Menu

Privacy policy

Introduction

The operator of the website, Pole Position Beach Hotel Kft. (Registered office: 1095 Budapest, Ipar utca 2/A B. building, Ground floor 1st door, Tax number: 25776256-2-43) (hereinafter: Service Provider, Data Controller) submits itself to the following information.

We provide the following information in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation – GDPR) of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC.

This privacy policy regulates the processing of personal data on the website www.ppbeach-hotel.hu and other data processing activities of the data controller.

The policy is available at: www.ppbeach-hotel.hu/privacy

Any amendments to this policy shall take effect upon publication at the above address.

Data Controller and Contact Information:
Name: Pole Position Beach Hotel Kft.
Registered office: 1095 Budapest, Ipar utca 2/A B. building, Ground floor 1st door
Postal address: 1095 Budapest, Ipar utca 2/A B. building, Ground floor 1st door
Email: info@ppbeach-hotel.hu
Phone: +36 70 376 2393

Definitions

  1. “Personal data”: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  2. “Processing”: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  3. “Data controller”: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
  4. “Data processor”: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
  5. “Recipient”: a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not. Public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients;
  6. “Consent of the data subject”: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them;
  7. “Personal data breach”: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Principles of personal data processing

Personal data shall be:
a) processed lawfully, fairly and in a transparent manner in relation to the data subject (“lawfulness, fairness and transparency”);
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (“purpose limitation”);
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimization”);
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate are erased or rectified without delay (“accuracy”);
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (“storage limitation”);
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (“integrity and confidentiality”).

The controller shall be responsible for, and be able to demonstrate compliance with, these principles (“accountability”).

Data processing activities

Message sending, orders, contact requests

  1. Data collected and purpose of processing:
    | Personal data | Purpose of processing |
    |————————|——————————-|
    | Name, email, phone, address | Contact, identification |
    | Time of message sent | Technical operation |
    | IP address at message sending | Technical operation |
  2. Data subjects: All persons sending messages, orders, or requests via the website.
  3. Duration of processing and data deletion: Processing lasts until the data subject requests deletion.
  4. Persons authorized to access data: The data controller may process personal data respecting the principles described above.
  5. Rights of data subjects regarding data processing:
  • Request access to personal data, correction, deletion, or restriction of processing;
  • Object to processing;
  • Data portability rights;
  • Withdraw consent at any time.
  1. How to exercise rights:
  • By post at 1095 Budapest, Ipar utca 2/A B. building, Ground floor 1st door
  • By email at info@ppbeach-hotel.hu
  • By phone at +36 70 376 2393
  1. Legal basis of processing: Consent of the data subject (Article 6(1)(a) GDPR), Act CVIII of 2001 on electronic commerce and information society services, and Act CXII of 2011 on the right of informational self-determination and freedom of information.
  2. Additional information:
  • Processing is based on your consent.
  • You are obliged to provide personal data necessary for responding to your inquiry.
  • Failure to provide data means the request cannot be fulfilled.

Data Processors Used

  1. Activity performed by the data processor and the name and contact details of the data processor:
    Hosting service – Providing technical background
    MORGENS Design Ltd.
    Tax number: 23964710-2-20
    Company registration number: 20-09-072782
    Registered office: 8800 Nagykanizsa, Magyar utca 79., Hungary
  2. Fact of data processing and scope of processed data:
    All personal data provided by the data subject.
  3. Scope of data subjects:
    All data subjects using the website / managed by the data controller.
  4. Purpose of data processing:
    Making the website accessible and providing technical background.
  5. Duration of data processing and deadline for data deletion:
    Data processing lasts until the agreement between the data controller and the service provider is terminated, or until the data subject requests deletion from the service provider.
  6. Legal basis for data processing:
    User consent, Section 5 (1) of the Hungarian Info Act (Act CXII of 2011), Article 6(1)(a) of the GDPR, and Section 13/A (3) of Act CVIII of 2001 on electronic commerce and certain services related to the information society.

Cookie Management

  1. Fact of data processing and scope of processed data:
    Unique identifier, dates, timestamps.
  2. Scope of data subjects:
    All visitors of the website.
  3. Purpose of data processing:
    Identification of users and tracking of visitors.
  4. Duration of data processing and deadline for data deletion:
Cookie type Scope of processed data Legal basis for processing Purpose of processing Duration of processing
Session cookies Necessary for users to browse and use the website functions, e.g., remembering actions taken on pages during a visit Act CVIII of 2001 on electronic commerce and information society services, Section 13/A (3) Ensuring proper operation of the website Duration of the visitor’s session
Functional cookies Allow us to remember your website preferences, such as viewing the traditional or visually impaired version of the site User consent Improving user experience and making website usage more convenient 5 months
Targeting and advertising cookies Aim to display ads that are more relevant and interesting to you. These cookies do not identify you personally but collect information such as which pages you visited and which parts of the website you clicked User consent Collect information on how visitors use our website Session or 5 months
  1. Entities authorized to access data:
    The data controller does not process personal data via the use of cookies.
  2. Rights of data subjects related to data processing:
    Data subjects can delete cookies from their browsers at any time.
    Information on how to configure or restrict cookies in the most popular browsers is available at the following links:
  • Google Chrome
  • Firefox
  • Microsoft Internet Explorer 11
  • Microsoft Internet Explorer 10
  • Microsoft Internet Explorer 9
  • Microsoft Internet Explorer 8
  • Safari
  1. Legal basis of data processing:
    User consent is not required if the sole purpose of the cookies is the transmission of communications over an electronic communications network or strictly necessary for the service provider to provide an information society service explicitly requested by the subscriber or user.

Google AdWords Conversion Tracking

We use Google AdWords, an online advertising service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), including its conversion tracking feature.

  • When you visit our website via a Google advertisement, a cookie is placed on your device for conversion tracking purposes.
  • These cookies do not store any personal data and have limited validity, so they cannot be used to personally identify you.
  • As long as the cookie is valid, Google and we can register that you clicked on a Google ad before visiting our site.
  • Each AdWords customer receives a unique cookie, so users cannot be tracked across different advertisers’ websites.
  • The data collected helps us analyze the effectiveness of our advertising by measuring conversions (actions like purchases or sign-ups) without revealing your identity.
  • You can opt out of conversion tracking by disabling cookies in your browser settings; however, this may affect your experience on the site.

For more details and Google’s privacy policy, visit: https://policies.google.com/privacy/

Google Analytics

Our website uses Google Analytics, a web analytics service from Google Inc. to help us understand how visitors use our site.

  • Google Analytics uses cookies—small text files stored on your device—to collect anonymous usage data.
  • Information collected is usually transferred and stored on Google’s servers in the USA.
  • We enable IP anonymization, so your full IP address is shortened before transmission to Google within the EU or EEA.
  • Google uses this data to generate reports on website usage, helping us improve the site and user experience.
  • Your browser’s IP address is never linked to other Google data.
  • You can disable cookies via your browser settings, but this may limit some site functions.
  • To prevent Google Analytics from collecting your data, you can install the opt-out browser add-on available here: https://tools.google.com/dlpage/gaoptout

Complaints Handling and Contact Data Processing

We collect the following personal data to handle complaints and service inquiries:

Data Type Purpose
Name Identification and contact
Email address Contact
Phone number Contact
Billing name and address Identification and complaint management
  • Data subjects include all customers who submit complaints or quality issues.
  • Records related to complaints will be retained for 5 years as required by Hungarian consumer protection law (Act CLV of 1997, Section 17/A).
  • You have the right to access, correct, delete, or restrict processing of your data; to object to data processing; to data portability; and to withdraw your consent at any time.
  • You may exercise these rights by contacting us at:
    • Postal address: 1095 Budapest, Ipar utca 2/A B. ép. Fsz. 1. ajtó
    • Email: info@ppbeach-hotel.hu
    • Phone: +36 70 376 2393

The legal basis for this data processing is your consent and compliance with applicable laws.

Social Media Interaction

  • If you “like” or share our website on social media platforms such as Facebook, Instagram, Twitter, YouTube, Pinterest, or others, your publicly available profile name and picture may be collected by those platforms.
  • Data collection and processing happen within the social media platforms themselves and are governed by their own privacy policies.
  • Processing your personal data on these platforms is based on your voluntary consent.

Phone Contact Data Processing

We collect the following personal data during phone communications:

Data Type Purpose
Name Identification and contact
Phone number Contact
Property address Service order and identification
  • Data is stored until you request deletion.
  • Your rights related to this data include access, correction, deletion, objection, portability, and consent withdrawal.
  • Requests can be made via the same contact details as above.
  • The legal basis is your consent.

Please note:

  • Providing personal data is necessary for us to respond to your inquiries and process complaints.
  • Without the required data, we may not be able to provide the requested services.

Customer Relations and Other Data Processing

  1. If you have any questions or problems during the use of our services, you may contact the data controller via the contact methods provided on the website (phone, e-mail, social media, etc.).
  2. The data controller will delete emails, messages, and any data provided by phone, Facebook, etc., including the name and email address of the person concerned and any other voluntarily provided personal data, within 2 years from the date of data submission.
  3. Data processing not listed in this privacy notice will be communicated at the time of data collection.
  4. In exceptional cases of official authority requests or based on legal authorization, the service provider is obliged to provide information, share data, or provide documents upon request by other authorities.
  5. In such cases, the service provider will disclose only the personal data strictly necessary and to the extent required to fulfill the purpose specified in the official request.

Rights of the Data Subjects

  1. Right of Access
    You have the right to receive confirmation from the data controller whether your personal data is being processed and, if so, to access your personal data and the information listed in the relevant regulations.
  2. Right to Rectification
    You have the right to request that the data controller correct any inaccurate personal data relating to you without undue delay. Considering the purpose of data processing, you may also request the completion of incomplete personal data, including by providing a supplementary statement.
  3. Right to Erasure („Right to be Forgotten”)
    You have the right to request that the data controller delete your personal data without undue delay, and the data controller is obliged to erase personal data relating to you without undue delay under certain conditions.
  4. Right to be Forgotten
    If the data controller has made your personal data public and must delete it, taking into account available technology and implementation costs, they will take reasonable steps – including technical measures – to inform other data controllers processing the data that you have requested deletion of links to, copies, or duplicates of your personal data.
  5. Right to Restriction of Processing
    You have the right to request the restriction of data processing if one of the following applies:
  • You contest the accuracy of the personal data, for the period enabling the data controller to verify its accuracy;
  • The processing is unlawful, and you oppose the erasure and request restriction instead;
  • The data controller no longer needs the personal data for processing purposes, but you require them for legal claims;
  • You have objected to processing pending verification whether the controller’s legitimate grounds override yours.
  1. Right to Data Portability
    You have the right to receive the personal data you have provided to a data controller in a structured, commonly used, and machine-readable format and to transmit that data to another data controller without hindrance.
  2. Right to Object
    You have the right to object to the processing of your personal data based on your particular situation, including profiling.
  3. Objection to Direct Marketing
    Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data for such marketing, including profiling related to direct marketing. Upon objection, personal data may no longer be processed for direct marketing.
  4. Automated Decision-Making, Including Profiling
    You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you, except where the decision:
  • Is necessary for a contract between you and the controller;
  • Is authorized by law and includes safeguards protecting your rights; or
  • Is based on your explicit consent.
  1. Legal Bases for Data Processing under the GDPR:
    a) Consent of the data subject,
    b) Performance of a contract,
    c) Compliance with a legal obligation,
    d) Protection of vital interests of the data subject,
    e) Public interest or exercise of official authority,
    f) Legitimate interests pursued by the controller or a third party.

Response Timeframe

The data controller will respond without undue delay, but no later than within one month from the receipt of the request. This period can be extended by two months if necessary, with notification of the reasons within one month.

If no action is taken on your request, the data controller must inform you without delay, no later than one month from receipt, explaining the reasons and informing you of the right to lodge a complaint with a supervisory authority and seek judicial remedy.

Data Security

The data controller and processor shall implement appropriate technical and organizational measures, considering the state of the art and costs, the nature, scope, circumstances, and purposes of data processing, and the risks to individuals’ rights and freedoms, including but not limited to:
a) pseudonymization and encryption of personal data;
b) ensuring confidentiality, integrity, availability, and resilience of processing systems and services;
c) ability to restore availability and access to personal data in a timely manner after an incident;
d) regular testing, assessment, and evaluation of security measures.

Notification of Data Breach

If a data breach likely results in a high risk to individuals’ rights and freedoms, the data controller will notify the affected individuals without undue delay, explaining the nature, potential consequences, and measures taken or planned to mitigate adverse effects, including contact details for further information.

Notification is not required if:

  • Appropriate protective measures such as encryption were applied;
  • Measures post-breach prevent likely high risk;
  • Notification would require disproportionate effort; in which case, public communication or similar measure shall be used.

Supervisory authority may also order notification after assessing the risk.

Data Breach Reporting to Authorities

The data controller reports data breaches to the relevant supervisory authority within 72 hours of becoming aware, unless unlikely to result in risk to individuals. If delayed, reasons must be provided.

Complaint Possibility

Complaints about data controller violations can be submitted to the National Authority for Data Protection and Freedom of Information (NAIH):

  • Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
  • Mailing Address: 1530 Budapest, P.O. Box 5
  • Phone: +36 1 391 1400
  • Fax: +36 1 391 1410
  • Email: ugyfelszolgalat@naih.hu

Closing

This notice has been prepared with regard to the following laws and regulations:

  • EU General Data Protection Regulation (GDPR) (EU) 2016/679
  • Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (Info Act)
  • Act CVIII of 2001 on Electronic Commerce and Information Society Services
  • Act XLVII of 2008 on Unfair Commercial Practices Against Consumers
  • Act XLVIII of 2008 on Basic Requirements and Certain Restrictions of Commercial Advertising Activities
  • Act XC of 2005 on Electronic Information Freedom
  • Act C of 2003 on Electronic Communications
  • EASA/IAB guidelines on behavioral online advertising
  • Recommendations by the National Authority for Data Protection on preliminary information requirements.