Privacy and Data Management Statement

DATA PROCESSING INFORMATION

Hotel Premio Kft. is the data controller, thus it is responsible for the collection and use of data pertaining to individuals and business entities during its operations.

All personal data processing is carried out in compliance with applicable data protection laws.

Hotel Premio Kft., as the data controller, is fully committed to complying with the legal regulations regarding the handling of personal data, especially those outlined in Regulation (EU) 2016/679 of the European Parliament and Council.

This data processing information has been prepared based on Regulation (EU) 2016/679 of the European Parliament and Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, with attention to the content of Act CXII of 2011 on the right to informational self-determination and freedom of information.

Data Controller’s Information and Contact Details:

  • Company name: Hotel Premio Kft.
  • Registered address: (1106 Budapest, Dorogi u. 19.)
  • Tax number: 22637437-2-42
  • Company registration number: 01-09-936892
  • Website: www.hotelpremiogroup.com
  • Email: hello@hotelpremiogroup.com
  • Data Protection Information availability: /en/privacy-data-management-statement
  • NAIH registration number: NAIH-66233/2013, NAIH-66234/2013, NAIH-66235/2013

Definitions:

  • GDPR (General Data Protection Regulation): The new Data Protection Regulation of the European Union.
  • Data processing: Any operation or set of operations performed on personal data or data sets, whether automated or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  • Data processor: A natural or legal person, public authority, agency, or any other body that processes personal data on behalf of the data controller.
  • Personal data: Any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Data controller: A natural or legal person, public authority, agency, or any other body that determines the purposes and means of processing personal data, independently or jointly with others; if the purposes and means of such processing are determined by Union or Member State law, the data controller or the specific criteria for its designation may be provided for by Union or Member State law.
  • Data subject’s consent: Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
  • Data breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.
  • Recipient: A natural or legal person, public authority, agency, or any other body to whom personal data is disclosed, whether or not it is a third party. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by such public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
  • Third party: A natural or legal person, public authority, agency, or any other body other than the data subject, data controller, data processor, or persons who, under the direct authority of the data controller or data processor, are authorized to process personal data.

 

Data Processing Principles:

The data controller declares that it manages personal data as described in the data processing information and complies with the relevant legal requirements, with particular attention to the following:

  • Personal data is processed lawfully, fairly, and in a transparent manner for the data subject.
  • Personal data is collected only for specified, explicit, and legitimate purposes.
  • The purpose of data processing must be appropriate, relevant, and limited to what is necessary.
  • Personal data must be accurate and kept up to date. Inaccurate personal data must be corrected or erased without delay.
  • Personal data must be stored in a form that permits identification of data subjects only for the time necessary for the purposes for which the personal data is processed. Longer storage is allowed only for public interest archiving, scientific and historical research, or statistical purposes.
  • Personal data must be processed in a manner that ensures appropriate security, using suitable technical or organizational measures.
  • Data processing must be conducted in a way that safeguards against unauthorized or unlawful processing, accidental loss, destruction, or damage.
  • The principles of data protection apply to any information concerning an identified or identifiable natural person.
  • Data processing aims to provide the data controller’s contractual services or maintain the business relationship.
  • For data that must be provided by a registered user, the purpose of processing is to identify the user’s authorization and facilitate communication.
  • The data controller may use the data for statistical purposes.
  • The legal basis for processing is the consent of the data subject.
  • Data processing duration and data deletion depend on the specific user purpose, but data must be deleted immediately if the original purpose has been achieved. The data subject can withdraw their consent for data processing at any time by sending a letter to the contact email address. If there is no legal obstacle to deletion, the data will be erased.
  • Authorized individuals who can access the data are the data controller and its employees.
  • The data subject may request access to their personal data, its rectification, deletion, restriction of processing, and may object to processing, as well as exercise the right to data portability.
  • The data subject may withdraw their consent at any time, but this does not affect the legality of the processing carried out based on the consent before its withdrawal.
  • The data subject has the right to lodge a complaint with a supervisory authority.
  • The data subject has the right to request that the data controller rectifies or completes inaccurate personal data without undue delay.
  • The data subject has the right to request the deletion of their inaccurate personal data without undue delay, and the data controller is obligated to delete the data without undue delay if there is no other legal basis for processing.
  • Modifications or deletions of personal data can be initiated via email or letter to any of the above contact details.

 

Rights Related to Data Processing:

  • Right to Information: You may request information through the provided contact details about which data the company holds, the legal basis, purpose, source, and duration of data processing. We will provide this information without delay, but no later than within 30 days, to the email address you provided.
  • Right to Rectification: You may request that we correct any of your data through the provided contact details. We will act upon this request without delay, but no later than within 30 days, and provide information to the email address you provided.
  • Right to Erasure: You may request the deletion of your data through the provided contact details. We will carry out the deletion without delay, but no later than within 30 days, and inform you at the email address you provided.
  • Right to Restriction: You may request that we restrict the processing of your data through the provided contact details. The restriction will continue as long as the reason specified by you necessitates the storage of the data. We will act upon your request without delay, but no later than within 30 days, and inform you at the email address you provided.
  • Right to Object: You may object to the processing of your data through the provided contact details. We will examine the objection as soon as possible, but no later than within 30 days, make a decision regarding its validity, and inform you via email. The objection can be general or relate to a specific case.

Enforcement of Rights Related to Data Processing

  • If you experience any unlawful data processing, please notify our company so that we can restore a lawful status within a short period.
  • If you believe that restoring a lawful status is not possible, you can notify the relevant authority using the following contact details:
  • National Authority for Data Protection and Freedom of Information
    Mailing Address: 1530 Budapest, Pf.: 5.
    Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
    Phone: +36 (1) 391-1400
    Fax: +36 (1) 391-1410
    Email: ugyfelszolgalat@naih.hu

Cookies

When using the hotelpremiogroup.com website, cookies are small text files containing a unique identifier that are stored on your computer or mobile device, allowing the device to be recognized when visiting the chocome.hu website or using an application.

Cookies can be used solely for the duration of a visit to a specific page or to measure how you use the service and content over time. Cookies help display key features and functions on the website and mobile applications and enhance your browsing experience. They also indicate if you viewed an advertisement and how long it was displayed, which helps measure the effectiveness of online advertising campaigns and control the frequency of ads shown to you.

Cookies also allow for the measurement of the effectiveness of marketing communications, for example, indicating if you opened a marketing email sent by us.

The service provider’s website sends a small file (cookie) to the visitor’s computer to record the fact and time of the visit, and informs the website visitor accordingly.

Scope of individuals affected by data processing: visitors of the website.

Purpose of data processing: additional services, identification, tracking of visitors.

In your browser settings, you have the right to accept or reject new cookies as a user, and to delete existing cookies. You can also set your browser to notify you whenever new cookies are placed on your computer or other devices.

If you choose to disable some or all cookies, it may affect your ability to use all features of our websites.

Data Controller does not process personal data through the use of cookies.

Cookies work differently in mobile applications, as they are embedded into the apps and use a unique identifier created by the mobile device for advertising activities. This advertising identifier can be disabled or reset in your mobile device’s privacy settings.

Data storage method: electronic.

 

Social Media

Social media is a media tool that allows messages to be spread through social users. Social media uses the internet and online platforms to transform users from content recipients to content creators.

Social media includes online platforms containing user-generated content, such as Facebook, Google+, Twitter, Instagram, etc.

Forms of social media presence can include, but are not limited to, public speeches, presentations, product or service demonstrations.

Information on social media can include, without limitation: forums, blog posts, images, videos, audio files, message boards, email messages, etc.

Scope of data processed: may include the user’s public profile picture in addition to personal data.

Scope of individuals affected: all registered users.

Purpose of data collection: promotion of the website or related web pages.

Legal basis for data processing: the user’s voluntary, explicit consent.

Data storage method: electronic.

When users upload or submit personal data, they grant the social media operator worldwide permission to store and use such content.

 

Google Analytics

The www.chocome.hu website uses Google Analytics.

When using Google Analytics:

Google Analytics uses internal cookies to generate reports for its clients about the habits of website users.

On behalf of the website operator, Google uses this information to evaluate how users interact with the website and prepares reports on website activity for the operator, allowing for the provision of additional services.

Data is stored in encrypted format on Google’s servers to prevent data misuse and make it more difficult.

Google Analytics can be disabled as follows. Quoted from the page:

Website users who do not want Google Analytics JavaScript to report their data can install the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sending information to Google Analytics. The browser add-on is compatible with most modern browsers. The Google Analytics opt-out browser add-on does not prevent data from being sent to the website itself or to other web analytics services. Google Analytics opt-out browser add-on

Google’s privacy policy: Google Privacy Policy

Detailed information on data usage and protection can be found at the above links.

Detailed privacy information: Google Privacy Policy in Detail

Data Processors

Hosting Service Provider:
Name: NaxoNet Informatikai Bt.
Address: 2400 Dunaújváros, Nap utca 2.
Phone: +36-30-59-177-59
Email: naxonet@naxonet.hu

The data you provide is stored on the server operated by the hosting service provider. Only our employees and the server operator’s staff have access to the data, and they are all responsible for ensuring the safe handling of the data.

Activity: hosting services, server services.

Purpose of data processing: ensuring the operation of the website.

Data processed: personal data provided by the data subject.

Data processing duration: until the end of the website’s operation or according to the contractual agreement between the website operator and the hosting service provider. If necessary, the data subject can request data deletion by contacting the hosting provider.

Legal basis for data processing: the data subject’s consent and data processing based on legal requirements.

  1. Accounting and tax purposes, entrusted to a bookkeeping firm:

Name: ClearMEGAdó Bt.
Address: 2030 Érd, Erzsébet utca 2.

For mailing and delivery purposes: Hungarian Post.

Applicable Data Processing Legislation

  • REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
  • Act CXII of 2011 on the right to informational self-determination and freedom of information.
  • Act CVIII of 2001 on certain issues of electronic commerce services and information society services.

Act C of 2003 on electronic communications.