Data protection

I. Legal background, purpose of data protection and identity of the controller

In drafting these rules, the following provisions have particularly been taken into account: Act CXII of 2011 on the Right to Informational Self-Determination and Data Protection and Act VI of 1998 on the proclamation of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, signed in Strasbourg on 28 January 1981.

Hungarian law shall apply to all matters relating to this privacy policy, and the courts of Hungary shall have jurisdiction in the event of any dispute arising in connection with this privacy policy.

Details of the data controller:

www.hotelcastellosiklos.hu  website operator (data controller):

• Name: Siklósi Thermal Kft.
• Seat: 7800 Siklós, Baross G. u. 8.
• Company registration number: 02-09-075859
• Telephone: 06-72-579-128
• Mail: info@hotelcastellosiklos.hu
• Web address: www.hotelcastellosiklos.hu
• Tax number: 22707200-2-02
• Contact person: Knippl Antal Managing Director

The data is processed by the company's data controllers.

II. Definitions of terms relating to personal data

• personal data: data that can be associated with a specific natural person (hereinafter referred to as "data subject"), and/or conclusions that can be drawn from the data concerning the data subject. The personal data will retain this quality during processing as long as the relationship with the data subject can be re-established;
• data processing: the collection, recording and storage, processing, utilisation (including transmission and disclosure) and erasure of personal data, irrespective of the procedure used. Data processing also includes the alteration of data and the prevention of their further use;
• data processing: the performance of data processing operations, technical tasks, regardless of the method and means used to carry out the operations and the place of application;
• transfer: when data is made available to a specified third party;
• disclosure: when data is made available to anyone;
• data controller: the natural or legal person or unincorporated body which determines the purposes for which personal data are processed, takes and executes decisions concerning the processing of personal data or may entrust the execution of such decisions to a processor. In the case of mandatory data processing, the purposes and conditions of processing and the controller are determined by law or by a municipal decree ordering processing;
• data processor: a natural or legal person or unincorporated body that processes personal data on behalf of a controller;
• data erasure: the rendering of data unrecognisable in such a way that it cannot be recovered;
• automated dataset: a set of data to be processed automatically;
• machine processing: includes the following operations when carried out wholly or partly by automated means: data storage, logical or arithmetical operations on data, data alteration, deletion, retrieval and dissemination.
• User: a natural person who registers to use the services of the data dontroller and, in this context, provides the data requested by the data dontroller for registration and referred to in this Policy.

III. Principles of data management

• Data must be obtained and processed fairly and lawfully;
• Data should only be stored for a specific and lawful purpose and should not be used for any other purpose;
• The data must be proportionate to the purpose for which it is stored and must be adequate for that purpose and not excessive in relation to it;
• Data must be accurate and, where necessary, kept up to date;
• The storage method must be such that the data subject can be identified only for the time necessary for the purpose for which the data are stored,
• Adequate security measures must be taken to protect personal data stored in automated data files against accidental or unlawful destruction or accidental loss, and against unlawful access, alteration or dissemination.

IV. Additional guarantees to protect your data

Everyone has the right to

• be informed, at reasonable intervals and without delay or expense, whether or not personal data are stored in an automated file and to be provided with information about that data in a form that is comprehensible to him or her;
• in justified cases, the User may have such data corrected or deleted in the simplest and quickest way possible;
• have a right of appeal if a request for information or, in justified cases, for disclosure, rectification or erasure, as provided for by law, is not complied with. At the request of the data subject, the controller shall provide information about the data processed by the controller or by a processor on its behalf, the purposes, legal basis and duration of the processing, the name, address (registered office) and activities of the processor in relation to the processing, and those who receive or have received the data and for what purposes. The data controller shall provide the information in writing in an intelligible form within the shortest possible time from the date of the request, but not later than 30 days. The data subject may take the controller to court in the event of a breach of his or her rights. The data controller shall compensate any damage caused to another party by unlawful processing of the data subject's data or by a breach of the requirements of technical data protection. The controller is also liable to the data subject for damage caused by the processor. The controller shall be exempted from liability if it proves that the damage was caused by an unavoidable cause outside the scope of the processing. No compensation is payable if the damage was caused intentionally or by gross negligence on the part of the victim.

Personal data can only be processed

1. with the consent of the data subject, or
2. if it is ordered by law or, under the authority of law and within the scope specified therein, by ordinance of a local government. The law may order the disclosure of personal data in the public interest, by expressly indicating the scope of the data. In all other cases, disclosure requires the consent of the data subject, or in the case of sensitive data, written consent. In case of doubt, the data subject shall be presumed not to have given his or her consent. The consent of the data subject shall be deemed to be given in respect of the data communicated by him or her in the course of his or her public activities or transmitted by him or her for the purpose of disclosure.

The provisions on data management and the protection of visitors' personal data apply only to natural persons, given that personal data can also be understood only in relation to natural persons (pursuant to Act CXII of 2011 on the right to information self-determination and Data Protection), and therefore this privacy policy is binding only in relation to the processing of personal data of natural persons.

Limitation of data processing by the purpose of data collection:

Personal data may be processed only for specified purposes, for the exercise of rights and the performance of obligations. Data processing must comply with this objective at all stages.
Personal data may only be processed if it is necessary for the attainment of the purpose of processing the data, if it is adequate for the purpose, and is processed only to the extent and for the duration necessary for the purpose.

The data controller may send system messages to users in connection with the operation of the website or the provision of the service. By registering, the user consents to the processing of the data voluntarily provided by the data controller and to the use of the data in the processed form as defined by law in the course of its advertising activities.

Data security:

The data controller or data processor must ensure the security of the data, and must take the technical and organisational measures and establish the procedural rules necessary to enforce the Data Protection Act and other data protection and confidentiality rules. In particular, the data must be protected against unauthorised access, alteration, disclosure or deletion, damage or destruction.

V. Privacy policy

Siklósi Thermal Kft. undertakes to publish a clear and unambiguous notice (data protection statement) informing users of the method, purpose and principles of data collection before collecting, recording and processing any data of its users.

In addition, Siklósi Thermal Kft. draws the user's attention to the voluntary nature of the data provided. The data subject must be informed about the purposes of the processing and who will process the data. The Data controller and its data processor(s) are entitled to access the personal data in accordance with the applicable legislation.

Information on data processing is also provided by law by transferring or linking data from existing data processing.
In all cases where Siklósi Thermal Kft. intends to use the data provided for purposes other than those for which they were originally collected, it shall inform the user thereof and obtain his/her prior express consent or provide him/her with the opportunity to prohibit such use.

Siklósi Thermal Kft. shall in any case respect the limitations set out in the principles when collecting, recording and processing data, and shall inform the data subject of its activities by electronic mail, as requested. Siklósi Thermal Kft. undertakes not to impose any sanctions on any user who refuses to provide the optional data.

Siklósi Thermal Kft. undertakes to ensure the security of the data, to take technical and organisational measures and to establish procedural rules to ensure that the data collected, stored and processed are protected and to prevent their destruction, unauthorised use and unauthorised alteration.

Personal data and information which would enable identification means personal data relating to natural persons that can be used to identify someone personally, to contact someone for communication or to determine someone's physical location, including but not limited to: name, home address, postal address, telephone number, fax number, e-mail address. Anonymous information that is collected in a way that excludes personal identification and cannot be linked to a natural person is not considered personal data.

As a general principle, Siklósi Thermal Kft. states that in all cases where it requests personal data from its website visitors, they are free to decide whether or not to provide the requested information after reading and understanding the required information text. It should be noted, however, that if you do not provide personal data, you may not be able to use the service that requires you to provide personal data.

If we ask our users to register on the website of Siklósi Thermal Kft., we will always indicate which data we ask for are "mandatory", for what purpose and under what conditions. The term "mandatory" does not refer to the mandatory nature of the data collection, but to the fact that there are certain fields that must be filled in before the registration can be completed successfully, so that failure to fill in certain fields or filling them in incorrectly may lead to the rejection of the registration. Under no circumstances shall we disclose personal information provided by our visitors to third parties without the permission of visitor concerned.

If the authorized authorities request the provider to transfer personal data in the manner prescribed by law (e.g. on suspicion of a criminal offence, in an official data seizure order), Siklósi Thermal Kft. - in compliance with its legal obligation - will provide the information requested and available.

Where our users provide us with personal data, we take all necessary steps to ensure the security of that data - both during network communication (i.e. online processing) and during storage and retention (i.e. offline processing).

Siklósi Thermal Kft. ensures that guests can access, correct and complete their own personal data through the same communication channels and by providing the same facilities through which their personal data was previously made available to us. This is to ensure that our guests’ personal information is always up to date, accurate and timely. If any of our guests request that we delete their personal data from our own system, we will do so without delay. The duration of data processing is from registration to deletion of the data.

VI. Rules applied by Siklósi Thermal Kft. in the data collection

If our guests are required to fill in a registration form in order to use certain services, the information generated during registration is treated with the utmost care and confidentiality and is not accessible to unauthorised persons. We ask our guests to provide this information in order to provide the highest possible quality of service, to obtain statistical data about them or to ensure payment for paid services. They help us to develop our services according to the interests of our guests.

We will only use data that can be used to contact guests individually (such as e-mail addresses) for purposes approved in advance by the user and will not disclose them to third parties under any circumstances without the user's prior written consent, subject to the exceptions provided for by law.

We will only use the data for the purposes previously approved by the user and will not disclose it to third parties, except as required by law.
All users use public communication channels (such as forums) as part of our services at their own risk. The copyright of the various contributions belongs to the respective user, however, Siklósi Thermal Kft. has the right to quote and reproduce them without limitation. Comments may only be printed, downloaded or distributed by third parties for personal use and may only be used with the written consent of Siklósi Thermal Kft. Please note that different laws apply to comments on public communication channels and public communications. We handle the data that can be used to contact users of our communication services with the utmost care, in strict confidence, without any unauthorised access, and, apart from the exceptions provided for by law, we do not disclose them to third parties.

If our guests believe that we have violated their right to the protection of their personal data, they may bring their claim to court or seek the assistance of the National Authority for Data Protection and Data Protection (1125 Budapest, Szilágyi Erzsébet fasor 22/c, www.naih.hu). The court is acting out of turn in the case. The court has jurisdiction to hear the case. The action may also be brought, at the user's (data subject's) request, before the courts of the user's (data subject's) place of residence or domicile.
The detailed legal provisions on legal remedies and the obligations of the data controller are set out in Act CXII of 2011 on the Right to Informational Self-Determination and Data Protection.