Airport Hotel Logo

Privacy Policy

Privacy Policy of Airport Hotel Budapest ** Kft. **

1. Purpose and scope of the Privacy policy, Governing Law

The purpose of this Privacy Policy is to define the data protection and management principles applied by AIRPORT HOTEL BUDAPEST **** Szállodaüzemeltető Korlátolt Felelősségű Társaság (hereinafter referred to as "the Company"), the Company's data protection and processing policy which the Company as data controller to be bound by the agreement.

When creating the provisions of the Notice, the Company has taken into account the current legislation on data protection, with particular reference to:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or GDPR)

  • Act CXII of 2011 on information self-determination and freedom of information (hereinafter referred to as „Information Act”)

  • Act V of 2013 on the Civil Code (hereinafter referred to as „Civil Code”)

  • Act C of 2000 on accounting (hereinafter referred to as „Accounting Act.”)

  • Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Adverising Activities (hereinafter referred to as „Advertising Act”)

The scope of this Privacy Policy extends to all personal data processed by the Company.

Unless otherwise stated, the scope of this Policy does not extend to the services and data processing associated with the personal promotions, services and contents placed online by third parties publishing on the Company's websites or appearing there in any other way.

The Company reserves the right to change this Notice at any time unilaterally and to inform the Users about the change on its website.

The Company is committed to protect the privacy of Users and Customers, considers exceptional importance to respect the right of its Customers to informational selfdetermination, keeps confidential their personal data and it takes all security, technical and organizational measures to guarantee the security of the data.

2. Terms and definitions

Data Processing: whatever method is used, any operation or set of operations performed upon Personal Data; in particular collection, recording, organization, structuring, storage, transformation, alteration, use, query, consultation, communication, disclosure by transmittion, dissemination or otherwise making available, publication, alignment or combination (including profiling), restriction, erasure, destruction.

Data Controller: a person defined in point 3 who determines the purposes and means of Data Processing alone or jointly.

Personal Data or Data: any data or information that allows a natural person User to be identified - directly or indirectly.

Data Processor: a service provider which processes personal data on behalf of the Data Controller.

User: a natural person who registers or requests information on all of the Company's websites as a customer, or visits any of these websites, or concludes a contract with the Company to provide services, and provides the information listed in points 8 and 9 below.

Customer: a natural person who has entered into contractual relationship with the Company, or calls for an offer in this matter.

External Service Provider: third party Service Providers, used by the Data Controller or Mobile Applications Provider for the provision of certain services directly or indirectly, to which the Personal data are disclosed or may be disclosed by transmission, or they may transfer Personal data to the Data Controller.

Furthermore, those service providers are also considered as External Service Providers which are not in cooperation neither with Data Controller nor with operators of services, but by having access to the Mobile Applications, they collect data from the Users which may be capable of identifying the User either in their own or in combination with other data.

In addition, when providing a hosting service, the Data Controller also considers the User to be an External Service Provider for the purposes of data processing activity carried out in the storage space used by him/her.

Notice: This Privacy Policy of the Data Controller

3. Data, contacts and activity of the Data Controller

Based on the applicable provisions of the Hungarian legislation being in force, after the registration on the Mobile Applications of the AIRPORT HOTEL BUDAPEST Szállodaüzemeltető Korlátolt Felelősségű Társaság (abbreviated name: AIRPORT HOTEL BUDAPEST Kft., seat: 1074 Budapest, 51 Hársfa utca, 2 ground floor, registry authority: Company Registry Court of Budapest Capital Regional Court, Company Registration Number: 01-09-995833), you agree that AIRPORT HOTEL BUDAPEST **** Kft. will use your data for editorial purposes, market research, direct marketing, as required, subject to compliance with the regard legal requirements.

Please note that the disclosure of information is voluntary, and you have the right to request information on data management at any time and to request rectification or cancellation of data by sending a letter to AIRPORT HOTEL BUDAPEST **** Kft. or an e-mail to reservation@airporthotel.hu. We are not considered responsible for the accuracy of the information you have provided.

Contact customer service: address: 2220 Vecsés, 130/a Lőrinci street, phone number: +36 1 688 2000, e-mail: reservation@airporthotel.hu

4. Principles and methods of data processing, applicable law

4.1. The Data Controller acts in the data processing in accordance with the requirements of good faith, fair dealing, and transparency, in cooperation with the Users. The Data Controller processes only the data defined by the law or provided by the Users, for the purposes specified below. The scope of the processed Personal Data is proportionate to the purpose of data processing and can not be expanded.

4.2. Data processing of the Company's activity is based on the following legal basis:

a) voluntary consents (Article 6 paragraph 1, point a. of the GDPR):

In case of data processing based on a voluntary consent, the data subjects may withdraw their consent at any stage in the processing of data. In some cases, the processing, storage, disclosure by transmission of a particular set of data is mandatory by law, from which the Users and the Customers are specifically informed by the Company.

b) performance of a contract (Article 6 paragraph 1, point b. of the GDPR): In that case if the data processing is necessary for the performance of a contract to which the data subject is party.

c) fulfillment of legal obligations (Article 6 paragraph 1, point c. of the GDPR)

If data processing is necessary for compliance with a legal obligation to which the data controller is subject, it falls within the scope of fulfillment of legal obligations (eg. fulfillment of accounting obligations, etc.)

d) legitimate interest (Article 6 paragraph 1, point d. of the GDPR)

Data processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.

e) in accordance with the Data processing permission provided by Act CVIII of 2001 on certain issues of electronic commerce activities and information society services [13./A §], Users’ personal identification data (name, birth name, mother's birth name, place and date of birth) and address for the purpose of establishment of a contract for providing information society service, definition of its content, modification, monitoring progress in establishment, invoicing the fees as per the contract and recovery of claims related to the contract can be processed without the consent of the User, furthermore, Users’ personal identification data, address and data related to the date, time and place of a service as per the contract on information society service can be processed without the consent of the User for the purpose of invoicing fees as per the the contract on information society service.

4.3. In all cases where the Personal Data is intended to be used by the Data Controller for purposes other than those for which they have been entered, User shall be informed and his/her prior express consent shall be obtained, and he/she shall be provided by the opportunity to prohibit the usage.

4.4. The Data Controller does not control the Personal Data entered on its Mobile Appliations. Only the person who entered the Personal Data will be responsible for the compliance of the provided Personal Data.

4.5. The personal data of an individual below age of 16 can only be processed with the contribution of an adult having parental care over him/her. The Data Controller is not in a position to control the rights of the contributing person or the content of his / her declaration on its website, thus the User or the person having parental care over him/her guarantees that the consent is in accordance with the law. In the absence of declaration of consent, the Data Controller shall not collect personal data related to an individual below the age of 16.

4.6. The Data Controller shall not disclose the Personal Data processed by it to third parties except for the Data Processors specified in this Notice and in certain cases for External Service Providers referred to in this Notice. The use of the data in a statistically aggregated form is an exception to the provision stated in this point which shall not include any personal data capable of identifying the User, thereby it is not counted as a processing or transfer of data. In certain cases, the Data Controller shall make the personal data of the User accessible to third parties due to official court or police inquiries, legal proceedings, copyright, property or other infringement, or their suspect fraud, violation of interest to the data controller, prejudice of providing service, etc. The Data Processors listed in this Privacy Notice and the External Service Providers shall record, maintain and process personal data transmitted by the Data Controller and maintained or processed by them in accordance with the provisions of the GDPR and they shall make a declaration on this to the Data Controller.

4.7. The Data Controller informs the concerned User about the rectification, restriction and erasure of Personal Data, furthermore it informs all those individuals which the personal data were transferred to previously for the purpose of data processing. The notification may be omitted if it does not prejudice the legitimate interest of the User with the objective pursued by Data Processing.

4.8. Having regard to the provisions of the GDPR, the Data Controller is not obliged to designate a Data Protection Officer, as the Data Controller is not considered to be a public authority or a public law body service entity. Furthermore the data processing activities do not include any operations that require regular, systematic and high level of observation of Users, furthermore the Data Controller does not process specific data, or personal data related to decisions on criminal liability and to crime.

4.9. The Data Controller processes the personal data in accordance with the applicable law. Legislations governing data processing is especifically defined at point 1.

5. Data Processing

The User may register (hereinafter referred to as "Registration") once on the Mobile Applications in one way. Based on the information he provided during the Registration, the Registered User may use the services of the Mobile Applications (hereinafter referred to as the "Services") in accordance with the conditions of use regulating the use of the Mobile Applications (hereinafter referred to as the "Agreement"). Both the Registered User and the User using Unregistered Services agree to be bound by the terms of this Data Processing Policy by visiting and / or logging on to the Mobile Applications for the purpose of searching for information and then he / she continues using the Mobile Applications for further activities. In such a case, the term "User" also means an unregistered User visiting or using the Mobile Applications.

The User registered under this Data Processing Policy may be the one who has provided the information required for Registration and has made the statements set forth in Section 6 of this Data Processing Policy (all together hereinafter referred to as the "Statements") before using the Mobile Applications and is bound by the provisions of the applicable Agreement, and the terms and conditions of this Data Processing Policy.

For the validity of statements containing the consent of minor Users under the age of 16 and other, incapacitated Users subject to guardianship the consent or approval of their legal representative (usually the parent) is required, thus, to become able to use the Mobile Applications, getting the consent or approval of the legal representative is a prerequisite for their successful Registration or use of the Service. Accordingly, the Data Controller shall interpret the User's Registration and the use of the Mobile Applications of a minor under the age of 16 or other person with limited capacity being incapacitated due to other reasons, as they would have previously obtained the consent or approval of their legal representative to use the Services, which shall include the complete liability for the activity of the User and which shall be made available to the Data Controller at any time upon request of the Data Controller. The User with limited capacity (a minor under the age of 14 or incapacitated) may not register on the Mobile Applications alone, may not make legal statements, only his / her legal representative (usually the parent) may register on the Mobile Applications or make legal statements on his / her behalf and the legal representative takes responsibility for the User's activities.

6. User’s statement

With the Registration, the User confirms that he / she has fully read and understood this Data Processing Policy and agrees to be bound by its provisions and he / she voluntarily, knowingly and expressly agrees that the Data Controller shall manage his / her personal data laid down in the Data Processing Policy, and in accordance with the provisions of Info tv and this Privacy Policy. The User acknowledges that along with accepting this Data Processing Policy, he / she has read and understood the terms and conditions of this Agreement which is a condition of the validity of the Registration and use of the Mobile Applications.

With the Registration, the User consents to the management of his / her personal or other data having been voluntarily provided to the Data Controller for the purpose of science, public opinion survey or market research, direct marketing, advertising newsletters and telemarketing / telesales. This consent, of course, may be withdrawn at any time on any of the contact details provided in Section 1 of this Data Processing Policy.

The User declares that the information provided during the Registration is true and does not violate the rights of any other person.

Registered Users declare that they are responsible for the User activities of other Users who use their User Account with their knowledge and shall be fully liable to the Data Controller.

Data Controller may use alphanumeric information packages, i.e. cookies with variable contents, sent by the Web Server and stored on the user's computer for a predetermined period of time. For more information about the types of cookies used by the Data Controller, their operation and how to disable them, see the section "Anonymous User ID (cookie) setting".

The User declares that he / she understands the information provided by the Data Controller and, after having become aware of it, agrees that the Data Controller will place the cookies on his / her terminal device (device) for the use of the Services for one (1) year and agrees to the management of the related data.

Of course, the User is allowed to withdraw his / her consent at any time by disabling the cookies. Please note that disabling cookies may have a technical impact on the extent to which the Data Controller may continue to perform certain Services for that particular User.

7. Scope of personal data processed

The provisions regarding the protection of the personal data of the Users apply only to natural persons, taking into consideration that the personal data can be interpreted only with respect to natural persons, therefore, this Data Processing Policy applies only to the processing of personal data of natural persons.

The Data Controller only records such personal data that are provided voluntarily by the User. By providing his / her personal data, the User consents to the inclusion of his / her personal data in the Data Controller's Database in accordance with this Data Processing Policy.

7.1. Personal data processed to identify Users

The Data Controller manages the following personal data of Users for identification purposes:

(1) User's natural identification data: surname and first name.

(2) User's email address provided during Registration.

(3) User's address and postal address.

(4) User's username and password.

(5) The User's direct telephone and fax number.

(6) Personal information provided by the User voluntarily (for example address for notification, occupation, position, interest) and other data.

(7) The Data Controller may also request other personal data of Users for certain activities (for example, the User's address or other personal information for prize competitions, promotions, the User's place and date of birth in the case of an offer for a specific age range) but the provision of these data happens on a voluntary basis, and the Data Controller shall use the personal data provided only for the purpose and activity stated and for the duration required for them. These data processing policies are also governed by this Regulation.

7.2. Processed data to gain access to Services

(1) The IP address of the User's computer,

(2) the starting and ending dates for logging in to the Mobile Applications and

(3) the type of the browser and the operating system, depending on the configuration of the User's computer,

(4) data related to the User's activity on the Mobile Applications (for example, tracking the number of banner clicks).

These data are automatically logged by the system. Such information is not suitable for personal identification, and Data Controller does not link the data contained in the log file to other personal data, uses the data only for trend analysis, site usage statistics, service administration, analysis and satisfaction of User needs, which contributes to improving the quality of the Services.

7.3. Data related to Bug Reports made by the User

The Data Controller manages the following data regarding bug reports:

the surname and forename of the applicant;

e-mail address;

telephone number.

7.4. Consumer Complaints

For the purpose of investigating consumer complaints, the data processed in accordance with the provisions of subsection (5) of section 17 / A. of Act CLV of 1997 on Consumer Protection (hereinafter referred to as Fgy. tv.).:

(1) the consumer's name and address;

(2) the place, time and means of lodging the complaint;

(3) a detailed description of the consumer's complaint, a list of the papers, documents and other evidence submitted by the consumer;

(4) a statement issued by the company about its position regarding the consumer's complaint in, case an immediate investigation of the complaint is possible;

(5) the signature of the person and, with the exception of any oral complaint made by telephone or other electronic communications service, the signature of the customer;

(6) place and date of the protocol;

(7) in the case of an oral complaint made by telephone or other electronic communications service, the data suitable for unique identification.

The Data Controller can commission external advertising companies to publish its advertisements. These companies may use certain data about the User's visits to these or other websites (but may not use the User's name, email address or telephone number) to provide appropriate (and interesting for the User) advertisements. If you would like to have more information about this practice and the possibility that companies should not use the information, please write to one of the contact details in section 1 of this Data Processing Policy.

The Data Controller may send notice to the email address provided by the User for the following purposes:

  • sending system messages as part of the service;

  • registration, the confirmation of registration and sending information related to the User Account or updating;

  • service reminders;

  • answers to information requested, service related information;

  • newsletter;

  • promotional offers.

System messages are sent to all Users by the Data Controller and it is not possible to be unsubscribed from such a notification list as they meet the elementary communication needs related to the Service to enforce Users' interests. However, the Data Controller undertakes to use such communication facilities only to the necessary extent and not to use such opportunities for marketing purposes.

The Data Controller guarantees the possibility to unsubscribe from any advertisement or promotional e-mail, in case it is sent to the User, so that the User will no longer receive it. Registration forms, order forms: on these pages the provision of personal data (depending on the type of registration, the name, name at birth, date of birth, place of birth, date, mother's name, gender, document ID, email address) is required to contact you. For the use of pay services, we may also ask for additional personal data, such as credit card number. These data are required to facilitate the performance and closure of the payment process and contractual fulfilment of the notification requirements.

Newsletter: The Data Controller also operates a newsletter service on the Website. If the User intends to receive a newsletter regarding the use of the Services and any news related to the Services, the Data Controller will only request the email address from the User for which he expects to receive the newsletter. The newsletter may include advertising offers or promotional offers. By accepting this Data Processing Policy, Users expressly consent that the Data Controller contact them through advertising newsletters on his own behalf at the contact details they have provided to receive the newsletter. Users who, at any time after ordering any newsletter service offered on the Website, decide not to receive the newsletters, can cancel the service as indicated in the newsletter and on the Website or with writing an e-mail or postal letter to the Data Controller to one of the contacts specified in Section 1 of these Terms and Conditions.

Direct Marketing: By accepting this Data Processing Policy, Users expressly consent to the Data Controller managing their personal data for their own business. Consent may be granted or withdrawn at any time during the term of the User Relationship on the Website or at the contact details specified in Section 1 of this Data Processing Policy. The Data Controller may send out information materials to Users from time to time about the news related to the Services. Users who do not wish to receive such letters may, at any time in the future, cancel this information service by sending an email to the email address listed in Section 1 of this Data Processing Policy.

Sending promotional offers, direct marketing: Depending on their consent, we may periodically send the Users newsletters about our new services, special offers, for informational purposes. For this purpose, we will manage the Users' email addresses, names and mailing addresses. If Users do not want to receive such promotional letters in the future, although previously they have not indicated their intention to do so, they may unsubscribe at the Data Controller at the contact details set forth in Section 1 of this Data Processing Policy.

Notification of the completion of registration, changes in service content: In the Services subject to registration, the new User will be sent a new welcome message to the provided email address. If we need to provide Users with information about any Service, regarding changes to the content, quality, or access to the Service, we will send an email notification to monitor and enforce User Interests, complying with the requirements of our obligations to provide information. Such service notices will be sent to all Users, and they cannot unsubscribe from such a "notification list", as it satisfies the elementary communication needs related to the Service to fulfil User Interests. However, the Data Controller undertakes to use such communication facilities only to the extent necessary and not to use such opportunities for marketing purposes.

By accepting this Data Processing Policy, the User agrees that the Data Controller will make the personal data available for the public on the Website, provided that it has been uploaded to the public, subject to the User's expressed, well-informed and voluntary consent provided in section 6 of this Data Processing Policy and his / her consent under this paragraph. In case the User consents to sharing his / her voluntarily provided data on other websites, he / she also acknowledges that other websites are bound by their own privacy policies for which the Data Controller shall not be made responsible. Based on this User consent, the Data Controller has the right to use the data having been provided as public for promotional purposes related to the Website or to the Data Controller's activities or operations.

Personal data recorded in a log file when using the Services will be stored for only statistical purposes. By accepting this Data Processing Policy, the User agrees that the Data Controller will collect anonymised statistical data required to operate the Services. The User may prohibit the use of his / her data for such purposes in accordance with section 14-15.

The User is solely responsible for the personal and other data that he / she voluntarily and purposefully has transferred to the Data Controller, whether they are his or her own or a third party's data, and for their transfer and in this respect he or she releases the Data Controller and warrants to any third party for a claim related to any such transfer or non-approval arising out of it.

Users may modify their data through the system of AIRPORT HOTEL BUDAPEST **** Kft. or by using one of the contact details given in Section 3 of this Data Processing Policy.

The Data Controller may link the User Database to the customization subsystem of the Services. It is necessary to enhance the customised User Experience.

8. Duration of data management

The duration of the data management is five (5) years from the termination of the use of the Service (in particular from the cancellation of the Registration), taking into consideration that from the termination of the Service this is the period of time when the Data Controller and a third party may have civil claims against the User, or, due to the activity of the user, against the Data Controller, thus it is ensured that the User's identity remains traceable and that the Data Controller may, if necessary, enforce any damages or other civil claims for the Data Controller or for a third party against the User.

Pursuant to a statutory obligation, the Data Controller shall keep the accounting document (including general ledger accounts, analytical and detailed records) which, directly and indirectly, confirms the bookkeeping accounts for a minimum of 8 years.

The activities of the Data Controller comply with the requirements of the ISO27001 standard defining information security management systems. Pursuant to Info tv, if the personal data have been collected with the consent of the User, the Data Controller shall manage the data for the purpose of fulfilling its legal obligation (for example, to perform a contract or the data management required to fulfil any legal obligation of the Data Controller) or for the purpose to enforce a legitimate interest of the Data Controller or a third party, if such interest is proportionate to the restriction of the right to the protection of personal data, without further additional User's consent, and after the withdrawal of the User's consent.

9. Data Security

Pursuant to its obligation under Section 7 of the Info tv., the Data Controller shall make every effort to ensure the security of your data, and shall take all necessary technical and organizational measures and create those rules of procedures which are required to comply with the provisions of Info tv and to enforce other data and privacy policies.

The activities of the Data Controller comply with the requirements of the ISO27001 standard defining information security management systems.

The so-called cloud applications are also part of the Services. Cloud applications are typically international or cross-border, they serve, for example, for data storage purposes when the data storage is not the User's computer / business computing centre but a server centre located anywhere in the world. The main advantage of cloud applications is that they provide a geographically independent, highly secure, flexibly expandable IT storage and processing capacity.

The Data Controller shall, with the utmost care, select its partners providing cloud service, and shall make every effort to enter into a contract taking into account the data security interests of the Users, their data management policies shall be transparent and regularly monitored.

Links: There may be a link placed on the Data Controller's Website or Mobile Applications directing us to other sites maintained by other service providers (including sign-in buttons, buttons for sharing facilities, logos) where the Data Controller has no influence on the personal data management practices. We would like to draw the Users' attention that clicking on such links may lead to websites operated by other service providers. In such cases, we strongly recommend to read the privacy policies that apply to the use of these pages. This Data Processing Policy applies only to the Website operated by the Data Controller. If any of the User's data is modified, deleted by the User on an external website, it will not affect the data management carried out by the Data Controller, such changes shall be carried out on the Website, as well.

10. Transfer of data, linking of data

The User's personal data may be transferred to third parties only with the prior and well-informed consent of the User in accordance with this Data Processing Policy and in order to comply with the Data Processor's legal obligations, upon the request of the competent authorities, and the different data managements can be linked only in the case if the conditions of data management for each and every data are fulfilled. The Data Controller shall, before fulfilling the authority's requests for data, examine in the case of each data whether there is a legal basis or obligation to transfer the data.

By accepting this Data Processing Policy, the User declares that he or she is aware of the fact that the data managed by the Data Controller will be handed over to the bodies authorized for resolution of legal disputes or persons responsible for data processing, billing, accounting, claim handling, delivery, customer service. The recipients of personal data as stated above, provide services to the Data Controller and they operate primarily in Hungary or in the European Economic Area. These persons shall handle the data in accordance with the instructions of the Data Controller and shall not use the data for any other purpose, and they are bound by the obligation of confidentiality or privacy.

The Data Controller may link the User Database to the Customization subsystem of the Services. This is required to enhance the customised User Experience.

Please also read the Data Security and Anonymous User Identification (Cookie) sections regarding data transfer!

11. Anonymus user identifiation (cookie) location

11.1. Placing own cookies

The anonymous User ID (cookie) is a signal sequence of unique identification and profile information stored by service providers on the User's computer. It is important to know that such a signal sequence cannot in any way identify the User but is only suitable for recognizing the User's computer. In the Internet networking world, personal information and customised service can only be provided if service providers can uniquely identify their customers' habits and needs. Anonymous authentication is used by providers to learn more about their customers' habits of using information, in order to further improve their services and, on the other hand, offer their customers customization options.

For example, cookies may be used to store the Users' preferences and settings; these can help at signing in; display customised advertisements and analyse how the website works. To achieve this, we use services to collect and track information about User activities such as relevance, recommendations, searches, openings, and the most important and frequently used features.

We use Flash cookies to tell us, for example, whether the User has ever visited our website or to help identify the features / services that may be of most interest to the User. The search and Flash cookies enhance the online experience by preserving the information most preferred by the User while visiting a particular page. Neither the search engine nor the Flash cookies can personally identify the User and the User can refuse the browser cookies through the browser settings, but without such cookies he / she will not be able to use all the features of our website.

If the User does not want to have such an identifier placed on his computer, he may configure his browser not to allow the unique identifier to be placed, but in this case the Services may not be accessed or not in the form as if the User had allowed the placement of identifiers.

The Services are used by a large number of Users in diverse software and hardware environments with different uses and areas. The development of the Services will be the best suited to the needs and possibilities of our Users if we have a comprehensive view of their usage habits and needs. However, due to the large number of our Users, besides personal inquiry and feedback, it is an effective complementary method to collect and analyse their habits and data about the environment in which the Services are run by automated means.

11.2. The placement of third party cookies

The Website uses a web analytics service called Google Analytics (hereinafter referred to as "Google Analytics), provided by Google, Inc. (hereinafter referred to as the "Google") (seat: 1600 Amphitheatre Parkway Mountain View CA 94043). Google Analytics also uses "cookies", text files placed on your computer, to help us analyse the use of the Website. The Data Controller informs the User and, by accepting this Agreement, the User expressly consents to the transmission and storage of information generated by the cookies and related to the use of the Website (including your IP address) generated by cookies on Google's servers in the United States. By using the Website, the User consents to the transmission of his or her data in the manner and for the purposes as set out above. Google will use this information to evaluate and analyse how the User is using the Website, to compile reports on activities on the Website, and to provide other services related to activities on the Website and use of the Internet. Google is responsible for the legality of the transmission and processing the data described above and for any damages or claims relating thereto. If you have any questions or requests regarding the above, please contact us at the email address specified in Section 1 of this Data Processing Policy.

The Data Controller may also use tracking IDs in its newsletter sent to the Users or in the case of other services for the purposes of developing and tracking user behaviour:

  • Google Adsense,

  • Google Co-op,

  • Adverticum,

  • Gemius,

  • Median Webaudit,

  • OpenX,

  • Facebook,

  • Addthis.com,

  • Apple Inc.

12. User’s rights, legal enforcement possibilities

The User may request information on data management, and may request the rectification, blocking or cancellation of his / her personal data in case of false data. Data subjects may exercise their rights in connection with the processing of personal data by sending a notice to the email addresses provided during the Registration. The User shall send his / her request for information or cancellation by e-mail to the e-mail address provided in Section 1 of this Data Processing Policy.

(a) Information

The User shall request information on the management of his or her personal data on the basis of subsection a) of section 14 of the Info tv. Upon request, the Data Controller shall provide the User with information about the data it handles, the purpose, legal basis, duration of the data processing, the data processor's name, address (seat) and its data management activities, if the User's data is managed in accordance with the last paragraph of the section 7 of this Data Processing Policy, and about data processing activities, as well as about who receives or have received the data and for what purpose. The information also covers the User's rights and remedies in relation to data management. Requests for information about data management must be sent by email to the email address listed in Section 1 of this Data Processing Policy and the data subject will be answered within thirty (30) business days. This information is free of charge if the person requesting the information has not yet submitted a request for information to the Data Controller in the same year in the same area. In other cases, the Data Controller may make the request for information subject to reimbursement of costs. The information shall be provided within the period of data management specified in Section 10.

(b) Cancellation

The Data Controller shall cancel the personal data if requested by the User with respect to point c) below. If personal data must be retained for any other reason in connection with a prior legal dispute or a statutory supervisory standards, or in connection with the performance of a contract still in force entered into with the User, or the data inseparably and indelibly includes personal data other than the User's (for example a picture), a requested cancellation does not necessarily mean that the recording will be completely unavailable, but that the recording can only be used for purposes excluding the purpose of cancellation. Cancellation shall be carried out free of charge by the Data Controller. The User shall notify the Data Controller of his / her request for cancellation of his / her personal data by using the menu item serving for this purpose on the Website or by e-mail at the e-mail address specified in Section 1 of these Data Processing Policy. The Data Controller shall cancel the data upon the voluntary decision and request of the User within thirty (30) days of receipt of its cancellation request. By withdrawing his / her consent to the management of personal data or by requesting the cancellation of his / her personal data, the User also waives his / her right to participate in any activity related to the Registration. Cancellation is always free of charge.

The Data Controller shall notify the data subject of the rectification and cancellation, unless failure to do so would not prejudice the data subject's legitimate interest.

(c) Blocking

Instead of cancellation, the Data Controller shall block personal data if the User requests to do so or if, based on the information available, it is likely that cancellation would harm the legitimate interests of the User. Personal data blocked in this way will be managed by the Data Controller only for as long as the purpose of data management that precludes the cancellation of the personal data exists.

(d) Designation

The Data Controller will mark the personal data handled by him if the User disputes its correctness or accuracy, but the impropriety or inaccuracy of the disputed personal data cannot be clearly established.

If the Data Controller does not comply with the User's request for rectification, blocking or cancellation, he / she shall, within thirty (30) days of receipt of the request, provide information in writing about the reasons for rejecting the request for rectification, blocking or cancellation and inform the User of the possibility of remedies and the possibility of turning to an authority responsible for data management.

13. The right to object and remedies

(a) The right to object

The User or anyone whose personal data has been transferred to the Data Controller may object to the management of his or her personal data if

  • the management (transfer) of personal data is necessary only for the enforcement of the rights or legitimate interests of the Data Controller or the data recipient, unless the data management is authorized or ordered by law;

  • the exercise of the right to object is otherwise permitted by law.

With the simultaneous suspension of the data management, the Data Controller shall investigate the objection within a maximum of fifteen (15) days from the submission of the application and shall inform the applicant in writing of the result thereof. If the objection is justified, the Data Controller shall terminate the data management and block the data. The Data Controller is obliged to inform anyone to whom he had transferred the personal data related to the objection and who must take steps to enforce the right to object about the fact of the objection and the measures having been taken based on it.

If the User disagrees with the decision of the Data Controller that he had made based on the objection, or the Data Controller fails to comply with the deadline set for the decision, he or she may appeal to the court within thirty (30) days from the announcement of the decision or the last day of the deadline.

(b) Enforcement of rights

The User can enforce his rights in accordance with the Info tv and the Civil Code (hereinafter: Ptk). In case of violating the User's rights, the User may apply to the court or to the data protection authority indicated in Section 2 of this Data Processing Policy. Anyone may file an inquiry with the Data Protection Authority, stating that there has been an impairment of a right related to the management of personal data or there is an imminent danger of it. Regarding the lawsuit, the court has jurisdiction where the Data Controller's principal place of business is located. At the choice of the data subject, the lawsuit may also be brought before the court in the place where the data subject is domiciled. The enforcement practices and the detailed statutory provisions governing the Data Controller's obligations are contained in Info tv. and the Ptk., Hungarian law shall prevail.

The data of the persons with restricted legal capacity having provided to access the Website may be reviewed by their legal representative upon sending a written request to the Data Controller and may exercise his / her right in relation to data management of Users, provided that they have been credibly verified as legal representatives. The data protection rights of incapacitated Users shall be exercised by their legal representatives and the obligations shall be fulfilled by them.

14. Additional warranty protecting the data subject

All Users have the right to

  • become aware of the automated personal data file, its main purposes and the identity and usual domicile or place of residence of the person managing the data file;

  • be informed, at reasonable intervals and without excessive delay or expense, if his / her personal data is stored in an automated data file and to be informed about such data in a manner that is understandable.

15. THE PERSON APPOINTED AT THE DATA CONTROLLER, RESPONSIBLE FOR DATA PROTECTION

The person responsible for data protection and appointed at the Data Controller shall provide assistance to the User in making data-related decisions and assuring the rights of data subject, by sending an e-mail to the e-mail address provided in Section 3 of this Data Processing Policy.

16. Legal remedies

16.1. Procedural rules

The data controller shall inform the data subject without undue delay, but in any case within one month from the receipt of the request, based on the request in accordance with GDPR Articles 15-22.

If necessary, taking into account the complexity and number of requests, this deadline may be extended by two additional months.

The data controller shall inform the data subject about the extension of the deadline by defining the reasons for the delay within one month of the receipt of the request. If the data subject provided the request electronically, the information shall also be provided electronically, unless otherwise requested by the data subject.

If the data controller fails to take measures following the request of data subject, it shall inform the data subject without delay and within one month of the receipt of the request about the reasons of non-action and whether the data subject may file a complaint with a supervisory authority and exercise his/her right to judicial remedy.

The Company provides the requested information free of charge. If the request of data subject is clearly unjustified or - in particular due to its repeated nature excessive, the data controller may charge a reasonable fee for administrative cost regarding the provision of the requested information, or the adoption of necessary measures, or may refuse the measure based on the request.

The data controller shall communicate any rectification, erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it. The data controller shall provide a copy of the personal data undergoing processing to the data subject. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.

16.2 Compensation for damages suffered

Any person who has suffered material or non-material damage as a result of an infringement of the data protection regulation shall have the right to receive compensation from the data controller or data processor for the damage suffered.

A data processor shall be liable for the damage caused by data processing only where it has not complied with obligations of data protection regulation specifically directed to processors or where it has acted outside or contrary to lawful instructions of the data controller.

Where more than one controller or processor, or both a controller and a processor, are involved in the same processing and where they are responsible for any damage caused by processing, each data controller or data processor shall be held liable for the entire damage.

A data controller or data processor shall be exempt from liability if it proves that it is not in any way responsible for the event giving rise to the damage.

16.3 Complaint

If you have a problem with the data processing of the Company, please contact the Data Protection Officer of the Company whose contact information can be found in point 3.

The data subject has a right to lodge a complaint about the conduct, activity or omission of the Company:

a) Verbally

  • by phone at +36 1 688 2000

b) In written

  • personally or via delivery of the documenty by another person at the headquarters of the Company;

  • By post using the postal address 1074 Budapest, 51 Hársfa street, 2 ground floor;

  • by e-mail (providing continous electronic access and an alternative availability for the case of malfunctions) at e-mail address: reservation@airporthotel.hu

The Company shall request the following personal information from the customer during the complaint handling

a) name;

b) contract number, customer number, payment account number (cashier identification nuber)

c) permanent address, headquarter, mailing address;

d) phone number;

e) the manner of notification which is based on the legal obligation.

16.4. Right of access to Court

In the event of violation of his/her rights, the data subject shall go to the law against the Data Controller in accordance with Information Act 22.§ (1). The trial is governed by the jurisdiction of the courthouse. The court proceeds out of turn. The case shall be run before the courthouse of domicile or temporary address of the data subject, at the choice of him/her.

16.5. Privacy Policy Procedures

A complaint can be lodged with the Hungarian National Authority for Data Protection and Freedom of Information:

Nemzeti Adatvédelmi és Információszabadság Hatóság

1125 Budapest, Szilágyi Erzsébet fasor 22/C

Tel: 06-1-391-1400

E-mail: ugyfelszolgalat@naih.hu

17. Other

The User acknowledges and consents that any member of the group of companies of which the Data Controller is a member, through directly or indirectly, up to at least a 50% shareholding, or is the acquirer of all or a significant portion of the Data Controller's assets, is considered the beneficiary / recipient of the Data Controller, regarding the rights and obligations provided in this Data Processing Policy. Such businesses have the right to enforce directly or refer to any provision of this Data Processing Policy that involves any advantage or right for them. The User is not entitled to transfer or assign any of its rights and obligations to any third party under this Data Processing Policy.