Privacy Policy

Igor Corner Internet Ltd. and SGHTHERMÁL Ltd. hereby informs the visitors of the website operated by Igor Corner Internet Ltd. about the personal data processed in connection with the operation of the website and its services, the identity and data of the controller(s), the policies and practices followed in the processing of personal data, the transfer of data, the organisational and technical measures taken to protect personal data, as well as the ways and means of exercising the rights of the data subjects.the principles of data management, the expectations and rules which it has set for itself as data controller and the rules it applies.

1. Data protection statement

The operator of the wellnesskastély.hu website (hereinafter referred to as the Website), Igor Corner Internet Kft. (hereinafter referred to as the Service Provider), has the primary goal and commitment to treat the personal and other data provided by visitors to the Website (hereinafter referred to as the Users) confidentially, in full compliance with the applicable Hungarian laws and recommendations, with particular regard to the following:

- Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter referred to as the Data Protection Act);
- Act C of 2000 - on Accounting (Act on Accounting);
- Act CVIII of 2001 - on certain aspects of electronic commerce services and information society services (Eker. tv.);
- Act XLVIII of 2008 - on the Basic Conditions and Certain Restrictions on Commercial Advertising Activities (Act XLVIII of 2008).

2. Data controller, data processor

Company name: Igor Corner Internet Kft.
Registered office.
Tax number: 14817964-2-42
Cégjegyzékszám: Cg.01-09-921334
Represented by: Bönditz Szabolcs
Registration number of data management: NAIH-87820/2015.


3.

Data subject: any natural person who is identified or can be identified, directly or indirectly, on the basis of personal data;

personal data: data which can be associated with the data subject, in particular the name, the identification mark and one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of the data subject, and the conclusions which can be drawn from the data concerning the data subject;

consent: a freely given and freely given indication of the data subject's wishes, based on adequate information, by which he or she signifies his or her unambiguous agreement to the processing of personal data relating to him or her, whether in full or in part;

objection: a declaration by the data subject objecting to the processing of his or her personal data and requesting the cessation of the processing or the erasure of the data processed;

data controller: a natural or legal person or an unincorporated body which, alone or jointly with others, determines the purposes for which the data are processed, takes and implements decisions regarding the processing (including the means used) or has them implemented by a processor on its behalf;

'processing' means any operation or set of operations which is performed upon data, regardless of the procedure used, in particular any collection, recording, recording, organisation, storage, alteration, use, retrieval, disclosure, transmission, alignment or combination, blocking, erasure or destruction of data, prevention of further use, taking of photographs, sound recordings or images and physical features which permit identification of a person (e.g. fingerprints, palm prints, DNA samples, iris scans);

transfer: making data available to a specified third party;

disclosure: making the data available to any person;

erasure: rendering data unrecognisable in such a way that it is no longer possible to retrieve it;

data marking: the marking of data with an identification mark to distinguish them;

data blocking: the marking of data with an identification mark for the purpose of limiting their further processing permanently or for a limited period of time;

data destruction: the total physical destruction of a data medium containing data;

data processing: the performance of technical tasks related to data processing operations, irrespective of the method and means used to carry out the operations and the place of application, provided that the technical task is performed on the data;

'processor' means a natural or legal person or an unincorporated body which, under a contract with a controller, including a contract entered into pursuant to a legal provision, processes data;

data file: the set of data processed in a register;

third party: a natural or legal person or unincorporated body other than the data subject, the controller or the processor;

EEA State: a Member State of the European Union and another State party to the Agreement on the European Economic Area, and a State whose national has the same legal status as a national of a State party to the Agreement on the European Economic Area under an international treaty between the European Union and its Member States and a State not party to the Agreement on the European Economic Area;

third country: any State which is not an EEA State.

Hotel: the hotel operated by SGHTHERMÁL Kft / 8782 Zalacsány, Csány László utca 24. company registration number: 20 09 073325 tax number: 24193249-2-20 represented by Kinga Széles, Managing Director/ Batthyány Kastélyszálló****, and Batthyány Kúria
Partner: SGHTHERMÁL Kft / 8782 Zalacsány, Csány László utca 24. company registration number: 20 09 073325 tax number: 24193249-2-20 represented by Kinga Széles, Managing Director/
4. Principles of data management

Personal data may only be processed for specific purposes, for the exercise of rights and the fulfilment of obligations. At all stages of the processing, the purpose of the processing must be fulfilled and the collection and processing of data must be fair and lawful.

5. Legal basis for processing

The processing is based on the voluntary and duly informed declaration of the Users of the Website, which includes their express consent to the use of their personal data provided by them when using the Website and the personal data generated about them. The legal basis for the processing of personal data is the Infotv. According to Article 5 (1) (a) of the GDPR, the data processing is based on the voluntary consent of the data subject.

6.

The purpose of processing the User's personal data is to provide the Website Services, in particular: identification of the Users, differentiation from other Users, prevention of unauthorized access to personal data; transmission of the User's data for the purposes of requesting offers, booking accommodation and purchasing vouchers, identification of the User's rights (partial services that the User may use); administration of the Service via the customer service; contacting the User; sending system messages related to the Service; User Content (e.g. Providing hosting for the publication of User Content (e.g. accommodation reviews); improving the services of the Website, enhancing the quality of the Website, enhancing the user experience; facilitating the search for and reservation of accommodation and requesting offers, enabling the purchase of accommodation offers of the Partner; avoiding abuse; fulfilling accounting obligations; fulfilling legal obligations.

Subject to separate consent, the Service Provider and the Partner may also use the User's personal data for the purpose of direct marketing or solicitation for advertising purposes (in particular newsletters).

7. Data involved in the processing

The User is solely responsible for the truthfulness and accuracy of the personal data.

7.1. Use of hotel services

When using the Hotel Service, the User may share additional personal data with the Partner and the Service Provider in the comment field when purchasing the Hotel Service.

7.2. Newsletters, marketing offers

Data processed for sending offers by email: name, email address.

8.

8.1 Use of hotel services

In case of using the Hotel Service, the Service Provider shall, based on the User's voluntary consent, at the time of ordering the Hotel Service, transmit the User's personal data (name, email address, telephone number, address) and comments, as well as other order data (package ID, discount, surcharge, payment method) to the Partner as the company operating the Hotel for the purpose of tracking the purchase and sending the voucher.

9.

9.1 Data processed in connection with the use of the Hotel Service

The Service Provider shall process personal data related to the use of the Hotel Service initiated by the User for the purpose of fulfilling its accounting and obligations towards the Partner pursuant to Article 169 of Act C of 2000 for a period of 8 years or for the limitation period specified in Act XCII of 2003 on the Rules of Taxation.

9.2. Data processed for the purpose of sending newsletters

The Service Provider shall process the User's personal data for the purpose of sending newsletters until the User's consent is withdrawn in accordance with the methods detailed in this Privacy Policy. The newsletter may also be sent by SGHTHERMÁL Kft /Partner/, the operator of the Hotel, which has the right to access the User's data.

10. Amendment, deletion, blocking, objection to data processing

The User may at any time request the rectification of his/her personal data or the deletion or blocking of his/her personal data, except for mandatory data processing.

Personal data shall be deleted if

- its processing is unlawful;
- the data subject requests it, in accordance with the provisions of the GDPR;
- it is incomplete or inaccurate - and this situation cannot be lawfully remedied - provided that erasure is not excluded by law;
- the purpose of the processing has ceased to exist or the time limit for the storage of the data laid down by law has expired;
- it has been ordered by a court or the Authority.

11.

In order to enhance the user experience, the following data is stored in cookies on the User's hard drive for 30 days. The User can disable the use of cookies in his browser.