nr.:
11-09-002806

Tax ID.:
11185424-2-11

Activity performed:
Providing accounting data complying with the rules on taxation and accounting rules using the data specified in the law.

6.2.1. Data storage provider (data processor)

Name:
Swim Life Ltd.

Represented by
József Németh

Tax ID.: 12591262-2-43

Activity performed:
Providing accommodation services by Hotel Relax by Hévíz.

7. Privacy incident

Illegal handling or processing of personal data, including unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage.

II. Details of data management for some specific activities

1. Scope of data managed in case of employees:

– Name
– His or her mother’s maiden name
– Date and place of birth
– Home address
– A certificate of education and qualifications
– Driver’s license number, categories
– Personal Identity card number
– Tax identification number
– Social Security number
– Bank account number

1.1. Data processing is governed by the provisions of Act I of 2012 on the Labor Code (Mt.), Act CXVII of 1995 on Personal Income Tax. (Szja tv.), the Act on Taxation of 2017, CL. (Art) and personal contributions.

1.2. The purpose of data processing is to comply with the statutory requirements for registration, disclosure of data and tax liability,

2. Data managed in case of partners:

– Name
– His or her mother’s maiden name
– Date and place of birth
– Home address
– Tax identification number
– Social Security number
– Personal Identity card number
– Number of travel documents
– Bank account number

2.1. Data processing is governed by the provisions of Act I of 2012 on the Labor Code (Mt.), Act CXVII of 1995 on Personal Income Tax. (Szja tv.), the Act on Taxation of 2017, CL. (Art) and personal contributions.

2.2. The purpose of data processing is to comply with the statutory requirements for registration, disclosure of data and tax liability, as well as the successful completion of the necessary activities for travel organization.

3. Duration of Data Management

3.1. In the case of an employee, data management takes place by the date stipulated by the law in force at the time.
3.2. With regard to a business partner, data management shall take place within 5 (five) years from the expiry of the contract or from the date of performance.

III. Access to data

1.

The Data Manager and the Data Processor have access to personal data in order to perform their duties.

2.

A lawyer representing the Data Manager can also access his / her personal data if a court procedure is initiated based on the submission by the Data Provider.

3.

In exceptional cases, the data controller transfers the personal data he or she manages to other public bodies.
3.1. The Data Handler submits the personal data case to the Archives om accordance with the legislation governing archives and based on the internal regulations on filing,
3.2. There is a court related case, and the court requires to transfer the necessary documents containing personal data,
3.3. The police contacts him or her for the transfer of documents containing personal data

IV. Data Management provisions

1.

The Data Controller manages the personal data primarily on its servers with standard security systems, in part on its own IT devices, in the case of paper media, at its headquarters, properly locked in accordance with section III. 6.2. of the policy.

2.

The Data Controller shall take reasonable steps to protect personal data against, inter alia, unauthorized access or unauthorized modification.

V. Right related to requesting information

1. Right to request information

Data Manager may require Data Manager to provide information in writing through the contact details provided under section I 6.1.:

1.1. what personal information,
1.2. on what legal grounds,
1.3. for what kind of data management purpose for,
1.4. from what source,
1.5. how long it handles the data
1.6. To whom, when, under what law, to which personal data did the data manager give access or to whom were the personal data transferred.

The data manager will complete the request within a maximum of 30 days, in a letter addressed to the address given in the application.

2. Right to rectification

The owner of the personal data may contact the Data manager in writing through the contact details provided in section 1 to request the modification of any personal information (such as his email address or change of postal address). The data manager shall complete the application within 30 days and will notify the applicant in writing through the contact provided in the application.

3. Right to Deletion

The owner of the personal data may contact the Data manager in writing through the contact details provided in section I 6.1 to request the deletion of his or her personal information. The Data Manager may reject the request for deletion if the law or an internal policy obliges the Data Manager to store personal data. However, if no such obligation exists, the Data Manager shall complete the request within 30 days and notify the applicant by letter.

4. Right to file an objection

4.1. The owner of the personal data may file a written objection by contacting the Data manager in writing through the contact details provided in section I 6.1 against data handling if Data Manager uses or transfers his or her personal data for direct business acquisition, polling or scientific research purposes.

4.2. He or she may also object to data handling even if the management of personal data is only necessary to comply with the legal obligation of the Data manager or to enforce its legitimate interest, except for legally authorized data management.

5. Right to block

The owner of the personal data may contact the Data manager in writing through the contact details provided in section I 6.1 to request the blocking of his or her personal data. Blocking tis maintained until the indicated reason makes it necessary to store the data.

6. Procedure in case of failing to exercise the rights related to data management

6.1. The Data manager will endeavour to provide the owner of the persona ldata to exercise the rights related to data management in line with the law, and to close all cases in a satisfactory manner.
6.2. If the owner of the personal data have not been able to settle his or her complaints, objections or requests related to his or her personal data in a satisfactory manner, or the owner of the personal data Owner may at any time consider that his or her personal data has been violated, or there is a direct risk to be violated, he or she is authorized to make a notification to the National Authorities of Data Protection and Freedom of Information.

Contact details of the National Authorities of Data Protection and Freedom of Information

Registered Office:, 22/c. Szilágyi Erzsébet fasor1125 Budapest
Postal address:, Pf. 5 Budapest 1530
Phone: +36 1 391 1400 Fax: +36 1 391 1410
Email: ugyfelszolgalat@naih.hu
Web: naih.hu

7. Enforcement of rights related to data management

The owner of the personal data may file a civil lawsuit against the Data Manager in case of illegal data management. The trial is governed by the jurisdiction of the court. The legal procedure can be initiated at the competent court chosen by the owner of personal data, at the place of hisor her residence (see the list of courts and contact details at the following link: http://birosag.hu/torvenyszekek.

VI. Final provisions

This Policy shall enter into force on the date of its signature and shall terminate all rules issued prior to the entry into force of this Policy on the same subject.

Budapest, 07/06/2018

József Németh
Managing director