The name and contact details of the data processor and the representative thereof:
IHG Szálloda Budapest Szolgáltató Korlátolt Felelősségű Társaság (hereinafter: Data controller) 1052 Budapest, Apáczai Csere J. u. 12-14, +36 1 327 6333, firstname.lastname@example.org e-mail address: email@example.com)
The purpose of data handling, the type of cookies, and legal grounds of data handling
Data controller is using cookies to customise the content and the promotional messages, to ensure social media functions, as well as for analysing the traffic on the website. Furthermore, data controller shall, with your consent, share the data of your website usage with its social media, advertising and analysing partners who in turn may combine this data with such other data that you have provided data controller with, or have been collected from your using other services. Following the cookie window popping up by continuing browsing on the website you consent to the cookies being used.
Cookies are such text files that the website may use for making the user experience more effective. As per the legal regulations, cookies may be stored by data controller on your device if it is by all means necessary for operating the website.
Indispensable cookies are helping to make the website more usable by enabling such basic functions as navigation on the website and providing access to the safe areas of the site. Without such cookies the website is unable to function appropriately.
|It enables the site to appear in the language selected||365 days||HTTP Cookie|
|It stores that the user accepted the cookie notice||365 days||HTTP Cookie|
Through collecting and reporting the data in an anonymous form the statistical cookies help the owner of the website in understanding how users enter into interaction with the website.
|_ga||.corso.hu||It registers the ID that generates statistical data regarding the way the user is using the website.||2 years||HTTP Cookie|
|_gat||.corso.hu||Rate used by Google Analytics||for duration necessary for the process||HTTP Cookie|
|_gid||.corso.hu||It registers the ID that generates statistical data regarding the way the user is using the website.||for duration necessary for the process||HTTP Cookie|
|_fbp||.corso.hu||It serves to identify the browser for ensuring the promotion and website analytical services.||90 days||HTTP Cookie|
The FB pixel cookie make another cookie appear, that is from a third party Facebook.
|fr||.facebook.com||With the use of Facebook primary cookie advertisements can be made to appear and are measurable, and their relevance can be improved.||90 days||HTTP Cookie|
The legal grounds of data handling are your consent that is a freely given, specific, informed and unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to you. Such consent can be withdrawn at any time, which withdrawal does not affect the data handling being done lawfully prior the withdrawal being legitimate.
Data controller may not use the cookies for identifying you personally. The cookies may only serve the above stated purposes.
The duration of data controlling
Until the withdrawal of your consent, whereas in lack of such withdrawal as per the above table.
Using a data processor
Data controller uses the services of a data processor for executing the related tasks. As Data processor DotRoll Kft. appears in the process as storage service provider.
Personal data related to children or third persons
As per the regulations of GDPR children under 16 may not provide any personal data of themselves, unless consent and authorisation thereto has been granted by the person holding the parental responsibility over the child.
By providing your personal data to Data controller you acknowledge to be acting in view of the above stated, and that your ability to act freely in providing your personal data is not in any way restricted.
Should you be not entitled individually to provide your personal data to Data controller you shall be liable to obtain the permission of relevant persons (person holding the parental responsibility, e.g.: parent, legal representative) prior to giving your personal data. In the course of providing services Data controller does not become aware of the fact if the person using the services require the permission of a third party thereto, therefore compliance with the present regulation is to be provided by you, and Data controller is exempt from any liability or responsibility thereof.
Data controller reserves the right to examine whether the legal grounds of handling personal data, or the conditions of lawful data processing are provided for. For example, in the event you are acting on behalf of a third person, Data controller is entitled to request proof of your being assigned by the said person and/or the consent of the third person in question regarding the given case.
Subject’s rights and the possibilities of exercising such rights
As of 25th May 2018, your data protection rights and the possibilities for seeking legal resolution shall be regulated in detail by GDPR. In the following we are providing you with the key requirements of GDPR regarding your rights and possibilities of exercising such rights.
Access or rights to obtaining information as per GDPR
Based upon these regulations you are entitled to receive notification, information whether you’re the handling or processing of your personal data is in progress at Data controller. If such activity is in progress you have the right to be granted access to your personal data being handled as well as receive information as follows:
purpose of data handling;
the categories of the relevant person’s personal data,
details of addressees or the category of such addressees with whom Data controller have shared the personal details, specifically including addressees located in a third country and international organisation,
the duration of maintaining the personal data, or if this is not possible, the factors such duration is defined by,
your further rights include that you may request Data controller to correct, erase or restrict the handling of personal data relating to you, as well as you may object to your personal data being handled,
you are entitled to submit complaint to the supervisory authority,
in the event Data controller did not receive your personal data from you, you are entitled to seek notification of all relevant information available,
as regards automated decision making, in the event Data controller handles your personal data in such a way, the fact thereof, including profiling, as well as of the method and logic applied therein and the clear, unambiguous information thereof, as well as the extent of impact and possible consequences of such data handling may have on you.
In the event personal data is transferred to a third country, you have the right to receive information on the guaranties of compliance of such transfer.
You may request a copy of the personal data being under data processing, and provided it does not have any legal barrier we will be providing you therewith. In the event you submitted your request electronically, GDPR requires us to do so in a format most commonly used, unless you request it differently.
Data controller shall without undue delay, but within one month of the request being received, shall inform you of the measure taken by the receipt of your request. if necessary, in view of the complexity of the request and the number of requests received the above deadline may be extended by a further two months. Data controller shall provide information on the extension of the deadline and the reasons for the delay within one month of receiving the request. In the event the subject submitted their request electronically information shall be given electronically, unless subject requests otherwise.
Should Data controller take no measures following the request received, they shall inform the person submitting the request of the reasons for not taking measures without undue delay or within one month of receiving the request, as well as of subject’s right to submit a complaint at one of the supervisory authorities and that they have the right to seek legal advice and resolution.
Right to obtain correction
As per GDPR you have the right to request Data controller to correct the personal data of you that might be incorrect or in need of modification without undue delay. Furthermore, you have the right to request the completion of deficient personal data.
The right to be erased or forgotten
Based upon this right, you are entitled to request your personal data to be erased or deleted – without undue delay as per GDPR – provided that one of the following reasons apply:
personal data stored in relation to you are no longer needed for the purpose Data controller has collected them or otherwise handled;
You withdraw your consent to your personal data being handled, and no other legal grounds exist for handling your data;
You object to the handling of your data and in the given case there is no legitimate reason enjoying priority for handling the data;
personal data were handled illegitimately;
personal data are to be deleted if an EU or member state legal regulation makes Data controller liable to erase such data; or
personal data were collected in relation to providing services connected to the information society.
If data handling is necessary due to reasons included in GDPR, erasure thereof, or the exercising of rights to be forgotten are not possible, specifically if:
for exercising the right of expressing opinion or the rights of obtaining information;
for complying with an EU or member state regulation that prescribes the handling of personal data binding to Data controller;
for archiving for public interest, for scientific or historic researches or for statistics, provided that the erasure or the right to be forgotten would most probably make it impossible or would seriously endanger such data handling; or
it is necessary for proposing, exercising and protecting legal requests.
We make all reasonable efforts in the interest of erasing all information that have come in our possession unlawfully, and we ensure that such information will not be transferred to any third party, neither will it be used by ourselves (neither for marketing nor for any other purposes). Please inform us without delay should you learn that a child about themselves, or a third person about you have unlawfully transferred personal information. You can contact us at any of the above contact details.
The right to restrict data handling
As per the regulations of GDPR you have the right to restrict the handling and processing of your personal data in the event if any of the following apply:
You dispute of the personal data handled about you of being correct, in which case restriction will apply to the period that has made it possible for us to check the personal data you consider incorrect or deficient,
data handling is illegitimate, however you object to your personal data being erased, and instead request a restriction on the scope of their use,
Data controller no longer needs your personal data for data handling, but you request your personal data for the purpose of forwarding, executing or protecting; or
You have objected to the handling of your data, in which case such restriction applies to the period until it is unambiguously stated that Data handler’s legitimate interests enjoy priority over your legitimate interests.
In the event, based upon the above said, data handling comes under data handling restriction, such personal data – other than being stored – may only be handled and processed with your consent, or to putting forward, exercising or protecting legal claims, or in order to protect other person’s or entity’s rights, or in the high public interest of the EU or a member state. Data controller will inform you on the lift of data handling restrictions.
Notification liabilities relating to correcting, erasing personal data, or regarding the restriction on handling personal data
Data controller shall inform all relevant addressees of all corrections, erasure or restriction on data handling to whom they have transferred any data, except such notification proves impossible or would require efforts out of proportion with the aim. Upon your request we shall inform you of such addressees.
Rights to transfer data
In compliance with GDPR you have the right to receive from Data controller your personal data you have provided Data controller with in a format that is commonly used and legible with a machine, furthermore, you have the right to transfer such data to a different data controller without being restricted or hindered in doing so in any way by Data controller.
You have the right to transfer data in the following events:
if data handling and processing is based upon consent or contract, and
data handling and processing is done in an automated way.
While exercising the right to transfer your data you have the right – if it is technically feasible – to request Data controller to transfer your personal data to another data controller indicated by you.
The right to object
In compliance with GDPR, for reasons being relating to your situation, you have the right to object to your personal data being handled for legitimate reasons, including profiling. In this case Data controller shall discontinue to handle or process your personal data, except for the event it is proven beyond doubt that such legitimate reasons compel the personal data to be handled which reasons enjoy priority of your interests, rights freedoms, or which are related to putting forward, exercising or protecting legitimate claims.
Should personal data be obtained for business purposes, you have the right to object at any time to your personal data being collected and handled for such reason including profiling as well, in the event such activity is also connected to business interests.
In the event you object to your personal data being collected for business purposes, your personal data may not be handled for such purposes.
Relating to using services connecting to the information society and differing from the directive 2002/58/EK, you may exercise the right to object via automated devices that are based upon technical descriptions.
In the event personal data are handled for scientific, historic research or for statistics, you have the right, for reasons relating to your situation, to object to your personal data being handled, unless the handling of data is necessary for executing tasks of public interest.
Right to submit claims to the Supervisory authority
You have the right to place a complaint with the supervisory authority – especially in the member state relevant to your regular place of presence, work place or the place where the breach has supposedly occurred -, if in your judgement the handling of your personal data breaches the regulations of GDPR.
In Hungary the relevant supervisory authority is: Nemzeti Adatvédelmi és Információszabadság Hatóság (National Authority for Data Protection and Freedom of Information (http://naih.hu/; 1530 Budapest, Pf.: 5.; telephone: +36-1-391-1400; fax: +36-1-391-1410; e-mail: firstname.lastname@example.org).
You are entitled for the effective judicial remedy against the decision of the authority legally binding to you.
You are entitled for effective judicial remedy if the relevant supervisory authority does not deal with the claim, or fails to inform you about the process launched in relation to your claim and its results within three months of submitting your claim
Any proceedings against the supervisory authority may be launched at the court of the member state where the supervisory authority in question is located.