Data Management and Privacy Policy

Data controller: Instant Hotel Limited Liability Company.
Contact: 9021 Győr, Árpád út 11., nestgyor@gmail.com, +36 70 8823210
Instant Hotel Limited Liability Company (hereinafter referred to as Instant Hotel Kft.) Considers its customers, guests, partners and customers extremely important, respect for and enforcement of the rights of its employees and any other data subject.

Instant Hotel Kft., Regulation 2016/679 of the European Parliament and of the Council (GDPR) on the protection of natural persons with regard to the processing of personal data and the free movement of such data, and Act CXII of 2011 on the processing of personal data of data subjects. Act (Infotv.) on the right to information self-determination and freedom of information (hereinafter: “Infotv.”).

I. Introduction

Purpose of the Regulation

The purpose of the Data Management and Data Protection Protection Regulations (hereinafter: the Regulations) is to regulate in a uniform, comprehensible and transparent manner that the business and service procedures of Instant Hotel Kft. Instant Hotel Kft. Attaches great importance to the observance of the legal regulations related to data protection, therefore it has created the present Internal Regulations, which ensure the observance and observance of the legal provisions of data management and data protection, and provide users with information on

– the scope of the data processed, – the method of processing,
– the purpose of the processing,
– the legal basis of the processing

– other issues related to data management and data protection.

Accordingly, in these Regulations, it develops its internal business data management and data protection program for all its employees and representatives, in which the data controller is to be understood as Instant Hotel Kft.

Scope of the Regulation

The scope of the Regulation covers the processing of personal data concerning a natural person by Instant Hotel Kft.

An individual entrepreneur client, partner or agent shall be considered a natural person for the purposes of these Regulations.

II. Concept definitions

2.1. data subject:
the person who is or can be identified as a natural person on the basis of the processing; user: the user using the web interface

2.2. personal data:
any information relating to an identified or identifiable natural person (“data subject”); identifiable natural person who, directly or indirectly, in particular the holder of an identifier, such as name, number, location data, online identifier Contact details published on a company website do not constitute personal data.

2.3. (
a) racial or ethnic origin, membership of a national or ethnic minority, political opinion or party affiliation, religion or belief, membership of a representative organization,
(b) genetic and biometric data data, personal data relating to the sexual life or sexual orientation of natural persons and pathological passions, and
“genetic data” means any personal data relating to the genetic characteristics of a natural person which are inherited or acquired and which contain specific information on that person’s physiology or state of health, and resulting primarily from the analysis of a biological sample taken from said natural person;
“Biometric data” means any personal data obtained by specific technical procedures relating to the physical, physiological or behavioral characteristics of a natural person, which allow or confirm the unique identification of the natural person, such as facial image or dactyloscopic data;
“Health data” means personal data concerning the physical or mental state of health of a natural person, including data relating to health services provided to a natural person, which contain information on the state of health of a natural person;
(c) “criminal personal data” shall mean personal data obtained during or before criminal proceedings in connection with a criminal offense or criminal proceedings, with the authorities responsible for conducting or detecting criminal offenses and with the organization of enforcement, relating to the data subject; ;

2.4. public interest data:
information or knowledge in the management of a body or person performing a state or local government task or other public task specified by law and recorded in any way or form that does not fall within the concept of personal data, regardless of how it is handled, independently or its collectible nature;

2.5. public data in the public interest :
all data not covered by the concept of data of public interest, the disclosure or making available of which is required by law in the public interest;

2.6. consent:
a voluntary, specific and duly informed and clear statement of the will of the data subject, by which he or she indicates his or her consent to the processing of personal data concerning him or her by means of a statement or an act which unequivocally expresses the confirmation;

2.7. protest:
a statement by the data subject objecting to the processing of his or her personal data and requesting the termination of the processing or the deletion of the processed data; In this case, the controller may not further process the personal data unless the controller demonstrates that the processing is justified by overriding legitimate reasons which take precedence over the interests, rights and freedoms of the data subject or which are necessary to bring, assert or defend legal claims. linked

2.8. data controller:
a natural or legal person or an organization without legal personality who, either alone or together with others, determines the purpose of data processing, makes and implements decisions on data processing (including the means used), or with a data processor entrusted by him enforce;

2.9. data management:
any operation or set of operations on data, irrespective of the procedure used, such as collecting, recording, recording, organizing, storing, altering, using, transmitting, disclosing, reconciling or linking, blocking, deleting and destroying data, and prevent further use. Data management also includes the taking of photographs, sound or images, as well as the recording of physical characteristics (eg fingerprints or palm prints, DNA samples, irises) that can be used to identify a person;

2:10. data transfer:
when the data is made available to a specific third party;

2:11. disclosure:
if the data is made available to anyone;

2:12. data erasure:
making data unrecognizable in such a way that it is no longer possible to recover it;

2:13. ” data blocking” means making
the transmission, access, disclosure, modification, alteration, destruction, erasure, interconnection or coordination and use of data permanently or for a specified period of time impossible;

2.14. data destruction:
the complete physical destruction of data or of the media containing them;

2.15. data processing:
the performance of technical tasks related to data management operations, regardless of the method and means used to perform the operations and the place of application;

2:16. data processor: a natural or legal person or an organization without legal personality who processes
personal data on behalf of the controller;

2.17. personal data filing system (filing system):
any structured, functionally or geographically centralized, decentralized or dispersed file of personal data which is accessible according to defined criteria;

2.18. data file:
the totality of data managed in a register system;

2.19. “third party” means
any natural or legal person, or any entity without legal personality, other than the data subject, the controller or the processor;

2:20. EEA State: a Member State of
the European Union and another State party to the Agreement on the European Economic Area, as well as the State of which the European Community and its Member States are nationals, and

Has the same status as a national of a State party to the Agreement on the European Economic Area under an international agreement concluded between a State not party to the Agreement on the European Economic Area;

2.21. third country:
any state that is not an EEA state

III. Authorization for data management

Data management purposes: Our
company handles data management in accordance with the law for the following purposes:
• we process the data of our service users in connection with our activities, the sale of accommodation as a service, for the purpose of preparing and fulfilling the contract and our legal obligations;
• marketing activities for potential customers and guests;
• managing the contact details of contractual partners for the performance of the contract; • fulfilling the orders of customers and guests; management of contact and intermediary data;
• processing the data of job applicants for the purpose of establishing an employment relationship;
• processing of employees’ data for the purpose of a legal obligation, an obligation arising from an employment relationship;
• in order to fulfill an obligation specified by law;
• to comply with sectoral legislation.

The processing of personal data is lawful only if and to the extent that at least one of the following legal bases, as defined in Article 6 of the GDPR, is met:

(a) the data subject has consented to the processing of his or her personal data for one or more specific purposes;

(b) the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to the conclusion of the contract;

(c) processing is necessary for compliance with a legal obligation to which the controller is subject;

(d) the processing is necessary in order to protect the vital interests of the data subject or of another natural person;

(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(f) processing is necessary for the protection of the legitimate interests of the controller or of a third party, unless those interests take precedence over the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the child is a child.

ARC. Rights of the data subject

The data subject shall have the following rights in relation to his data: (
a) the right of access;
(b) if a data is out of date or incorrect, its correction;
(c) deletion (in the case of consent-based or unlawful data processing); (d) restrictions on the processing of data;

(e) prohibit the use of personal data for direct marketing purposes;
(f) transfer or prohibit the transfer of personal data to a third party service provider;
(g) request a copy of any personal data processed by the controller; or
(h) protest against the use of personal data.

A. Data management on the website

5.1. Instant Hotel Kft. Informs the user about the data management by describing these data management regulations.

5.2. It is possible to register on the website. The registration is always voluntary, the data provided during the registration is handled by Instant Hotel Kft. With the voluntary consent of the user.
By accepting these Regulations and registering on the site, the user agrees that Instant Hotel Kft. Handles the data provided and communicated by the user in accordance with the applicable legislation and the provisions of these regulations.

5.3. The primary purpose of registration is for the user to have access to information related to the website related to Instant Hotel Kft., The products and services of Instant Hotel Kft. (Hereinafter: information related to the website) with a wider range of rights than unregistered users.

5.4. During registration, the user consents to Instant Hotel Kft. Establishing contact with the user at the contact details provided by the user as follows: Instant Hotel Kft. Is entitled to inform the user about the services and products of Instant Hotel Kft. At the contact details provided by the user.

5.5. Instant Hotel Kft. Is entitled to examine, analyze and analyze the users’ data for the purpose of market research aimed at getting to know the habits and interests of the users. The basis of the market research of Instant Hotel Kft. In this field is only the data voluntarily provided by the user.

5.6. The user acknowledges that Instant Hotel Kft. May be obliged to release the data specified in the law to third parties in the cases specified in the law and in the scope of fulfillment of the legal and legal obligations in force at any time. Instant Hotel Kft. Reserves the right to release the data provided by the user to any third party in order to comply with the provisions of the law.

5.7. During the registration, certain data must be provided, which are essential for the use of the service, as without them the registration cannot take place successfully. This information is required to contact the user. Mandatory and other data are provided on a voluntary basis, in each case as a result of a decision at the user’s discretion. The data management of Instant Hotel Kft. Included in these regulations covers all data provided by the user.

5.8. By entering the telephone number, the user agrees to receive information about the information related to the website in the form of an SMS or a telephone call. Instant Hotel Kft. Is entitled to use the user’s telephone number in accordance with these regulations.

5.9. Persons under the age of 16 can only declare registration through their legal representative (parent, guardian, etc.). Written documentation containing the authorization to provide personal data to the customer service of Instant Hotel Kft. (9021 Győr, Árpád út 11., nestgyor@gmail.com, +36 70 8823210) please send. Instant Hotel Kft. Informs the user that Instant Hotel Kft. Is not obliged to check the age of the user in all cases. If a user under the age of 16 registers, Instant Hotel Kft. Does not / cannot take responsibility for the lack of written consent of the legal representative.

5:10. The rules governing the use of cookies used on the website are set out in Section 1 of these Rules. is attached.

5:11. Modification of data and withdrawal of treatment

At any time after registration, the user is entitled to change the data provided in writing by e-mail (by e-mail to nestgyor@gmail.com) or by telephone (with a message to +36 70 8823210). , change or cancel the registration and request the destruction of the processed data. Instant Hotel Kft. Shall immediately take care of the modification, alteration or destruction of the data managed by it upon receipt of the amendment / cancellation statement sent to it in writing.

VI. Continuity of data management prior to the entry into force of the GDPR

If Act CXII of 2011 on the right to information self-determination and freedom of information. Act (Infotv.) we have processed personal data lawfully, so we will continue to process them lawfully even after the entry into force of the GDPR.

With regard to data management, the data subject is entitled to the rights set out in point.

The data subject, if we process your data with his or her consent, at any time in writing by e-mail (by e-mail to nestgyor@gmail.com) or by telephone (with an oral message to +36 70 8823210) has the right to modify, change or cancel the registration and to request the destruction of the processed data. Instant Hotel Kft. Will immediately take care of the modification, alteration or destruction of the data managed by it upon receipt of the amendment / cancellation statement sent to it in writing.

VII. Data management related to the use of the services of the data controller and the purchase of its products

Instant Hotel Kft. Is entitled to manage the data of its guests (buyers of its products), users of its services, as well as their contacts, intermediaries (stakeholders) as follows:
• data necessary for contact (name, telephone number, e-mail address) for the purpose of fulfilling the contract

• data specified by law in order to fulfill a legal obligation (eg in the case of adult education, billing data, etc.)

With regard to data management, the data subject is entitled to with the exception of the right of cancellation.
Time of data management: unless otherwise provided by law, 5 full calendar years from the termination of the contract, 8 consecutive business years for billing data.

VIII. Management of the data controller’s supplier and contact data

Instant Hotel Kft. Is entitled to handle the data of its suppliers and their contact persons (stakeholders) with the data necessary for contact (name, telephone number, e-mail address) in order to fulfill the contract.
With regard to data management, the data subject is entitled to with the exception of the right of cancellation.

Time of data management: unless otherwise provided by law, 5 full calendar years from the termination of the contract, 8 consecutive business years for billing data.

IX. Management of the data of job applicants by the data controller as an employer:

Instant Hotel Kft. Handles the personal data of job applicants from the time of applying for the job.
Personal data processed: The
employer only needs to know personal data that is relevant to the given job (eg education, internship, …) in order to create a contract.

Personal data not requested by the Employer and provided by the job applicant (eg in the CV) on the basis of consent.
With regard to data management, the data subject is entitled to the rights set out in point.
The right of cancellation applies to the data processed in accordance with his / her consent.

Time of data management: until the conclusion of an employment contract or, in case of unsuccessful application, up to 1 calendar year from the filling of the position.

X. Management of employee data by the data controller as an employer:

Instant Hotel Kft. Manages its employee data according to separate regulations.

XI. data transmission

There is no data transfer outside the EEA.
Data is transferred to the data controller for the persons collecting the data necessary for the accounting, payroll accounting and other official reports.

XII. Data protection

Data protection requests: if you have any requests or questions regarding data management, you can send your request by post to the address of the data controller (9021 Győr, Árpád út 11.). We will send our answers without delay, but no later than within 30 (thirty) days to the address specified by you.

Privacy Incident:
A breach of data security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access to personal information processed.

The data controller ensures data security commensurate with the degree of risk associated with data management, from a physical, IT and organizational-administrative point of view. The procedures are defined in the data controller ‘s data security policy.

In the event of a breach of data security, the controller or his representative shall notify the supervisory authority without delay, but no later than 72 hours after becoming aware of it, and shall also inform the data subject.

Employee of the data controller in data protection matters: Andrea Székely-Limpek
limpek8@gmail.com
06-70 / 232-19-71

Immediately after becoming aware of the data protection incident, the data controller shall take the necessary security measures in order to eliminate and restore the damage that gave rise to the data protection incident, in order to ensure business continuity.

The data subject will be notified of the measures taken and their results.

Instant Hotel Kft. Takes all technical and organizational measures expected of it in order to protect the user’s data, which ensures that unauthorized third parties do not unlawfully handle the user’s data.
However, Instant Hotel Kft. Does not take responsibility in case of illegal hacking of its database. If the user enters a password, Instant Hotel Kft. Is not responsible for keeping the password secret, this is the user’s responsibility. If the data provided by the user has been transferred to a third party, Instant Hotel Kft. Shall call this third party to fulfill the above obligations.

XIII. INSTANT HOTEL KFT. exclusion of liability

If Instant Hotel Kft. Becomes aware that the user provides personal data of another person during registration in violation of these regulations, the rights of a third party, or otherwise in violation of the law, publicly available or illegally obtained personal or other data or in a manner that violates the law (for example, for direct marketing purposes) or otherwise violates the provisions of these data protection regulations or causes damage in any sense during registration, Instant Hotel Kft. will take the necessary legal measures to compensate for the damage caused and the offender’s legal in order to hold them accountable.

In such cases, Instant Hotel Kft. Will provide all possible assistance to the acting authorities in order to establish the identity of the infringer and to bring him to justice.

XIV. camera Shots

At the headquarters and premises of the data controller, the movement is monitored by an electronic space surveillance system (hereinafter: cameras), during which data containing personal data is processed.
Personal data processed: images.

The camera system is operated by the data controller.
Data subjects: all persons entering the controller’s registered office and premises (employees, guests, customers, contractual partners, third parties).

The purpose of the observation and the recording of the images is the life, physical integrity of the persons residing in the territory of the data controller’s headquarters and premises, as well as the persons owned or used by the data controller or the data controller’s headquarters and premises. protection of property and business secrets and personal data (data on computers at headquarters and premises, business secrets and personal data on paper files, documents and other documents).

In this context, the aim is to detect violations, to find the perpetrator, to prevent these violations and, if necessary, to use them as evidence in court or other official proceedings in connection with them.

The data controller performs the data processing on the basis of a legitimate interest.
The controller carried out a balance of interests and established the following:
• the rights of the data subject: protection of his / her personal rights (pictorial)
• legitimate interest: protection of personal and property detailed for the purpose of data processing
; will be displayed in places:
• at entrances to public spaces
• informing stakeholders by placing these regulations at entrances.

The images are stored on the central recording unit at the headquarters of the Data Controller for 5 working days, after 5 working days the system overwrites the recording.
The monitors for viewing and reviewing the images are placed in such a way that they cannot be seen by anyone other than the data controller during the broadcast of the images.

Surveillance and review of stored images may be monitored only for the purpose of detecting infringements and initiating measures necessary to eliminate them. Images transmitted by the cameras cannot be recorded by any device other than the central recording unit.

Access to stored images can only be done in a secure way and (with a password) so that the data controller can be identified. The review of stored images and the saving of images must be documented. If the reason for entitlement ceases, access to the stored images shall be terminated immediately.

XV. Other

Instant Hotel Kft. Is not entitled to disclose the data provided by the user. If the user voluntarily discloses his / her data, such disclosure is not covered by these regulations.

Instant Hotel Kft. Is not entitled to combine or supplement the user’s data with data in other databases without the user’s prior written consent.

In Hungary, the data protection supervisory authority is the National Data Protection and Freedom of Information Authority (hereinafter: NAIH, address: 1125 Budapest, Szilágyi Erzsébet fasor 22 / C, e-mail address: ugyfelszolgalat@naih.hu). The data subject may submit a complaint to the NAIH if, in his or her opinion, the processing of personal data concerning him or her does not comply with the legal obligations.
A judicial review may be initiated against the decision of the NAIH.

Date of entry into force of these Internal Regulations: June 1, 2019 Győr, June 1, 2019

Dávid Richárd Székely
managing director

INSTANT HOTEL LTD. COOKIE RULES

Instant Hotel Kft. Uses short data files, so-called cookies, on its websites. Cookies are text data files that are stored by your browser on your own hard drive . Their content covers the websites and ads you visit and search for. Cookies do not contain personal information, such as: name, address, e-mail address, etc. Instant Hotel Kft. Declares that it only uses cookies that are absolutely necessary for the use of the given service and Instant Hotel Kft. Does not store the user’s personal data with the cookies.

The purpose of cookies (cookies) is to:
• make the use of the website more convenient
• improve the quality of services
• recognize the username and password you have already entered and help you not have to re-enter
• measure how many customers use each of our services so that we can provide quick and easy to use

There are several types of cookies used by Instant Hotel Kft., There are cookies that are essential for the proper functioning of the website. There are cookies that collect information about the use of the website (statistics) to make the site even more convenient and useful. Some cookies are only temporary and disappear immediately when you close your browser, while there are also permanent versions that stay on your computer for a longer period of time.

Cookies used on the websites of Instant Hotel Kft .:

Essential cookies
These cookies are required for the user to be able to navigate between pages / subpages and access content that is only accessible to registered users.

Functional cookies
These cookies are needed to collect information about the user’s website usage habits (eg which menu items the visitor uses, reads the main page news, subscribes to the newsletter).
Newsletter subscriptions You can also subscribe to
our newsletter on our website, or you can contact us at any time to unsubscribe from the newsletter list.

Google Analytics cookies
We use the information obtained in this way to improve and optimize the operation of our website, making it as user-friendly as possible.
Third-party websites On
this website you will also find links or icons from other websites – e.g. Facebook share button, YouTube video link – that point to that page. These websites, which are independent of us, also use cookies, information about which can be found on the affected pages. Instant Hotel Kft. Does not control the websites of third parties and is not responsible for the content or data management of other external websites.

If you do not accept our cookie policy:

You can control or restrict the use of cookies and similar technologies for advertising and analytics purposes by using the following options:
• Although most browsers and devices accept cookies by default, you can delete or reject cookies through settings . However, if you disable cookies, some features of our websites may not work properly.
• If you do not want Google Analytics to use your data, install the Google Blocker Browser Add-on. To control what data Google can use to target your ads, go to Google’s advertising settings.

Győr, June 1, 2019

Dávid Richárd Székely
managing director