The name and contact details of the data processor and the representative thereof:
IHG Szálloda Budapest Szolgáltató Korlátolt Felelősségű Társaság (hereinafter: Data controller) 1052 Budapest, Apáczai Csere J. u. 12-14, +36 1 327 6333, firstname.lastname@example.org e-mail address: email@example.com)
The purpose and legal grounds of data handling, types of cookies
Cookies are such text files that may be used by a website for making the user experience more efficient and effective. As per relevant regulations, Data controller may store cookies on your device only in the case if their website requires that for its being operated.
Indispensable cookies help make the website usable by allowing such basic functions like navigating on and gaining access to the safe areas of the website. Without such cookies the website is unable to operate appropriately.
||Cookies to store your consent settings.
Performance related cookies: These cookies allow for the gathering of information about how our visitors use our website (e.g., which page the visitor viewed, which part of it they clicked on, how much time they spent on each page). The purpose of all this is to improve our website and the services it provides, thereby enhancing the user experience and ensuring uninterrupted and high-quality service delivery.
||cookie for unique identification of devices accessing LinkedIn to detect abuse on the platform and for diagnostic purposes
||Cookie to facilitate data center selection
||It is used to store information about the time of synchronization
||Synchronization of LinkedIn advertising IDs
||It stores the 2-factor authentication data of a previously logged-in user
||Used to limit the amount of data recorded on high-traffic websites
||Used to distinguish individual users
||1 year1 mounth
||Used to count and track page views
Advertising related cookies: The third-party advertising or targeting cookies used by us and our advertising partners help to display advertisements on our website or our partners' websites that are of interest to the visitor or most relevant to the visitor's interests. In certain cases, they also allow us to measure the success of our advertising campaigns. These cookies, by themselves, cannot personally identify the visitor.
||Used to measure advertising effectiveness
The legal grounds of data handling are your consent that is a freely given, specific, informed and unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to you. Such consent can be withdrawn at any time, which withdrawal does not affect the data handling being done lawfully prior the withdrawal being legitimate.
Cookies may not be used by Data Controller to identify you personally. Such cookies will only serve the above detailed purposes.
The duration of handling data
Until your withdrawing your consent, or in lack of any withdrawal it is the duration indicated in the table above.
Using a data processor
Data controller uses the following Data processor for any activities relating to data handling activities.
Digital Thinkers Ltd.
1097 Budapest, Vaskapu street 10-14. C. ép. 110.
Personal data related to children or third persons
As per the regulations of GDPR children under 16 may not provide any personal data of themselves, unless consent and authorisation thereto has been granted by the person holding the parental responsibility over the child.
By providing your personal data to Data controller you acknowledge to be acting in view of the above stated, and that your ability to act freely in providing your personal data is not in any way restricted.
Should you not be entitled individually to provide your personal data to Data controller you shall be liable to obtain the permission of relevant persons (person holding the parental responsibility, e.g.: parent, legal representative) prior to giving your personal data. In the course of providing services Data controller does not become aware of the fact if the person using the services require the permission of a third party thereto, therefore compliance with the present regulation is to be provided by you, and Data controller is exempt from any liability or responsibility thereof.
Data controller reserves the right to examine whether the legal grounds of handling personal data, or the conditions of lawful data processing are provided for. For example, in the event you are acting on behalf of a third person, Data controller is entitled to request proof of your being assigned by the said person and/or the consent of the third person in question regarding the given case.
Subject’s rights and the possibilities of exercising such rights
Below you will find the key rulings of GDPR regarding your data protection rights and the possibilities of exercising these rights.
Should you have any queries or questions regarding the present Data protection information or the content thereof, our colleagues will be happy to be at your service at the contact details above.
Access or rights to obtaining information as per GDPR
Based upon these regulations you are entitled to receive notification, information whether you’re the handling or processing of your personal data is in progress at Data controller. If such activity is in progress you have the right to be granted access to your personal data being handled as well as receive information as follows:
- purpose of data handling;
- the categories of the relevant person’s personal data,
- details of addressees or the category of such addressees with whom Data controller have shared the personal details, specifically including addressees located in a third country and international organisation,
- the duration of maintaining the personal data, or if this is not possible, the factors such duration is defined by,
- your further rights include that you may request Data controller to correct, erase or restrict the handling of personal data relating to you, as well as you may object to your personal data being handled,
- you are entitled to submit complaint to the supervisory authority,
- in the event Data controller did not receive your personal data from you, you are entitled to seek notification of all relevant information available,
- as regards automated decision making, in the event Data controller handles your personal data in such a way, the fact thereof, including profiling, as well as of the method and logic applied therein and the clear, unambiguous information thereof, as well as the extent of impact and possible consequences of such data handling may have on you.
- In the event personal data is transferred to a third country, you have the right to receive information on the guaranties of compliance of such transfer.
- You may request a copy of the personal data being under data processing, and provided it does not have any legal barrier we will be providing you therewith. In the event you submitted your request electronically, GDPR requires us to do so in a format most commonly used, unless you request it differently.
- Data controller shall without undue delay, but within one month of the request being received, shall inform you of the measure taken by the receipt of your request. if necessary, in view of the complexity of the request and the number of requests received the above deadline may be extended by a further two months. Data controller shall provide information on the extension of the deadline and the reasons for the delay within one month of receiving the request. In the event the subject submitted their request electronically information shall be given electronically, unless subject requests otherwise.
- Should Data controller take no measures following the request received, they shall inform the person submitting the request of the reasons for not taking measures without undue delay or within one month of receiving the request, as well as of subject’s right to submit a complaint at one of the supervisory authorities and that they have the right to seek legal advice and resolution.
Right to obtain correction
As per GDPR you have the right to request Data controller to correct the personal data of you that might be incorrect or in need of modification without undue delay. Furthermore, you have the right to request the completion of deficient personal data.
The right to be erased or forgotten
Based upon this right, you are entitled to request your personal data to be erased or deleted – without undue delay as per GDPR – provided that one of the following reasons apply:
- personal data stored in relation to you are no longer needed for the purpose Data controller has collected them or otherwise handled;
- You withdraw your consent to your personal data being handled, and no other legal grounds exist for handling your data;
- You object to the handling of your data and in the given case there is no legitimate reason enjoying priority for handling the data;
- personal data were handled illegitimately;
- personal data are to be deleted if an EU or member state legal regulation makes Data controller liable to erase such data; or
- personal data were collected in relation to providing services connected to the information society.
If data handling is necessary due to reasons included in GDPR, erasure thereof, or the exercising of rights to be forgotten are not possible, specifically if:
- for exercising the right of expressing opinion or the rights of obtaining information;
- for complying with an EU or member state regulation that prescribes the handling of personal data binding to Data controller;
- for archiving for public interest, for scientific or historic researches or for statistics, provided that the erasure or the right to be forgotten would most probably make it impossible or would seriously endanger such data handling; or
- it is necessary for proposing, exercising and protecting legal requests.
We make all reasonable efforts in the interest of erasing all information that have come in our possession unlawfully, and we ensure that such information will not be transferred to any third party, neither will it be used by ourselves (neither for marketing nor for any other purposes). Please inform us without delay should you learn that a child about themselves, or a third person about you have unlawfully transferred personal information. You can contact us at any of the above contact details.
The right to restrict data handling
As per the regulations of GDPR you have the right to restrict the handling and processing of your personal data in the event if any of the following apply:
- You dispute of the personal data handled about you of being correct, in which case restriction will apply to the period that has made it possible for us to check the personal data you consider incorrect or deficient,
- data handling is illegitimate, however you object to your personal data being erased, and instead request a restriction on the scope of their use,
- Data controller no longer needs your personal data for data handling, but you request your personal data for the purpose of forwarding, executing or protecting; or
- You have objected to the handling of your data, in which case such restriction applies to the period until it is unambiguously stated that Data handler’s legitimate interests enjoy priority over your legitimate interests.
In the event, based upon the above said, data handling comes under data handling restriction, such personal data – other than being stored - may only be handled and processed with your consent, or to putting forward, exercising or protecting legal claims, or in order to protect other person’s or entity’s rights, or in the high public interest of the EU or a member state. Data controller will inform you on the lift of data handling restrictions.
Notification liabilities relating to correcting, erasing personal data, or regarding the restriction on handling personal data
Data controller shall inform all relevant addressees of all corrections, erasure or restriction on data handling to whom they have transferred any data, except such notification proves impossible or would require efforts out of proportion with the aim. Upon your request we shall inform you of such addressees.
Rights to transfer data
In compliance with GDPR you have the right to receive from Data controller your personal data you have provided Data controller with in a format that is commonly used and legible with a machine, furthermore, you have the right to transfer such data to a different data controller without being restricted or hindered in doing so in any way by Data controller.
You have the right to transfer data in the following events:
- if data handling and processing is based upon consent or contract, and
- data handling and processing is done in an automated way.
While exercising the right to transfer your data you have the right – if it is technically feasible – to request Data controller to transfer your personal data to another data controller indicated by you.
The right to object
In compliance with GDPR, for reasons being relating to your situation, you have the right to object to your personal data being handled for legitimate reasons, including profiling. In this case Data controller shall discontinue to handle or process your personal data, except for the event it is proven beyond doubt that such legitimate reasons compel the personal data to be handled which reasons enjoy priority of your interests, rights freedoms, or which are related to putting forward, exercising or protecting legitimate claims.
Should personal data be obtained for business purposes, you have the right to object at any time to your personal data being collected and handled for such reason including profiling as well, in the event such activity is also connected to business interests.
In the event you object to your personal data being collected for business purposes, your personal data may not be handled for such purposes.
Relating to using services connecting to the information society and differing from the directive 2002/58/EK, you may exercise the right to object via automated devices that are based upon technical descriptions.
In the event personal data are handled for scientific, historic research or for statistics, you have the right, for reasons relating to your situation, to object to your personal data being handled, unless the handling of data is necessary for executing tasks of public interest.
Right to submit claims to the Supervisory authority
You have the right to place a complaint with the supervisory authority – especially in the member state relevant to your regular place of presence, work place or the place where the breach has supposedly occurred -, if in your judgement the handling of your personal data breaches the regulations of GDPR.
In Hungary the relevant supervisory authority is: Nemzeti Adatvédelmi és Információszabadság Hatóság (National Authority for Data Protection and Freedom of Information (http://naih.hu/; 1363 Budapest, Pf.: 9.; telephone: +36-1-391-1400; fax: +36-1-391-1410; e-mail: firstname.lastname@example.org).
You are entitled for the effective judicial remedy against the decision of the authority legally binding to you.
You are entitled for effective judicial remedy if the relevant supervisory authority does not deal with the claim, or fails to inform you about the process launched in relation to your claim and its results within three months of submitting your claim
Any proceedings against the supervisory authority may be launched at the court of the member state where the supervisory authority in question is located.