Privacy Policy
Last updated: 01.07.2022
This Privacy Policy describes how Dávid Botond Bakó, sole proprietor ("Bakó Dávid" or "we", "us", "our") uses and protects your personal data. Bakó Dávid is the data controller for personal data provided by our guests or potential guests when they use the www.artemis-bogacs.hu or www.apollo-bogacs.hu websites, as well as for other groups of individuals identified as guests in this Policy who contact us through various channels, business contacts, and our staff.
This Privacy Policy explains how we ensure the protection of personal data. Many of the principles we follow are derived from the EU General Data Protection Regulation (GDPR). However, we comply with all applicable legal requirements regarding personal data protection and privacy.
We have tried to make this Privacy Policy user-friendly and easy to understand, within the limitations of the complexity of the information to be communicated. If you have any questions about the content of the Policy, or if you have any comments or suggestions on how we can improve the Policy, please contact us at:
apollovendeghaz@gmail.com
Legal rights of natural persons ("data subjects") under GDPR
Under GDPR, "data subjects" are natural persons living anywhere who are in contact with a "data controller" in the EU, or natural persons living in the EU who are in contact with a data controller outside the EU. The "data controller" is the legal entity that determines how personal data is processed. "Personal data" is any data that can be linked to the data subject.
According to the following explanation, data subjects have the following individual rights under GDPR:
a) Right to transparent information b) Right to access your own data c) Right to rectification of inaccurate data d) Right to erasure (right to be forgotten) under certain circumstances e) Right to withdraw consent f) Right to request restriction of processing g) Right to object to processing h) Right not to be subject to automated decision-making i) Right to data portability j) Right to lodge a complaint with a "Supervisory Authority" k) Right to effective judicial remedy against a controller or processor
This Policy applies to all of these rights. In response to your request under any of these rights, we will respond to you without undue delay, within one month at the latest, and we will do our best to resolve even complex cases within three months. We will provide the response electronically or in another manner as requested by you. We do not charge a fee for the first request, but we reserve the right to charge an administrative fee for repeated requests within one year or for requests that are clearly unfounded or excessive.
Please note! We need to verify your identity to process your request.
If we believe that we do not need to act on your request, we will inform you in writing of the reasons for our decision and the remedies available to you.
Apart from these rights, if you believe that Bakó Dávid has acted inappropriately regarding your personal data or data protection, please contact us so that we can rectify the situation and improve our service to our guests. You can make an official complaint by email or post at the contact details provided in section 1.12 "Contact Bakó Dávid regarding GDPR".
We will endeavor to respond to you without undue delay, within one month at the latest.
1.1. Right to transparent information
We provide all information required by GDPR in a concise, transparent, intelligible, and easily accessible form, using clear and plain language, particularly for any information addressed specifically to children. The information is provided in writing or by electronic means. We may also provide oral information at your request.
We assist you in exercising your rights as described in section 1 below.
You can find our email and postal contact details in section 1.12 "Contact Bakó Dávid regarding GDPR" below. In section 2, you may find separate contact details for specific inquiries related to certain activities.
1.2. Right to access your own data
You have the right to obtain confirmation from Bakó Dávid as to whether we are processing personal data concerning you, and if so, you have the right to request access to the data and the following information:
a) The purposes of the processing b) The categories of personal data concerned c) The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in non-EU countries d) The period for which the personal data will be stored e) That you have the right to request from us rectification or erasure of personal data, or restriction of processing of your personal data, or to object to such processing f) That you have the right to lodge a complaint with a Supervisory Authority g) Where the personal data are not collected directly from you, any available information as to their source h) The existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you i) Where your personal data are transferred to a non-EU country, the appropriate safeguards we use to protect your rights
1.3. Right to rectification of inaccurate data
If we hold inaccurate or incomplete personal data about you, we will rectify these without undue delay upon receipt of your request.
1.4. Right to erasure (right to be forgotten)
You have the right to request the erasure of your personal data and for us to comply with this request without undue delay if one of the following grounds applies:
a) Your personal data are no longer necessary in relation to the purposes for which they were collected b) You have withdrawn your consent, and we no longer have a legal basis for the processing c) The legal basis for processing is our legitimate interests, and you claim that there are no overriding legitimate grounds for the processing d) The purpose of processing is direct marketing, and you object to this e) We have processed your data unlawfully f) Your data must be erased for compliance with a legal obligation in Union or Member State law to which we are subject g) The lawfulness of our processing is based on consent given by a child's guardian, and either i. you are the child's guardian and the child in question has not reached the age required for consent, or ii. you are the child who has now reached the age required for consent. (In Hungary, the minimum age for consent to personal data processing is 16 years.)
Please note! We cannot erase your personal data if processing is necessary: a) for exercising the right of freedom of expression and information; b) for compliance with a legal obligation which requires processing by law; c) for reasons of public interest in the area of public health; d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes insofar as the erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or e) for the establishment, exercise or defense of legal claims.
Your data will temporarily remain in backup copies after this deletion, but we ensure through IT security techniques that these copies can only be accessed for database restoration in case of data loss and that they cannot be copied for data discovery purposes. Backup copies are destroyed on a rotating basis within [N MONTHS].
1.5. Right to withdraw consent
If you have given consent to our processing of your data, you may withdraw your consent at any time. You can do this by sending your request to the email address provided in the relevant section of Chapter 2 (Activities), which lists the activities for which we process personal data. Alternatively, you can write to us at the address given in section 1.11 below.
Please note: Your withdrawal of consent does not affect the processing we have already carried out.
1.6. Right to request restriction of processing
You may request that Bakó Dávid restrict the processing of your personal data if any of the following applies:
You contest the accuracy of the personal data Our processing is unlawful, but you oppose the erasure of the personal data and request the restriction of their use instead We no longer need the personal data for the original purposes, but you require them for the establishment, exercise or defense of legal claims You have objected to processing based on our "legitimate interests" as the legal basis, but you claim that your "interests, rights and freedoms" take precedence over those.
If processing has been restricted based on your objection, such personal data shall, with the exception of storage, only be processed: a) with your consent, or b) for the establishment, exercise or defense of legal claims, or c) for the protection of the rights of another natural or legal person, or d) for reasons of important public interest of the Union or of a Member State.
We will inform you before the restriction of processing is lifted.
Practical operational considerations may prevent us from restricting processing exactly as prescribed by GDPR, but in such cases, we will work with you to find a satisfactory solution.
1.7. Right to object to processing
You have the right to object to our processing of your personal data if:
The legal basis for processing is our "legitimate interests", but you claim that your "interests, rights and freedoms" take precedence over those We process your data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing. (Profiling is automated decision-making that analyzes or predicts aspects concerning economic situation, personal preferences, or location.) In case of such objection, we may no longer process your personal data for these purposes.
1.8. Right not to be subject to automated decision-making
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
However, this does not apply if the decision: a) is necessary for entering into, or performance of, a contract between you and us, or b) is authorized by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests.
In cases referred to in point (a), we shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on our part, to express your point of view and to contest the decision.
1.9. Right to data portability
Under GDPR, the data subject has the right to receive the personal data concerning him or her in a "structured, commonly used and machine-readable format" under certain circumstances. The data subject is also entitled to have the data transmitted directly between controllers where technically feasible. If you request access to your personal data under point 1.2 above, we will generally provide this in a widely used electronic format, unless you specifically request that we send you the data in written form.
1.10. Right to lodge a complaint with a "Supervisory Authority"
If you believe that we have treated you unfairly or unlawfully under GDPR, you may lodge a complaint with the data protection Supervisory Authority. If you are not habitually resident in Hungary but in another EU Member State, you have the right to lodge a complaint with the Supervisory Authority of the country concerned. You can find the names and contact details of the data protection authorities at the following link: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm
If you are habitually resident in Hungary or in a country outside the EU, you may address your complaint to the Hungarian authority:
National Authority for Data Protection and Freedom of Information H-1055 Budapest, Falk Miksa u. 9-11. Postal address: 1363 Budapest, Pf.: 9. Phone: +36 -1-391-1400 Fax: +36-1-391-1410 Email address in Hungarian: ugyfelszolgalat@naih.hu Web: http://naih.hu
1.11. Right to effective judicial remedy against a controller or processor
If you consider that your rights under GDPR have been infringed as a result of the processing of your personal data in non-compliance with GDPR, you have the right to an effective judicial remedy. Proceedings against a controller or a processor shall be brought before the courts of the EU Member State where the controller or processor has an establishment. Alternatively, such proceedings may be brought before the courts of the EU Member State where you have your habitual residence.
In Hungary, the regional court has jurisdiction over such cases. The lawsuit can be filed - at the choice of the data subject - before the regional court of the data subject's place of residence or stay. A person who otherwise does not have legal capacity to be a party may also be a party to the lawsuit. The Authority may intervene in the proceedings to ensure the success of the data subject.
In addition to the provisions of the GDPR, the provisions of Act V of 2013 on the Civil Code of Hungary, Book Two, Part Three, Title XII (Sections 2:51 - 2:54) and other legal regulations applicable to court proceedings shall apply to the court proceedings.
1.12. Contact Bakó Dávid regarding GDPR
You may find separate contact details for specific inquiries in certain activity-related sections of Chapter 2. For exercising the rights described above or for direct complaints to Bakó Dávid or for general inquiries regarding GDPR or data protection, the email address and postal address for contact are as follows:
Email: apollovendeghaz@gmail.com
Address: Hungary, 3412. Bogács, Jács köz 14.
2.Data Processing Activities
The list of data transfers and processors within the EU is contained in a separate document, which forms an annex to this policy. We draw attention to data transfers outside the EU within this policy.
2.1 Room Booking
When booking a room online, in person at the accommodation, or by phone, we may request some or all of the following personal data:
Full name
Arrival date
Departure date
Total number of guests
Which guest house
Email address
Phone number
Full mailing address
Arrival time
Departure time
Comments – here you can specify any preferences
Purpose of data processing: The purpose of our data collection is to identify the guest making the booking, to hand over the guest house to the right person at check-in, and to keep track of the payment method to avoid the financial risk if the guest does not eventually check in to the hotel. We use your email address i. in the exceptional case when we need to notify you of a change affecting your booking, ii. three days before your planned arrival to remind you of details such as the accommodation address and check-in time, and iii. three days after departure to share your feedback about your stay so that we can provide even better service during your and other guests' future visits.
Legal basis for data processing: The legal basis for data processing is that we need this data to perform a contract for accommodation booking. We process your email address to send you an email after your stay because "the processing is necessary for the purposes of the legitimate interests pursued by the controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject". Our legitimate interests in this case include providing excellent quality service, and we believe that sending an email after your stay does not infringe on your fundamental rights.
If you do not provide the requested data, we cannot book accommodation for you or contact you in case of a problem.
Data retention period: We retain personal data at the level of individual data fields, not at the level of all data related to a particular guest. For example, we may keep your name and check-in date longer than your email address. We keep data processed for the provision of services for 2-8 years, depending on the data. In some cases, we have a legal obligation to keep personal data for a longer period. The main categories are as follows:
If the data is needed for invoicing or other tax records, we have a legal obligation to keep the data for 8 years from the end of the calendar year. So if we issue your invoice at check-out on June 30, 2018, we must keep the data until December 31, 2026. Our accommodation has a legal obligation to report all check-in guests to the local municipality and to report all guests from outside the EU to the police. We have a legal obligation to keep the data contained in these reports for 6 years from the date of check-in.
If you request the retention of your data to simplify future bookings by ticking the appropriate box (purpose of data processing), the legal basis for data processing will be your voluntary consent. Therefore, if you do not consent to the processing of data by ticking the box, you will need to provide them again for your next booking. You can withdraw your consent at any time, but the withdrawal does not affect the lawfulness of processing based on consent before its withdrawal. In such cases, we store your personal data for 8 years from your last booking.
We delete the data after the expiry of the longest relevant data retention period mentioned above.
If you wish to exercise any of your rights set out in point 1 in relation to the data collected above, or if you wish to contact us for any other reason regarding the above, please notify us by sending an email to apollovendeghaz@gmail.com.
2.2 Registration Form
Types of data and legal basis for data processing: Mandatory personal data (Provision of these data by the Guest is a condition for using the hotel service):
The processing of the following data is a legal obligation, e.g.: first name, last name, mother's name, billing details;
We process your name and email address for 3 days after your departure based on our legitimate interest in developing our services, in order to ask for your opinion about our services and thereby improve them.
Non-mandatory statistical data:
For statistical purposes, we process the following data separately from personal data: business trip, leisure travel.
Some data will be filled in at check-in based on the booking to speed up the check-in process. Please always check the accuracy of the data.
Purpose of data processing: Provision of accommodation services, including communication and service improvement.
Data retention period: We retain personal data at the level of individual data fields, not at the level of all data related to a particular guest. For example, we may keep your name and check-in date longer than your email address. We keep data processed for the provision of services for 2-8 years, depending on the data.
In some cases, we have a legal obligation to keep personal data for a longer period. The main categories are as follows:
If the data is needed for invoicing or other tax records, we have a legal obligation to keep the data for 8 years from the end of the calendar year. So if we issue your invoice at check-out on June 30, 2018, we must keep the data until December 31, 2026. Our accommodation has a legal obligation to report all check-in guests to the local municipality and to report all guests from outside the EU to the police. We have a legal obligation to keep the data contained in these reports for 6 years from the date of check-in.
If you request the retention of your data to simplify future bookings by ticking the appropriate box (purpose of data processing), the legal basis for data processing will be your voluntary consent. Therefore, if you do not consent to the processing of data by ticking the box, you will need to provide them again for your next booking. You can withdraw your consent at any time, but the withdrawal does not affect the lawfulness of processing based on consent before its withdrawal. In such cases, we store your personal data for 8 years from your last booking.
If you wish to exercise any of your rights set out in point 1 in relation to the data collected during check-in, or if you wish to contact us for any other reason regarding the data collected during check-in, please notify us by sending an email to apollovendeghaz@gmail.com.
2.3 Guest Questionnaire and Rating System
As part of the quality assurance process applied at the company, Guests can provide their opinion about the services of Apollo and Artemis guest houses through email and paper-based guest questionnaires, as well as through the rating system. When filling out the questionnaire, you may provide the following personal data:
Name
Date of visit
Guest house
Contact details (address, email address, phone number, residential address)
Providing this data is not mandatory; it only serves to ensure accurate investigation of any complaints and to provide a response.
The opinions received in this way, and any data that may be provided in connection with them that cannot be traced back to the specific Guest and is not associated with the Guest's name, may also be used by the Company for statistical purposes.
If you share your opinion with us anonymously, we do not process personal data. If you request feedback from us, our colleague will contact you within 30 days at the latest using one of the provided contact details (email, address, phone number).
Purpose of data processing: Communication with the reviewer and complaint handling.
Legal basis for data processing: Your presumed voluntary consent. Please note that if you do not consent to the processing of data or withdraw your consent, we will not be able to answer your question. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Data retention period: We delete the messages and personal data received in this way one year after the end of the year in which the request, question, or complaint was answered. We will delete the email address and username provided for using the rating system at your request.
If you wish to exercise any of your rights set out in point 1 in relation to the data provided in this way, or if you wish to contact us for any other reason regarding the above data processing, please notify us by sending an email to apollovendeghaz@gmail.com.
2.4 Camera System
Cameras operate in the areas of accommodations operated by Bakó Dávid for the personal and property security of the Guests. Camera surveillance is indicated by a pictogram and warning text.
The purpose of camera surveillance is property protection, namely the protection of equipment representing significant values and the personal valuables of the Guests, given that the detection of infringements, catching the perpetrator in the act, prevention of these unlawful acts is not possible otherwise, or their proof cannot be achieved by other methods.
You can get more detailed information about the data processing related to the camera system at the given accommodation, on-site. We will forward the data processing notice of the camera system to you upon request. Please indicate such a request by sending a letter to the general email or postal address of the given hotel.
2.5 Newsletter
For the purpose of sending newsletters, we process your name, email address, and occasionally your residential address. Regarding newsletter sending, you have the option to set the topic and region for which you want to receive newsletters.
Purpose of data processing: To inform you about current promotions and news.
Legal basis for data processing: Your voluntary consent. Please note that if you do not consent to the processing of data, we will not be able to send you newsletters.
Data retention period: We will send our newsletter to you only as long as you request it. If you no longer wish to receive newsletters, you can unsubscribe at any time using the link at the bottom of the newsletter or by sending an email to apollovendeghaz@gmail.com. Such withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
If you wish to exercise any of your rights set out in point 1 in relation to the data provided in this way, or if you wish to contact us for any other reason regarding the above data processing, please notify us by sending an email to apollovendeghaz@gmail.com.
2.6 Apollo and Artemis Guest Houses Gift Card and Accommodation Voucher
When purchasing an Apollo and Artemis gift card or Accommodation Voucher, you provide the following personal data:
For in-person purchase:
Name
Billing name and address
For online orders through the official websites of the guest house:
Name
Email address
Phone number
Billing name and address
Delivery name and address
The balance and expiry date of the Gift Card can be inquired at apollovendeghaz@gmail.com.
Purpose of data processing: Contact for delivery of the gift card or accommodation voucher, invoicing.
Legal basis for data processing: Performance of a contract for issuing the gift card or accommodation voucher. Providing the data is mandatory and a condition for providing the service.
Data retention period: The Company stores the personal data thus obtained for 8 years in accordance with the current tax and accounting regulations.
If you wish to exercise any of your rights set out in point 1 in relation to the data provided in this way, or if you wish to contact us for any other reason regarding the above data processing, please notify us by sending an email to apollovendeghaz@gmail.com.
2.7 Social Media Platforms (e.g., Facebook, Instagram)
The accommodations operated by Apollo and Artemis guest houses are separately accessible on Facebook and Instagram social media platforms. Facebook users can subscribe to the news feed posted on the wall by clicking the "like"/"follow" link on the given page, and can unsubscribe by clicking the "dislike"/"unfollow" link, or can delete unwanted news appearing on the wall using the wall settings. The guest houses have access to the profiles of the "followers" but do not record or process them in their internal system.
Purpose of data processing: Sharing content from the websites of the accommodations operated by the guest houses, communicating other news and promotions, maintaining contact. Through the Facebook pages, you can book a room, participate in prize games, and get information about the latest promotions.
Legal basis for data processing: Your voluntary consent, which you can withdraw at any time by unsubscribing. The withdrawal does not affect the lawfulness of processing based on consent before its withdrawal. If you unsubscribe, you will not receive notifications about our news feed, our news will not appear on your news feed, but you can still access the news feed as our page is public.
Data retention period: The data processing lasts until you unsubscribe.
No data transfer or use of data processor occurs.
Facebook and Instagram are independent data controllers from us. You can get information about the data processing of the page from the privacy policies and regulations found on the Facebook website at the following links:
https://www.facebook.com/policies/cookies/ https://www.facebook.com/about/privacy/update
You can get information about Instagram's data processing at the following link:
help.instagram.com
When using Facebook applications and prize games, data processing takes place as described in point 2.12.
In case of accommodation booking, the system automatically redirects the Guest to the guest house's website. Data processing takes place as described in point 2.1.
The Company also publishes pictures/films of various events on its Facebook page. If it's not a mass shot, the Company always asks for the written consent of the person concerned before publishing the pictures.
If you wish to exercise any of your rights set out in point 1 in relation to the data provided in this way, or if you wish to contact us for any other reason regarding the above data processing, please notify us by sending an email to apollovendeghaz@gmail.com.
2.8 Prize Games
The guest houses occasionally organize prize games independently. Participation in the prize game is possible after paper-based or online (Apollo and Artemis website, Facebook page) registration, usually after providing the following data:
Name
Address
Phone number
Email address
There may be cases where the above data is not needed (e.g., Facebook prize game), or other data may be needed, so the range of data may vary.
Purpose of data processing: Organizing a prize game and maintaining contact in order for the guest house to deliver the prize to the winner.
Legal basis for data processing: Your consent. You can withdraw your consent at any time by sending an email to apollovendeghaz@gmail.com or a letter to the above address. The withdrawal does not affect the processing carried out before it. Consent is a condition for participation in the prize game.
Data retention period: The data processing lasts until the end of the prize game, and the data processed in this way (except for the winner(s) and reserve winner(s)) will be deleted within 30 days after the draw. The data of the winner(s) and reserve winner(s), if necessary, will be stored by the Company for 8 years in accordance with the current tax and accounting regulations, and then deleted after the expiry of the deadline.
We always provide information about any data transfer and data processors, as well as other details of data processing that differ from this policy, during the specific prize game.
For Guests who subscribe to the newsletter and consent to promotional contact, the Company continues to process the above data in accordance with point 2.7 of this Policy.
If you wish to exercise any of your rights set out in point 1 in relation to the data provided in this way, or if you wish to contact us for any other reason regarding the above data processing, please notify us by sending an email to apollovendeghaz@gmail.com.
2.9 Contact
You can contact us through any of our contact details (by email, via Facebook, phone, postal mail, or through the forms designed for this purpose (e.g., request for offer)). In such cases, we presume your consent to the processing of personal data shared with us.
Purpose of data processing: Maintaining contact with the inquirer and answering/resolving the question/request.
Legal basis for data processing: Since you are contacting us, the legal basis for data processing is your (presumed) voluntary consent. You can withdraw your consent at any time, but in this case, we will not be able to answer your inquiry. The withdrawal does not affect the lawful processing carried out before it.
Please note that the data fields on the various forms have been designed based on our experience, requesting the most necessary data for answering the given request. We mark the mandatory fields with a red asterisk.
Data retention period: We delete the messages and the personal data thus received one year after the end of the year in which the given request, question, or complaint was answered. However, if - due to the nature of the correspondence - it is necessary for tax or accounting reasons, or for the protection of the rights or interests of the Company or the inquirer, we archive it and store it for the necessary period, which is examined individually in each case.
2.10 Complaint Handling Protocol
During consumer complaint handling, if you do not agree with the handling of the complaint, or if immediate investigation of the complaint is not possible, the Company is obliged to immediately take minutes of the complaint and its position on it. The minutes contain the following data:
The consumer's name, address
The place, time, and method of submitting the complaint
A detailed description of the consumer's complaint, a list of documents and other evidence presented by the consumer
The Company's statement regarding its position on the consumer's complaint if immediate investigation of the complaint is possible
The signature of the person taking the minutes and - except in the case of a verbal complaint communicated by phone or electronically - the consumer's signature
The place and time of taking the minutes
In the case of a verbal complaint communicated by phone or electronically, the unique identifier of the complaint
Purpose of data processing: Investigation of the complaint and communication with the complainant.
Legal basis for data processing: Section 17/A (7) of Act CLV of 1997 on Consumer Protection, which makes the above data processing mandatory.
Data retention period: 5 years from the date of recording the minutes.
If you wish to exercise any of your rights set out in point 1 in relation to the data provided in this way, or if you wish to contact us for any other reason regarding the above data processing, please notify us by sending an email to apollovendeghaz@gmail.com.
2.11 Automatically Recorded Data, Cookies, and "Remarketing Codes"
2.11.1 Automatically Recorded Data
If you view our website, certain data of your device (e.g., laptop, PC, phone, tablet) are automatically recorded. Such data include the IP address, the date and time of the visit, the type of browser used, the type of operating system, and the domain name and address of your internet service provider. The recorded data are automatically logged by the web server serving the website when you view the website, without any separate statement or action on your part. The system automatically generates statistical data from this data. This information can only be linked to other personal data in cases required by law. We use this information exclusively in aggregated and processed form to correct any errors in our services, improve their quality, and for statistical purposes.
Purpose of data processing: Technical development of the IT system, checking the operation of the service, and creating statistics. In case of abuse, the data may be used in cooperation with the visitors' internet service provider and the authorities to determine the source of the abuse.
Legal basis for data processing: Based on Section 13/A (3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services, it is a condition for providing the service.
Data retention period: 30 days from viewing the website.
2.11.2 Cookies and Similar Technologies
What is a cookie? A cookie is a small text file that is stored on the hard drive of your computer or mobile device for the expiration time set in the cookie and is activated (sends feedback to the web server) during later visits. Websites use cookies to record information related to the visit (pages visited, time spent on pages, browsing data, exits, etc.) and personal settings. This tool helps in creating a user-friendly website to enhance the online experience of visitors.
On other platforms - where cookies are not available or cannot be used - other technologies with similar purposes to cookies may be used: for example, advertising identifier on Android mobile devices.
There are two types of cookies: "session cookies" and "persistent cookies".
"Session cookies" are stored temporarily on your computer, notebook, or mobile device only until you leave the given website; these cookies help the system remember information so that you don't have to re-enter or fill in the given information. The validity period of session cookies is limited to the user's current session, their purpose is to prevent data loss (for example, when filling out a longer form). At the end of the session or when closing the browser, this type of cookie is automatically deleted from the visitor's computer.
"Persistent cookies" are stored on your computer, notebook, or mobile device even after leaving the website. Through these cookies, the website recognizes you as a returning visitor. Persistent cookies are suitable for identifying the user through the server-side ID-user pairing, so they are necessary conditions for proper operation in all cases where user authentication is essential - e.g., webshop, netbank, webmail. Persistent cookies do not carry personal data in themselves and are only capable of identifying the user in conjunction with the pairing stored in the server database. The risk of such cookies is that they actually identify the browser, not the user, so if someone logs into a webshop in a public place, e.g., an internet cafe, library, and doesn't log out when leaving, then later another person using the same computer can access the given webshop illegitimately on behalf of the original user.
How can I enable or disable cookies? Most internet browsers automatically accept cookies, but visitors have the option to delete or reject them. As each browser is different, you can set your cookie preferences individually using the browser's toolbar. If you do not wish to allow any cookies from our website, you can modify your web browser settings to receive notification of sent cookies, or you can simply reject all cookies. You can also delete cookies stored on your computer or mobile device at any time. For more information about the settings, please check your browser's Help. Please note that if you decide to disable cookies, you will have to give up certain functions of the website.
What types of cookies do we use?
Tools essential for the operation of the website: Such cookies are essential for the proper functioning of the website, so in this case, the legal basis for data processing is Section 13/A (3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services. No data transfer occurs.
a) Fill-in assistance Purpose of data processing: Helps fill out forms by offering a pre-fill that seems appropriate for you. Data retention period: lasts for the duration of the stay on the website
b) Helps in searching Purpose of data processing: Helps in searching so that you can find what you're looking for as quickly as possible Data retention period: lasts for the duration of the stay on the website
c) Spell checker Purpose of data processing: Automatically corrects presumed typing errors Data retention period: lasts for the duration of the stay on the website
d) Language setting identification: Purpose of data processing: During your visit to the website, the system identifies you as a unique user using a normal cookie to remember your language settings. Data retention period: We store this setting (cookie) for 29 days.
e) Social network cookie (Facebook, Instagram, Google+, Youtube) Purpose of data processing: This cookie provides the opportunity to share content found on the website. Data retention period: We store this cookie for the duration of sharing.
You can read more about Facebook in point 2.
f) Multimedia player (youtube) Purpose of data processing: This cookie provides the opportunity to play videos found on the website. Data retention period: We store this cookie for the duration of playback.
Cookies collecting statistical data These cookies only collect statistical data, they do not process personal data. During their operation, they observe how you use the website, which topics you view, what you click on, how you scroll the website, which pages you visit. However, they collect information only anonymously. So we can find out, for example, how many visitors the page has per month. Google Tag Manager (and Google Analytics), as well as Hotjar, help in collecting such statistical data.
Marketing cookies
The purpose of data processing for such cookies is to send personalized advertisements. Legal basis for data processing: In all cases, your consent, which you give in the pop-up window on the website. You can withdraw your consent at any time, but the withdrawal does not affect the lawful processing carried out before it. In case of withdrawal, advertisements tailored to you will not appear on other surfaces.
a) Categorization by place of visit, Data retention period: 269 days
b) Personalized Facebook offers Data retention period: maximum 180 days
c) Monitoring clicks on the Company's advertisements Data retention period: 2 years
If you wish to exercise any of your rights set out in point 1 in relation to the above, or if you wish to contact us for any other reason regarding the above data processing, please notify us by sending an email to apollovendeghaz@gmail.com.
2.11.3 References and Links
Our website may also contain links that are not operated by Bakó Dávid, but only serve to inform visitors. Bakó Dávid has no influence on the content and security of websites operated by partner companies, so it is not responsible for them. Please review the privacy policy of the pages you visit before providing your data in any form on the given page.
2.12 WiFi
Free WiFi service is available at our accommodation. You can find the name and password of the WiFi network at the accommodation. In addition, the system also records the IP address of your device.
Purpose of data processing: The purpose of data processing is to ensure access to the service during the use of WiFi, and after your departure, for complaint handling and detection of abuses.
Legal basis for data processing: The legal basis for our data processing activity is "performance of a contract", considering that WiFi access is one of the hotel's services. After your departure, the legal basis is "the Data Controller's legitimate interest in complaint handling and detection of abuses". Providing your data is an essential condition for using the service.
Data retention period: We delete your data after 1 (one) year following the year in question.
Legal References (including contact details)
As the data controller of the personal data it uses, Bakó Dávid is obliged, under GDPR, to publish information about its official name, contact details, and other data. This section contains all the information required by GDPR, as well as additional legal information beyond these.
Full official names of the legal entities operating our accommodations:
Full official name: Dávid Botond Bakó, sole proprietor Headquarters: 3412 Bogács, Jács köz utca 14, Hungary Tax number: 56460641-1-25 Represented by: Dávid Botond Bakó, accommodation operator Phone number of the legal associate responsible for data protection: +36 30 439 9535 Email address: apollovendeghaz@gmail.com
Activity: 552014 – Private accommodation services
4. Terms and Abbreviations Used in This Policy: Most of the definitions are based on the EU General Data Protection Regulation (GDPR). This is a legal document, so the same content cannot be simply and briefly rephrased. Our goal here is to provide a clear explanation that facilitates understanding the text; this sometimes precludes detailing the full legal definition. It is the company's policy to fully comply with GDPR requirements, and your rights are not diminished by the simplified explanation provided here.
Term or Abbreviation
Explanation
Data Controller: The legal organization that determines the processing of personal data.
Data Subject: A person living in or outside the EU who is in contact with an organization operating in the EU. We consider such an individual a "data subject", and they have rights under GDPR during the processing of their own data.
EU: The European Union
GDPR: The EU General Data Protection Regulation, which came into effect on May 25, 2018.
Personal Data: Any information relating to an individual that allows identification through various methods, including but not limited to: The individual's name, identification number, address, mother's maiden name, or one or more factors specifically referring to the individual's physical, physiological, genetic, mental, economic, cultural or social identity.
Data Processing: Any operation or set of operations performed on personal data, whether or not by automated means, including but not limited to: Collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment or combination, restriction, erasure or destruction
Data Processor: The legal entity that processes personal data on behalf of the data controller.
Profiling: Automated processing that uses personal data to analyze or make predictions about an individual's work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
Pseudonymization: Encoding or maintaining personal data in another way that cannot be attributed to a specific data processing subject without providing additional information. The additional information must be stored separately and protected against unauthorized use by technical and organizational measures.
Special Categories of Data: Very strict restrictions apply to the processing of personal data falling into "special categories". These are: Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, Processing of genetic data and biometric data for the purpose of uniquely identifying a person, data concerning health or data concerning a person's sex life or sexual orientation, or Data relating to criminal convictions
Supervisory Authority: A Member State may establish an independent public authority to monitor the application of GDPR and, if necessary, to intervene to protect the rights of individuals under GDPR
Third Country: Any country outside the EU
Data Transfer: Transfer of personal data from the data controller or data processor to a legal entity outside the EU.