DATA MANAGEMENT INFORMATION ON COOKIES

In connection with the processing of personal data on the basis of an appointment to ensure compliance with Act CXII of 2001 on informational self-determination and freedom of information (Info tv.) and with the General Data Protection Regulation 2016/679/EU (GDPR)

Data of the Controller

Controller: FANOS Szolgáltató és Kereskedelmi Kft.,

Registered office: 1015 Budapest, Csalogány u. 6-10.

Tax number: 11917261-2-41

Web: https://aquahoteltermal.hu/,

Address: 9200 Mosonmagyaróvár, Kígyó utca 1.

E-mail: aquahotel@t-online.hu

Data (cookies) are stored on the visitors of our websites to ensure the most perfect user experience and also for statistical and marketing purposes.  The cookies store the information in your browser, and are intended to recognise you when you subsequently return to the website.

Purpose of data management:

Data (cookies) are stored on the visitors of our websites to ensure the most perfect user experience and also for statistical and marketing purposes.  The cookies store the information in your browser, and are intended to recognise you when you subsequently return to the website.

Circle of persons concerned:

The cookies are stored by the system on your machine. Please note in connection with the cookie settings that the use of cookies is enabled according to the basic settings of the browsers. You can delete the cookies from the computed, or set your browser to disable them. If the cookies are disabled, the site might not fully function.

The cookies help also us, the operators of the site, understand which parts of the website are preferred or considered most useful by the users.

Legal base of data management: voluntary consent:

Article 6(1)(a) of the GDPR

The automatically recorded data is automatically logged by the system when our website is visited and left, without your separate statement or other acts. This data is not connected with any other personal user data, that is, you may not be identified on the basis of such data. Only third party service providers managing the cookies and we have access to such data.

The cookies are stored by the system on your machine. Please note in connection with the cookie settings that the use of cookies is enabled according to the basic settings of the browsers. You can delete the cookies from the computed, or set your browser to disable them. If the cookies are disabled, the site might not fully function.

The cookies help also us, the operators of the site, understand which parts of the website are preferred or considered most useful by the users.

What information is collected during the use of the website?

The automatically recorded data is automatically logged by the system when our website is visited and left, without your separate statement or other acts. This data is not connected with any other personal user data, that is, you may not be identified on the basis of such data.

Properties and functions of cookies

NECESSARY COOKIES

These cookies are necessary first of all for the proper operation of the site. In addition, they serve also for analytical measurements and the display of ads on the site.

FUNCTIONAL COOKIES

These cookies enable us to display ads for you according to your special interests.

CONVENIENCE COOKIES

 

 

These cookies enable us to display ads for you according to your special interests.

Recommended setting. These cookies enable us to display or send you customised contents and ads by analysing the use of the site, or to improve our services by using the analyses.

STATISTICAL COOKIES

The statistical cookie provide feedback to the owner of the website to enable it to see what contents are preferred by the users on the website. The data is not connected to a concrete person. We use the cookies of the Google Analytics on our site.

MARKETING COOKIES

The marketing cookies track the users through websites, e.g. for ads, in order to show them relevant contents. (Google, Facebook, Youtube, Twitter, Instagram use such cookies.)

 

How do we use the information collected by the cookies?

Data collected by means of the above technologies cannot fundamentally used for your identification, and we connect such data with other data potentially suitable for identification only if you give your definite consent for us to use (statistical) cookies suitable for identification. The primary purpose of the use of such data is to properly operate our website.

For that purpose, the followings are necessary

  • differentiating between the individual sessions,
  • tracking the visit data of our website,
  • and screening any abuse in connection with the use of our website.

We can use such information also to analyse the processes and tendencies of use, to improve and develop the operation of our website, and to acquire general turnover data on the overall use of our website.

We can use the information acquired in this way for drawing statistics and their analysis.

 

Option to disable cookies

If you do not want the above information to be collected on you during the use of our website, you can partially or fully disable the use of cookies or modify the cookie settings in the settings of your browser. Guides on the management of cookies are available via the following links for the different browsers:

  • Mozilla Firefox: Enabling and disabling cookies used by the websites to save settings
  • Google Chrome: Activation and inactivation of cookies
  • Microsoft Internet Explorer: Deletion and management of cookies
  • Microsoft Edge: Microsoft Edge, browsing data and privacy
  • Apple Safari: Manage Website Data in Safari application of Mac

Data Management Information

In connection with the processing of personal data on the basis of an appointment to ensure compliance with Act CXII of 2001 on informational self-determination and freedom of information (Info tv.) and with the General Data Protection Regulation 2016/679/EU (GDPR)

Controller: FANOS Szolgáltató és Kereskedelmi Kft.

Registered office: 1015 Budapest, Csalogány u. 6-10.

Tax number: 11917261-2-41

Registration number: 01 09 725744

Our Data Management Information covers our following units:

Address: 9200 Mosonmagyaróvár, Kígyó utca 1.

Address: 9200 Mosonmagyaróvár, Kígyó utca 1.

Mosonmagyaróvár 9200 Lucsony utca 19.

E-mail: info@aquasolhotel.com

Contact details: Tel: 00 36 96 / 579 168, Fax: 00 36 96 / 579 169,

E-mail: aquahotel@t-online.hu

As a controller, we respect the privacy of all persons to whom personal data is provided. We make sure that all data management operations related to our activities comply with the expectations specified in this Information, the effective national laws and the legal acts of the European Union.

Data protection guidelines related to data management by Fanos Kft. are available on sites https://aquahoteltermal.hu/wp-content/uploads/2023/06/Adatkezelesi-tajekoztato_20230613.pdf, https://www.campingmovar.hu/wp-content/uploads/2023/06/Adatkezelesi-tajekoztato_20230613.pdf and https://www.aquasolhotel.com/wp-content/uploads/2023/06/Adatkezelesi-tajekoztato_20230613.pdf.

If you have any question in connection with this notification, please feel free to contact us. W state that Fanos Kft, as a controller, confidentially handles the personal data, and takes all safety, technical and organisational measures guaranteeing the safety of data.

This Information contains the followings:

  • the types of identification data of those concerned, that has been collected by us;
  • the list of data management purposes;
  • the legal bases, according to which these are processed;
  • the list of all persons to whom the data is forwarded; and
  • the method of their storage.

 

Please carefully read this Information to understand the way in which we process your personal data.

Content

Interpretation of Key Concepts Used in the Information………………………………………………………………………………………………………………………………….. 3

Data provided during on-line contact………………………………………………………………………………………………………………………………. 5

Mandatory registration and data supply in connection with checking in by those using accommodation services………………………………………………………………………………………………………………………………. 5

Use of credit card data………………………………………………………………………………………………………………………………. 7

Personal data managed for parking………………………………………………………………………………………………………………………………. 8

Purchase of gift vouchers for the Beneficiary………………………………………………………………………………………………………………………………. 8

Camera surveillance data………………………………………………………………………………………………………………………………. 9

Data requested when a transfer service is demanded…………………………………………………………………………………………………………………………….. 10

Lost objects…………………………………………………………………………………………………………………………….. 10

Complaint management…………………………………………………………………………………………………………………………….. 11

Data related to the data management of employees…………………………………………………………………………………………………………………………….. 11

Job applications…………………………………………………………………………………………………………………………….. 12

Social media surfaces…………………………………………………………………………………………………………………………….. 12

Cookies…………………………………………………………………………………………………………………………….. 12

Technical data – What do we do for data security?………………………………………………………………………………………………………………………………… 13

What are your rights and obligations in relation to your personal data?………………………………………………………………………………………………………………………………… 14

Data protection Authority………………………………………………………………………………………………………………………………… 17

Other Provisions………………………………………………………………………………………………………………………………… 17

 

Our General Data Management Guidelines

Our data management principles comply with the data protection related effective legislation, including, in particular:

  • Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (Infotv.);
  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 – on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR);
  • Act V of 2013 on the Civil Code (Ptk.);
  • Act C of 2000 on Accountancy (Számv. tv.);
  • Act LIII of 2017 on the prevention and avoidance of money laundry and terrorism (Pmt.);
  • Act CLVI of 2016 on state functions pertaining to the development of tourism regions
  • Act CLV of 1997 on consumer protection
  •  Act CLXIV of 2005 on trade
  • Act LXXVI of 2009 on the general rules of official public administration procedures and services
  • Act C of 2003 on electronic communications (Ehtv.)
  • Act XLVIII of 2008 on essential conditions of and certain limitations to business advertising (hereinafter: Grt.)
  • Act CVIII of 2001 on certain issues of electronic commerce services and information society services (hereinafter: Eker tv.)

 

Interpretation of Key Concepts Used in the Information

Person concerned: A natural person identified or identifiable on the basis of any information.

Consent of person concerned: Definite statement of the will of the person concerned based on voluntary, clear and proper information, when the person concerned indicates with his/her statement or other behaviour unmistakeably expressing his/her will, that he/she gives his consent to the processing of his/her personal data.

Personal data: Any information related to the person concerned.

A natural person is identifiable, when he/she can be identified either directly or indirectly, in particular on the basis of some identification data such as a name, number, location data, on-line ID or one or more factors related to the physical, physiological, genetic, intellectual, economic, cultural or social identity of the natural person.

Special data: all data belonging to the special category of personal data, i.e. personal data related to the racial or ethnic origin, political opinion, religious or philosophical conviction or union membership, as well as genetic data, biometric data intended to individually identify a natural person, the health data and personal data related to the sexual life or sexual orientation of the natural person.

Controller: A natural person or legal entity, or any association not having legal personality, who or which specifies the purpose of data processing, makes and implements decisions on data processing (including the devices used) or have the data processor implement them independently or together with others;

Joint controller: A controller, who or which specifies the purposes and devices of data processing – in the framework specified in a law or in a compulsory legal act of the European Union – jointly with one or more other controllers, makes and implements the decisions on data processing (including the devices used) jointly with one or more other controllers, or have the data processor implement them.

Data management: Any operation or a combination of operations performed on the data irrespective of the procedure followed, including, in particular, collection, recording, registration, systematisation, storage, change, use, consultation, forwarding, publication, harmonisation or connection, blocking, deletion and destruction of the data as well as prevention of additional use of the data, taking photos, sound or video recording, and registration of physical characteristics suitable for the identification of a person (i.g. finger or palm print, DNA sample, iris image);

Restriction of data management: Blocking of the stored data by using marks to restrict further processing of the data.

Data processing: All data management operations performed by the processor on behalf of the controller or at his/her instruction.

Processor: A natural person or legal entity, or any association not having legal personality, who or which processes the data under a contract signed with the controller, including also any contract signed on the basis of a provision of a law;

Data protection incident: Violation of data security, which results in accidental or unlawful destruction, loss, modification, unauthorised forwarding or publication of the personal data forwarded, stored or managed in any other way, or in unauthorised access to them.

Third party: A natural person or legal entity, or any association not having legal personality, who or which is not identical to the person concerned, the controller or processor;

Addressee: A natural person or legal entity, or any association not having legal personality, for whom or which the controller or the processor provides access to personal data.

 

How do we manage your data?

We receive the data directly from you. In these cases, the legal base for the data collection and processing is ensured either by your consent or by a contract made between us. Based on its sphere of activities, Fanos Kft. manages personal data in the following category:

Data provided during on-line contact

Purpose of data management

Inquiry, disclosure of information

Circle of persons concerned

All persons concerned inquiring about the services of Fanos Kft.

Managed data

·         name

·         e-mail address

·         data send in mails

Use

Establishing and maintaining contacts, administration via e-mails

Legal base

definite and voluntary consent on the basis of preliminary information – Article 6 (1)(a) of General Data Protection Regulation 2016/679/EC

Storage time

until the achievement of the data management purpose

Data forwarding

not applicable

 

Mandatory registration and data supply in connection with checking in by those using accommodation services

On checking in at the accommodation, the Controller registers the data specified in the requirements in the IT system protected by means of multiple asymmetric encryption named VISA, i.e. in a storage space provided by the hosting service provider designated by the Government Decree. The purpose of the data registration is to make sure that the rights and security of the Person Concerned and of others are protected, and the control of adherence to regulations related to the staying of citizens from third countries and of persons having the right of free movement and residence is implemented. That is the primary purpose of the VIZA is to promote the protection of the public order, the public security, the rules of the state border, and the rights, security and properties of the Person Concerned and of others.

Purpose of data management

The support of purposes designated by the Government and execution of statutory obligation.

Circle of persons concerned

All persons concerned reserving accommodations at Fanos Kft.

Managed data

Data of the Person Concerned using the accommodation service

·         first name and surname

·         first name and surname at birth

·         place and date of birth

·         gender

·         citizenship

·         mother first name and surname at birth

·         identification data of the identification document or passport

·         the number of the visa or of the residence permit, the time and place of entry for citizens from third countries,

Use

Establishing and maintaining contacts, administration via e-mails

Legal base

performance of legal obligation (Article 6(1)(c) of the GDPR). The process of data supply is specified and regulated by Act CLVI of 2016 on state functions pertaining to the development of tourism regions.

Storage time

The data is erased by us after 5 years from termination of the connection with the Person Concerned on the basis of Paragraph 6:22 of the Ptk. It is kept for a longer period, if required by the law, for example, if the data must be kept on the basis of Paragraph 169 of Act C of 2000 on the accountancy (“Accountancy Act”), then the data is erased after 8 years from termination of the connection with the Person Concerned. Such cases include when the data is part of documents supporting accountancy, they are indicated for example in contract-related documents (or in the contract itself in relevant cases), and it must be kept for 6 years in the case of police reports.

Data forwarding

Please note that in the case of our accommodation services, data is forwarded and processed towards a third party (IFA – on the basis of a processor contract).

Source of managed data

person concerned, accommodation reservation portal, travel bureau

 

For persons who request an offer for accommodation services, but do not become guests, their personal data is managed in accordance with the content of Paragraph 6:64-65 of Act V of 2013 on the Civil Code.

Paragraph 6:64 [Binding offer]

(1) The person who makes a legal statement clearly expressing his/her intention to sign a contract and covering essential issues shall be bound by his/her statement. The bidder may specify the period in which his/her offer is binding.

(2) The period of the binding offer starts when the offer becomes effective.

Paragraph 6:65 [The end of the binding offer]

(1) If the bidder does not specify the period in which his/her offer is binding, the period of the binding offer ends

  1. a) when an offer is made between the parties present, and the other party does not accept the offer immediately;
  2. b) when an offer is made between the parties without their physical presence, after the expiry of the period in which the bidder would have expected the receipt of the answer under normal circumstances in view of the nature of the service indicated in the offer and of the method of making the offer;
  3. c) when the other party rejects the offer.

(2) The binding offer ends, if the bidder withdraws his/her offer with his/her legal statement addressed to the other party before the other party sends his/her legal statement of acceptance.

(3) The written offer may be withdrawn in writing.

(4) An offer that has become effective may not be withdrawn, if the offer provides that it is irrevocable, or a date is specified in the offer for the acceptance.

If the inquirer sends his/her data to us, then he/she gives an official offer (legal statement) to our Company. For us to be able to follow up the acceptance of the offer, we continue to manage the personal data of the inquirer, and may call the inquirer via our communication channels (phone, e-mail) to ask him/her to make a statement on the offer during the period of the binding offer.

The binding offer shall be valid as long as the Company may expect the receipt of an answer under normal circumstances in view of the nature of the service indicated in the offer and the method of making the offer. Our Company shall manage the personal data in this period, however, for maximum six months from making the offer.

 

 

Use of credit card data

Purpose of data management

Room reservation for guests

Circle of persons concerned

All persons concerned reserving accommodations at Fanos Kft.

Managed data

  • Name indicated on the card
  • Card number,
  • CVC code,
  • Expiry date

Use

administration, payment of reservation of accommodation, request for advance

Legal base

performance of contract – Article 6 (1)(b) of General Data Protection Regulation 2016/679/EC

Storage time

The credit card data shall be used only for the transaction, and only by the authorised person. On departure from the hotel, the data shall not be disclosed any more, and any access to it shall not be allowed. The data shall be deleted after a successful transaction.

Data forwarding

not applicable

 

Personal data managed for parking

Purpose of data management

Provision of parking in the parking lot of the units of Fanos Kft.

Circle of persons concerned

All persons concerned parking their vehicles in the units of Fanos Kft.

Managed data

·         name and address of person

·         date and time of arrival and departure

·         registration number of vehicle

Use

Establishment of contact, maintenance of contact, administration

Legal base

definite consent on the basis of preliminary information – Article 6 (1)(a) of General Data Protection Regulation 2016/679/EC

Storage time

until the achievement of the data management purpose

Data forwarding

not applicable

 

Purchase of gift vouchers for the Beneficiary

Purpose of data management

Purchase of gift vouchers

Circle of persons concerned

All persons purchasing gift vouchers for the services of Fanos Kft.

Managed data

·         Customer’s data: Name, e-mail address, phone, invoice address

·         Beneficiary’s data: Name, voucher’s content

Use

Establishment of contact, maintenance of contact, administration

Legal base

consent on the basis of preliminary information – Article 6 (1)(a) of General Data Protection Regulation 2016/679/EC

We call the attention of those disclosing data to Fanos Kft. that if they provide not their own personal data, then the person disclosing the data shall acquire the consent of the person concerned.

Storage time

Until expiry of the voucher

If an invoice is issued – legal obligation on the basis of the period specified in  Article 6(1)(c) of Chapter II of General Data Protection Regulation 2016/679/EU – Accountancy Act: Relevant year + 8 years

Data forwarding

not applicable

 

 

Camera surveillance data

In connection with the operation of the camera system, we are obliged to give the following information:

  • indication of signals (pictograms, labels)
  • posting of information
  • camera rules and annexes
  • data protection rules and provisions made in the data management information in connection with camera surveillance
  • information for the employees – certification confirmed in writing
  • answer to questions received from employees

 

Purpose of data management

Property protection, i.e. the protection of precious assets and personal values of the guests is particularly important for us. Considering that the detection of violations of the laws, in flagrant delict and prevention of such violating acts cannot be achieved in other ways, and evidencing cannot be made with other methods, we have set up a security camera system.

Circle of persons concerned

All persons concerned staying at the accommodations and in areas under camera surveillance of Fanos Kft.

Managed data

image recorded by camera

Use

camera footage

Legal base

on the basis of a legitimate interest

Article 6(f) of General Data Protection Regulation 2016/679/EU

Storage time

72 hours, in accordance with the requirements of the law if there is a data protection incident

Data forwarding

not applicable

 

For further information on data management related to the camera system, contact our colleagues.

 

Data requested when a transfer service is demanded

Purpose of data management

Performance of transfer service on the basis of the request of the person concerned

Circle of persons concerned

All persons concerned requesting transfer services via the colleagues of Fanos Kft.

Managed data

name and phone number of the person concerned

Legal base

voluntary consent

Article 6(1)(a) of General Data Protection Regulation 2016/679/EU

Storage time

until the achievement of the data management purpose

Data forwarding

Please note that in the case of our transfer services, data is forwarded and processed towards a third party (passenger transport company).

 

Lost objects

Purpose of data management

Handling and storage of objects found in the area of the accommodations of Fanos Kft., their identification by the person concerned

Circle of persons concerned

All persons concerned reserving accommodations at Fanos Kft. and leaving some value or object there.

Managed data

name of the finder, place and time of finding, room number, designation of the found object, its identification details

Legal base

Performance of contract signed on the room reservation as a service – Article 6(1)(b) of General Data Protection Regulation 2016/679/EC

Storage time

until the civil legal rights deriving from the use

of the accommodation service expire, but for maximum 6 months

Data forwarding

not applicable

 

Complaint management

Purpose of data management

consumer protection, complaint management

Please raise your complaints arising within the guarantee period via e-mail address aquahotel@t-online.hu or info@aquasolhotel.com. The data is recorded based on this.

Circle of persons concerned

All persons concerned who raise a complaint to Fanos Kft.

Managed data

·         name

·         contact details

·         designation of complaint

Legal base

Paragraph 17/A(7) of Act CLV of 1997 on consumer protection , which requires the above data management.

Storage time

5 years from making a report.

Data forwarding

To the Consumer Protection Authority

 

 

Data related to the data management of employees

We state that the data of the employees contracted by our Company is managed on the basis of Act CXII of 2011 (Info tv.), General Data Protection Regulation 2016/679/EC and Act I of 2012 (Labour Code).

Your data is managed, recorded and forwarded by our colleagues at the reception desk. Our employees are trained in GDPR, protection of personal data.

The GDPR applies also to the data and data management of our employees. Act I of 2012 on the Labour Code provides for this. Based on this, we manage and forward compulsory data to the authorities. The relevant detailed data management requirements is available in the controller’s Data Protection Rules.

  • Labour, personnel records
  • Data management in relation to medical examinations for fitness
  • Data management in relation to the control of use of an e-mail account
  • Data management in relation to the control of a computer, laptop or tablet
  • Data management in relation to the control of use of internet at work
  • Data management in relation to the control of use of a company mobile phone
  • Data management in relation to the use of GPS navigation system
  • Data management in relation to entry and exit to and from the workplace
  • Data management in relation to camera surveillance at work

 

Job applications

Purpose of data management

Advertised position, filling an empty post

Circle of persons concerned

All persons concerned who file a CV to Fanos Kft.

Managed data

data provided in the CV

Legal base

consent on the basis of preliminary information – Article 6(1)(a) of General Data Protection Regulation 2016/679/EC

Storage time

until the empty post is filled

Data forwarding

not applicable

 

Social media surfaces

Purpose of data management

Marketing based advertisements, information on our services, novelties and discounts

Contact details:

https://www.instagram.com/aqua.hotel.termal/

https://www.instagram.com/aquasol.resort/

 

https://hu-hu.facebook.com/aquahoteltermal/

https://www.facebook.com/aquasolhotel/

 

Circle of persons concerned

Any user who likes and follows our social media sites

Managed data

data published by you in the social media.

Use

on-line, on the admin surfaces of the social media

Legal base

voluntary consent on the basis of preliminary information – Article 6 (1)(a) of General Data Protection Regulation 2016/679/EC

Time of use

until withdrawal of the consent

Data forwarding

To the controllers of social media

 

 

Cookies

Data (cookies) are stored on the visitors of our websites to ensure the most perfect user experience and also for statistical and marketing purposes. The cookies store the information in your browser, and are intended to recognise you when you subsequently return to the website.

In the cookie panel, you are allowed to view the individual cookies by category, to accept or refuse their use.

Legal base for Data Management?

  • Data is collected and managed on the basis of a lawful interest – Article 6(f) of Chapter II of GDPR (EU) 2016/679

It is not necessary to ask the persons concerned for their prior consent to the use of so-called “cookies used for session” and “safety cookies”. (If the use of the cookies is exclusively intended to communicate via the electronic communications network, or if it is indispensable for the service provider for the provision of a service definitely requested by the subscriber or the user, and associated with the information society.)

Disabling or deletion of cookies: Most browsers are set to accept the cookies. These settings may be changed by disabling the cookie or requesting a warning when cookies are set on your device. For details on the settings and modifications of cookies, see the browser information.

Disabling or deletion of cookies may affect the operation of certain functions of the website. Persons concerned may delete the cookies usually under the settings of Privacy menu item in menu Devices/Settings of the browsers.

  • Based on a consent – Article 6(a) of Chapter II of GDPR (EU) 2016/679

Cookie liable for targeted advertisements: Remarketing is a function, by means of which the the web shop can display relevant advertisements for users who previously visited the website. The users must give their consents in this case.

 

Further information:  is available in the Cookie Data Management Information.

 

Technical data – What do we do for data security?

 

Fanos Kft. selects and operates the IT tools used during the service provision for the management of the personal data to make sure that the managed data:

  • is available for the authorised persons (availability);
  • its authenticity and verification are ensured (authenticity of data management);
  • its unchanged condition can be confirmed (data integrity);
  • is protected against unlawful access (data confidentiality).

 

In addition, the controller states that the data

  • is protected with proper measures
  • against unauthorised access, modification, forwarding, publication, deletion or destruction as well as accidental destruction – e.g. limited authorities.

 

The controller provides for the protection of the security of data management with technical and organisational measures, which offer a protection level in accordance with the risks to which the data management is exposed – e.g. introduction of high security levels.

 

Information Security

The technical measures include the use of encryption, protection of passwords and antivirus software related to access to our systems.

As part of the process, during which you provide your personal data for us, this data may be forwarded also via the internet. Though we take all necessary measures to protect the personal data provided by you for us, data forwarding via the internet cannot be considered fully safe. Therefore you have to acknowledge and accept, that we cannot take full responsibility for the security of data forwarding via our website, and if you forward the data in this way, then you shall be liable for it. As soon as your personal data is received in our systems, we follow stringent procedures to ensure security, and to prevent any unauthorised access.

 

What are your rights and obligations in relation to your personal data?

The person concerned may request information on the management of his/her personal data or correction and – except for compulsory data management – deletion, cancellation of his/per personal data, he/she may exercise his/her right to data portability and to object in the way indicated during data recording and via the above contact details of the controller.

 

Right to information

Fanos Kft. shall take proper measures to offer the persons concerned all information related to the management of personal data and mentioned in Articles 13 and 14 of the GDPR as well as all details included in Articles 15 to 22 and 34 in a brief, transparent, clear and plain way, and shall ensure easy access to them.

 

 

 

Right of the person concerned to access

The person concerned is entitled to receive feedback from the controller as to whether his or her personal data is being managed, and if such data management is in process, he or she is entitled to have an access to the personal data collected and the following information:

Purposes of data management;

  • categories of personal data in question;
  • addressees or categories of addressees to whom or which personal data has been or will be disclosed, including in particular addressees in third countries and international organisations;
  • planned period of storage of personal data;
  • right to correct, delete or restrict data management or to object;
  • right to submit a complaint addressed to the supervisory authority;
  • information on data sources;
  • fact of automated decision-making, including profile creation, as well as information on the applied logics and on the significance of such data management and its potential consequences affecting the person concerned.

The controller shall give the information within maximum one month from submission of the request.

 

Right to correct

The person concerned may request the correction of inaccurate personal data managed by the controller and related to him/her as well as addition of missing data.

 

Right to delete

If any of the following reasons exits, the person concerned shall be entitled to request the controller to delete personal data related to him/her without any unreasonable delay:

  • the personal data is not necessary any more for the purpose for which it was collected, or if it was managed in a different way;
  • the person concerned withdraws his/her consent on which data management is based, and there is no other legal base for data management;
  • the person concerned objects the data management, and there is no priority lawful reason for data management;
  • the personal data has been unlawfully managed;
  • the personal data must be deleted to meet a legal obligation specified in a legal act of the EU or in a law of a member state, which is applicable to the controller;
  • the personal data was collected in connection with services offered in relation to information society.

 

 

Deletion of the data may not be initiated, if data management is necessary:

  • to exercise the right of freedom of expression and information;
  • to meet an obligation pursuant to a legal act of the EU or to a law of a member state specifying the management of personal data and applicable to the controller, and to perform a task required for any public interest or in the framework of exercising a public authority assigned to the controller;
  • for any purpose concerning public health or for archiving, scientific and historical research purposes or statistic purpose based on public interest; or for submission, enforcement or protection of legal claims.

 

Right of limitation of data control

The person concerned is entitled to ask the controller to limit the data control, if any of the following terms is met:

  • the person concerned argues the accuracy of the personal data, in which case the limitation applies to the period allowing the controller to check the accuracy of the personal data;
  • the data control is unlawful, and the person concerned opposes the deletion of the data, and he or she requests the limitation of its use instead;
  • the data controller does not need the personal data for data management purposes any more, but the person concerned needs it for submission, validation or protection of legal claims; or
  • the person concerned objects the data management;
  • in that case the limitation applies unless it is established that the legal reasons of the controller has a priority over the legal reasons of the person concerned.

If data management is subject to restriction, the personal data may be managed – except for storage – only with the consent of the person concerned, or for the submission, enforcement or protection of legal claims, or for the protection of the rights of other natural or legal entities, or in an important public interest of the EU or a member state.

 

Data portability right

The person concerned is entitled to receive the personal data related to him/her and provided by him/her for the controller in an articulated, widely used format which can be read on a machine, and to forward this data to another controller.

 

Right to object

The person concerned is entitled to object data management necessary for the performance of a task required in a public interest or in the framework of the exercise of a public authority assigned to the controller, or the enforcement of the legal interests of the controller or a third party, including profile creation based on the above provisions, any time, for reasons related to his/her own situation. In case of objection, the controller shall not continue to manage the personal data, unless it is justified by compelling legal reasons, which have priority over the interests, rights and freedom of the person concerned, or which connect to the submission, enforcement or protection of legal claims.

In automated decision-making in special cases, including profiling, the person concerned is entitled to be exempted from the effect of a decision based on only automated data control – including profiling -, which would have a legal effect on him or her, or would significantly affect him or her in a similar way.

 

Right to withdraw

The person concerned shall be entitled to withdraw his/her consent at any time.

 

Right to appeal to a court

If his/her rights are injured, the person concerned shall be entitled to initiate a legal procedure against the controller. The court will proceed with urgency.

 

Data protection Authority

The controller shall be liable for damages caused by the processor against the person concerned, and the controller shall pay also any injury fee due to violation of personality rights caused by the data processor. The controller shall be exempted from liability for damages and from the payment of injury fees, if it proves that the damages or the violation of the personality rights of the person concerned were caused by an unavoidable reason beyond the sphere of data management. No damages or injury fees may be claimed if the damages or the violation of the personality rights derived from the intentional or gross negligence of the person concerned. In addition to the above remedies, the person concerned may turn also to the National Authority for Data Protection and Freedom of Information

Name: National Authority for Data Protection and Freedom of Information

Registered office: 1055 Budapest, Falk Miksa utca 9-11

Postal address: 1363 Budapest, P.O.B.: 9.

Phone: 0613911400 Fax: 0613911410

E-mail: ugyfelszolgalat@naih.hu

Website: https://www.naih.hu

 

Other Provisions

We provide details on data management issues not included in this information when the data is recorded. We inform our clients that the court, the prosecutor, the investigation authority, the law enforcement authority, the administration authority, the National Authority for Data Protection and Freedom of Information and other bodies authorised by the law may request the controller to provide information, to disclose data and to supply documents.

Fanos Kft. shall be allowed to disclose personal data to the authorities – if the authority has indicated the purpose and the sphere of data accurately – to the extent which is essential for the purpose of the request.

Based on the provisions of the GDPR, if the Controller does not take measures without any delay, but within one month from the receipt of the request based on Articles 15 to 22 at the latest, the Controller informs the person concerned on the reasons of the failure to take the measure, and that the person concerned may submit a complaint to any supervision authority, and initiate a legal procedure.

 

 Validity: 31 July 2023