Privacy Notice

The website hotelnews.hu (hereinafter: the “Data Controller”) hereby informs visitors to the website (hereinafter: the “User”) about the main data protection principles and policies that apply when using the website at hotelnews.hu.

The Data Controller handles personal data obtained through the use of certain functions of the website confidentially, solely for the specified purposes and duration, in accordance with the applicable legal provisions. These data will not be transferred to third parties under any circumstances – except as required by law. By using the website hotelnews.hu and subscribing to the newsletter, the User accepts the terms set out in this Privacy Notice.

1. Applicable Legislation

• Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (available at www.njt.hu);
• Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (available at www.njt.hu);
• Act CXIX of 1995 on the Processing of Name and Address Data for Research and Direct Marketing Purposes (available at www.njt.hu);
• Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (available at https://eur-lex.europa.eu).

2. Definitions

• Data Processing: Any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• Data Controller: The natural or legal person, public authority, agency or other body that determines, alone or jointly with others, the purposes and means of the processing of personal data. Where the purposes and means are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by such law.
• Data Processing Operations: Technical tasks related to data processing, regardless of the method and tools used or the location of application, provided that the technical operation is performed on the data.
• Data Processor: The natural or legal person, public authority, agency or other body that processes personal data on behalf of the Data Controller.
• Data Breach: A breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
• User Consent: Any freely given, specific, informed and unambiguous indication of the User’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
• Personal Data: Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• Objection: A statement by the data subject objecting to the processing of their personal data and requesting the termination of the processing or the erasure of the processed data.

3. Data Controller

• Owner: Zsombor Jávorka
• Address: 1183 Budapest, Ráday Gedeon utca 1.
• Contact: info@hotelnews.hu
• Server Provider: tarhelypark.hu
  Server provider’s privacy policy: https://tarhelypark.hu/wp-content/uploads/2024/10/Tarhelypark-Adatkezelesi-tajekoztato-20231214.pdf

4. Scope, Purpose, Duration, and Legal Basis of Data Processing

4.1. Contacting the Website

• Purpose and Scope of Data Processing: Personal data voluntarily provided by Users is used solely for the purpose directly related to their inquiry (e.g. handling complaints, providing information, general inquiries).
• Duration: The Data Processor does not store any personally identifiable data in connection with emails, messages, or calls made regarding its media services, website operations, or e-commerce activities. In complaint cases, personal data necessary for investigation and identification of the complainant is retained until 31 December of the 5th year following the resolution.
• Legal Basis: Voluntary and explicit consent pursuant to Article 6(1)(a) of the GDPR.
• Access to Data: The Data Processor’s customer service representatives and complaint investigators.

5. Use of Cookies

When accessing hotelnews.hu, the website may automatically store information on the User’s device (e.g., computer, tablet, smartphone) using “cookies.” Cookies are small data files sent by the server to the browser and stored in a separate folder on the User’s device. Cookies help the website recognize returning visitors and improve browsing efficiency. Cookies do not store personal data. Users can disable, block, or delete cookies through their browser settings.

6. Indirect Data Collection (Log Files)

When visiting the website, the following information is automatically logged by the IT systems operated by the Data Processor:

• browser type
• time of entry and exit
• name and URL of the accessed data file
• referrer URL (the website/application from which the user accessed our site)
• user’s IP address

Purpose: Ensuring safe website operation, system security, and stability. Log files are updated daily, and monthly logs are created.

Storage Duration: 1 year on the server.

Legal Basis for IP Address Processing: Legitimate interest of the Data Processor (Article 6(1)(f) GDPR).

Access: Employees authorized to operate the website.

7. Third-Party Services

7.1. Facebook

The website integrates Facebook services, allowing Users to share content and comment. Facebook may place cookies on Users’ devices and processes such data according to its own privacy policies. These cookies may be stored on servers within the EU. Facebook Inc. may share collected data with third parties if required by law or processed on behalf of Facebook. More information: https://www.facebook.com/business/gdpr

7.2. Google Services

The website uses Google Analytics, Google AdSense, and reCAPTCHA. Google Analytics places cookies on the User’s device for statistical analysis. Google AdSense also places cookies and may use web beacons to provide more relevant ads. Data is stored on Google Inc.’s servers in the USA. Google may share data with third parties if legally required or if processed on Google’s behalf. Cookies allow for behavior- and interest-based advertising across websites. Google’s privacy policy: https://policies.google.com/privacy?hl=hu&gl=hu. reCAPTCHA helps prevent abuse by bots. See more here and here.

8. Data Security

The Data Controller handles digital content confidentially using modern data protection tools and only shares data with third parties as required by law. Personal data will only be disclosed to authorities if they specify the purpose and scope, and only to the extent strictly necessary.

9. User Rights

9.1. Right to Information

Upon request, the Data Controller provides information on personal data it processes, the purpose, legal basis, and duration of processing, the name and contact details of the Data Processor, and who has received or receives the data and for what purpose (Article 15 GDPR). Response is provided in writing or electronically within 15 days. Information is free of charge unless the User has already received information on the same topic in the same year, in which case the Controller may charge a fee.

9.2. Rectification and Completion of Data

Upon request, the Data Controller rectifies inaccurate personal data without undue delay. The User may also request the completion of incomplete data (Article 16 GDPR). The Data Controller will inform the User and any third parties who have received the data unless such notification does not violate the User’s legitimate interests.

9.3. Erasure of Stored Data

Personal data will be erased within 5 business days if:

• the processing is unlawful;
• the User requests deletion;
• the purpose of processing has ceased;
• the legal data retention period has expired;
• deletion is ordered by a court or the data protection authority.

The Data Controller informs the User and any third parties who have received the data unless such notification would harm the User’s legitimate interests (Article 17 GDPR).

9.4. Restriction of Processing

The User may request restriction if they dispute the accuracy of the data or object to processing but do not request deletion. Restriction may also be requested if the Controller no longer needs the data, but the User requires them for legal claims or if the User has objected to processing and the legitimate grounds of the Controller have not yet been established (Article 18 GDPR).

9.5. Data Portability

The User has the right to receive personal data provided by them in a structured, commonly used, machine-readable format and to transmit it to another controller if:

• processing is based on consent under Article 6(1)(a) or 9(2)(a) or on a contract under Article 6(1)(b); and
• the processing is carried out by automated means.

The User also has the right to request direct transmission of data between controllers, where technically feasible.

9.6. Objection to Data Processing

The data subject may object at any time, for reasons related to their particular situation, to the processing of personal data based on legitimate interest. In such a case, the Data Controller may no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or are necessary for the establishment, exercise, or defense of legal claims.

If personal data is processed for direct marketing purposes, the data subject has the right to object at any time. If such an objection is made, the personal data shall no longer be processed for this purpose.

10. Remedies

The User may file a complaint directly with the Data Controller via the contact information provided in section 3. If the User believes that the Data Controller has violated their rights, they may seek legal remedy before a court under the provisions of Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Privacy Act) and the GDPR.

Complaints may also be submitted to the Hungarian National Authority for Data Protection and Freedom of Information (NAIH):

• Name: Nemzeti Adatvédelmi és Információszabadság Hatóság
• Headquarters: 1055 Budapest, Falk Miksa utca 9-11.
• Mailing address: 1363 Budapest, Pf. 9.
• Phone: +36 (1) 391-1400
• Email: ugyfelszolgalat@naih.hu
• Website: https://naih.hu

11. Miscellaneous

The Data Controller reserves the right to unilaterally modify this Privacy Notice at any time, in accordance with applicable legal requirements. Users will be informed of any changes via the website.

For matters not covered in this Privacy Notice, the provisions of the General Data Protection Regulation (GDPR) and the relevant Hungarian laws, particularly Act CXII of 2011 on Informational Self-Determination and Freedom of Information, shall apply.

Budapest, 2025.02.26.