An online booking system is available at www.greenwoodsiofok.hu, through which you can book accommodation at Greenwood Guesthouse. Please note that in order to make a booking, you will be required to provide certain personal information, as detailed below, in order for the booking to be successful. In the context of the processing of the data, the controller hereby informs you of the personal data it processes on the website, its principles and practices regarding the processing of personal data, the organisational and technical measures it has taken to protect personal data, and the ways and means by which data subjects may exercise their rights. I hereby inform you that the personal data collected will be treated confidentially, in accordance with data protection legislation and international recommendations, and in accordance with this statement. I further inform you that the legal regulation of the processing of personal data will change fundamentally as of 25 May 2018, as from this date Regulation 2016/679 of the European Parliament and of the Council (EU) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation) (hereinafter referred to as "GDPR") will become applicable on a mandatory basis. By booking online through the website, you as a user accept the provisions of this privacy notice (hereinafter referred to as "Privacy Notice").

Basic concepts

• personal data: information relating to an identified or identifiable natural person (the data subject) which can be associated with him or her, in particular the name, identification mark and one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity, and any inference relating to him or her which can be drawn from the data.
• adatállomány: az egy nyilvántartásban kezelt adatok összessége;
• data subject: a natural person who is identified or can be identified, directly or indairectly, on the basis of any information;
• processing: the performance of technical tasks related to data processing operations, irrespective of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;
• third party: any natural or legal person or unincorporated body other than the data subject, the controller or the processor;
• data protection: the set of technologies and organisational methods that enable the integrity, usability and confidentiality of the collected data assets;
• data breach: a breach of data security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
• data management: Any operation or set of operations which is performed upon data, regardless of the procedure used, in particular any collection, recording, recording, organisation, structuring, storage, adaptation or alteration, use, retrieval, disclosure, transmission, dissemination or otherwise making available to the public or otherwise making accessible, alignment or combination, restriction, erasure or destruction of data or prevention of their further use, taking of photographs, sound recordings or images, or any other physical means of identification of a person (e.g. fingerprints, palm prints, DNA samples, iris scans).
• controller: the natural or legal person or unincorporated body which, alone or jointly with others, determines the purposes for which the data are to be processed, takes and executes decisions regarding the processing (including the means used) or requires the processor to do so.
• transfer: making data available to a specified third party.
• erasure: making data unrecognisable in such a way that it is no longer possible to recover it.
• limitation of processing: the marking of stored personal data for the purpose of limiting their future processing;
• consent: a voluntary, explicit and unambiguous indication of the data subject's wishes, based on specific and adequate information, by which the data subject signifies his or her agreement to the processing of personal data concerning him or her, either in full or in relation to specific operations, by means of a statement or an act which unambiguously expresses his or her consent. Consent shall be deemed to be given if the data subject, when consulting the website or when finalising a reservation, ticks a corresponding box or makes the relevant technical settings, or by any other statement or action which, in the context of the particular case, unambiguously indicates his or her consent to the intended processing of personal data.
• mandatory data processing: where the processing is required by law or, on the basis of a law, by a local government decree within the scope specified therein, for a purpose in the public interest.
• disclosure: making the data available to anyone.
• profiling: any form of automated processing of personal data by which personal data are used to evaluate or predict certain personal aspects relating to a natural person, in particular to analyse or predict characteristics associated with the performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements of that person.

Name and contact details of the controller

Data Controller's name: Andrássy Gábor Data Controller's contact details: address: 8600 Siófok, Vécsey Károly u. 11 phone number: +36 30 477 0010 e-mail address: info@greenwoodsiofok.hu

Purpose of data processing

The Data Controller processes the personal data of Guests for the following purposes: Primarily for the purpose of making a reservation at Greenwood Guesthouse, it is necessary to provide certain personal data, as detailed below. We also need your personal data to issue an invoice for the accommodation. We also need your personal data for the purposes of communicating with you about your booking, so that we can inform you if any material circumstances arise that you need to know about.

Legal basis for processing

The Data Controller processes the personal data of the Guests on the following legal basis: For the purpose of point III. a), Article 6(1)(b) GDPR, i.e. the performance of a contract to which the Guest, as the data subject, is a party. For the purpose of Article III. b), Article 6(1) c) GDPR, i.e. the fulfilment of a legal obligation on the controller, namely the obligation to prepare a receipt or invoice. For the purpose of point III. c), the data are processed on the basis of Article 6(1)(a) of the GDPR, in order to provide you with adequate information on the material circumstances of the contractual relationship. Where processing is necessary for other purposes or on other legal bases than those mentioned above, the controller must inform the data subject individually, prior to the start of the processing, of all relevant information and of their rights in relation to the processing to be carried out.

Reservation system (NetHotel)

The booking platform on the website is a system provided by an external partner, NetHotel, which acts as a separate data controller. Personal data provided during the booking process is received and processed directly by NetHotel. Their privacy policy is available at the link below: NetHotel Privacy Policy

We recommend that you read NetHotel's own privacy policy before booking.

Scope of the data processed

The use of the online booking platform on the website of the Data Controller does not require a separate registration, but the following personal data are required for the booking: Name (first and last name), Phone number, E-mail address, Billing address.

Duration of data management

The processing of the data concerning the Guest's telephone number and e-mail address starts from the time of the booking and is deleted after the Guest leaves the Guest House. The data concerning the Guest's name and billing address will be processed for the period of 8 (eight) years, as stipulated by the Accounting Act, after which the data will be destroyed by the Data Controller.

Data protection

The Data Controller will take all necessary steps to ensure the security of the personal data provided by the Guests, both in the network system and in the storage and safekeeping of the data. The reservation system through the website of the Data Controller is hosted by an external secure hosting service provider, which does not have access to the data managed on this hosting. The data controller's work processes are carried out on a computer protected by password and antivirus.

VIII. Guest's rights and means of enforcement:

The Guest has the right to receive feedback from the controller as to whether his/her personal data are being processed and, if so, to be informed of the data processed and of any relevant information concerning the processing. The Guest may request the controller to correct inaccurate personal data relating to him/her without undue delay. Taking into account the purpose of the processing, he/she may request the integration of his/her personal data. You may request the erasure of your personal data, except where the processing is necessary for compliance with the controller's legal obligations or for the establishment, exercise or defence of legal claims. The controller shall erase personal data without undue delay if the processing is unlawful, incomplete or inaccurate, if the purpose of the processing has ceased or the period for which the data were stored has expired or if a court or public authority has ordered the erasure, or if the erasure is necessary for compliance with a legal obligation to which the controller is subject. Where the controller processes personal data on the basis of the data subject's consent, the data subject may withdraw that consent. If there is no other legal basis for the processing, the controller shall erase the personal data concerned by the withdrawn consent. The Customer shall have the right to obtain, at the request of the controller, the restriction of processing where the Customer contests the accuracy of the personal data - for the time necessary to verify the accuracy; the processing is unlawful but the Customer opposes the erasure of the data and the processing is unlawful for the time necessary to verify the accuracy of the personal data; or the processing is unlawful, but the Customer opposes the erasure of the data and requests the restriction of use; the controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or the data subject objects to the processing of his or her data on grounds of public interest or the legitimate interests of the controller or a third party. During the restriction period, the controller shall not use the personal data for any purpose other than storage. Where the Guest exercises his rights, the controller shall examine the data subject's request and take the necessary measures and inform the Guest of those measures or the reasons for not taking them within one month of receipt of the request. The Customer may send his/her request for data processing to the controller referred to in point I to the address or e-mail address indicated in the same point. In the event of a breach of his/her rights, the data subject may bring an action before the competent court at the address of the controller or, at his/her option, at the competent court at his/her place of residence or, failing that, at the place of his/her domicile. Furthermore, the Guest may lodge a complaint with the National Authority for Data Protection and Freedom of Information (1125 Budapest, Szilágyi Erzsébet Fasor 22/c., hereinafter referred to as "NAIH") and initiate an investigation on the grounds that a violation of rights has occurred or is imminent with regard to the processing of his/her personal data.

Important notice: The Hungarian version of this privacy notice is the authentic version. The English and German translations are for information purposes only.