1. Information on the purpose, scope and applicable regulations
The purpose of this Privacy Policy is to determine the privacy policy applied by Assur-B 2001 Ltd. and declare that the company as the data manager will always act upon this policy.
The company based its Privacy Policy on the following legal regulations: a) Regulation 2016/679 of the European Parliament and Committee („General Data Process Regulation or GDPR), b) Act CXII of 2011 on the right of informational self-determination and freedom of information (Info Act), Act V of 2013 on Civil Law and c) Act XLVIII of 2008 on basic terms and certain limits of economic advertising.
The scope of this Privacy Policy is the data gathered and managed on www.schneekristall-aich.com website (hereinafter “Website”).
Without contrary information the scope of Information does not cover the services and data management by third parties advertising or doing other business on the Website like promotion, sweepstakes, other services or campaigns. Without contrary information the scope of this Information does not cover the services and data management of such websites, service providers which are led to by the references on the Website. The scope of the Information does not cover the data management of the people, organizations, companies whose information, newsletters, advertisement letters the Web user got on the Website.
2. The name and activity of the data manager
Name: Assur-B 2001 Ltd.
Headquarters: 4225 Debrecen, Hátszeg u. 3.
Telephone: +36306915052
E-mail: reservations@schneekristall-aich.com
Tax number: 12742389-2-09
Position of the person responsible for data protection: lawyer
Data management register number of Assur-B 2001 Ltd.: [providing the register number is under process].
The Data manager is an incorporated economic company in Hungary.
The Data manager operates the Website, which has been made in order to introduce the company on the Internet.
3. The principles, manner and legal basis of the data management
3.1. The Data Manager will manage any data for the best, honestly and clearly while co-operating with the Web Users. The Data Manager will only manage the data determined in the law or provided by the Web Users on the following purposes. The scope of the Personal Data managed complies with the purpose of the data management and it must not expand it.
3.2. In each case if the Data Manager wants to use the Personal Data on another purpose different from the original purpose, the Data Manager will inform the Web User and gain the web user’s consent, as well as the Data Manager makes it possible for the Web User to forbid the data management.
3.3. The Data Manager will not check the Personal Data provided. The person who provides Personal Data is alone responsible for their being correct.
3.4. The data provided by people under 16 may only be managed with the consent of the person of full age with parental supervision. The Data Manager does not have the power to check the consenting person’s entitlement or the content of their declaration so the Web User or the person with parental supervision guarantees that the consent meets all legal measures. Without consenting declaration the Data Manager will not collect any Personal Data of the person under 16.
4.5. The Data Manager will not give the Personal Data managed here to third parties others than the Data Processors or in certain cases External service providers determined in this Information. The only exception is to use the data on a statistical purpose, which may not use any data with the help of which the Web User can be identified and in this way it does not mean Data Management or data forward.
The Data Manager in certain cases like official judicial, police requirements, legal procedures on violation of the Data Manager’s rights or interests or its suspicion, etc., will make it possible for third parties to access the Personal Data of the Web User involved.
After 25 May 2018, The Data Manager will record, manage, and process the Personal Data as determined in this Information on Data Management in accordance with the measures of GDPR and make a statement about it for the Data Manager.
3.6. The Data Manager will inform the Web Users and all the people who the Personal Data have been forwarded for Data Management about the correction, restriction or deletion of the Personal Data. The Data Manager may not have to inform the Web User if it does not hurt the Web User’s interest regarding the purpose of the Data Management. This kind of information may be inessential.
3.7. Regarding the relating measures of the GDPR the Data Manager does not have to assign an official responsible for privacy, because the Data Manager is not considered to be a body of public authority or a body dealing with public assignments. The actions of the Data Manager do not include operations that need regular and methodical monitoring of the Web Users and also, the Data Manager does not manage special data or Personal Data to determine criminal responsibility or crime.
3.8. The Data Manager uses your personal data to comply with law, especially applicable data protection law:
• Act CXII of 2011 on the right of informational self-determination and freedom of information (hereinafter „Info Act.”);
• Act XLVIII of 2008 on basic terms and certain limits of economic advertising (hereinafter „Gr. Act”);
• Regulation 2016/679 of the European Parliament and Commission;
• Act CVIII of 2001 on certain problems of electronic commercial services as well as services in connection with informational society;
• Act C 169. § of 2000 on accountancy (on keeping invoices, receipts).
4. The legal basis of data management
4.1. Considering the type of the activity the Data Manager is involved in, the legal basis of the data management is the Web User’s explicit consent based on free-will, suitable information (Info Act. 5. § paragraph (1) item a)), plus, in case of the creation of profile the suitable information for the Web User in accordance with the measures of GDPR (GDPR Article 6 paragraph (1) item f)). The Web Users come into contact with the Data Manager free-will, they register free-will, use the service of the Data Manager free-will. The data manager without the Web User’s consent may only manage data with legal empowerment.
4.2. The User has the right to cancel their approval any time. This cancellation does not concern the lawfulness of the data management based on consent before cancellation.
4.3. The Data Manager records the Web User’s IP address when the web user enters certain websites without extra consent of the Web User in connection with providing service considering the Data Manager’s rightful interest and to provide rightful service (e.g. to detect misapplication or illicit contents).
4.4. Data my be forwarded to Data Processors determined in this Policy on Terms and Conditions without extra consent of the Web User. Providing personal data to third parties or authorities is possible only with absolute magisterial order or the Web User’s preliminary explicit approval unless the law decides on the contrary.
4.5. Any Web User when providing their e-mail address takes responsibility that via the e-mail address and using the data provided by them only they use the services we provide. This responsibility means that providing an e-mail address the only responsible party is the Web User who registered the e-mail address and provided other data.
4.6. The legal basis of the data management is a legal measure in certain cases. The main legal measures are the ones listed in item 4.8. The data in the receipt completed by the Data Manager is dealt with in accordance with the act on accountancy.
4.7. The legal basis of the data management may be the Data Manager’s rightful interest in the case of which in accordance with the relating measures of GDPR the Data Manager has completed and is allowed to complete the test considering interests in the future. This test confirms that the specific data management is necessary to complete the Data Manager’s rightful interest and the rights and freedom of the person involved which make the protection of personal data necessary do not have priority. The Data Manager if requested informs the person involved about this paragraph as written in this Information.
5. The aim of data management
The Data Manager manages personal data only on determined purposes, to exercise law and complete obligations. The data management is in accordance with the aim of the data management on its each stage. Obtaining and managing personal data occurs entirely legally and honestly. The aim of the Data Manager is to manage only such personal data that are necessary to realise the aim of data management and suitable to achieve the objective. The personal data are allowed to be managed to the extent and time necessary to achieve the objective.
The aim of data management is primarily to operate the Website and forward offers about the services of the Data Manager.
In accordance with the information determined above, the aims of data management are:
• to identify the Web User, keep contact with the Web User;
• to complete the obligations of the Data Manager and exercise the rights the Data Manager is entitled to;
• to protect the Web User’s rights.
6. The source of data
The Data Manager only manages the personal data given by the Web Users and does not collect any data from any other sources.
The Web User gives personal data when asking for an offer. The Web User gives their name and e-mail address.
7. The scope of the data managed
The Data Manager only manages the personal data given by the Web Users. Such personal data are their surname, first name, e-mail address.
Besides this, the Data Manager manages technical data, including IP address as determined in item 12.
8. The process of data management
The source of personal data is the Web User, who gives the data when asking for an offer. They have to give personal data when filling in the form for an offer. It is obligatory to give all the data in this form unless its contrary is determined and displayed.
The Web User provides the data independently, the Data Manager gives no compulsory instructions or expectations. The Web User gives their consent explicitly the data provided by them to be managed.
The Web User when asking for on offer on the Website gives their consent that their Personal Data provided when asking for an offer will be stored, managed and used by Assur-B 2001. Ltd. in accordance with the effective legal measures.
9. Data Management for advertising, sending newsletters
If the Web Users gives their consent, the Data Manager contacts the Web User with the help of the accessibility information provided by the Web User and sends them advertisements directly. This advertisement may be sent by mail, on the telephone (including texting) or via e-mails.
The condition of the advertisement is the Web User’s consent in each case. The Web User is allowed to cancel their consent any time without justification.
10. Cookies and Technical Data
We use cookies for identification, analysis and advertising purposes. By using our website you consent to the storing and accessing of cookies on your device. The system of the Data Manager records automatically the IP address of the Web User’s computer, the date of the visit, and in certain cases, depending on the configuration of the computer, the type of the browser and operating system. The data recorded in this way may not be connected with other personal data. The management of the data is only for statistics. The Website operated by Assur-B 2001 Ltd. use cookies including browser cookies, tracking cookies and computer cookies.
Such cookies make it possible for the Website to recognize previous visitors. The cookies help the Data Manager who operates the Website to optimise the Website, change the services of the website in accordance with the web user’s habits.
Also, the cookies are able to:
• store log in information, so that the web user can enter and leave the website without having to re-enter the same authentication information over and over or when entering a new website
• remember data recorded previously so that they do not need to be typed again,
• analyse how our website is used in order that using this information we can develop our website to meet the web users’ needs and the web user can find the information they need easily and as soon as possible and
• keep track on the efficiency of our advertisements.
If the Data Manager displays contents on the Web site with the help of outer web services, it may result in storing such cookies that are not supervised by the Data Manager so the data manager has no influence on what information such web sites or external domains collect or store. More information on such cookies are provided by regulations on the certain service.
The web user may set their web browser to accept all cookies, or refuse them or inform them when there are cookies on their device. You can set you web browser entering the “Options” or “Setting” of your browser. When refusing cookies, the Web User notes that without cookies the operation of the Web site is not complete.
The English description of cookies may also be helpful if you need more information on cookies: www.aboutcookies.org
11. Forwarding Data
The Data manager will forward personal data to third parties only if the Web User has definitely consented to it and knows the data forwarded as well as the addressee of the data or it is accomplished under the law.
The Data Manager is entitled and has to forward the Personal Data to relating authorities if there is a legal measure or absolute magisterial order as well as if the Data Manager is not taken responsible for any consequences due to such orders.
The Data Manager records any forwards in documents and keeps a register on them.
12. Data Process
The Data Manager is entitled to use data processor to accomplish their activities. The data processors will not make independent decisions, they are only entitled to do what is included in their contract and always in accordance with instructions. The Data Manager checks the data processors’ work. The data processors may use other data processors only if the Data Manager consents to it. The Data Manager lists the data processors in this Information.
The data processors used by the Data manager are the followings:
Development: Alphadesign Company
Operation of the server: tarhelypark.hu
13. External service providers
When operating the Website the Data Manager uses external service providers and co-operates with them.
Regarding the Personal Data managed in the systems of external service providers, the terms and conditions of privacy policy of the external service providers are normative.
The Data Manager does everything to make the External service provider use and manage all the Personal data forwarded to them in accordance with legal measures, and use them only on the purposes determined by the Web Users or written in this Information.
The Data Manager informs the Web User about their data being forwarded to External service providers.
14. Data security
The Data Manager provides data security, completes the technical and organizational actions and develop the rules of the procedure that are necessary to enforce the relating legal measures and the measures of data privacy. The Data Manager protects your personal data from illicit access, change, forward, publicising, deletion or cancellation and accidental destruction or damage, as well as becoming not accessible due to changing the system applied.
The Data Manager registers your data in accordance with relating legal measures and ensures that only employees, and others (the data processors) acting upon the interest of the Data Manager will meet your data, as they need your data to accomplish their tasks. They will meet your data inside the employee’s system only by logging. The employees of the data manager make individual search or individual operations on the data only upon request by the Web User or if it is necessary to provide the service.
The Data Manager when determining and applying actions to ensure the protection of data takes technology into consideration and stays up dated all the time. From several possible solutions of data management, the Data Manager chooses the one that ensures higher level of protection of the personal data excepting if it means disproportional difficulty. We are committed to keeping the personal information you provide to us secure and will take reasonable precautions to protect your personal information from loss, misuse or alteration.
The Data Manager takes special care of the following tasks under information protection:
• Actions to protect your personal data from unauthorised access, to protect the means of software, hardware, and system;
• Actions that make it possible to recover data files including regular anti-loss saving and dealing with copies separately and safely (anti-loss archiving, reflecting);
• Actions to protect data from viruses (virus protection);
• Actions to protect data files as well as the device physically including damage by fire, water, lightning, other natural damage, as well as recover this kind of damage (archiving, fire protection).
All of our employees and data processors who process your personal information on the Data Manager’s behalf are obliged to protect safely the data mediums containing personal information regardless of the way the information has been recorded, respect the confidentiality of the personal information, and protect it from unauthorised access, alteration, forward, becoming public, deletion or cancellation or accidental damage or loss.
The Data Manager operates the electronic files with a computer software which meets the requirements of data security. The software assures that the data are accessible under checked circumstances only for the people who need them to carry out their tasks.
15. The Duration of data management
The Data Manager deletes your personal information if:
1. a) the data management is not lawful;
If the data are not managed in a lawful way, the Data Manager deletes the data straight away.
1. b) the Web User requests so (excepting the data managements based on legal measures);
The Web User may requests the deletion of personal information provided by them free-will. In this case the Data Manager will delete the data. This kind of deletion may be refused only if there is legal authorization. The Data manager informs the Web user about the refusal of the deletion of data and the legal measure that makes it possible.
1. c) the data is incomplete or wrong – and this state cannot be corrected allowably – as long as the deletion is not refused by law;
1. d) the purpose of the data management no longer exists, or the duration of data storage determined by law is overdue;
The deletion may be refused (i) to exercise the right of freedom of deliverance and orientation, or (ii) if there is a legal authorization to manage the Personal Data; and (iii) to put forward, enforce or protect legal demands.
The Data manager informs the Web User about the refusal of the request for deletion and its reason(s) at all times. After deleting Personal Data it is impossible to restore them.
Because the Data Manager generally provides continuous service for the Web User, their contact has no time limit. On this basis, without the Web User’s request, the Data manager may manage the information while there is a contact between the Data Manager and the Web User and while the data manager can provide the Web User any service.
Any other data are deleted by the Data Manager if it is obvious that the data will not be used in the future, in other words, the purpose of the data management no longer exists.
1. e) the court of justice or the Authority of National Data Security and Freedom of Information has ordered. They have exclusive jurisdiction.
If the court or the Authority of National Data Security and Freedom of Information orders to delete the data, the Data Manager will accomplish it.
Instead of deleting the data the Data Manager while notifying the Web User will block the personal information if the Web User requests so or if the Data Manager has some information on the basis of which the Data Manager assumes deleting the data would violate the Web User’s rightful interests of the Web User. The personal information blocked in this way may be managed until the purpose of the data management exists, which excluded the deletion of the personal information. The Data Manager assigns the personal information managed by him/her if the Web User doubts or argues its correctness or actuality, but it cannot definitely be determined.
In case of data management ordered by any legal measure the Data manager will act upon the law.
In case of deletion the Data Manager makes all the data incapable of identifying the Web User. If it is ordered by the law, the Data Manager will destroy the data medium containing the personal information.
16. The rights of the Web Users and the enforcement of such rights
16.1. The Data Manager when contacting the Web User informs him/her about the management of the data at the same time. In addition to this, the Web User is entitled to ask information on data management any time.
Upon the Web User’s request, the Data Manager gives the Web User information on their data, managed by him/her or any data processor on behalf of him/her, the sources of the data, the purpose of the data management, its legal basis, duration, the name and address of the data processor and actions relating to data management, the circumstances of data security incidents, effects, and actions accomplished to overcome it and in case of forwarding the Web User’s personal information the legal basis of the data transmission and the addressee. The Data Manager is obliged to inform the Web User in black and white in plain language upon request as soon as possible but not later than in 25 days from the day of the application. This information is free of charge if the person requesting it has not submitted any application for information in the running year. In other cases the Web User may be charged the expenses. If the Web User has already paid for the expenses and the data were managed in an unlawful way or the application for information ended up with correction, such fees have to be paid back.
16.2. The Web User may request the Data Manager to correct personal information. If there is a regular supplying of data based on the information to be corrected, the Data Manager if necessary informs the addressee of the supplying of data about the correction, and raises the Web User’s attention to start correction for other data manager as well.
16.3. The Web User may request the personal information to be deleted excepting the data management ordered by the law. The Data Manager informs the Web User about the deletion.
16.4. The Web User may protest against the personal information being managed as determined in the Info Act.
16.5. The Web User sends the application for information, correction, deletion in a letter to the headquarter of the Data Manager or by e-mail sent the Data Manager to reservations@schneekristall-aich.com.
16.6. The Web User may request the Data Manager to restrict the management of their personal information if the Web User argues the correctness and actuality of the Personal information managed. In this case the restriction is over the duration that makes it possible for the Data Manager to check the Personal information. The Data Manager assigns the data managed by him/her if the Web User argues its correctness or actuality but it cannot definitely be determined.
The Web User may request the Data Manager to restrict the management of their Personal information if the data management is against law, but the Web User refuses the deletion of Personal information managed but asks for the restriction of their use instead.
In addition, the Web User may ask the Data Manager to restrict the management of their Personal information if the purpose of the data management has been accomplished, but the Web User wants the Data Manager to manage them to apply for, enforce or protect legal demands.
16.7. The Web User may ask the Data Manager to hand over the Personal information given to the Data Manager and used automatically by the Data Manager in configured, widely used, readable format and/ or forward the Personal information to another data manager.
16.8. If the data manager refuses the Web User’s application for correcting, blocking or deleting personal information, the data manager will notify the Web User about the reasons for this refusal in black and white within 25 days from the day of the delivery of such application. In case of refusing to correct, delete or block Personal information, the Data Manager notifies the Web User about judicial remedies and the opportunity to appeal to the Authority of National Data Security and Freedom of Information.
16.9. The Web User send any application to exercise their rights detailed above. The contact information of the data manager can be found in item 2.
16.10. The Web User can also make a complaint at the Authority of National Data Security and Freedom of Information directly (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; telephone: +36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu; website: www.naih.hu). The Web User is entitled to go to law if their rights have been violated on the basis of Info Act 22. § (1) paragraph. The judgement of the lawsuit falls within the authority of the court of justice. The lawsuit in accordance with the Web User’s choice may be started by the court of justice at the place of the Web User’s home or residence. The data manager if requested notifies the Web User in detail about the opportunity of legal remedy and its means.
17. Changes to the Privacy Policy
17.1. The Data Manager has the right to make changes to this Policy unilaterally from time to time. To ensure that the Web User is always aware of how the personal information is used the Data Manager will update this Privacy Policy from time to time to reflect any changes to the use of the personal information.
The Data Manager may also make changes to comply with changes in applicable law or regulatory requirements. The Data Manager will notify the Web Users by e-mail of any significant changes, but the data manager is not obliged to do so. The Web User is entitled to exercise their rights according to this Policy and applicable law.
17.2. The Web User with the next request for an offer accepts the Privacy Policy. There is no need to ask certain Web Users to give their consent.
