EN
Booking

Privacy Policy

Privacy Policy of Mercure Tokaj Center****superior

Personal data of natural persons collected during actions in relations to Tokaj Hotel Ltd. is processed in compliance with Regulation 2016/679 (hereby referred to as GDPR) of the European Parliament and Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC and with Act CXII of 2011 on the right to informational self-determination and on the freedom of information (hereby referred to as Info law).

The publisher of this Privacy Policy Manual is also the manager of data. The processing of data is done by our colleagues. Data can only be accessed by those employees of Tokaj Hotel Ltd. to whose work such access is essential. Right to access personal data is regulated by internal rules. 

Identity and contact details of the controller (GDPR Article 13. 1/a):

Protection officer (GDPR Article 13. 1/b):

Access to judicial remedy

If the data subject considers that the processing of personal data relating to him or her infringes this Regulation, they have the right to lodge a complaint to the Hungarian National Authority for Data Protection and Freedom of Information. Right to lodge a complaint with a supervisory authority (GDPR Article 77). Right to an effective judicial remedy against a supervisory authority (GDPR Article 78).

Contact information of the Hungarian National Authority for Data Protection and Freedom of Information:

Data of website visitors

Direct marketing (newsletter)

Requesting offers

Deadline for deleting data

Direct reservation

Deadline for deleting data

Reservation through intermediaries

Deadline for deleting data

Exceptions:

Regular Guest program

The data will be deleted if the data subject revokes consent

Providing an invoice

Data will be deleted in compliance with 169§ act C. of 2000 on accounting, within 8 years

Newsletter

Data processing and registration forms

Credit card details

CCTV system

Records of complaints

Use of the central safe

Data will be deleted upon the termination of the contract, on the use of the central safe, with the subject.

Based on Article 79 of the GDPR, on right to an effective judicial remedy against a controller or processor, the data subject shall have the right to an effective judicial remedy where he or she considers that his or her rights under this Regulation have been infringed as a result of the processing of his or her personal data in non-compliance with this Regulation.

Relevant court with necessary jurisdiction:

Scope of processed data of the data subjects:

Purpose and legality of processing data

The processor processes data of the data subjects for the purposes of making reservation, both online and in person, use of the hotel’s services, maintaining contact, and for the legal duties and obligations of the processor, especially those relating to taxation and accounting.

The legality of data processing is based on the voluntary consent of a previously, and properly informed data subject.

While using the hotel and by providing personal data, the data subject declares that he or she has read the version of the hotel’s Privacy Policy which was relevant at the time when the data was provided and voluntarily agrees to the processing of the personal data provided. The data subject can only provide personal data in accordance with the relevant legislations, and must guarantee that he or she has consented to providing the data.

The processor will record the IP address of the data subject, when entering the website, in relation to providing services, with regard to the rightful needs of the processor, and for the purpose of providing a service in accordance with the law, without the expressed consent of the data subject.

Duration of data processing

Based on 169§, paragraph (1), of act C. of 2000 on accounting. In accordance with the law the business is obligated to preserve, in a readable form, the report of the business year, business reports, the inventory supporting said reports, the evaluation, the trial balance sheet, and the cash book, or any other records for at least 8 years.

(2) Financial documents, which directly or indirectly, support accounting (including general ledger accounts, both analytical and detailed accounts) must be preserved, in a readable form, for at least 8 years, based on the citation of accounting records, in a retrievable way.

In accordance with act CL. of 2017 on taxation, 78§, paragraph (1), documents mentioned in 77§, paragraph (1), must be protected by the tax payer at a place previously declared to the revenue services.

(2) For the duration of processing or accounting the documents can be moved to another location, however, upon request, they must be presented to the revenue services within three workdays.

(3) The tax payer is obligated to preserve the documents, regardless of the method of registration, until the right to determine taxes prescribe. In the case of postponed taxes, the documents must be preserved for five years after the last day of the calendar year of the due date of the postponed tax.

(4) The employer (payer) must preserves the warrants, on which the tax, determined by them, and the advance tax are based, until the deadline established in paragraph (3).

77§ (1) The warrant, book, and record – including data and information stored on data mediums - mentioned in the legislation, have to be issued and recorded in a way, which would make it possible to determine and control, the basis of the tax, the amount of the tax, the tax exemptions, tax cuts, the basis and amount of budgetary contribution, their payment and the use.

The consent of the data subject:

The personal data of the data subject is processed based on the contribution of the data subject. Consent can be given:

Personal data is processed with the consent of the data subject and in accordance with contract between the parties, and with the duties and obligations of the processor derived from legislation.

Consent is given on a voluntary basis, and the subject has the right to revoke his or her consent, at any time by sending a unilateral declaration addressed to the processor.

Data, which the processor must process, due to their obligations derived from legislation, will continued to be process, following the declaration of the subject, in compliance with legislations.

The addressee of personal data

The processor may transmit the personal data of the subject to government organs, and to the revenue service, in accordance with their legal obligations.

The rights of the data subject

The subject vis-à-vis his or her personal data processed by the processor, or a person processing the data based on the request of the processor, has the right to:

 Receive information in regards to facts relating to data processing before the processing starts (right to preliminary orientation).

Request that his or her personal data, and information relating to its processing, be provided to them by the processor (right to access). The processor has to inform the subject of the actions taken as consequence of the request, without undue delay, within one month of receiving the request. If it is necessary, considering the complexity of the request and the number of requests, this deadline can be extended by two months. The processor has to notify the subject of the delay, and of the reasons for the delay, within one month of receiving their request. If the request was sent in a digital format, the processor should also send their response in the same manner, except if the subject request otherwise.

Request that the processor correct their personal data, or supplement it with additional information (right to correction). This also applies to cases mentioned later in this chapter. In order to validate the right to correction, the processor, or a person processing the data based on the request of the processor, has to – without delay – correct, specify or if compatible with the goal of processing data, supplements processed data, with additional personal data provided to them by the data subject or with a declaration of the subject connected to personal data, if the data processed is inaccurate or imperfect.

Request, that the processor, limit the processing of their personal data (right to limit processing data). This also applies to cases mentioned later in this chapter.

Request that their personal data be deleted by the processor (right to delete data). This can also happen in specified cases.

The processor will delete the information of the subject without delay if:

The processor will not delete the data if it is needed for one of the following reasons:

The subject has the right to request the processor to limit the processing of data if one of the following cases occur:

The subject has the right to protest against the processing of their personal data based on GDPR Article 6, section 1, points e) and f), including profiling based on said regulations, at any time based on reasons derived from his or her personal situation. In this case the processor cannot continue the processing of the data, except when the processing of data is supported by such coercive legitimate reasons which take precedence over the interests, rights and liberties of the subject, or reasons that are connected to the pleading, proving or protecting of legal claims. (right to protest)

Extent of the Privacy Policy

This Privacy Policy on April 1st 2022. The processor has the right to independently modify this privacy policy, at any time.

Newsletter

For special offers and unique discounts subscribe to our newsletter!