Hotel Csillag Tokaj, H-4465 Rakamaz, Horgász utca 3.

Privacy Policy

Előre Vízisport Kft., Hotel Csillag Tokaj*** (address: 4465 Rakamaz, Horgász utca  3; website: www.hotelcsillagtokaj.hu) as operator and data manager undertakes that all data management related to its activities complies with the present information and the requirements defined in the effective national legislation and in the legal acts of the European Union.

Előre Vízisport Kft manages the personal data provided by the guests or future guests of the Hotel Csillag Tokaj*** when they use the hotelcsillagtokaj.hu website, as well as the persons identified as guests in this Information Sheet and who are otherwise , they contact us through our employees.

The purpose of this information is that our guests who use our services can receive appropriate information about the purpose and legal basis of the processing of their data, the scope of the processed data and the deadline before providing their personal data.


Data and contact details of the Data Controller

The company name of the data controller: Előre Vízisport , Turistaház és Camping Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság

Abbreviated company name: ELŐRE VÍZISPORT KFT.

Headquarters and postal address: 4465 Rakamaz, Horgász utca 3.

Company registration number: 15-09-064859

Representative: Managing Director Gábor Tarnai

Telephone number: + 36 47/304-806

E-mail address: info@hotelcsillagtokaj.hu

(hereinafter also referred to as "Data Controller" or "Company")

 

Data protection guidelines applied by the Data Controller

Our Company is committed to protecting the personal data of its customers and partners, and considers it highly important to respect its customers' right to informational self-determination. The Company treats personal data confidentially and takes all security, technical and organizational measures that guarantee data security.

The data controller uses personal data based on the legal basis included in the GDPR and only for purpose-related purposes.

Personal data can only be processed for specific purposes. In all stages of data management, the purpose of data management must be met, the collection and management of data must be fair and legal. Only personal data that is essential for the realization of the purpose of data management and suitable for achieving the purpose can be processed. Personal data can only be processed to the extent and for the time necessary to achieve the purpose. The data controller does not use personal data for purposes other than those indicated.


In any case, if the Data Controller intends to use the provided personal data for a purpose other than the purpose of the original data collection, the Data Subject shall be informed of this, and the Data Subject shall be given prior, express consent to this, and shall be given the opportunity to prohibit the use of his personal data. Our data management principles are in line with the current legislation on data protection, in particular with the following:

Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) - on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and on the repeal of Regulation 95/46/EC ( general data protection regulation, hereinafter: GDPR)

 


Terms used in the prospectus

Data subject: According to the GDPR, "data subjects" are natural persons living anywhere who are in contact with a "data controller" in the EU, or natural persons living within the EU who are in contact with a data controller outside the EU.

Data controller: the legal entity that determines the purposes and method of processing personal data.

Personal data: any information related to an identified or identifiable natural person ("data subject"); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person can be identified.

Data management: any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as the collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or otherwise by making available, coordinating or connecting, limiting, deleting or destroying.

Data processor: the legal entity that processes personal data on behalf of the data controller.

Data processing: the performance of technical tasks related to data management operations, regardless of the method and tool used to perform the operations, as well as the place of application, provided that the technical task is performed on the data.

Consent of the data subject: the voluntary, concrete and clear declaration of the will of the data subject based on adequate information, with which the data subject indicates by means of a statement or an act clearly expressing the confirmation that he gives his consent to the processing of personal data concerning him.

Data deletion: making data unrecognizable in such a way that their recovery is no longer possible.

Profiling: any form of automated processing of personal data in which personal data is used to evaluate certain personal characteristics of a natural person, in particular characteristics related to work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movement used to analyze or predict

Pseudonymization: encoding or maintaining personal data in a different way, by which they cannot be linked to a specific data processing subject without providing additional information. Additional information must be stored separately and protected from unauthorized use by technical and organizational measures.

Third party: the natural or legal person, public authority, agency or any other body that is not the same as the data subject, the data controller, the data processor or the persons who have been authorized to process personal data under the direct control of the data controller or data processor.

Third country: any state that is not a member of the European Economic Area (EEA)

Disclosure: making personal data available to anyone.

We provide the following information about the data management carried out during the course of certain services of our Company

1. Accommodation reservation

In the case of a room reservation made online, in person at the hotel or by telephone, our Company may request one or all of the personal data listed under "scope of personal data handled".

The purpose of data management: the identification of the guest booking the room upon check-in and the registration of the payment instrument, which avoids the associated financial risk if the guest ultimately does not check in to the hotel.

The legal basis for data management: the prior consent of the person booking the accommodation (GDPR Article 6(1)(a)) and the need to take steps at the request of the data subject prior to the conclusion of the contract between the Data Controller and the Data Subject (GDPR Article 6(1) .point b).

Scope of processed personal data: surname, first name, residential address (country, zip code, city, street, house number), number of employees, date of arrival, date of departure, according to payment method: bank account number or full credit card details, telephone number, e-mail address, any other your preferences (e.g. allergies, etc.)

In the case of third-country nationals, in addition to those listed above: place, time, visa number of border crossing.

Duration of data management: The data processed in order to provide the services will be kept for 2-8 years, depending on the data.

In some cases, there is a legal obligation to keep personal data for a longer period of time. Such cases e.g.:

If the data is needed for issuing invoices or other tax records, the data must be kept for 8 years from the end of the calendar year.

The hotel must pay a tourist tax to the local government for all guests who use the accommodation, and guests from outside the EU must be reported to the police. According to the law, the data contained in these reports are kept for 6 years from the date of registration.

We will delete the data after the longest period of the mentioned relevant data retention periods.

Possible consequences of not providing data: If you do not provide the requested data, no contract will be created for the use of the hotel room, and we will not be able to contact you in the event of a problem.

2. Request for an offer from the website

The purpose of data management is to provide advance information about the hotel's services and prices, as well as the possibility of making an online connection.

Legal basis for data management: prior consent of the person booking the accommodation (GDPR Article 6 (1) point a)

The range of personal data handled: surname and first name, telephone number, e-mail address, number of guests, date of arrival and departure.

Duration of data management: until the end of the business relationship, review every 5 years

Possible consequences of not providing data: If you do not provide the requested data, we cannot provide you with a personalized offer.

 

3. Regitration form

The purpose of data management: realization of accommodation reservation, recording of data required by law.

The legal basis for data management: data management is necessary to take steps at the request of the data subject prior to the conclusion of the contract (GDPR Article 6 (1) point b), and data management is necessary to fulfill the legal obligation of the data controller (GDPR Article 6 (1) point c)
The range of personal data handled: surname, first name, date of birth, identity card number/passport number, home address/invoicing address, e-mail address, payment method, date of arrival and departure, vehicle registration number.

Duration of data management: The data processed in order to provide the services will be kept for 2-8 years, depending on the data.

The hotel must pay a tourist tax to the local government for all guests who use the accommodation, and guests from outside the EU must be reported to the police. According to the law, the data contained in these reports are kept for 6 years from the date of registration.

We will delete the data after the longest period of the mentioned relevant data retention periods.

The provision of mandatory data by the Guest is a condition for using the hotel service.


4. Regular guest register

The purpose of data management is to provide a discount for returning guests, information about frequent guest discounts, personal greetings.

The legal basis for data management: the guest's advance payment for the processing of his personal data (GDPR Article 6 (1) point a)

You can withdraw your consent at any time and request the deletion of your data. However, this does not affect the legal data management prior to that.

Scope of processed personal data: surname, first name, gender, date of birth, e-mail address, telephone number, mailing address, date(s) of hotel stay

Date of data management: the Company stores the personal data of the regular guest for the period specified in the current tax law and accounting regulations, and deletes them after the deadline or at the request of the regular guest.

 

5. Guest questionnaire and evaluation

The aim of Hotel Csillag Tokaj is to provide its guests with high-quality services, and to this end, it constantly asks for feedback from its guests about their experiences during their stay at our hotel.

Purpose of data management: contact with reviewer and complaint handling.

Legal basis for data management: the consent of the data subject (GDPR Article 6 (1) point a)

The range of personal data processed: surname, first name, contact information (e-mail address, telephone, residential address), room number, date of arrival and departure.

Entering the data is not mandatory, however, in order to accurately investigate complaints and ensure a response, it is advisable to enter them. If you give us your opinion anonymously, we do not process personal data.

Duration of data management: Personal data received during feedback will be deleted one year after the request, question or complaint has been answered.

 

6. Bank card data

The purpose of data management is to ensure the reservation and to collect the total amount of the service or, depending on the cancellation, a partial amount.

The legal basis for data management: fulfillment of the contract concluded for the sake of the service (GDPR Article 6 (1) point b). Entering the data is mandatory, it is a condition for the provision of the service.

Scope of processed personal data: name on the card; card number; expiry date, CVV/CVC code.

Duration of data management: Bank card data are encrypted, their disclosure is only possible for the sake of the transaction, and only to the authorized person. After leaving the hotel, the data can no longer be disclosed, access is not possible (aliasing). The data will be deleted after 8 years.

 

7. Newsletter

Hotel Csillag Tokaj keeps in touch with its guests by means of a newsletter, to whom it recommends its services, and informs it of news and special offers related to its operation.

Purpose of data management: information about current promotions, discounts, information about the hotel and related events.

Legal basis for data management: voluntary consent of the data subject (GDPR Article 6 (1) point a)

Scope of processed personal data: surname, first name, e-mail address.

Duration of data management: until you unsubscribe from the newsletter. You can cancel the newsletter by clicking the Unsubscribe link at the bottom of the newsletter.

Possible consequences of not providing data: The person concerned will not receive a newsletter from our company.

 

8. Camera system

Cameras operate in the Hotel Csillag Tokaj area for the personal and property security of the Guests. Camera surveillance is indicated by the pictogram and warning text.

The purpose of data management is to protect the lives and physical integrity of persons staying in the Hotel Csillag Tokaj area, and to maintain personal and property security by using the electronic surveillance system (camera system).

Legal basis for data management:

The data manager performs the data management on the basis of a legitimate interest.

The data controller carried out the assessment of interests and established the following:

Scope of processed personal data: facial images and behavior of the persons concerned as seen in photographs.

Duration of data management: 3 working days from the Data Subject entering the Hotel Csillag Tokaj area, 30 days in the case of a public event.

 

9. Social portals (Facebook)

Hotel Csillag Tokaj is available on the Facebook social portal.

Purpose of data management: new information, news, current events about the hotel, contact.

Legal basis for data management: voluntary consent of the data subject (GDPR Article 6 (1) point a)

Consent can be revoked at any time by unsubscribing. The revocation does not affect the legal data processing that preceded it. In case of withdrawal, you will not receive a notification about our news feed, our news will not appear on your news feed, but you will still have access to the news feed, as our site is public.

Scope of personal data handled: The Company has access to the profile of "followers", but does not record or manage it in its own internal system.

Duration of data management: data management lasts until you unsubscribe.

The Company also publishes pictures/films about various events, the hotel, etc. on its Facebook page. If it is not a mass photograph, the Company always asks for the written consent of the person concerned before publishing the images.

Facebook is a data manager independent of us. You can get information about the data management of the site from the data protection guidelines and regulations on the Facebook website.

10. Automatically recorded data, cookies and remarketing codes

Automatically recorded data

When you view our website, certain data of your device (e.g. laptop, phone, PC) are automatically recorded.

Such data is the IP address, the time and date of the visit, the type of browser used, the type of operating system, and the domain name and address of the Internet service provider. The recorded data is automatically logged by the web server serving the website when you view the website without any special declaration or action from you. The system automatically generates statistical data from this data. These data cannot be combined with other personal data, except in cases made mandatory by law. We only use this information in an aggregated and processed (aggregated) form, in order to correct possible errors in our services, to improve their quality, and for statistical purposes.

The purpose of data management: Technical development of the IT system, control of the operation of the service and preparation of statistics. In case of abuse, the data can also be used to determine the source of the abuse in cooperation with the visitors' Internet service provider and the authorities.

Legal basis for data management: CVIII of 2001 on certain issues of electronic commercial services and services related to the information society. Act 13/A. § (3) is a condition for the provision of the service.

Duration of data management: 30 days from the date of viewing the website.

Cookies and similar technologies

A cookie is a small text file that is stored on the hard drive of the computer or mobile device for the expiration time set in the cookie and is activated (reports back to the web server) on subsequent visits. The websites use cookies with the purpose of recording information related to the visit (pages visited, time spent on the pages, browsing data, exits, etc.), as well as personal settings, but these data cannot be linked to the person of the visitor. This tool helps you create a user-friendly website to enhance your visitors' online experience.

There are two types of cookies: "session cookies" and "permanent cookies".

"Session cookies" are stored by the computer only temporarily, until you leave the given website; these cookies help the system to remember information so that you do not have to enter or fill in that information repeatedly. The validity period of session cookies is limited to the user's current session, their purpose is to prevent data loss (for example, when filling out a longer form). This type of cookie is automatically deleted from the visitor's computer at the end of the session or by closing the browser.

"Persistent cookies" are stored on the computer even after leaving the website. With the help of these cookies, the website recognizes you as a returning visitor. Persistent cookies are suitable for your identification through the server-side identifier - user association, so in all cases where user authentication is essential, it is a necessary condition for correct operation. Persistent cookies do not carry personal data by themselves and are only suitable for identifying the user together with the order stored in the server's database.

How to enable or disable cookies?

Most Internet browsers automatically accept cookies, but visitors have the option to delete or refuse them. Since every browser is different, you can set your cookie preferences individually using your browser's toolbar. If you do not wish to allow any cookies from our website, you can change your web browser settings so that you are notified of cookies being sent, or you can simply reject all cookies. However, you can also delete the cookies stored on your computer or mobile device at any time.

See your browser's help for more information about settings. Please note that if you decide to disable cookies, you will have to opt out of certain website functions.

What cookies do we use?

Essential tools for the operation of the website:

Such cookies are essential for the proper functioning of the website, so in this case the legal basis for data management is CVIII of 2001 on certain issues of electronic commercial services and services related to the information society. Act 13/A. (3) of § No data is transmitted.

a) It helps in the search

The purpose of data management: It helps you to find what you are looking for as quickly as possible

Data management time: lasts for the duration of your stay on the website

b) Social network cookie (Facebook)

Purpose of data management: This cookie provides the opportunity to share the content on the website.

Data management time: We store this cookie until the time of sharing.

Cookies that collect statistical data

These cookies only collect statistical data, so they do not process personal data. During their operation, they monitor how you use the website, which topics you view, what you click on, how you scroll the website, which pages you visit. However, it only collects information anonymously. This way we can find out, for example, how many visitors the page has per month. These statistical data also help to adapt our site to user needs.

Marketing cookies

The data management purpose of such cookies is to send personalized advertisements.

Legal basis for data management: In all cases, your consent, which you enter in the pop-up window on the website. You can withdraw your consent at any time, but the withdrawal does not affect the legal data processing that preceded it. In the event of withdrawal, advertisements designed for you will not appear on other platforms.

a) Categorization according to the place of visit

The data management period: 250 days

b) Personalized Facebook offers

Time of data management: maximum 180 days

c) Monitoring clicks on the Company's advertisements

The data management period: 2 years

11. References and Links

Our website may also contain links that are not operated by the Company and are only for the information of visitors. The Company has no influence whatsoever on the content and security of websites operated by partner companies, so it is not responsible for them. Please review the data management information of the pages you visit before entering your data in any form on that page.

12. Billing

Purpose of data management: Use of the services provided by Hotel Csillag Tokaj by the data subject, determination of the consideration for the services and invoicing.

Legal basis for data management: § 69 of Act C of 2000 on accounting. (1) and (2) fulfillment of legal obligations (GDPR Article 6 (1) clause (c)).

The range of personal data processed: surname, first name, billing address provided for issuing the invoice, length of stay (arrival-departure date), tax number in the case of a VAT invoice.

Duration of data management: 8 years from the date of the provision of the personal data by the person concerned and from the preparation of the report, business report, or accounting for the given business year.

Possible consequences of failure to provide data: The person concerned may not use the Hotel's services.

13. Complaint handling protocol

During the handling of consumer complaints, if you do not agree with the handling of the complaint or the immediate investigation of the complaint is not possible, the Company is obliged to record the complaint and its position on it without delay.

The minutes contain the following information:

The purpose of data management is to investigate the complaint and maintain contact with the complainant.

Legal basis for data management: CLV of 1997 on consumer protection. Act 17/A. § (7), which makes the above data management mandatory.

Duration of data management: 5 years from the recording of the record.

If you wish to exercise any of your rights contained in this data protection information or contact us for any other reason in connection with the above data management, please notify us at H-4465 Rakamaz, Horgász utca 3. s. by letter sent to the address or by e-mail sent to the address info@hotelcsillagtokaj.hu.

14. Contact

You can contact us through any of our contact details (Facebook, phone, e-mail, website, mail). In such a case, we assume your consent to the processing of the data shared with us.

Purpose of data management: answering questions and requests, maintaining contact with the requester.

Legal basis for data management: voluntary consent of the data subject (GDPR Article 6 (1) point a) Consent can be withdrawn at any time. The revocation does not affect the legitimate data management that preceded it.

Scope of processed personal data: we ask for the most necessary data to answer the given question.

Duration of data management: received personal data will be deleted one year after the given request, question or complaint has been answered. However, if, due to the nature of the correspondence, it is necessary for tax law or accounting reasons, or perhaps from the point of view of protecting the rights and interests of the Company or the requester, it will be archived and stored for the necessary period of time, which is examined individually in each case.

15. Business relations

Like most companies, our Company maintains a business relationship with some employees of other organizations, whose name, business position and contact information we store.

Purpose of data management: communication with our partners for the purpose of cooperation.

Legal basis for data management: Legitimate interest related to the performance of the contract or the relationship between the companies (GDPR Article 6 (1) point f)).

Scope of personal data handled: contact person's name, business position, telephone number, e-mail address.

We store the contact information of our business relationships solely for the purpose of facilitating the establishment and maintenance of business cooperation with partner companies.

Duration of data management: we check the contact details of our business contacts at least once a year and remove those that are no longer up-to-date from the system. At the partner's request, we modify or remove their data from our system.

We act in the same way as above when handling the personal data of members of the press.

16. Other data management

We provide information on data management not listed in this information when the data is collected. We inform our customers that certain authorities, bodies performing public duties, and courts may contact our company for the purpose of providing personal data. If the relevant body has specified the exact purpose and the scope of the data, our company will release personal data to these bodies only to the extent and to the extent that is absolutely necessary to achieve the purpose of the request, and if the fulfillment of the request is required by law.

 

17. Method of storing personal data, security of data management

Our company's computer systems and other data storage locations are located at the headquarters and at its data processors. For the management of personal data, we choose and operate the IT tools used in the provision of the service in such a way that the processed data:

We pay special attention to the security of the data, we also take the technical and organizational measures and develop the procedural rules that are necessary to enforce the guarantees according to the GDPR. We protect the data with appropriate measures, especially against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction, damage, and inaccessibility resulting from changes in the technology used.

The IT system and network of our company and our partners are protected against computer-assisted fraud, computer viruses, computer intrusions and denial-of-service attacks. The operator ensures security with server-level and application-level protection procedures.

In order to avoid data protection incidents, our company takes all possible measures, in the event of such an incident, we take immediate action to minimize risks and eliminate damages.


18. Rights of data subjects

Right to information

The data controller takes appropriate measures to ensure that the data subjects are provided with all the information referred to in Articles 13 and 14 of the GDPR and Articles 15-22 regarding the processing of personal data. and provide each piece of information according to Article 34 in a concise, transparent, comprehensible and easily accessible form, clearly and comprehensibly worded, and at the same time precise.

The right to information can be exercised in writing, via the contact details provided under "Data controller data and contact information". At the request of the person concerned, information can also be provided orally after proof of identity. We inform our customers that if our company's employees have doubts about the identity of the data subject, we can request the provision of the information necessary to confirm the identity of the data subject.

Right of access

The Data Subject has the right to receive feedback from the Data Controller as to whether his personal data is being processed, and if such data processing is underway, he is entitled to receive access to the personal data and the following information:

The purposes of data management in relation to the given personal data,

Before fulfilling the request, the Data Controller may ask the Data Subject to clarify its content and specify the requested information and data management activities.

If the Data Subject's right of access in accordance with this clause adversely affects the rights and freedoms of others, in particular the trade secrets or intellectual property of others, the Data Controller is entitled to refuse to fulfill the Data Subject's request to the necessary and proportionate extent.

In the event that the Data Subject requests the above information in multiple copies, the Data Controller is entitled to charge a fee proportionate to the administrative costs of preparing the additional copies and a reasonable amount.

If the Data Controller does not manage the personal data indicated by the Data Subject, it is also obliged to inform the Data Subject in writing.

Right to rectification

The Data Subject has the right to request the correction of his/her personal data. If the personal data concerning the Data Subject is incomplete, the Data Subject has the right to request the completion of the personal data.

When exercising the right to rectification/supplementation, the Data Subject is obliged to indicate which data are inaccurate or incomplete, and is also obliged to inform the Data Controller of the accurate and complete data. The Data Controller is entitled, in justified cases, to call on the Data Subject to prove the clarified data to the Data Controller in an appropriate way - primarily with a document.

The Data Controller shall correct and supplement the data without undue delay

The right to erasure ("the right to be forgotten")

The Data Subject has the right to request that the Data Controller delete his personal data without undue delay, if one of the following reasons exists:

If the Data Controller approves the Data Subject's request for deletion, it will delete the managed personal data from all its records and inform the Data Subject accordingly.

After fulfilling the Data Subject's request to enforce the right to erasure, the Data Controller shall immediately inform the persons to whom the Data Subject disclosed their personal data, provided that this is not impossible or does not require a disproportionate effort from the Data Controller. At the request of the Data Subject, the Data Controller informs about these recipients.

The Data Controller is not obliged to delete personal data in the event that data processing is necessary:

The right to restrict data processing

The Data Subject has the right to request that the Data Controller limit the processing and use of personal data relating to him, if one of the following reasons exists:

In case of restriction, personal data may only be processed with the Data Subject's consent, with the exception of storage, or to submit, enforce or defend legal claims, or to protect the rights of another natural or legal person, or in the important public interest of the EU or a member state of the European Union.

The Data Controller informs the Data Subject in advance of the lifting of the restrictions on data management.

The right to protest

In the case of a data controller, the exercise of the right to protest may arise in the case of data processing based on legitimate interests.

The Data Subject has the right to object to the processing of his personal data, and in such a case the Data Controller may no longer process the Data Subject's personal data, unless it can be proven that

the data processing is justified by compelling legitimate reasons on the part of the Data Controller that take precedence over the interests, rights and freedoms of the data subject or

data management is related to the presentation, enforcement or protection of the Data Controller's legal requirements.

 

The right to protest in the case of direct business acquisition

In the case of direct marketing activities carried out by the Data Controller, the Data Subject has the right to object to the processing of his personal data for this purpose. In case of objection to the processing of personal data for the purpose of direct business acquisition, the data cannot be processed for this purpose.

Automated decision-making in individual cases, including profiling The Data Subject has the right not to be covered by the scope of a decision based solely on automated data management, including profiling, which would have legal effects on him or similarly significantly affect him.

The Data Subject is not entitled to request exemption from the scope of a decision based on automated data management if the decision is necessary for the conclusion or performance of a contract, or if the decision is made possible by European Union or member state law, or if the decision is based on the Data Subject's express consent.

If the automated data management is necessary for the conclusion or performance of a contract or is based on the Data Subject's consent, then the Data Subject has the right to request human intervention on the part of the Data Controller, to express his point of view and to submit an objection to the decision.

The right to data portability

The Data Subject has the right to receive the personal data concerning him/her managed by the Data Controller in a segmented, widely used, machine-readable format, and is also entitled to forward this data to another data controller without the Data Controller preventing this.

The right to data portability can be exercised with regard to the personal data that the Data Subject has made available to the Data Controller, and

If it is otherwise technically feasible, the Data Controller will, at the request of the Data Subject, transmit the personal data directly to another data controller specified in the Data Subject's request.

In terms of data portability, the Data Controller is obliged to make the data carrier available to the Data Subject free of charge.

In the event that the Data Controller's right to data portability adversely affects the rights and freedoms of others, especially the trade secrets or intellectual property of others, the Data Controller is entitled to refuse to fulfill the Data Subject's request to the extent necessary.

A measure taken within the scope of data portability does not mean the deletion of the data, they are kept by the Data Controller as long as the Data Controller has an appropriate purpose or legal basis for processing the data.

 

Right of withdrawal

The data subject has the right to withdraw his consent at any time. Withdrawal of consent does not affect the legality of data processing based on consent prior to withdrawal.

Right to a remedy

If the Data Subject considers that the processing of his/her personal data by the Data Controller violates the provisions of the data protection legislation in force at all times, in particular the provisions of the GDPR, he/she may lodge a complaint with the Data Protection Supervisory Authority.

If your lifestyle is not in Hungary, but in another EU member state, you have the right to file a complaint with the Supervisory Authority of the country concerned.

If you live in Hungary or in a country outside the EU, you can file a complaint with the Hungarian authorities:

National Data Protection and Freedom of Information Authority contact details:

Regardless of his right to file a complaint, the Data Subject may go to court if, in his opinion, his rights under the GDPR have been violated during the processing of his personal data.

Proceedings against the data controller or data processor must be initiated before the court of the EU member state where the data controller or data processor operates. Such proceedings can also be initiated before the court of the EU member state of the interested party's habitual residence.

The Data Controller reserves the right to modify the Information at any time. The Data Controller shall notify the Data Subject of the amendment by publishing it on the website, at least 8 days before the amendment takes effect.

 

 

Special offers

our most popular accommodation offers

    Current program recommendation

    Our sister hotels and priority partners

    Tokaj Hotel

    Mercure Hotel

    Renovated hotel in the center of Tokaj, with a wonderful view
    Hajókirándulás

    Boatcruise

    Boating on the most beautiful rivers in our country
    Halra Bor Étterem

    Halra Bor restaurant

    Homely, cozy restaurant
    Prés Borház

    Prés Winehouse

    Wine bar and wine shop in the heart of Tokaj
    Zenit Vízibázis

    Zenit water base

    Our motto: We guarantee to take you to the water!