info@irisz-apartmanhaz.hu
+36 30 264 2662
en
Apartment House

Privacy policy

GDPR

General Information

The processing of personal data complies with Regulation (EU) 2016/679 of the European Union, known as the General Data Protection Regulation (GDPR).

This information serves as the basis for data processing records and applies to the website of Irisz Apartment (www.irisz-apartmanhaz.hu), operated by Dr. Balázs Kollár, a private accommodation lessor.

Ensuring the protection of your personal data is of utmost importance to us. If you have any questions or would like to learn more about data protection, please contact us at info@irisz-apartmanhaz.hu.

Irisz Apartment collaborates with accommodation providers Szallas.hu and Booking.com. Therefore, please refer to the privacy and cookie policies of Szallas.hu (www.szallas.hu) and Booking.com (www.booking.com), which are also applicable in our case. The continuous evolution of technology, changes in our services, or legal environment may require modifications to our data protection notice. Hence, we reserve the right to amend this privacy statement at any time, and we encourage you to check it regularly for updates.

Definitions

  • Personal data: Any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Data processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Data subject's consent: Any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
  • Data controller: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
  • Data processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • Recipient: A natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
  • Third party: A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
  • Personal data breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
  • Profiling: Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
  • Restriction of processing: The marking of stored personal data with the aim of limiting their processing in the future.
  • Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Controller Responsible for Data Processing

According to Article 4(7) of the GDPR, the controller is: Dr. Balázs Kollár, Szabadság utca 58/A, 7400 Kaposvár, Hungary. Phone: +36 30 5727558.

Data Protection Officer: None

Purpose of Planned Data Processing and Legal Basis for Processing:

a) Purpose:

  • Performance of the contract or enforcement of the controller's legitimate claim if the controller has a monetary claim against the data subject. The name and address data are necessary for issuing the document to be issued by the controller. The telephone number/email is required for the controller to notify the data subject regarding the performance of the contract.

b) Legal basis:

  • The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • The processing is necessary for the purposes of the legitimate interests pursued by the controller.
  • The processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Regarding the email address and telephone number, the data subject declares that he/she gives consent to the processing of his/her personal data for the above purposes.

With respect to the data for which consent has been given, the data subject is entitled to withdraw consent at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Recipients of Personal Data:

  • Accountant (for ongoing accounting services provided to the controller)
  • Lawyer (in case the controller represents the data subject in legal proceedings)
  • Booking.com and Szallas.hu accommodation service providers (during the term of the contractual relationship)

The controller does not transfer personal data to third countries or international organizations.

Storage Period of Personal Data, or Criteria Used to Determine the Storage Period:

  • Throughout the duration of the contractual relationship.
  • In case of establishment of a contractual relationship:
    • Upon termination of the contract, all data except name and address are deleted immediately.
    • In case of termination of the contract but with outstanding obligations towards the controller, name and address data are retained until the end of the fifth year from the due date of the last payment obligation towards the controller.
    • If the contract is terminated and a document is issued by the controller, name and address data are deleted on the day following the expiry of the retention period prescribed by law.

The longer of these two storage periods is applicable.

Your Rights

Regarding your personal data, you have the following rights:

8.1 General Rights: You have the right to receive information about your data, correct them, delete them, restrict their processing, object to their processing, and receive them in a portable format. If the processing is based on your consent, you have the right to withdraw your consent for the future.

8.2 Rights in Case of Processing Based on Legitimate Interests: Under Article 21(1) of the GDPR, you have the right to object at any time to processing of personal data concerning you which is based on Article 6(1)(e) (public interest) or (f) (legitimate interests) of the GDPR, including profiling based on those provisions. If you object, we will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

8.3 Rights Related to Direct Marketing: If we process your personal data for direct marketing purposes, you have the right under Article 21(2) of the GDPR to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for such purposes.

8.4 Right to Lodge a Complaint with a Supervisory Authority: You have the right to lodge a complaint with a supervisory authority concerning the processing of your personal data by us.

National Authority for Data Protection and Freedom of Information: Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/c. Mailing address: 1530 Budapest, Pf.: 5. Email: ugyfelszolgalat@naih.hu Phone: +36 (1) 391-1400 Website: https://naih.hu

Collection of Personal Data During Visit to Our Website

If you visit the website for informational purposes, i.e., if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. When you visit our website, we collect data necessary to display the website, ensure its stability and security. We only use this reference information in suspected cases of booking-related abuse to identify the responsible person. The legal basis for this is Article 6(1) of the GDPR.

Contacting Us by Email or Contact Form

When you contact us via email or contact form, we store the data you provide (your email address, possibly your name and phone number) to answer your questions. If our contact form requests information that is not necessary for contacting you, we always mark these as "optional." We process this data based on your consent to verify your interest and improve the processing of your request. We explicitly obtain this data voluntarily and with your consent - Article 6(1)(a) of the GDPR. If this involves communication channel data (such as your email address or phone number), you also consent to us contacting you via that communication channel if necessary to respond to your inquiry. Of course, you can withdraw this consent for the future at any time.

We delete the data collected in connection with this once it is no longer needed for storage, or restrict its processing if laws require retention.

Data Transfer

As a general rule, we do not transfer your data to third parties unless required by law, or if data transfer is necessary to fulfill contractual obligations, or if you have given explicit consent for such transfer.

External service providers and partner companies, such as suppliers handling online payments, will only receive your data if necessary for processing your order. In such cases, however, we transmit the minimum amount of data necessary. We ensure that when our service providers come into contact with your personal data, this is done in accordance with data protection regulations, as required under Article 28 of the GDPR for order processing. Please also consider the data protection policies of the respective service provider. While we reasonably verify whether the services comply with legal requirements, the content of services provided by third parties remains the responsibility of the respective provider.

We emphasize that your data is processed within the EU/EEA. However, we may use providers who process data outside the EU/EEA. In such cases, we ensure that the recipient implements appropriate data protection measures before transferring your personal data. This means achieving the desired level of data protection either through the EU's standard contractual clauses or through measures deemed equivalent to EU standards.

Data Security

We have implemented extensive technical and operational security measures to protect your data from accidental or intentional manipulation, loss, destruction, or unauthorized access by third parties. We regularly review and update our security measures to keep pace with technological developments.

Last Updated: May 2024