Data Control – Table Booking

February 11, 2019

Contact details of data controller

IHG Hotel Budapest Service Limited Liability Company (hereinafter: Hotel or Data controller) 1052 Budapest, Apáczai Csere J. u. 12-14, +36 1 327 6333, e-mail address: dataprotection.budapest@ihg.com)

Purpose and legal grounds of data controlling

The purpose of data controlling is to register your table booking.

The legal grounds for data controlling is your voluntarily and explicitly expressed consent based upon appropriate information, when you confirm by making a statement accordingly, or act in a way that explicitly expresses your consent to your personal data to be controlled. Such consent may be withdrawn at any time, which withdrawal does not affect data controlling done prior to such withdrawal of consent as being legally sound.

The scope of personal data controlled

Your surname, first name, telephone number, e-mail address, booking details (date, time, number of persons).

Duration of data controlling

Until your withdrawing your consent, but until midnight of the day following the date indicated in the booking.

Applying data processor

Data controller does not apply data processor for executing tasks regarding the data.

Personal data connected to children or to third parties

As per the regulations of GDPR children under the age of 16 may not provide personal data of themselves unless consent or permission thereto has been given by the person exercising parental supervision over the child.

By providing your personal data to Data controller you state that you are acting in view of the above, and you are under no restriction regarding your freedom of acting regarding the provision of your personal data.

In case you are not entitled independently to provide Data controller with your personal data, you are to obtain the prior consent of the relevant third persons (person exercising parental supervision, e.g.: parent, lawful representative). Data controller, during the use of the service and on providing the service in question does not become aware of the necessity that a third person’s consent is to be obtained for using the service, therefore compliance with the present point of the regulation is to be ensured by yourself, and no responsibility lies with Data controller in this respect.

Data controller reserves the right to control whether the appropriate legal grounds for controlling any personal data, and the conditions of legally sound data controlling are given. For example, when you are acting on behalf of a third person, Data controller is entitled to request a written assignment to your name and/or the relevant person’s specific consent to data controlling regarding the case in question.

The rights of data subjects and the possibilities of exercising rights

Following 25th May 2018 your data protection rights and the possibilities of exercising rights are governed by GDPR. Below you will find the key rulings of GDPR regarding your data protection rights and the possibilities of exercising these rights.

Should you have any queries or questions regarding the present Data protection information or the content thereof, our colleagues will be happy to be at your service at the contact details above.

Access or right to be informed as per GDPR

Based upon this right you are entitled to be informed and to receive information from us whether your personal data is or is not in the process of being controlled by Data controller. Should such data be in the process of being controlled, you are entitled to receive access to your personal data being in such a way controlled and of information in regards therewith as follows:

  • purpose of data controlling;

  • the category of personal data in question,

  • addressees or the categories of addressees to whom Data controller forwarded such data, including specifically addressees in third countries and international organisations,

  • the duration of maintaining personal data, or if this is not feasible, the factors of defining such duration,

  • Furthermore, you are entitled to request Data controller to amend, delete or to restrict the controlling of your personal data, as well as you can object to your personal data to be controlled,

  • you are entitled to submit complaint to the supervising authority,

  • In the event when data controller did not receive your data from yourself, you are entitled to receive all information accessible regarding the source of your data,

  • should Data controller conduct automated decision making with the use of your personal data, you are entitled to be informed of the fact of automated decision-making being done including profiling, as well as of the logic applied and clear information thereof, as well as of the impact of such data processing on yourself and what consequence it may have on you.

  • Should personal data be transferred to third country, you are entitled to receive information of the guarantees of legal compliance of such transfer.

  • You can request copies of your personal data, and if it does not object to any legal regulation we will be providing it to you. In the event you submit your request electronically, we are to provide you with the requested information in an electronic format widely used, unless you request it differently.

  • Data controller shall without undue delay, but not later than within one month of receiving the request, inform data subject of the measures taken regarding the request. If necessary, taken into consideration the complexity of the request and the number thereof, the term may be extended by a further two months. Data controller shall inform data subject of any extension of the term by indicating the reasons thereof within one month of receiving the request. In case data subject submitted their request electronically, any reply to such request is to be given electronically, unless otherwise requested by data subject.

  • In the event Data controller chooses to take no measures in reply to the request submitted, they shall notify the data subject without undue delay or within one month of receiving the request of the reasons for not taking any actions, as well as of data subject’s rights to submit a complaint to any of the supervisory authorities and to seeking legal remedy at court.

Right to request amendment

  • As per the GDPR you are entitled to have at your request your faulty personal data to be amended by Data controller without undue delay. You are also entitled to request your incomplete personal data to be complemented.

Right to be deleted and to be forgotten

Based upon this right, at your request you are entitled to have your personal data deleted – without undue delay as per GDPR – in case one or more of the reasons below apply:

  • your personal data is not needed any more for the purpose it was initially taken or was controlled;

  • You withdraw your consent priorly given to your personal data being controlled, and data controlling has no other legal ground;

  • You object to your personal data to be controlled, and there is no other legal foundation enjoying priority for your personal data to be controlled;

  • your personal data was handled illegally;

  • personal data is to be deleted as per a legal liability defined in an EU or national legal regulation to be applied to Data controller; or

  • personal data was collected while providing services connecting to information society.

In the event data controlling is necessary as per the below regulations of GDPR, no deletion of the data or its being forgotten is possible:

  • for exercising the right of freedom of expressing opinion, and of the right to obtaining information;

  • for the purpose of fulfilling a legal liability prescribed by an EU or national legal regulation applicable for Data controller;

  • for the purpose of archiving for public interest, scientific or historic research or statistics, in case delete or the right to be forgotten would most probably make it impossible or would jeopardise such data control; or

  • it is necessary to put forward, execute and protect legal requests.

We make all efforts reasonable to delete all data that may have come to our disposal unduly, and we ensure that no such information shall be transferred to any third party neither will such data be used by ourselves (neither for advertisement purposes or for any other purpose). We kindly ask you to notify us without delay should you notice that a child has provided personal data of themselves, or a third person has provided personal data of yourself without legal grounds. You can contact us at the above contact details.

The right to restrict data controlling

As per the regulations you are entitled to have a restriction on the controlling of your data upon your request if one or more of the below circumstances prevail:

  • You dispute the accuracy of the data controlled of you, in which case restriction applies to the period that is necessary for us to check the data you indicate as inaccurate or incomplete,

  • data control is against the law, but you oppose to your personal data being deleted and instead you request a restriction of controlling your personal data,

  • Data controller does not need the personal data any longer for data controlling purposes, but you request them for putting forward, execute or protect legal requests; or

  • You have objected to your data being controlled, in which case restriction applies for the period before it is defined that Data controllers justified interest enjoy priority over your justified interest.

In case data controlling falls under restriction based upon the above your personal data may only be controlled – beyond their being stored – with your explicit consent, or for putting forward, executing or protecting legal requests, or for protecting your or any other person’s rights, or by public interest as per EU or national legal regulations. You will be informed prior by Data controller of any release from the restriction on controlling your data.

Liabilities to provide information connected to your personal data being amended or deleted, or to any restriction on data controlling

Data controller shall inform all addressees of amendment, cancellation or restriction on data controlling whom they informed of the personal data, except when such information provision is not feasible or would take disproportionately high efforts. Upon your request we shall inform you of such addresses.

Rights to data portability

As per the GDPR you are entitled to receive the personal data you have provided Data controller with in a digital format widely used, and you are also entitled to forward such data to another data controller without Data controller hindering such forwarding of the data.

You can exercise your right to data portability in the following cases:

  • data controlling is based upon consent or contract, and

  • data controlling is done in an automated way.

While exercising the right to data portability you are entitled – if this be technically feasible– to request your personal data to be forwarded from Data controller directly to the other data controller you indicate.

The right to object

As per the GDPR you are entitled, for reasons connected to your own situation, to object to your personal data to be controlled upon grounds of justified interests, including profiling as well. In such a case Data controller will no longer control your data, except when it is proven that data controlling is made compulsory by such lawful reasons that enjoy priority over your interests, rights or freedom, or by ones that are closely connected to putting forward, execute or protect legal requests.

If the controlling of personal data is done with business purposes you are entitled to any time object to your personal data to be controlled for such purpose, including profiling that is directly connected to the business purposes.

If you object to your personal data to be controlled for business purposes, then your personal data may no longer be controlled for this purpose.

With regards to using services connected to the information society and diverting from 2002/58/EU directive you may exercise your right to object via automated devices based upon technical descriptions.

In the event of personal data being handled with the purpose of scientific and historic research or for statistics, you are entitled to object to your personal data to be handled for reasons connected to your own situation, unless data is necessary to be controlled for executing tasks for public interest.

The right to submit a complaint to the Supervisory authority

You are entitled to make a complaint to the supervisory authority – specifically in the member state of your residence, work place or the place of supposed legal breach –, if in your view the way your personal data being handled constitutes a breach to the regulations of GDPR.

In Hungary the relevant supervisory authority: National Authority for Data Protection and Information Freedom (http://naih.hu/; 1530 Budapest, Pf.: 5.; telephone: +36-1-391-1400; fax: +36-1-391-1410; e-mail: ugyfelszolgalat@naih.hu).

You are entitled for effective judicial remedy against the legally binding ruling of the Authority.

You are entitled to receive effective legal remedy at court in the event the relevant supervisory authority refuses to deal with your complaint or fails to inform you of any measures taken or the results thereof regarding your request.

Any proceedings against a supervisory authority may be launched at the member state the given supervisory authority is located.