General Data Processing Information

 

GENERAL DATA PROCESSING INFORMATION

The website is operated by Gyula Rinner, 9400 Sopron, Walder u.; (“Data Controller”). With this data processing information (“Information”), we inform you about how we handle your personal data provided on our website and/or during the use of our services.

1. What personal data do we process?

If you visit the website and/or use our services, we process the following personal data:

  • The date and time of your visit to the website, your IP address, the name and version of your browser, the website visited before ours (URL), certain cookies, as well as your personal data (your name, place of birth, date of birth, email address, phone number, residence, Széchenyi Leisure Card (SZÉP Card) number, MKB SZÉP card personal code, bank account number) that you provide on the contact or complaint form, and during the use of our services.

You are not obliged to provide your personal data to the Data Controller. However, to ensure the website provides a complete user experience and/or to use certain services, providing some personal data is necessary.

2. Purpose of data processing

We process your personal data for the following purposes:

a) Your name, email address, and phone number for communication with you and to respond to your requests, questions, and comments; your bank account number for sending a bank statement confirming the payment of our service fee or refunding the fee in case of service cancellation; b) Your name, residence, SZÉP Card number for invoicing during the use of our services, and the personal identification number of the SZÉP Card, in case of a pre-initiated transaction with certain types of SZÉP Cards (e.g., issued by MKB Bank Nyrt.); c) Your personal data specified in laws for data reporting to the National Tourism Data Supply Center; d) Your name, email address, and phone number for responding to complaint notifications.

3. Legal basis for data processing

We process your personal data based on the following legal grounds:

  • For the data processing purpose referred to in point 2 a), based on your consent (GDPR Article 6(1)(a));
  • For the data processing purposes referred to in points 2 b)-d), based on legal obligations (GDPR Article 6(1)(c)).

Regarding the legal basis of consent, we inform you that you can withdraw your consent at any time by sending an email to rinner@ebg.group. Withdrawal of consent does not affect the legality of data processing based on consent before its withdrawal.

4. Transfer of personal data

For the purposes specified in point 2, we transfer your personal data to the following recipients:

4.1. Third parties

The court, the prosecutor’s office, the investigating authority, the National Authority for Data Protection and Freedom of Information, and any other authority may require the Data Controller to provide information and disclose data. To comply with this mandatory data provision, the Data Controller only provides the personal data strictly necessary to fulfill the request to the authority, if the authority specifies the exact purpose and scope of the data.

4.2. Data transfer to a third country

Your personal data is not stored or processed outside the EEA.

5. Retention period

The Data Controller processes personal data until the purpose of data processing is achieved or as long as required by law. After that, personal data will be deleted. Specifically:

  • Personal data processed for the purposes set out in point 2 a) is retained until your consent is withdrawn, but for a maximum of 2 (two) years;
  • Personal data processed for the purposes set out in point 2 b) is retained for the period specified by the applicable laws on invoices;
  • Personal data processed for the purposes set out in point 2 c) is retained for the period specified by the applicable laws on data reporting;
  • Personal data processed for the purposes set out in point 2 d) is retained for 5 (five) years after the complaint is answered.

6. Rights of the data subjects and right to legal remedy

In accordance with data protection laws, you may request information about your personal data, request correction and deletion, restrict data processing, object to data processing, and exercise your right to data portability. The specific rights of data subjects are detailed below:

6.1. Right of access and right to information

At the request of the data subject, the Data Controller provides information on whether the data subject’s data is being processed. If so, the Data Controller provides access and informs the data subject about the categories of data processed, the duration of data storage, or the criteria for determining the duration, the exercise of data subject rights, the right to lodge a complaint with the National Authority for Data Protection and Freedom of Information, and the source of the data.

6.2. Right to rectification

The data subject has the right to request the correction of inaccurate personal data from the Data Controller. If correction of personal data processed by the Data Controller is necessary, the data subject may request correction in writing (by post or email), specifying the correct data. The data subject must immediately notify the Data Controller in writing (by post or email) of any changes in their personal data processed by the Data Controller, but no later than 5 (five) days after the change. The data subject is liable for any damage caused to the Data Controller due to the failure to notify or delay in notification.

6.3. Right to erasure

The data subject has the right to have their personal data deleted by the Data Controller without undue delay, and the Data Controller is obliged to delete the personal data concerning the data subject without undue delay in cases specified by the GDPR (Article 17). If the Data Controller has made the personal data public, that is, transferred it to third parties, the Data Controller will take reasonable steps to inform those data processors to whom the personal data has been transferred that the data subject has requested the deletion of any links to or copies or duplicates of the personal data.

6.4. Right to restrict processing

The data subject has the right to request that the Data Controller restrict the processing if:

  • the accuracy of the personal data is contested by the data subject;
  • the processing is unlawful;
  • the Data Controller no longer needs the personal data for the purposes of the processing, but the data is required by the data subject for the establishment, exercise, or defense of legal claims;
  • the data subject has objected to the processing.

6.5. Right to object

The data subject may object to the processing of their personal data. In this case, the personal data can no longer be processed for this purpose. The data subject can exercise the above-listed rights by contacting the Data Controller at rinner@ebg.group. You can withdraw your consent to data processing at any time, but this does not affect the legality of data processing based on consent before its withdrawal.

6.6. Right to lodge a complaint with a supervisory authority or court

You have the right to lodge a complaint with the EU supervisory authority or the National Authority for Data Protection and Freedom of Information if you believe that European or Hungarian data protection laws have been violated. The contact details of the National Authority for Data Protection and Freedom of Information are as follows:

  • Postal address: 1363 Budapest, Pf.: 9.
  • Address: 1055 Budapest, Falk Miksa u. 9-11.
  • Phone number: +36 (1) 391-1400
  • Fax: +36 (1) 391-1410
  • Email address: ugyfelszolgalat@naih.hu
  • Website: http://naih.hu

Furthermore, you are entitled to take legal action regarding the processing of your personal data in violation of the GDPR, and if you have suffered damage due to the Data Controller’s breach of the GDPR, you can claim compensation from the Data Controller.