Szépia Bio & Art Hotel ****

Phone: +36 23 919 100
Fax: +36 23 919 150
Cellular: +36 30 948 2142
E-mail: info@szepiahotel.hu

H-2072 Zsámbék, Nyárfás utca 2.

Our hotel is located 30 km from Budapest. You can reach it by car via M1.
GPS: N47.54049°; E18.72250°

+36 30 948 2142 BOOKING AJÁNLATKÉRÉS

Data protection statement

Szépia Bio & Art Hotel**** (Espa Kft.) (hereinafter referred to as the “Data Controller”) acts in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council and the relevant laws when processing personal data and respects your (hereinafter referred to as the “Data Subject”) rights to the protection of your personal data.
We use the personal data and user data you provide in accordance with data protection regulations exclusively for contractual, invoicing, consulting purposes, and for our own advertising purposes.

1. For what purpose do we request personal data and how do we process it?

Personal data may be processed only for a specific purpose, to the extent necessary, for the exercise of rights and the fulfillment of obligations. Data processing must comply with the purpose of data processing at all stages, and the collection and processing of data must be fair and lawful. Personal data may only be processed to the extent and for the period necessary to achieve the purpose. The data controller has regulated in internal instructions that only recipients who contribute to the achievement of the purpose of data processing and are necessary for that purpose may process the data.

  • The data controller processes personal data for legitimate interests in the following cases:
  • Identification for hotel room reservations
  • Event organization
  • Wellness and sports service
  • Restaurant service
  • Website and IT operation background service
  • The Data Controller processes personal data based on the express and voluntary consent of the Data Subject in the following cases:
  • Satisfaction survey to improve service quality
  • Send newsletter about current offers

Providing data based on voluntary consent is not a prerequisite for concluding a contract, and you are not obliged to provide personal data for these purposes. Possible consequences of not providing data:

  • The Data Subject is not informed about current promotions
  • Anonymus data

When visiting our websites, you can search freely and anonymously on our generally accessible pages. We use your anonymous internet visit exclusively for statistical purposes, to optimize our online presence, and to increase system security. This recorded data does not contain any personal data. Only the domain name, IP address, your computer configuration, and your browser type are recorded. We also automatically record the websites from which you came to us and the websites you visited, as well as the time and duration of your visit. Your identity and user profile cannot be inferred from this data. As a private user, you remain completely anonymous. In addition, we do not track your browsing.

2. What personal information do we request?

We collect your personal information when you make a reservation or subscribe to our newsletter. We do not record any data until then, so you can browse our services completely anonymously.

DATA PROCESSED ON THE BASIS OF LEGITIMATE INTERESTS

Name of data

Retention time

name

Retention period: 5 years according to the termination of the legitimate interest or the related legal requirement (Ptk. 6:22§)

email address

phone number

cookie: IP, browser, information required to use the service

Retention period according to legitimate interest or related legal requirement

DATA PROCESSED WITH VOLUNTARY CONTRIBUTION

Name of data

Retention time

name

Retention period until unsubscribe

email address

The Data Subject can find information on how to unsubscribe in Chapter 5 of the Information.

3. Who can access personal data?

Your data will become available to our staff when they are processing and handling your case. We would like to point out to them that they can only use your personal data for the lawful performance of the task in question and that their obligation to maintain confidentiality continues even after the activity has ended. In addition, our staff are fully aware of the regulations relating to data protection rights, are obliged to protect and maintain confidentiality of data, and are aware of the criminal consequences of violating these.

The Data Controller uses the following Data Processor(s) to process personal data for the indicated activities:

Data processor

Company registration number/tax number

Completed activity

Hostware Kft.

01-09-263594

Software operation, data storage, backup

Nethotelbooking Kft.

19-09-512827

Online room reservation system operation

The data controller forwards the data to the following recipients, in addition to the recipients specified in the internal policy(ies):

  • there is currently no other recipient

4. Designation and contact details of the data controller (service provider)

Name of data controller: Espa Kft.
Headquarters: 2525 Bajna, Őrhegy-alja 4.
Postal address: 2072 Zsámbék, Nyárfás utca 2.
Company registration number: 11-09-012091
Customer service email address: info@szepiahotel.hu

5. What rights does the user have regarding his/her personal data?

Access

The data subject has the right to receive feedback from the Data Controller as to whether his or her personal data is being processed and, if such processing is taking place, he or she has the right to access the personal data and the following information:

  • the purposes of data processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed.

Amendment, correction
The data subject shall have the right to have inaccurate personal data concerning him or her rectified by the Data Controller without undue delay upon request. Taking into account the purpose of the data processing, the data subject shall have the right to request that incomplete personal data be completed, including by means of a supplementary statement.

Deletion

(1) The data subject has the right to request that the Data Controller erase personal data concerning him or her without undue delay, and the Data Controller is obliged to erase personal data concerning the Data Subject without undue delay if one of the following reasons applies:

 

  • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • The data subject withdraws his/her voluntary consent, which forms the basis of data processing, through the contact option provided by the Data Controller, and there is no other legal basis for data processing;
  • The data subject objects to the processing of the data for reasons relating to his or her own situation or for direct marketing purposes and there are no overriding legitimate grounds for the processing.;
  • the personal data has been processed unlawfully;
  • the personal data must be erased to comply with a legal obligation under Union or Member State law applicable to the Controller;
  • the collection of personal data took place directly in connection with the provision of information society services to children.

(2) Where the Controller has made the personal data public and is obliged to erase them pursuant to paragraph (1), the Controller, taking into account available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform the controllers processing the data that the Data Subject has requested the erasure of links to, or copies or replications of, the personal data concerned.

(3) Paragraphs (1) and (2) shall not apply if the processing is necessary:

  • for the purpose of exercising the right to freedom of expression and information;
  • for the purpose of fulfilling an obligation under EU or Member State law to which the Controller is subject to the processing of personal data, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
  • On grounds of public interest in the field of occupational health or public health;
  • For archiving purposes in the public interest, scientific and historical research purposes or statistical purposes, where the right referred to in paragraph 1 would likely render impossible or seriously jeopardise such processing; or
  • to assert, enforce or defend legal claims.

Restriction

(1) The data subject has the right to request that the Data Controller restrict data processing if one of the following applies:

  • The data subject disputes the accuracy of the personal data, in which case the restriction applies for a period of time that allows the Data Controller to verify the accuracy of the personal data;
  • the processing is unlawful and the Data Subject opposes the erasure of the data and instead requests the restriction of their use;
  • The Data Controller no longer needs the personal data for the purposes of data processing, but the Data Subject requires them for the establishment, exercise or defense of legal claims; or
  • The data subject has objected to the processing for reasons relating to his or her own situation; in this case, the restriction shall apply for the period until it is determined whether the legitimate grounds of the Data Controller override the legitimate grounds of the Data Subject.

(2) Where processing is restricted pursuant to paragraph (1), such personal data may, with the exception of storage, only be processed with the consent of the data subject, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for important public interest reasons of the Union or of a Member State.

(3) The Data Controller shall inform the Data Subject, at whose request data processing has been restricted pursuant to paragraph (1), in advance of the lifting of the restriction on data processing.

Protest

The Data Subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data, if the processing is carried out in the exercise of official authority vested in the Data Controller or is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, including profiling based on the aforementioned provisions.In this case, the Data Controller may no longer process the personal data, unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or which are related to the establishment, exercise or defence of legal claims.

If personal data are processed for direct marketing purposes, the Data Subject has the right to object at any time to the processing of personal data concerning him or her for this purpose, including profiling, if it is related to direct marketing.

If the Data Subject objects to the processing of personal data for direct marketing purposes, the personal data may no longer be processed for this purpose.

 

6. User rights enforcement options

In the event of a violation of their personal rights, as well as in the cases specified in the Regulation, the user may request assistance from the National Data Protection and Freedom of Information Authority:

Name: Nemzeti Adatvédelmi és Információszabadság Hatóság
Postal address: 1530 Budapest, Pf.: 5.
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
Telephone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
Web: naih.hu
E-mail: ugyfelszolgalat@naih.hu

7. Informational changes

The Data Controller reserves the right to modify or update this “Notice” at any time, without prior notice, and to publish the updated version on its websites. Any modification shall apply only to personal data collected after the publication of the modified version.Please check our Notice regularly to keep track of changes and to be informed about how the changes affect you.