Privacy Policy

PRIVACY POLICY

Please read this Privacy Policy carefully to understand how we process your personal data and what rights you have regarding data processing.

Introduction

Pursuant to Article 13 of the General Data Protection Regulation (EU) 2016/679 of the European Union (hereinafter: GDPR) and § 20 (4) of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: Infotv.), Pápai és Társa Kft., as the data controller (hereinafter: Controller), provides the following information on the processing of personal data in the context of exercising its powers and responsibilities as defined by law, with regard to Nature Spring Deluxe Apartments.

---

 

I. Data Processing Related to Website Use

 

1. Name of the Data Controller

Pápai és Társa Kft.

Mailing address: 7275 Igal, Ady Endre utca 5.

Phone: +36 30 9563 802

E-mail: papaitsa66@gmail.com

1.1. Name of the Hosting Service Provider

Webglobe, s.r.o.

Mailing address: Vinohradská 190/2405, Praha 3 – Vinohrady

Phone: +420 603 111 111

E-mail: info@webglobe.com

2. Legal Basis for Data Processing

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: GDPR)
• Act CVIII of 2001 on certain issues of electronic commerce services and information society services
• Act C of 2003 on electronic communications
• Act XLVII of 2008 on the prohibition of unfair commercial practices towards consumers
• Act XLVIII of 2008 on the basic conditions and certain restrictions of economic advertising
• Act CXII of 2011 on the right to informational self-determination and freedom of information

3. Scope and Legal Basis of Processed Data

3.1. Purpose of Data Processing

The purpose is to respond to inquiries received through the quote request form on the website, to identify the inquirers, and to respond to messages sent through the contact form on the contact page, as well as to identify the senders of the messages.

3.2. Legal Basis for Data Processing

Article 6 (1) (a) of the GDPR: the data subject has given consent to the processing of his or her personal data for one or more specific purposes. The data processed are: name and email address.

3.3. Scope of Data Subjects

Individuals who request a quote through the website or send a message via the contact form.

3.4. Duration of Data Processing

Until the finalization of the quote, but for a maximum of 90 days.

4. Use of Cookies

Cookies are small data files that are placed on your computer when you visit a website. They are created, saved, and stored by the websites you visit. Most commonly used browsers (Chrome, Firefox, etc.) – by default – accept and allow the download and use of cookies, but users have the option to refuse or disable them by modifying their browser settings. Cookies stored on the computer can also be deleted. More detailed information on the use of cookies is provided in the “Help” menu of each browser.

We primarily distinguish two types of cookies. One group includes those that do not require user consent. We provide information about these when you first start visiting our website. Examples include “user input” cookies, authentication cookies, user-centric security cookies, multimedia player session cookies, load-balancing session cookies, and user interface customization cookies.¹

 

The other group includes cookies that re²quire user consent. We inform users about these and request their consent when the data processing begins upon visiting the site. Such cookies include, for example, social content sharing tracking cookies, external advertising cookies, and our own visit analysis cookies.

 

Accepting cookies is not mandatory. However, we inform users that the lack of cookie permission may affect the functionality of the website, and therefore, we do not take responsibility in cases where our website may not function as expected due to the lack of cookie permission.

4.1. Cookies Used

Type	Name	Consent	Description	Purpose	Validity
Session Cookies	Essential cookies for providing the service	Not required	These cookies are necessary to enable users to use the website.	To ensure the operation of the website.	Until the Browse session is closed.
Functional Cookies	Cookies that store previous settings	Required	Saving data entered during login (“Keep me logged in”), or accepting the use of cookies (“I accept the use of cookies”).	Remembering user settings.	Depends on the setting, but a maximum of 2 years.
Tracking cookies for visit analysis (third-party)	Google Analytics (_gat and _ga)	Required	Collect information about the use of the site and user activity.	Connects to the services of third parties (e.g., Google) during a website visit.	2 years
External cookies for behavioral advertising (third-party)	Google Remarketing, Facebook Pixel, Google Conversion Tracking	Required	Behavioral advertising.	Behavioral advertising that increases the effectiveness of ads.	180 days

You can find detailed information about third-party cookies at the following links:

• Google Analytics – https://policies.google.com/technologies/types?hl=en
• Google Remarketing – https://policies.google.com/technologies/types?hl=en
• Facebook Pixel – https://www.facebook.com/policies/cookies/
• Google Conversion Tracking – https://policies.google.com/technologies/types?hl=en

5. Technical and Organizational Measures Related to Data Processing

The Controller ensures and facilitates the exercise of the rights of the data subject in connection with data processing, with particular regard to the right to information and objection.

The Controller undertakes to formulate guarantees in its data protection policy that ensure the protection of the rights of data subjects.

The Controller undertakes to prepare employee information related to data processing as carefully as possible to protect the rights and freedoms of data subjects.

The Controller organizes training for employees to ensure they are familiar with their data processing obligations and are prepared regarding the rights of data subjects.

6. Rights of Customers (Data Subjects) Regarding the Processing of Personal Data

If the Controller processes data about you, you have the following rights based on the GDPR:

• Right of access – to access your processed personal data, to be informed about the purpose of data processing, the scope of the processed data, their planned storage period, and the persons with whom the personal data have been or will be shared (Articles 13-15 GDPR).
• Right to rectification – to request the correction of inaccurate data and the completion of incomplete data regarding your processed personal data (Article 16 GDPR).
• Right to erasure – to have your processed personal data deleted or “forgotten” under certain conditions (Article 17 GDPR).
• Right to restriction of processing – to restrict the processing of your personal data if certain conditions are met (Article 18 GDPR).
• Right to data portability – to receive your processed personal data in a structured, commonly used, and machine-readable format and to transmit them to another controller without hindrance (Article 20 GDPR).
• Right to object to processing – to object to the processing of your personal data and to automated data processing and profiling (Article 21 GDPR).
• Right to a remedy – to seek a legal remedy with the competent supervisory authority or the competent court to protect your rights regarding the processing of your personal data.

6.1. Right of Access

Pursuant to Articles 13-15 of the GDPR, the Controller is obliged to inform you whether your personal data is being processed. If so, you are also entitled to receive information about the following:

• The purpose and legal basis of the data processing, and the legal consequences if data processing does not occur.
• The categories of personal data.
• The recipients or categories of recipients with whom the personal data have been or will be shared.
• The (planned) duration of the storage of personal data.
• The enforceable rights of data subjects.
• The possibility to lodge a complaint with the supervisory authority.
• If the source of the personal data is not you, all available information about the source of the data.
• Information on automated decision-making and profiling.
• In the case of transferring personal data to a third country, the appropriate safeguards.

6.2. Right to Rectification

As a data subject, you have the right to have your inaccurate personal data processed by the Controller rectified at your request, or to request the completion of your incomplete personal data, taking into account the purpose of the data processing.

6.3. Right to Erasure

As a data subject, you have the right to request the erasure of your personal data processed by the Controller under certain conditions.

The circumstances justifying erasure may be as follows:

• The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.³

   

• You withdraw your consent on which the processing is based, and there is no other legal ground for the processing.⁴

   

• You object to the processing, and there are no overriding legitimate grounds ⁵for the processing.

   

• The personal data have been processed unlawfully.
• The personal data must be erased for compliance with a legal obligation to which the Controller is subject.

6.4. Right to Restriction of Processing

As a data subject, you have the right, under certain conditions, to restrict the processing of your personal data processed by the Controller.

The circumstances justifying restriction may be as follows:

• You contest the accuracy of the data; in this case, the restriction applies for a period enabling the Controller to verify the accuracy of the personal data.
• The processing is unlawful, but you oppose the erasure of the data and request the restriction of their use instead.
• The Controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise, or defense of legal claims.
• You have objected to the processing; in this case, the restriction applies for a period pending the verification of whether the legitimate grounds of the Controller override your legitimate grounds.

  If the personal data are subject to restriction, such data, with the exception of storage, may only be processed with your consent. Furthermore, these personal data may be processed for the establishment, exercise, or defense of legal claims, for the protection of the rights of another natural person, or for reasons of important public interest of the Union or a Member State.

6.5. Right to Data Portability

As a data subject, you have the right to receive your personal data processed by the Controller in a structured, commonly used, and machine-readable format and to transmit them to another controller without hindrance – provided that the processing of the personal data or the category of personal data is based on your consent.

Please note that the right to data portability can only be exercised to a limited extent, given that in most cases, personal data are processed for the exercise of public authority.

6.6. Right to Object to Data Processing

As a data subject, you have the right, under certain conditions, to object to the data processing carried out by the Controller.

Objection is possible if the data processing is based on your consent and the processing or transfer of your personal data is exclusively necessary for the fulfillment of a legal obligation of the Controller or for the enforcement of the legitimate interests of the Controller, the data recipient, or a third party.

Please note that in most cases, the Controller processes personal data for the exercise of public authority. Based on this, in these cases, you as the data subject do not have the right to object, or only have it to a limited extent!

In the event of an objection, the Controller may no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or which are related to the establishment, exercise, or defense of legal claims.

6.7. Legal Remedies

Lodging a Complaint with the Supervisory Authority

The supervisory authority tasks in Hungary are performed by the National Authority for Data Protection and Freedom of Information (hereinafter: NAIH). Any citizen can lodge a complaint with the NAIH regarding the processing of their personal data.

NAIH contact details:

National Authority for Data Protection and Freedom of Information

Mailing address: 1530 Budapest, Pf. 5.

Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.

Phone: +36-1-391-1400

Fax: +36-1-391-1410

Website: http://www.naih.hu

E-mail: ugyfelszolgalat@naih.hu

Judicial Remedy

In the event of a violation of your rights regarding the processing of your personal data or an immediate danger thereof, you can turn to a court to enforce your rights. The court will act on the case without delay. You can initiate the lawsuit at the competent court according to your place of residence or stay.

7. Submitting Notifications, Requests, and Complaints

If you require any information, have questions, or wish to make a complaint regarding the processing of your personal data, you can send your request to the following addresses:

By mail: 7275 Igal, Ady Endre utca 5.

By email: papaitsa66@gmail.com

We will send our responses without delay, but no later than 30 days, to the address you provided.

8. Information on Data Breaches

A data breach is “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed” (Article 4, point 12 GDPR).

In the event of a data breach, if it is likely to result in a high risk to your rights, the Controller shall communicate the personal data breach to you without undue delay.

During this communication, the Controller will describe the name and contact details of the data protection officer or other contact point to get more information, the likely consequences of the data breach, and the measures taken or planned by the Controller to address the data breach, including, where appropriate, measures to mitigate its possible adverse effects.