Privacy Policy

Company "Éva Földesi"
Fullhouse Apartmenthouse
Privacy policy
Effective: 01.01.2019.

1.
In the course of its activities, Éva Földesi - a private individual with a tax number (hereinafter: Data Controller) pays close attention to the protection of personal data, compliance with mandatory legal provisions, and safe and fair data management.

Data of the Data Controller: Company name: ”Éva Földesi - Fullhouse Apartmanház
Headquarters: 8621 Zamárdi Rétföldi utca 46 / B.
Tax number: 75902203-1-34
NTAK registration number: EG19003613

Based on the notification to the National Data Protection and Freedom of Information Authority, the data protection register identification number of the Data Controller is “notification in progress”.
The Data Controller handles the personal data provided to it in all cases in compliance with the applicable Hungarian and European legislation and ethical requirements, and in all cases takes the technical and organizational measures necessary for the proper secure data management.
These regulations have been prepared taking into account the following applicable legislation:

- Annual CXIX. TV. names and names for research and direct business acquisition
address data management

- annual CVIII. TV. electronic commerce services as well as information
on certain aspects of social services

- year XLVIII. TV. on the basic conditions and certain limitations of commercial advertising

- Annual CXII. tv on the right to information self-determination and freedom of information

- Regulation 2016/679 / EU of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation 95/46 / EC, the Data Controller undertakes to comply unilaterally with these rules. and requests, in a notice available on its website, that its clients also accept the provisions of the Code. The Data Controller reserves the right to change its privacy policy. If the rules are amended, the updated text will be made public.
2.
In our policy, the terms data protection have the following meaning:
- data set: the totality of the data managed in one register;
- data processor: a natural or legal person or an organization without legal personality who, on the basis of a contract, including a contract concluded in accordance with a legal provision, processes data;
- data controller: the body performing a public task which has produced data of public interest which must be published by electronic means or in the course of the operation of which this data has been generated;
- data management: any operation or set of operations on data, irrespective of the procedure used, in particular their collection, recording, recording, systematisation, storage, alteration, use, interrogation, transmission, disclosure, coordination or linking, blocking, erasure and destruction, and to prevent further use of the data, to take photographs, sound or images and to record physical characteristics capable of identifying the person (eg fingerprint or palm print, DNA sample, iris image);
- controller: the natural or legal person or entity without legal personality who, alone or in association with others, determines the purpose for which the data are processed, makes and implements decisions on data processing (including the means used) or implements them with the processor;
- informant: the body performing a public task which, if the data controller does not publish the data itself, publishes the data provided to it by the data controller on a website;
- data marking: the identification of the data in order to distinguish it;
- data transfer: making the data available to a specific third party;
- erasure of data: making the data unrecognizable in such a way that it is no longer possible to recover it;
- data protection incident: unlawful handling or processing of personal data, in particular unauthorized access, alteration, transmission, disclosure, deletion or destruction, and accidental destruction and damage.
- data blocking: the identification of data to limit their further processing permanently or for a specified period of time;
- criminal personal data: personal data obtained during or before criminal proceedings in connection with a criminal offense or in connection with criminal proceedings, bodies authorized to conduct criminal proceedings or to detect criminal offenses and the organization of penitentiary, personal data relating to the data subject and criminal record;
- EEA State: a Member State of the European Union and another State party to the Agreement on the European Economic Area, as well as a State of which the European Union is a national under an international agreement concluded between the European Union and its Member States and a State not party to the Agreement It shall have the same status as a national of a State party to the Agreement on the European Economic Area;
- data subject: any natural person identified or identifiable, directly or indirectly, on the basis of personal data;
- third country: any non-EEA state;
- third party: any natural or legal person, or any entity without legal personality, other than the data subject, the controller or the processor;
- consent: a voluntary and firm statement of the data subject's consent, based on appropriate information, giving his or her unambiguous consent to the processing of personal data concerning him or her, in whole or in part;
- mandatory organizational rules: internal data protection rules adopted by a controller or group of controllers operating in several countries, including at least one EEA State, and approved by the National Data Protection and Freedom of Information Authority (hereinafter: the Authority), binding on the controller or group of controllers , which ensures the protection of personal data in the event of a transfer to a third country through a unilateral commitment by the controller or group of controllers;
- public data in the public interest: all data not covered by the concept of data of public interest, the disclosure, acquaintance or making available of which is required by law in the public interest;
- special data:
3.
Personal data relating to racial origin, nationality, political opinion or party affiliation, religious or other worldview, membership of an advocacy organization, sex life,
4.
Personal data on health status, pathological passion, and criminal personal data;
- disclosure: making the data available to anyone;
- personal data: data which may be contacted by the data subject, in particular his or her name, identification mark and knowledge of one or more physical, physiological, mental, economic, cultural or social identities, and the inference that can be drawn from the data;
- protest: a statement by the data subject objecting to the processing of his or her personal data and requesting the termination of the processing or the deletion of the processed data;
5.
Personal data relating to racial origin, nationality, political opinion or party affiliation, religious or other worldview, membership of an advocacy organization, sex life,
6.
Personal data relating to racial origin, nationality, political opinion or party affiliation, religious or other worldview, membership of an advocacy organization, sex life,
-data processing: the performance of technical tasks related to data management operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;
-data destruction: complete physical destruction of the data carrier;
7.
Personal data on health status, pathological passion, and criminal personal data.
8.
Personal data on health status, pathological passion, and criminal personal data;
- data of public interest: information or knowledge recorded in any way or form, not covered by the concept of personal data, which is managed by a body or person performing a state or local government task and other public tasks specified by law and which arises in connection with its activities or the performance of its public task, regardless of
information on the way in which it is handled, whether independent or aggregate, in particular information on competence, competence, organizational structure, professional activity, evaluation of its effectiveness, types of data held and legislation governing operation, as well as information on management and contracts;
9.
Personal data may only be processed for a specific purpose, in order to exercise a right and fulfill an obligation. At all stages of data management, the purpose of data management must be appropriate, and the recording and processing of data must be fair and lawful. Only personal data that is necessary for the realization of the purpose of data processing and suitable for the achievement of the purpose may be processed. Personal data may only be processed to the extent and for the time necessary to achieve the purpose. Personal data retains this quality during data processing as long as its connection with the data subject can be restored. The connection with the data subject can be restored if the data controller has the technical conditions necessary for the restoration. The processing shall ensure the accuracy, completeness and, where necessary for the purpose of the processing, the accuracy of the data and that the data subject can only be identified for the time necessary for the processing. The processing of personal data shall be considered fair and lawful if, in order to ensure the data subject's freedom of expression, the data subject visits the data subject's place of residence or stay, provided that the data subject's personal data are processed in accordance with this law. is aimed at. A personal request may not be made on a public holiday in accordance with the Labor Code. Personal data may be processed if the data subject consents to it or is ordered by law or - on the basis of the authorization of law, within the scope specified therein - a decree of a local government for a purpose based on the public interest (mandatory data management). Personal data may only be processed for a specific purpose, in order to exercise a right and fulfill an obligation. It must meet this purpose at all stages of data management. Only personal data that is essential for the realization of the purpose of data processing, suitable for the achievement of the purpose, only to the extent and for the time necessary for the realization of the purpose may be processed. Personal data may be transferred and the various data processing operations may be combined if the data subject has consented to it or is permitted by law and if the conditions for data processing are met for each personal data. Personal data may be transferred from the country to a controller or processor in a third country, regardless of the medium or method of data transmission, if the data subject has expressly consented to it or is permitted by law, and in the handling or processing of the transferred data in the third country an adequate level of protection of personal data is ensured. In the case of mandatory data processing, the purpose and conditions of data processing, the scope and familiarity of the data to be processed, the duration of data processing and the identity of the data controller are determined by the law or local government decree ordering data processing. The law may, in the public interest, order the disclosure of personal data by explicitly indicating the scope of the data. In all other cases, the consent of the data subject is required for disclosure, or in the case of special data, written consent. In case of doubt, it shall be presumed that the data subject has not given his consent. The data subject's consent shall be deemed to have been given in respect of the data communicated by him or her in the course of his or her public participation or for the purpose of disclosure. In proceedings initiated at the request of the data subject, his or her consent to the processing of his or her necessary data shall be presumed. This fact must be brought to the attention of the data subject. The data subject may also give his / her consent in the framework of a written contract concluded with the Data Controller in order to fulfill the provisions of the contract. In this case, the contract must contain all the information that the data subject must know from the point of view of the processing of personal data, in particular the definition of the data to be processed, the duration of data processing, the purpose of use, data transmission and data processing. The contract must state unequivocally that, by signing, the data subject consents to the processing of his or her data as specified in the contract. The right to the protection of personal data and the personal rights of the data subject, unless otherwise provided by law, may not be infringed by other interests in the processing of data, including the disclosure of data of public interest.
10.
In all cases, the processing of personal data by the Data Controller is based on law or voluntary consent. In some cases, the data processing, in the absence of consent, on other legal grounds or in accordance with Act CXII of 2011. rests on § 6 of the Act. The Data Controller does not use the assistance and services of the following Data Processors for its activities. In the case of the data of the visitors of the website, the Data Controller does not record the user's IP address or other personal data when visiting the websites operated by it. The html code of the websites operated by the Data Controller may contain links to and from an independent external server for web analytical measurements. The measurement also includes conversion tracking. The web analytics service provider does not handle personal data, only data related to browsing, which is not suitable for identifying individual individuals. Description of the data protection technical solution (eg): the Data Controller, through the advertising systems of Facebook and Google AdWords, runs remarketing ads. These service providers may use cookies, web beacons and similar technologies to collect or receive data from the Data Controller's website and other Internet sites. Using this data, they provide measurement services and target ads: these can appear on additional websites in the Facebook and Google partner networks. Remarketing lists do not contain the visitor's personal data and are not suitable for personal identification. You can delete the use of cookies from the user's own computer or disable their application in their browser. These options are available depending on the browser, but are typically available in Settings / Privacy. For more information about Google and Facebok's privacy policies, please visit http://www.google.com/privacy.html and https://www.facebook.com/about/privacy/
Newsletter - The Data Controller normally delivers online newsletters and electronic direct marketing messages containing news, news and business offers to subscribers (also known as VIP members) of the website operated by it on a monthly basis, but not more than twice a week.
11.
The accommodation operated by Fullhouse Apartmanház has 6 cameras - which perform image recording and storage - for the personal and property safety of the Guests. Camera surveillance is indicated by a pictogram and a warning text. The purpose of camera surveillance is the protection of property, ie devices representing significant values and the personal values of the Guests, given that the detection of violations, the perpetrator's actions, the prevention of these violations are not otherwise possible or cannot be proved by other methods. The legal basis for this data processing is your voluntary consent. If you enter the monitored area of the Fullhouse Apartment House despite the warning, your consent to the taking of the picture will be deemed to have been given. Please do not log in if you do not wish to contribute. The camera system operates on a closed-circuit network, with 7/24 hours, ie continuous operation, and the storage time of the recorded image is 48 hours. You can request more information about the data management related to the camera system when booking the accommodation.