Principles of data management:

1. Legality, fairness, transparency
2. Necessity and proportionality
3. Goal orientation
4. Data economy
5. Accuracy
6. Limited shelf life
7. Integrity and trust
8. Accountability

1. Legality, fairness, transparency

The MONETOS Kft. undertakes to process personal data lawfully and fairly, so that the person providing the data can always see the process of providing the data. The data is obtained by lawful means and is kept for the entire duration of the processing. For information on the legal basis, the legal grounds of the GDPR (consent, performance of a contract, legal obligation, vital interest, public interest, legitimate interest of the controller), see the Legal grounds for processing in the GDPR. in our chapter on. The person providing his or her data must be aware of the method of processing, its purpose, its duration and whether the Data Controller will transfer the data obtained to a third party controller outside the European Union. Please note that the privacy notice is not personalised, and that for companies and service providers with a website, it is sufficient to display it on the website. The GDPR requires that if you receive from a third party MONETOS Ltd. the personal data, you must notify the person whose data you have accessed as soon as possible at the time of the first contact, but no later than 30 days after that.

2. The principle of necessity and proportionality

The processing is necessary to achieve the purpose of the processing. Proportionality sets the level of necessity, providing a framework to establish that the legal and fundamental freedom restrictions necessary for the processing are proportionate to the objective. The law states that a fundamental right may be restricted to the extent strictly necessary for the fulfilment of another fundamental right or for the protection of a constitutional value, in a manner proportionate to the aim pursued, while respecting the essential content of the fundamental right. The MONETOS Kft. as data controller, undertakes that the person who provides the data to the data controller will respect the fundamental right of necessity and proportionality in the processing.

3. Purpose limitation

The collection of personal data is only carried out by MONETOS Kft. for specific, explicit and legitimate purposes. In all cases, the purpose of the processing is determined prior to the processing. In all cases, the objective is subordinate to the relevant legislation. The purposes of the processing may be separate or parallel, or data may be retained by the controller for legitimate interests, in order to provide evidence in a possible dispute. If the purposes of the processing change, the parties concerned must be informed in accordance with the law. In addition, under the GDPR, data may be kept by the controller for scientific, statistical or public interest archiving purposes. These objectives do not conflict with the original purpose.

4. Data economy
We keep the processing of personal data adequate, relevant and limited to what is necessary for the purposes for which it is processed. We do not process data that is not necessary for the purpose for which it is collected.

5. Accuracy

Personal data will be stored accurately by MONETOS in accordance with the information lawfully obtained, and in any case, MONETOS will delete or correct inaccurate information if it becomes aware of a change in the personal data through lawful means. The person who provides the data to the controller is responsible for requesting the rectification. If you notice an error or change in your data, please contact us!

6. Limited-storability
Personal data must be stored in a form which permits identification of the data subject only for the time necessary to achieve the purposes for which the data are processed. Our IT system allows for the deletion of electronically stored data according to the deadlines. We will not store your data unnecessarily, we will only continue to store your data if it is for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes in accordance with the GDPR, subject to the implementation of appropriate technical and organisational measures as required by the GDPR to protect your rights and freedoms.

7. Integrity and trust

The processing of personal data is carried out in such a way that we provide an appropriate technical background and by applying a series of measures developed by MONETOS Kft. ensure the security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage. Access to the data is restricted to the competent staff of the controller.

8. Accountability

The MONETOS Kft. is responsible for compliance with the data protection rules and is able to certify compliance to the National Authority for Data Protection and Freedom of Information (NAIH). A complaint or an ex officio investigation may be initiated by the NAIH into the fact that the undertaking concerned, in this case MONETOS. Kft. your processing is lawful and in accordance with the applicable legal requirements. At the time of the inspection, the data controller is required to certify and demonstrate that it is processing the data by the law and that the processing policy complies with the applicable legislation. The MONETOS Kft. has developed a data management and security policy and data is processed by it.

9. Lawfulness of data processing

In designing our data management, we always take care to ensure that the processing of data is lawful by the principle of legality. Our processing is based on the following legal bases for processing, subject to the detailed rules highlighted below.

III./1. Consent of the data subject
III./2. Performance of the contract
III./3. Legal obligation
III./4. Vital interest
III./5. Public interest or exercise of public authority
III./6. Legitimate interest

III./1. Consent of the data subject

The person who submits personal data for processing for a specific purpose consents to the processing of the data submitted. The contribution is voluntary and is followed by an active act.

III./2. Performance of the contract
The processing is necessary for the performance of a contract to which one of the parties is the person who provided the personal data or the processing is carried out at the request of the person who provided the data before the conclusion of the contract.

III./3. Legal obligation

The processing is necessary to comply with the legal obligations applicable to MONETOS Kft. It will only process data based on a legal obligation if it is required to do so by law. Legal obligation as a legal basis for data processing is not used in the case of a conditional processing requirement.

III./4. Vital interest

The processing is necessary to protect the interests of the natural person who provided the data. Processing for vital interests is temporary and only for as long as the vital interest persists. The data management policy of MONETOS Kft. is regulated separately.

III./5. Public interest or exercise of public authority

In this case, the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in MONETOS Kft by a public authority. The MONETOS Kft. is not a public authority and does not handle data in the public interest.

III./6. Legitimate interest
The processing of data by MONETOS Kft. or the legitimate interests of a third party, unless those interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data, in particular where you are a child or. We often use this legal basis for data processing. In each case of legitimate interest law-based processing, we have carried out an interest balancing test, assessing the proportionality and necessity of the impact and restriction on your fundamental rights and freedoms.

10. Data security

The MONETOS Kft. protects personal data against unlawful use, unlawful disclosure, alteration, loss or destruction and takes all necessary measures to safeguard the confidentiality of personal data, including the use of appropriate technical and organisational measures. These measures include encryption, password protection, and the use of anti-virus software to access our systems. As part of the process by which you provide us with your data, this data may also be transferred over the Internet. Although we will take all necessary measures to protect the personal data you provide to us, the transmission of data over the Internet cannot be considered completely secure. Accordingly, you should acknowledge and accept that we cannot accept full responsibility for the security of any transmission of data through our website and that such transmission may be at your own risk. However, once your data enters our systems, we follow strict procedures to ensure security and prevent unauthorized access. Where we have provided you with a password (or you have chosen one), you are responsible for maintaining the confidentiality of that password. Please do not share this password with anyone. From time to time, our websites and social media pages may contain links to websites operated by third parties, including those of our member companies and partner networks, and we do not process new data from these sites.

11. Cookie management

11./1.What is a cookie?
11./2.Why do we use cookies?
11./3.What cookies do we use?
11./4.Cookie settings

11/5.Privacy information about cookies that provide basic functionality

11./1. What is a cookie?

A cookie is a small text file that is placed on your computer when you visit a website. Cookies have a variety of functions, including collecting information, remembering user preferences, and allowing the website owner to learn about user habits to enhance the user experience. You can manage your cookie preferences at any time in your browser settings.

11./2. Why do we use cookies?
– We use cookies to improve our sites,
– To enhance the user experience,
– To make it easier to manage our sites,
– To obtain information on user habits,
– To place targeted ads.

11./3. What cookies do we use?

Cookies that are essential for the site to work Essential cookies help make our website usable by enabling basic features such as site navigation and access to secure areas of the website. The website cannot function properly without these cookies.

• Preferential cookies: using preferential cookies, we can remember information that changes the way the website behaves or looks, for example, your preferred language or the region you are in.
• Statistical cookies: by collecting and reporting data in an anonymous form, statistical cookies help the website owner to understand how visitors interact with the website.
• Marketing cookies: marketing cookies are used to track the activity of visitors to our website. The goal is to publish relevant ads to individual users and encourage them to take action, which makes our website even more valuable to the publishers and third-party advertisers. These cookies are used to serve relevant ads and content to groups of users. This process is done by manual intervention. These cookies are stored on your computer.Cookies are not used to identify individuals. We also use remarketing services, such as Google AdWords remarketing, to deliver our personalized ads to you. You can disable these cookies in Google’s advertising settings manager by following the instructions there. You can learn more about Google’s privacy policy on advertising by clicking here.

11/4. Cookie settings
By default, all browsers allow the use of cookies. If you want to delete cookies from our pages or do not wish to use them, please refer to the links below, depending on the browser you are using:
– Google Chrome
– Edge page
– Firefox
– Microsoft Internet Explorer 11
– Microsoft Internet Explorer 10
– Microsoft Internet Explorer 9
– Microsoft Internet Explorer 8
– Safari

Please note that if cookies are disabled, certain elements or the full functionality of the website may not be available.

11./5. Information about cookie data management – Purpose of data management
Cookie: to ensure the proper functioning of the website.

For other cookies: to improve our website, to facilitate your navigation through our website and the use of its features to ensure a seamless user experience, to collect information about your use of our website, to serve targeted ads on other websites (remarketing), to track your activity on our website so that we can send you relevant offers that are of specific interest to you, to send you personalised offers to the contact details you provided during registration.

Legal basis for processing – for cookies that are essential for the functioning of the site:

• The legal basis for data processing is GDPR 6. Article 2(1)(f), “processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party”

For other cookies:

• Consent of the data subject – DGPR 6. Article 3(1), the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes;

Demonstration of legitimate interest:

• Without the cookies, the website cannot fully function in all its features and thus cannot achieve its purpose. On the other hand, the website needs to be protected against possible attacks. Therefore, the data controller has a compelling legitimate interest in recording the online identifier (IP address) of users who visit the website, which constitutes personal data, as well as other personal data generated in connection with browsing (time of browsing, browser type, some characteristics of the operating system of the device used for browsing, such as operating system type and language set), in order to prevent external attacks on the website and public electronic services. For this reason, the website operator, the data controller, has a legitimate interest in using cookies that are essential for the operation of the website.

Categories of persons concerned:

Natural persons visiting the website

Categories of personal data:
The online identifier (IP address) of users visiting the website, which is personal data, as well as other personal data generated in connection with browsing (time of browsing, browser type, some characteristics of the operating system of the device used for browsing, such as operating system type and language set)

The name of the cookie, the service provider, the purpose of the cookie, the type of cookie and the duration of the processing of the data for this purpose:
For more up-to-date information on this information, please click on the link to the website. Whether you are obliged to provide the personal data, consequences of not providing the data

For cookies that are essential for the site to work:
Yes Without E you cannot access the site and it cannot be used properly. Authorisation of other cookies is optional

Information on the fact of automated decision-making:
An automated decision-making process is likely to be implemented by the controller when processing data for this purpose.

11. Individual data processing During our data management audit, we found out that we process data in the following cases:
12./1.Processing of data of information requesters, persons interested in products and services, and persons requesting a quote (by email, online, by post, by telephone, in person)

12./2.Data processing related to the performance of contracts
12./3.Processing of SMS notifications
12./4.Billing and other accounting data management
12./5.Processing of complaints
12./6.Processing data of job applicants
12./7. Dormant processing (statute of limitations)
12./8. Data management of camera footage from the hotel and the apartment complex
12./9. Processing for statistical purposes
12./10. Processing of data related to newsletters, marketing enquiries 12./11.Processing of data related to bookings (via e-mail, web booking system)
12./12 Data management related to satisfaction measurement
12./13 Data management related to social media interfaces

12./1. Processing of data of information requesters, service enquirers, price requesters (by email online, by post, by telephone, in person)

Purpose of the processing:

Answering potential clients’ questions about contract performance, providing a quote in preparation for a future contract

Legal basis for processing:

• GDPR 6. Article 2(1)(b), 2nd indent: ‘necessary to take the steps at the request of the data subject before the conclusion of the contract’

Categories of persons concerned:

Information requesters, product and service enquirers, request for quotation

Categories of personal data:

Name, e-mail address, telephone number

The duration of the processing of the data for this purpose:

Until revoked by the data subject. When a product becomes available at the time it becomes available

Until a response to a request for information. In the case of a bid, whether you are obliged to provide your personal data until the acceptance or rejection of the bid or until the validity of the bid, the consequences of not providing the data:

• Not compulsory.

We cannot contact you if your name is missing.

If no email address is provided, we will not be able to notify you by email

We cannot send you a quote if your e-mail address is missing

If there is no phone number, we cannot call you back and arrange a personal meeting

Recipients of personal data:

E-mail service provider

Whether there is a transfer to a third country or an international body

Data transferred for this purpose will not be transferred to a third country or international organisation.

Information on the fact of automated decision-making:

No automatic decision-making is carried out in the processing of the data transmitted for this purpose

12./2. Data processing related to the performance of contracts

Purpose of the processing:

Entering into and performing contractual obligations, exercising contractual rights.

Legal basis for processing:

Performance of contracts -GDPR 6. Article 4(2) ‘processing for the performance of a contract

to which the data subject is one of the parties or to which the data subject was a party before the conclusion of the contract

necessary to take action on your request”

Categories of persons concerned:

Natural person contracting parties

Categories of personal data:

Name, address, place and date of birth, mother’s name, telephone number, e-mail address, other data specified in the contract

The duration of the processing of the data for this purpose:

Until performance of the contract, or, in the event of termination of the contract for any reason, until the termination of the contract

Whether you are obliged to provide your personal data, and the consequences of not doing so:

Yes

Without the data, the contract cannot be concluded.

Recipients of personal data:

Accountant

• Post, courier service
• E-mail service provider, sms service provider
• Other auxiliaries, subcontractors involved in the performance of the contract with prior information
• Whether there is a transfer to a third country or an international organisation

Data transferred for this purpose will not be transferred to a third country or international organisation.

Information on the fact of automated decision-making:

No automatic decision-making is carried out in the processing of the data transmitted for this purpose

12./3. Processing of SMS and email notifications

Purpose of the processing:

At your request, we will inform you by text message and/or e-mail of your arrival time the day before your treatment. The purpose of sending a reminder is to remind you that you have a reservation for that date.

Legal basis for processing:

Performance of contracts – GDPR 6. Article 2(1)(a) ‘the data subject has given his or her consent to the processing of personal data

the processing of your data for one or more specific purposes”

Categories of persons concerned:

Data subjects with a reservation

Categories of personal data:

Name, telephone number and/or e-mail address

The duration of the processing of the data for this purpose:

Until cancellation, but not later than the date of the reservation.

Whether you are obliged to provide your personal data, and the consequences of not doing so:

No

If you do not provide your phone number, we will not be able to contact you by SMS.

If you do not provide your e-mail address, we will not be able to contact you by e-mail.

Recipients of personal data:

E-mail service provider, sms service provider

Whether there is a transfer to a third country or an international organisation

Data transferred for this purpose will not be transferred to a third country or international organisation.

Information on the fact of automated decision-making:

No automatic decision-making is carried out in the processing of the data transmitted for this purpose

12./4. Billing and other accounting data processing

Purpose of the processing:

Retention of accounting data to fulfil the obligation under the Accounting Act

Legal basis for processing:

The data controller processes billing and other accounting data lawfully under the GDPR because it

have a legal obligation to.

Legal obligation – GDPR 6. Article 2(1)(c): ‘processing is necessary for compliance with a legal obligation to which the controller is subject’ 2000. Act C of 2006 on Accounting – 169. § (1) – (6) Categories of persons concerned:

Customers, other participants in the accounting process (e.g.: actual payer)

Categories of personal data:

Name, address, other information required by law or provided at the request of the customer.

The duration of the processing of the data for this purpose:

As laid down by law, in principle for a period of 8 years.

Whether you are obliged to provide your personal data, and the consequences of not doing so:

We cannot comply with our legal obligations if we do not provide mandatory data

Recipients of personal data:
Accountant, audit authorities

Whether there is a transfer to a third country or an international body

Data transferred for this purpose will not be transferred to a third country or international organisation.

Information on the fact of automated decision-making:

No automatic decision-making is carried out in the processing of the data transmitted for this purpose

12./5. Complaint data management

Purpose of the processing:

Fulfilling legal obligations arising from warranty and guarantee claims and handling other complaints

Legal basis for processing:

The controller processes it lawfully under the GDPR because it is legally obliged to do so.

Legal obligation – GDPR 6. Article 2(1)(c): ‘processing is necessary for compliance with a legal obligation to which the controller is subject’ 2000. Act C of 2006 on Accounting – 17/A. § (7) “The undertaking shall keep the record of the complaint and a copy of the reply for five years and shall submit it to the supervisory authorities upon request.”

The main rules on defective performance are set out in the PSC XXIV. but may also be provided for in other legislation.

Categories of persons concerned:

People with warranty and guarantee claims and other complaints

Categories of personal data:

Name, Address, under legal obligation, 1997. CLV. tv. 17/A. §. (5) The record of the complaint shall contain the following information: a) the name and address of the consumer

Other data required by law and provided by the complainant may also be processed, of which the complainant will be informed in the complaint handling record.

The duration of the processing of the data for this purpose:

As laid down by law, in principle for a period of 5 years.

Whether you are obliged to provide your personal data, and the consequences of not doing so:

Required

Without the data, we cannot resolve your complaint and cannot comply with legal requirements.

our obligations

Recipients of personal data:

• E-mail provider,
• Mail and parcel delivery, courier service
• Authorities and courts

Data transferred for this purpose will not be transferred to a third country or international organisation.

Information on the fact of automated decision-making:

No automatic decision-making is carried out in the processing of the data transmitted for this purpose

VI./6. Processing of applicants’ data

Purpose of the processing:

Applying for jobs, filling vacancies

Legal basis for processing:

The data controller processes the data necessary for the preparation of a subsequent contract lawfully under the GDPR.

GDPR 6. Article 2(1)(b), 2nd indent: ‘before the conclusion of the contract, the person concerned shall

necessary to take action on your request”

Categories of persons concerned:

Candidates applying for a job

Categories of personal data:

Name, telephone number and email address for notification

Required information as specified in the job advertisement.

Other information that the applicant voluntarily provides in addition to the conditions

The duration of the processing of the data for this purpose:

Until the vacancy is filled or the job application is closed, but for a maximum of 3 months, or until withdrawal if the job is withdrawn by the data subject

Recipients of personal data:

E-mail service provider

Whether you are obliged to provide your personal data, and the consequences of not doing so:

No
In the absence of the minimum data requested in the call for proposals, we will not be able to evaluate the application.

we are unable to notify you due to lack of availability. The voluntary provision of information is not compulsory and failure to provide it will not affect the application.

Whether there is a transfer to a third country or an international body

Data transferred for this purpose will not be transferred to a third country or international organisation.

Information on the fact of automated decision-making:

No automatic decision-making is carried out in the processing of the data transmitted for this purpose

12./7. Dormant processing (statute of limitations)

Purpose of the processing:

Providing evidence in administrative and judicial proceedings following performance of the contract

Legal basis for processing:

The data controller has a legitimate interest in the processing of data following the performance of a contract, which is lawful

Legitimate interest – GDPR 6. Article 7(1)(f) “processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party,”

The processing of this special category of personal data is covered by Article 9 of the GDPR. Article. (2) paragraph (f)

lawful where processing is necessary for the establishment, exercise or defence of legal claims or where the courts are acting in their judicial role;

Demonstration of legitimate interest

It is in the legitimate interest of the controller to be able to reconstruct what happened and to have adequate means of proof in the course of official or judicial proceedings. Following the determination of legitimate interest, we apply a balancing of interests test, on the basis of which the processing is lawful.

A balancing of interests test was carried out in respect of legitimate interest, on the basis of which it was concluded that Monetos Kft. Your legitimate interest does not disproportionately restrict your rights and freedoms.

Categories of persons concerned:

Individual contracting parties, representatives of non-individual contracting parties, their authorised representatives, contact persons

Categories of personal data:

Name, Address, Place and date of birth, Mother’s name, E-mail, Telephone number, Mailing address, Other data provided for the purposes of performance and necessary for the validation of the claim, which may include special health data.

The duration of the processing of the data for this purpose:

Until the expiry of the limitation period, in principle 5 years.

P.T.C. § 6:22. (1), 5 years after the performance of the contract or the termination of the contract without performance for any reason, or, if a different limitation period is provided by law, until the limitation period. We will only keep other information that we obtain if it is relevant to the merits of the case or to the subsequent proof of the acts.

Whether you are obliged to provide your personal data, and the consequences of not doing so:

Yes

We will not be able to conclude a contract if the data is not provided.

Recipients of personal data:

• E-mail provider:
• Authorities and courts
• Legal representative

Whether there is a transfer to a third country or an international body

Data transferred for this purpose will not be transferred to a third country or international organisation.

Information on the fact of automated decision-making:

No automatic decision-making is carried out in the processing of the data transmitted for this purpose

12./8. Data management of recordings from the camera in the apartment complex:

Purpose of the processing:

The Monetos Ltd. operated by: the Salt Hill Permium Apartments for the safety of life, limb and property

Legal basis for processing:

The data controller has a legitimate interest in the use of the cameras, which is lawful.

Legitimate interest – GDPR 6. Article 7(1)(f) “processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party,”

Demonstration of legitimate interest

The Monetos Kft. use the camera surveillance system in the apartment complex in order to protect human life, limb and property.

Categories of persons concerned:

Persons and employees entering the hotel premises

Categories of personal data:

Portrait of the persons concerned

The duration of the processing of the data for this purpose:

Images will be kept for 15 working days, after which they will be deleted. If the hotel is 15

is closed for more than one working day, the retention period will last until the end of the working day following the opening.

Whether you are obliged to provide your personal data, and the consequences of not doing so:

Yes

You will not be able to visit our accommodation if you do not provide this information.

Recipients of personal data:

Authorities, court

Whether there is a transfer to a third country or an international body

Data transferred for this purpose will not be transferred to a third country or international organisation.

Information on the fact of automated decision-making:

No automatic decision-making is carried out in the processing of the data transmitted for this purpose

12./9. Data processing for statistical purposes

The data controller shall carry out processing for statistical purposes only in a way that does not permit identification.

12./10. Data processing related to newsletter, marketing enquiries

Purpose of the processing:

Informing potential customers about current hotel offers and promotions

Legal basis for processing:

GDPR 6. Consent of the data subject in accordance with Article 3(1)(a)

Categories of persons concerned:

Newsletter subscribers

Categories of personal data:

Name, e-mail address, telephone number

The duration of the processing of the data for this purpose:

Until revoked by the data subject.

Whether you are obliged to provide your personal data, and the consequences of not doing so:

Not compulsory.

We cannot contact you if your name is missing.

If you do not have an email address, we will not be able to notify you of promotions and special offers by email

We cannot send you a quote if your e-mail address is missing

If there is no phone number, we cannot call you back and arrange a personal meeting

Recipients of personal data:

E-mail service provider, joint controller, data processor

Whether there is a transfer to a third country or an international organisation

Data transferred for this purpose will not be transferred to a third country or international organisation.

Information on the fact of automated decision-making:

No automatic decision-making is carried out in the processing of the data transmitted for this purpose

12./11. Reservation-related data processing (via e-mail and web-based systems)

We offer online booking in order to ensure fast and convenient

booking at Salt Hill Premium Apartments.

Purpose of the processing:

to make booking accommodation easier, cheaper and more efficient.

Legal basis for processing:

Prior consent of the person booking the accommodation

Categories of persons concerned:

Natural person booking accommodation

Categories of personal data:

Name, address, e-mail address, telephone number, bank card number, SIM card details, identity document details (document number, nationality, date of birth, name, address), vehicle registration number.

The duration of the processing of the data for this purpose:

The reservation is made according to the last day of the stay after 2 years.

Whether you are obliged to provide your personal data, and the consequences of not doing so:

No contract for the hotel room.

Recipients of personal data:

data processor

Our company uses hotel software to operate the online hotel reservation system

as follows.

Data processor name: SabeeApp

Company details:
Company name: thePass Kft.
Tax number: 24327567242

Headquarters: 1075 Budapest, Madách Imre street 13-14

More information on how the software works:
https://www.sabeeapp.com/hu/security-compliance

Data processing task: to enable the online booking module through SabeeApp

providing, and running a pre-arrival e-mail module

By accepting this privacy notice, the data subject expressly consents to the processing of personal data.

Data processor – to make the service more convenient and customized – further

use data processors.

Whether there is a transfer to a third country or an international organization

Not happening

Information on the facts of automated decision-making:

No automatic decision-making is carried out in the processing of the data transmitted for this purpose

Other information about data management:

• By making a reservation, the data subject also declares that the information provided is true and correct and that he/she is in compliance with the 18. you are over the age of.
• Practical and relevant information, weather forecasts, programme offers, online

check-in facilities to help guests prepare for their trip and

shorten the time spent checking in on arrival, so before they arrive, they need to complete a ‘check-in’. from a pre-arrival mother

with information on accommodation, travel and programme options. The prearrival letter will allow the guest to fill in an online registration form to register for the

to speed up your check-in on arrival.

• Our company will take all necessary technical and organisational measures in case of a possible data protection

incidents (e.g. damage to, loss of, or unauthorised access to files containing personal data

becoming available). In the event of an incident, we keep a record of the personal data concerned, the number and type of data subjects affected by the incident, the date, circumstances and effects of the incident, the measures taken to prevent it, the number of data subjects affected by the incident and the number of data subjects affected by the incident.

other data specified in the legislation requiring the processing.

• Our company has concluded a data processing contract for data processing tasks, in which

SabeeApp undertakes that, in the event of the use of an additional data processor, it will be obliged to.

apply the data protection and data management safeguards that are provided to it by the data processor contract, and to this end, we will ensure the lawful processing of personal data by the data processor.

VI./12. Personal data processing in relation to satisfaction measurement

As a hotel, our aim is to provide our guests with high quality services, so we are constantly

we ask our guests for feedback on their experience of their stay at our hotel.

Purpose of the processing:

Request feedback from our guests to further develop and improve our services.

Legal basis for processing:

legitimate interest of the operator- GDPR 6. Article 4(1)(f).

Indication of legitimate interest: our company has a legitimate interest in being able, on the basis of the feedback

get information to improve our services.

Categories of persons concerned:

Natural person booking accommodation

Categories of personal data:

name, gender, e-mail address.

The duration of the processing of the data for this purpose:

The reservation is made according to the last day of the stay after 2 years.

Whether you are obliged to provide your personal data, and the consequences of not doing so:

The person concerned does not receive a satisfaction questionnaire from our company.

Use of a data processor:

our company uses an IT service provider for the online accommodation system as follows.

By accepting this privacy notice, the data subject expressly gives his or her consent to the processing of personal data.

Data processor – to make the service more convenient and customised – further

use data processors as follows.

12./13. Data processing related to the use of social media platforms

The MONETOS Kft. use the following social media platforms:

• facebook.com
• instagram.com/

We would like to draw your attention to the fact that the data controllers of our social media platforms are not only our Company but also the platform operators themselves. In most cases, we have no control over the operator’s activities, but where we can, we will facilitate the appropriate handling of data from a data management perspective to the best of our ability.

The information you provide on our social media platforms (links, images, comments, videos, news) is made public and available by the platform and will not be used by our Company for any other purpose. Where appropriate, we will share your content on our own platforms (Share button) if the platform allows it.

Purpose of the processing:

Promoting our communication activities

Legal basis for processing:

legitimate interest of the hotel operator- GDPR 6. Article 4(1)(f). a communication

to help.

Categories of persons concerned:

Any natural person active on any social media platform

Categories of personal data:

links, pictures, videos, comments, profile name

For more information about the operator’s data processing or to object to data processing

please see the privacy notice of the service providers below:

• Facebook: https://www.facebook.com/privacy/explanation
• Instagram: https://help.instagram.com/519522125107875

1. Your rights:

If you would like to exercise any of the above rights (transfer, deletion, rectification, etc.), please contact us at any of our contact details or by filling in the form at the bottom of this page. You have the following rights:

13./1.The right to information

13./2.Right of access

13./3.Right to rectification

13./4.Right to erasure

13./5.Right to restriction

13/6.Right to data portability

13./7.The right to object

13./1. The right to information

We are required to provide information of an appropriate size, in an appropriate language, in plain language and easy to find about the relevant aspects of data processing (what, what for, how, from when to when, etc.) – and the GDPR sets out exactly what information is required. The information should preferably be provided before the personal data are collected. If this is not possible – e.g. because the data is obtained from a third party – it will be done at the first available opportunity.

The right to information is set out in Articles 13-14 of the GDPR. in the article.

VII./2. Right of access

You may request information about whether and under what conditions your data is processed and, if so, which data and under what conditions. The conditions that can be requested are also detailed in the right to information above. The right of access is set out in Article 15 of the GDPR. in the article.

VII./3. Right to rectification

You can tell us that the data we are processing is inaccurate and ask us to replace it with what it should be.

If you become aware that your data is inaccurate or incorrect, please let us know as soon as possible and we will correct it.

The right to rectification is set out in Article 16 of the GDPR. and 19. in the article.

VII./4. Right to erasure

You may request that we delete your data from the database in the cases and under the conditions specified by law. For example, if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, or if you withdraw your consent and there is no other legal basis for the processing.

Unfortunately, however, there are cases where we have to refuse to delete that data. One of these cases is where we are legally obliged to store data (for example, data used for invoicing must be stored for a period of 8 years as a general rule under the relevant legislation), but we can also refuse to delete data within the limitation period on the grounds of legitimate interest, for example, because of a subsequent proof. And of course these

beyond these examples, there are many cases where data processing against objections is lawful. As in data protection in general, each case is unique and must be considered on its own merits to determine whether it is lawful to refuse to erase the data.

The right to erasure is set out in Article 17 of the GDPR. and 19. in the article.

VII./5. Right to restriction

You may request that we limit the processing of your data for a limited period of time (even by law) in the cases and under the conditions set out in the law. Restricted data may only be stored and no other operations may be carried out on it, subject to exceptions provided for by law. If the restriction is lifted, we will notify you.

You can request a restriction in the following cases:

• You contest the accuracy of the personal data, in which case the restriction applies for that period,

which allows the accuracy of personal data to be verified.

• If the processing is unlawful but you object to the deletion of your data, you can instead request that the data be

restrictions on the use of.

• The controller no longer needs the personal data for processing, but you require them for legal proceedings.
• You have objected to the processing, in which case the restriction applies for the period during which.

it is not established whether the controller’s legitimate grounds override your legitimate interests

as opposed to.

About the right to restriction in the GDPR 18. and in article 19.

VII./6. Right to data portability

You can request that the data we process about you is structured in a widely used, machine-readable

format (e.g. .doc, .pdf, etc.), and is entitled to receive this data in another

to a controller without hindrance from the original controller. That is, the GDPR set of rules makes it easier for data subjects to transfer their personal data from one controller to another. But you can only do this if the processing is automated.

The right to data portability is set out in Article 20 of the GDPR. in the article.

VII./7. The right to object

You have the right to object to processing in certain cases. In the event of an objection, we may not process your personal data unless we have compelling legitimate grounds for objecting which override your interests, rights and freedoms or are necessary for the exercise of legal claims or the conduct of official or judicial proceedings.

In certain cases, you have the right to ask for automatic decision-making not to apply to you. This is primarily on the condition that it is not necessary for the conclusion or performance of a contract between you and us and that there is no legal obligation to take an automatic decision in the matter.

On the right to object and automatic decision-making, see GDPR Articles 21-22. in the article.

VIII. Where to turn for redress

First of all, contact us with confidence, we will definitely try to solve your problem! If you cannot or do not want to do this, you can contact the data protection authority or take legal action in court.

Contact details of the Hungarian Data Protection Supervisory Authority:

National Authority for Data Protection and Freedom of Information

Postal address: 1530 Budapest, Pf.: 5.

Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c

Phone: +36 (1) 391-1400

Fax: +36 (1) 391-1410

E-mail: ugyfelszolgalat@naih.hu

Website: https://naih.hu

Coordinates: É 47°30’56”; K 18°59’57”

The right to apply to the courts:

You can also take the controller to court if your data subject rights are infringed. You can also bring the case in the court of the place where you live or stay, whichever you choose.

1. Validity of these rules

These rules are valid from 01.01.2024 until revoked.