Gift voucher
EN
HU DE
Loyalty program
Booking

Privacy Policy

Adventor Hotel Ltd.

Effective Date: 25 May 2018, last modified

 August 19, 2025

We place great emphasis on the protection of personal data. Therefore, we would like to inform you about the data processing and data processing processes that we apply in connection with our activities and the information we send. In the following, we inform you about what data we record and process and for what purpose, and what we do to protect your data and enforce your rights

1. Introduction

Adventor Hotel Kft. (registered office: 9740 Bük, Golf út 4.; tax number: 27290431-2-18; company registration number: 18-09-1144181) (hereinafter: "Data Controller") acknowledges the content of this Privacy Policy as binding on itself as a Data Controller.

In connection with its activity, the Data Controller processes the personal data of DATA SUBJECTS, partners, customers, visitors to www.adventorhotels.hu, www.fagus.adventorhotels.hu, www.greenfield.adventorhotels.hu and www.sirius.adventorhotels.hu websites, interested parties, job applicants, members, volunteers, supporters, representatives of subcontractors entrusted with tasks and, where applicable, the recipients of the activity (hereinafter: "Data Subjects"). The Data Controller undertakes to ensure that the data processing related to its services provided on the website and in other ways complies with the effective legislation.

Adventor Hotel Kft. respects the rights of the Data Subjects, handles the personal data belonging to them, as well as all data and facts that come to its attention confidentially, and uses them exclusively for the performance of its activities and for the activities set out in the Privacy Policy.

We take appropriate measures to provide the data subject with information about the processing of personal data in a concise, transparent, intelligible and easily accessible form, in a clear and comprehensible manner.

The Data Controller reserves the right to unilaterally amend this Policy. In view of this, it is recommended to regularly visit the www.adventorhotels.hu, www.fagus.adventorhotels.hu, www.greenfield.adventorhotels.hu or www.sirius.adventorhotels.hu websites operated by the Data Controller, where the effective content of the information can be continuously accessed and saved. At the request of the Data Subject, we will send you a copy of the Policy in force at any given time.

The requirements set out in the Privacy Policy are in accordance with the effective legislation on data protection:

Adventor Hotel Ltd.

Headquarters: 9740 Bük, Golf út 4.

Company registration number: 18-09-1144181

Tax number: 27290431-2-18

E-mail: Headquarters: adatvedelem@adventorhotels.hu

            Greenfield  Hotel Golf & Spa: reservation@greenfieldhotel.hu

Fagus Hotel Sopron: reservation@fagushotel.hu

Sirius Hotel: reservation@siriushotel.hu

Villa Via: villavia@adventorhotels.hu

Phone: +36 94 801 600

2. Basic concepts of Data Protection

1)         "personal data" means any information relating to an identified or identifiable natural person; an identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, a number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

2)         "processing" means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

3)         "restriction of processing" means the indication of the personal data stored for the purpose of restricting their future processing;

4)         'pseudonymisation' means the processing of personal data in such a way that, without the use of additional information, it is no longer possible to determine which specific natural person the personal data relates, provided that such additional information is stored separately and it is ensured, by taking technical and organisational measures, that such personal data cannot be linked to identified or identifiable natural persons;

5)         'filing system' means a set of personal data disaggregated in any way, whether centralised, decentralised or disaggregated by functional or geographical criteria, accessible on the basis of specific criteria;

6)         'controller' means the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may be determined by Union or Member State law;

7)         "processor" means the natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;

8)         'third party' means a natural or legal person, public authority, agency or any other body which is not the same as the data subject, controller, processor or persons authorised to process personal data under the direct control of the controller or processor;

9)         "consent of the data subject" means a freely given, specific, well-informed and unambiguous indication of the data subject's wishes by which he or she gives his or her consent to the processing of personal data concerning him or her, by means of a statement or an unambiguous affirmative act;

10)       "personal data breach" means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;

11)       "health data" means personal data relating to the physical or mental health of a natural person, including data relating to the provision of health services to a natural person which contain information about the natural person's state of health;

12)       "Data Processing Policy" means the Data Processing Policy of the Data Controller, which contains the rules, procedures, measures and data processing rules related to employees within the Data Controller's organization.

13)       "guest" means a natural person staying on properties subject to the territorial scope of the Data Management Policy, who is not the same as the employee of the Data Controller.

3. Data protection principles

Personal data:

The controller is responsible for compliance with the above and must be able to demonstrate such compliance ("accountability"). The Data Controller does not collect personal data relating to minors.

4. Detailed rules of data processing

Who has access to the data:

Within the above range of persons, the Data Controller shall take into account in particular the principles of data minimisation, necessity, proportionality, purpose limitation, integrity and confidentiality, and shall only allow access to personal data to the extent necessary and proportionate for the given data processing purpose to persons whose access is essential for the performance of their duties. 

The Data Controller undertakes a strict confidentiality obligation with respect to the personal data it manages without any time limit, and may not disclose them to third parties, contrary to the consent of the Data Subject and the data processing described in this Policy and the mandatory legal provisions.

The employees of the Data Controller, as data processors, undertake in a contract to treat the data entrusted to them, collected, processed and accessed by them confidentially in accordance with the applicable legal and contractual requirements, as well as in accordance with the provisions of this Policy and its Data Management Policy, and not to disclose them to unauthorized third parties.

The withdrawal of consent does not affect the lawfulness of the previous processing.

5. Certain data processing:

 

  1. 4.1. Visiting the Website

Purpose of data processing

By using the website, the Data Subject (the user of the www.adventorhotels.huwww.fagus.adventorhotels.huwww.greenfield.adventorhotels.hu or www.sirius.adventorhotels.hu  website) can obtain information about the services provided by the Data Controller.

Scope of processed data and detailed purposes of data processing

Legal basis of data processing:

The legal basis for the data processing is the legitimate interest of the data controller (GDPR. Article 6(1)(f)).

Duration of data processing

Personal data will be deleted immediately after leaving the website, unless the visitor has accepted any other option than essential cookies in the cookie settings. If the visitor has accepted other options, the time periods indicated in the cookie settings on the website will govern the deletion of personal data.  

  1. 4.2. Data processing related to cookies placed on our website

Purpose of data processing

The services of the Data Controller available on the website of the www.adventorhotels.hu, www.fagus.adventorhotels.hu, www.greenfield.adventorhotels.hu or www.sirius.adventorhotels.hu place  unique identifiers, so-called cookies, on the computers of the Data Subjects (users). These only include the identification of the visitor's current session, the storage of the data provided during the session, the prevention of data loss, and the anonymous analysis of the Data Subject's habits using Google Analytics. Such data may include the visitor's IP address, the time and duration of the visit, the pages visited, the type of browser, the operating system, etc. This data is stored and treated confidentially and is only used for purposes that are permitted or otherwise necessary according to the website visitor's instructions.

The details of the operation and operation of cookies are described in Section 10 of the Policy.

Scope of processed data and detailed purpose of data processing

Legal basis for data processing

The legal basis for data processing is the legitimate interest of the data controller in the case of an essential cookie (Article 6 (1) (f) of the GDPR, and the consent of the Data Subject in the case of optional cookies (functional cookies, in the case of cookies facilitating statistical or marketing purposes) (GDPR. Article 6(1)(a)).

The use of optional cookies can be approved by the visitor by clicking on the "Allow all cookies" button on the homepage of the given website by clicking on the pop-up window appearing on the homepage of the website. By visiting the website of the Data Controller and accepting the cookie, the Data Controller accepts the following terms and conditions, even if the Data Subject is not registered. The user can delete the cookie from his own computer or disable the use of cookies in his browser.

Duration of data processing

The Data Controller retains the personal data until the withdrawal of the Data Subject's consent or, in the absence thereof, for the specified storage periods on the website. Data Subjects may withdraw their consent at any time, request the deletion of their personal data by post by mail to 9740 Bükfürdő, Golf út 4., or electronically  in a message sent to the adatkezeles@adventorhotels.hu e-mail address. In the absence of revocation or in the case of data processing based on legitimate interest, the data will be deleted after each storage period indicated on the website.

  1. 4.3. Contact, fulfilment of requests for information

Purpose of data processing

Data Subjects may contact the Data Controller with questions and requests for information. By storing the data provided, the Data Controller is able to identify the questioner and provide the answer or the information necessary for the data subject.

Scope of processed data and detailed purpose of data processing

Personal data of the Data Subject:

Contact Topic

Contact Us Text

Legal basis for data processing

The legal basis for the processing is the consent of the Data Subject (Article 6(1)(a) of the GDPR).

Duration of data processing

The Data Controller retains the personal data until the withdrawal of the Data Subject's consent. Data Subjects may withdraw their consent and request the deletion of their personal data at any time, by post in a letter sent to 9740 Bükfürdő, Golf út 4., or electronically  in a message sent to adatkezeles@adventorhotels.hu address. In the absence of revocation, the Data Controller will retain the personal data provided for 1 year after the final end of the information exchange and administration with the Data Subject, during which period it took into account quality assurance, statistical, technical parameters and customer habits acquired through experience (repeated inquiries, reopening of cases believed to be closed, etc.), as well as the fact that the requester did not withdraw its consent. 

 

  1. 4.4. Data processing related to the re-use of the data provided in connection with registration

Purpose of data processing

In order to use the services of the Data Controller, the Data Subject must fill in an online or paper-based registration form. When using the individual services, the processed data will be further used, so they can be provided more easily in the future.

Scope of processed data and detailed purposes of data processing

Last name: necessary for identification, communication, performance of a contract

First name: necessary for identification, communication, performance of a contract

Citizenship: necessary for identification and performance of a contract

Eye. ig. number: necessary for identification and performance of a contract

Email address: required for contact

Phone number: required for contact

Full address: required for the performance of the contract

Billing address: required for contract performance

Fulfillment of orders at the request of the Data Subject

Method of payment: necessary for the performance of the contract

Vehicle registration number: required for the performance of the contract

Legal basis for data processing

The legal basis for data processing is the performance of a contract (Article 6(1)(b) of the GDPR) or the fulfilment of a legal obligation (Article 6(1)(c) of the GDPR) if the processing and transfer of data is required by law.

Duration of data processing

After the termination of the relationship with the Data Subject, the data will be deleted after 6:22 years in accordance with Section 6:22 of the Civil Code, unless the limitation period has been interrupted or suspended and there is still an active procedure in progress in respect of the Data Subject. We will keep the data for a longer period of time if it is required by law, for example, if we are obliged to keep the data under Section 169 of Act C of 2000 on Accounting (the "Accounting Act"), the data will be deleted 8 years after the termination of the relationship with the Data Subject. In practice, this is the case if the data are part of the documents supporting the accounts, for example in the documents related to the conclusion of the contract (where applicable, in the contract itself) or on the invoice issued, or in the case of a police report, for the period of expected use in the given case.

  1. 4.5. Data processing related to customer service

Purpose of data processing

The Data Controller may access the personal data of the clients to the extent necessary for the provision of the service.

Scope of processed data and detailed purpose of data processing

Legal basis for data processing

The legal basis for the processing is the performance of a contract (Article 6(1)(b) of the GDPR).

Duration of data processing

The data will be deleted after 6 years after the termination of the relationship with the Data Subject pursuant to Section 6:22 of the Civil Code, unless the limitation period has been interrupted or suspended and there is still an active procedure in progress in respect of the given Data Subject. If we are obliged to retain the data pursuant to Section 169 of Act C of 2000 on Accounting (the "Accounting Act"), the data will be deleted 8 years after the termination of the relationship with the Data Subject.

1.         4.6. Mandatory registration and data provision related to the registration of the users of accommodation services:

Upon check-in at the accommodation, the Data Controller records the data compliant with the requirements in an IT system called VIZA, which is protected by multiple, asymmetric encryption, i.e. on the storage space provided by the hosting service provider designated by the Government Decree. The purpose of the data registration is to protect the rights, safety and property of the Data Subject and others, as well as to monitor compliance with the provisions on the residence of third-country nationals and persons with the right of free movement and residence. The primary purpose of VIZA is therefore to promote public order, public safety, the order of the state border, and the protection of the rights, safety and property of the person concerned and others.

Purpose of data processing

Supporting the purposes set by the Government and implementing the legal obligation requires the processing of personal data.

Scope of processed data

Data subject using accommodation services:

•           First and last name

•           Birth surname and surname

•           place and date of birth

•           Sex

•           Nationality

•           mother's birth surname and last name

Data subject using accommodation services:

•           the identification data of your personal identification document or travel document,

•           in the case of a third-country national, the number of the visa or residence permit,

•           the date and place of entry,

Information related to the accommodation service:

•           the exact address of the accommodation,

•           the start, expected and actual end date of the use of the accommodation.

The image of the scanned document cannot be stored in the VIZA system.

Legal basis for data processing

The legal basis for data processing is the fulfilment of a legal obligation (GDPR. Article 6(1)(c)). The process of data provision is prescribed and regulated by Act CLVI of 2016 on the State Tasks of the Development of Tourism Areas.

Duration of data processing

The Data Controller processes the data until the last day of the first year after becoming aware of it, and the VIZA system retains the data submitted to it for a maximum of two years. The data may be searched in a targeted manner and exclusively by the police, in order to perform their crime prevention and law enforcement tasks. The operator and hosting provider of the VIZA system, and thus the data processor during data processing, is the Hungarian Tourism Agency (www.vizainfo.hu)

Data transmission:

The activity of the hosting service provider - as the data processor of the accommodation provider - only covers the storage of the data in encrypted form by the provider of the encryption procedure specified in the Government decree and the provision of access to the data by the accommodation provider and the person or body authorised to do so by law through the accommodation provider and the accommodation provider. The recorded guest data is entered into the VIZA system in an encrypted form, only the competent bodies can access them, and the hosting service provider and the operator of the document reader software enabling the upload cannot access the data stored in the storage space.

 

  1. 4.7. Facebook

On the Data Controller's Facebook page: https://www.facebook.com/greenfieldhotelhttps://www.facebook.com/fagussopronhttps://www.facebook.com/siriushotelkeszthely https://www.facebook.com/adventorhotels - by clicking on the "like"/"like" - link, the data subject consents to the publication of news and offers prepared by the Data Controller on his or her own Facebook message board. The operators of the social media sites are separate data controllers independent of the Data Controller, so the activities carried out there are included in data processing documents independent of the Data Controller.

You can find information about the data processing of the Facebook page in the privacy policy and policy on the Facebook website - www.facebook.com.

Purpose of data processing

The Data Controller communicates with the data subjects through the social media site only if the data subject has previously contacted the Data Controller through the social media site, and thus the purpose of the scope of the processed data becomes relevant if the data subject previously contacted the Data Controller through the social media site.

The purpose of the presence on social media sites, especially on Facebook, and the related data processing is to share, publish and market the content of the website on the social media site. With the help of the social media site, the person concerned can be informed about the latest opportunities.

The Data Controller is the https://www.facebook.com/greenfieldhotelhttps://www.facebook.com/fagussopronhttps://www.facebook.com/siriushotelkeszthely https://www.facebook.com/adventorhotelsközösségi also publishes textual content, images and video recordings on its page about various events, the services of the Data Controller, and others. The Data Controller may connect the Facebook page with other social media sites in accordance with the rules of the facebook.com social portal, so publication on the Facebook page shall also be understood as publication on such affiliated social media sites. If it is not a mass recording or a recording of a public figure (Section 2:48 of the Civil Code), the Data Controller always asks for the written consent of the data subject before publishing the images.

Scope of processed data and detailed purposes of data processing

Legal basis for data processing

Social media sites, especially https://www.facebook.com/greenfieldhotel; https://www.facebook.com/fagussopron; https://www.facebook.com/siriushotelkeszthely use  of https://www.facebook.com/adventorhotels site and contacting the Data Controller through it, keeping in touch and other actions permitted by the social media site is based on voluntary consent. The operators of the social media sites are separate data controllers independent of the Data Controller, so the activities carried out there are included in the data processing documents belonging to the social media site, which are independent of the Data Controller.

You can find information about the data processing of the Facebook page  in the  privacy policies and regulations on the Facebook website - https://www.facebook.com/legal/terms.

The Data Subject may voluntarily consent to the Data Controller's https://www.facebook.com/greenfieldhotel based on the terms and conditions of the social media site; https://www.facebook.com/fagussopron; https://www.facebook.com/siriushotelkeszthely  by  following and liking the content published on https://www.facebook.com/adventorhotels page. By way of example, the data subject may subscribe to the news feed published on the message board on the Facebook page by clicking on the "like"/"like" link on the page, and by doing so, he/she consents to the publication of the news and offers of the Data Controller on his/her own message board, and may unsubscribe by clicking on the "dislike"/"dislike" link on the same page, and may delete the unwanted news feeds appearing on the message wall with the help of the settings of the message board.

Scope of data subjects

Natural persons who use the Social Media Pages of the Data Controller, in particular https://www.facebook.com/greenfieldhotel; https://www.facebook.com/fagussopron; https://www.facebook.com/siriushotelkeszthely https://www.facebook.com/adventorhotels pages or the content appearing on it are voluntarily followed, shared and liked.

Duration of data processing

Until the data subject is unsubscribed or deleted at his request.

  1. 4.8. Fulfilment of a request for quotation

Purpose of data processing

By storing the data provided during the fulfilment of the request for quotation, the Data Controller can provide a more accurate service. The purpose of data processing is to prepare the offer requested by the Data Subject, and to carry out the necessary surveys and examinations

Scope of processed data and detailed purposes of data processing

Legal basis for data processing

Performance of a contract in the case of an offer prepared within the framework of a contract (Article 6(1)(b) of the GDPR), and consent of the Data Subject in the case of an offer prepared for a contact person prior to the conclusion of the contract (Article 6(1)(a) of the GDPR).

Categories of stakeholders

Contact persons of natural persons and legal persons requesting tenders

Duration of data processing

In the case of an order, the data processing of the contractual relationship is carried out in accordance with the provisions of the related sections. The Data Controller retains the personal data until the withdrawal of the Data Subject's consent. Data Subjects may withdraw their consent and request the deletion of their personal data at any time, by post in a letter sent to 9740 Bükfürdő, Golf út 4., or electronically  in a message sent to adatkezeles@adventorhotels.hu address. In the absence of revocation, the Data Controller will retain the personal data provided for 1 year after the final closing of the request for quotation, which period has been determined taking into account quality assurance, statistical, technical parameters and customer habits acquired through experience (repeated inquiries, reopening of cases believed to be closed, etc.), as well as the fact that the requester has not withdrawn its consent.

  1. 4.9. Data processing related to the conclusion of contracts with partners

In order to perform its activities at an appropriate level, Adventor Hotel Kft. entrusts various partners with the performance of certain tasks and sub-tasks.

Purpose of data processing

The purpose of Data Processing is to conclude ad hoc contracts or framework agreements with a legal or natural person undertaking the performance of a task or sub-task.

Scope of processed data and detailed purposes of data processing

If the subject of the contract includes the creation and use of an image, a separate written consent must be obtained.

Legal basis for data processing

The legal basis for the processing is the performance of a contract (Article 6(1)(b) of the GDPR).

Duration of data processing

The data will be deleted after 6 years after the termination of the relationship with the Data Subject pursuant to Section 6:22 of the Civil Code, unless the limitation period has been interrupted or suspended and there is still an active procedure in progress in respect of the given Data Subject. If we are obliged to retain the data pursuant to Section 169 of Act C of 2000 on Accounting (the "Accounting Act"), the data will be deleted 8 years after the termination of the relationship with the Data Subject. In practice, this is the case if the data are part of the documents supporting the accounts, for example in the documents related to the conclusion of the contract (where applicable, in the contract itself) or in the invoice issued.

  1. 4.10. Entering vehicle data

Purpose of data processing

The registered Data Subject has the opportunity to provide the data of his or her vehicle, for example, in connection with the provision of a parking space, access to private property, etc.

Legal basis for data processing

Consent of the Data Subject (GDPR. Article 6 (1) a) or the performance of a contract (Article 6 (1) (b) of the GDPR) if the entry and arrival of the vehicle is linked to a contractual obligation.

Scope of processed data and detailed purpose of data processing

The following data of the Data Subject:

Data of the registered Data Subject's vehicle:

Duration of data processing

In the case of consent given by the Data Subject, the personal data will be deleted until its withdrawal, or at the latest 6 years after the consent was given. Data Subjects may withdraw their consent at any time, request the deletion of their personal data by post in a letter sent to 9740 Bükfürdő, Golf út 4., or electronically  in a message sent to adatkezeles@adventorhotels.hu address.

In the case of the fulfilment of a contractual obligation, the data will be deleted after 6 years after the termination of the relationship with the Data Subject pursuant to Section 6:22 of the Civil Code, unless the limitation period has been interrupted or suspended and there is still an active procedure in progress in respect of the Data Subject. If we are obliged to retain the data pursuant to Section 169 of Act C of 2000 on Accounting (the "Accounting Act"), the data will be deleted 8 years after the termination of the relationship with the Data Subject. In practice, this is the case if the data are part of the documents supporting the accounts, for example in the documents related to the conclusion of the contract (where applicable, in the contract itself) or in the invoice issued.

  1. 4.11. Ordering a product or service, fulfilling an order

Purpose of data processing

In the case of ordering a product or service, the purpose of data processing is to enable the Data Subject (or their personal collaborator) to receive the ordered goods or services. If the contracting party wishes to provide the personal data of other Data Subject(s) in the course of providing the service, it must make a separate declaration regarding the provision of the data.

Scope of processed data and detailed purposes of data processing

Legal basis for data processing

The legal basis for the processing is the fulfilment of a contractual obligation (Article 6(1)(b) of the GDPR), the fulfilment of a legal obligation in relation to invoicing (Article 6(1)(c) of the GDPR), and during the limitation period: legitimate interest (Article 6(1)(f) of the GDPR). The processing of data belonging to any other beneficiary of the order is regulated by the Elkertv. (Act CVIII of 2001) Section 13/A (1) and Section 13/A (1) of the Elkertv. (Act CVIII of 2001), and the related infringements are regulated by Sections 6:11 (1) and 6:14 (1) of the Civil Code.

Legitimate interest designation

Informing the customer about the order and the performance of the contract, as well as the performance of the contract itself. Enforcement of claims during the limitation period.

Categories of stakeholders

Natural persons in customer relationship with the data controller, legal entity customers, natural person contact persons

Duration of data processing

The data will be deleted after 6 years after the termination of the relationship with the Data Subject pursuant to Section 6:22 of the Civil Code, unless the limitation period has been interrupted or suspended and there is still an active procedure in progress in respect of the given Data Subject. If we are obliged to retain the data pursuant to Section 169 of Act C of 2000 on Accounting (the "Accounting Act"), the data will be deleted 8 years after the termination of the relationship with the Data Subject. In practice, this is the case if the data are part of the documents supporting the accounts, for example in the documents related to the conclusion of the contract (where applicable, in the contract itself) or in the invoice issued. The data of other persons provided by the Client will only be processed for as long as it is necessary in connection with the provision of the service, however, the statement on the processing of personal data provided by the Client in relation to other persons will be deleted after 6 years after the termination of the relationship with the Data Subject pursuant to Section 6:22 of the Civil Code.

  1. 4.12. Recording a Fault Report

Purpose of data processing

The Data Subject has the opportunity to report the error through an electronic channel at the time of registration and when detecting a possible error when ordering from the webshop.

Legal basis for data processing

Consent of the Data Subject (GDPR. Article 6(1)(a)) or, in the case of a registered applicant, the fulfilment of a contractual obligation (Article 6(1)(b) of the GDPR),

Scope of processed data and detailed purpose of data processing

The person concerned:

Duration of data processing

In the case of consent given by the Data Subject, the personal data will be deleted until it is withdrawn. Data Subjects may withdraw their consent at any time, request the deletion of their personal data by post in a letter sent to 9740 Bükfürdő, Golf út 4., or electronically  in a message sent to adatkezeles@adventorhotels.hu address. In the absence of revocation, the Data Controller shall retain the personal data provided for 1 year after the final completion of the error reporting administration with the Data Subject, during the determination of which period it took into account quality assurance, statistical, technical parameters and experiential customer habits (repeated inquiries, reopening of cases believed to be closed, etc.), as well as the fact that the requester did not withdraw its consent.

In the case of the fulfilment of a contractual obligation, the data will be deleted after 6 years after the termination of the relationship with the Data Subject pursuant to Section 6:22 of the Civil Code, except if the limitation period has been interrupted or suspended and there is still an active procedure in progress in respect of the Data Subject. We will keep the data for a longer period of time if it is required by law, for example, if we are obliged to keep the data under Section 169 of Act C of 2000 on Accounting (the "Accounting Act"), the data will be deleted 8 years after the termination of the relationship with the Data Subject. In practice, this is the case if the data are part of the documents supporting the accounting, for example in the documents related to the conclusion of the contract (if applicable, in the contract itself) or on the invoice issued, or in the case of a police report, for 6 years.

  1. 4.13. Data processing related to complaint handling

Purpose of data processing

The Data Subject has the opportunity to file a complaint in connection with the service provided by the Data Controller. The complaint can be made by registration in the buyers' book, by e-mail, by postal letter or orally, the latter must be documented in a report.

Scope of processed data and detailed purposes of data processing

Legal basis for data processing

The legal basis of the data processing is Section 17/A (7) of Act CLV of 1997 on Consumer Protection and the fulfilment of a legal obligation based on it (Article 6(1)(c) of the GDPR

Duration of data processing

The Data Controller processes the personal data for 5 years after the closure of the complaint.

  1. 4.14. Processing related to evaluation

Purpose of data processing

The Data Subject has the opportunity to give a rating in relation to the service. The assessment can be completed anonymously, i.e. only for the assessment.

Scope of processed data and detailed purposes of data processing

Legal basis for data processing

The legal basis for the processing is the consent of the Data Subject (Article 6(1)(a) of the GDPR).

Duration of data processing

The Data Controller retains the personal data until the withdrawal of the Data Subject's consent. Data Subjects may withdraw their consent at any time, request the deletion of their personal data by post in a letter sent to 9740 Bükfürdő, Golf út 4., or electronically  in a message sent to adatkezeles@adv entorhotels.hu address.

  1. 4.15. Data processing related to found objects

Purpose of data processing

Administration of objects found in the area of the hotel operated by the Data Controller and at events organized and supervised by the Data Controller, notifying the presumed owner and the finder.

Scope of processed data and detailed purposes of data processing

Legal basis for data processing

Sections 5:54, 5:55, 5:59 and 5:61 of Act V of 2013 on the Civil Code, and the fulfilment of a legal obligation based thereon (Article 6 (1) c) of the GDPR and the legitimate interest of the Data Controller (Article 6 (1) (f) of the GDPR in order to ensure the delivery of the found items to the known owner.

Duration of data processing

For a period specified by law, for 1 year after the object is found.

  1. 4.16. Recruitment and acceptance of employee applications

Purpose of data processing

The Data Controller provides the opportunity for the Data Subject to apply for the job advertised by him/her.

Scope of processed data and detailed purposes of data processing

Legal basis for data processing

The legal basis for the processing is the consent of the Data Subject (Article 6(1)(a) of the GDPR).

Duration of data processing

Following the selection of a suitable person for the position to be filled, the Data Controller shall send information to the other applicants concerned that the employer has not chosen him or her for the given position, and at the same time shall request his or her express and voluntary consent in writing in connection with the retention of the CV and other related documents containing personal data. The purpose of data processing is to enable the Data Subject to participate in the Data Controller's subsequent tenders in a simplified manner. The data subject's explicit consent allows the processing of their personal data for a period of 5 years, after which the data will be deleted.

If the Data Subject does not consent to the further storage of his/her application material or personal data, the data will be deleted within 30 days and the CVs will be destroyed.

Data Subjects may withdraw their consent at any time, request the deletion of their personal data by post in a letter sent to 9740 Bükfürdő, Golf út 4., or electronically  in a message sent to  the adatkezeles@adventorhotels.hu address.

  1. 4.17. Data processing related to the request for quotation and order related to the event

Purpose of data processing

The Data Subject (personal contributor of a legal person) has the opportunity to request an offer for the organization of an event from the Data Controller and to order the content suitable for him or her from the Data Controller.

Scope of processed data and detailed purposes of data processing

Legal basis for data processing

The legal basis for data processing is the performance of a contract (Article 6(1)(b) of the GDPR), the fulfilment of a legal obligation in relation to invoicing (Article 6(1)(c) of the GDPR) and the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR).

Legitimate interest designation

In the event of contact, to properly inform the customer through the contact person. The fulfilment of the request for quotation is the common business interest of the Data Controller and the contracting authority. In the correspondence, the Data Subject shall be informed of the data processing already during the first rejoinder. During the limitation period, the data are necessary for the possible enforcement of claims.

Duration of data processing

If the Data Subject accepts the offer, the data will be deleted after 6:22 years after the termination of the relationship with the Data Subject, except if the limitation period has been interrupted or suspended and there is still an active procedure in progress in respect of the Data Subject. If we are obliged to retain the data pursuant to Section 169 of Act C of 2000 on Accounting (the "Accounting Act"), the data will be deleted 8 years after the termination of the relationship with the Data Subject. In practice, this is the case if the data are part of the documents supporting the accounts, for example in the documents related to the conclusion of the contract (where applicable, in the contract itself) or in the invoice issued.

If the Data Subject does not accept the offer, the provisions of 4.8 of the Request for Quotation shall govern the data processing of the Data Controller.

  1. 4.18. Sending messages, newsletters, DM activity, phone call inquiries

Adventor Hotel Ltd. sends newsletters to natural persons or natural person customers who subscribe to the central or given hotel's newsletter, as well as to the natural person contact persons of legal entity customers.

Purpose of data processing

The Data Controller sends newsletters, circulars and individual messages to subscribers in the form of direct electronic messages, e.g. in connection with its activities, events, campaigns, connection and support opportunities to Data Subjects who have subscribed to the list and provided their e-mail address and phone number.

The Data Subject may unsubscribe from receiving offers free of charge without restriction or justification by clicking on the "unsubscribe" icon in the newsletter or  by going to  the adatkezeles@adventorhotels.hu address in the case of the  central newsletter, or reservation@fagushotel.hu  or reservation@siriushotel.hu the hotel reservation@greenfieldhotel.hu in the case of the hotel newsletter email address. In this case, we will delete all your personal data necessary for sending the newsletter from our records, and we will not contact the Data Subject with further letters.

Scope of processed data and Purpose of data processing

Legal basis for data processing

Consent of the data subject (Article 6(1)(a) of the GDPR). You may withdraw your consent at any time, but the withdrawal will not affect the lawful processing carried out before it.

Categories of stakeholders

The data controller is the natural person's customers, natural persons and legal persons who subscribe to the newsletter.

Duration of data processing

The Data Controller deletes the personal data from its database after the Data Subject has unsubscribed from the newsletter.

  1. 1.     4.19. Frequent guest program

The Data Controller provides personalized services and discounts to the Data Subjects participating in the Frequent Guest Program. The Data Subject may provide the data to the Data Controller electronically on the website on the one hand, and personally at the service provider partners on the other.

The scope of the processed data and the detailed purpose of the data processing:

Legal basis of data processing:

The legal basis for the processing is the consent of the Data Subject (Article 6(1)(a) of the GDPR). You may withdraw your consent at any time, but the withdrawal shall not affect the lawful processing prior to it.

Categories of stakeholders

Clients of natural persons who have joined the loyalty program of the data controller.

Duration of data processing:

The Data Controller processes the personal data until the withdrawal of the Data Subject's consent. The Data Subject may withdraw his/her consent  at any time by sending a letter to the adatkezeles@adventorhotels.hu e-mail address or to the e-mail address of the hotel (reservation@greenfieldhotel.hu reservation@fagushotel.hu or reservation@siriushotel.hu). The Data Controller deletes the personal data from its database after the withdrawal of the Data Subject's consent.

 

  1. 4.20. Data processing related to online payment, bank card and SZÉP card data:

The Data Subject's bank or credit card data and SZÉP card data are not stored by the Data Controller, but are forwarded directly to the contractual partner involved in the transaction in an encrypted and secure manner, where they are processed in accordance with data protection requirements for the execution of payments, in accordance with their own data management policy. This applies both to payment on the online interface, where the simple pay system (OTP Mobil Kft.) or Nevogate Payment Services Kft. directs the payer to the secure site of the bank card terminal, which is also used in the WORDLINE FIN. SERVICES (EUROPA)S.A. and Nevogate Payment Services Kft. Payment with the SZÉP Card is provided by Nevogate Payment Services. 

  In the case of  payment and top-up with a bank card, personal data will be forwarded to the acquirer in the case of payment and topping up with a bank card, as well as in connection with the management of chargeback claims. The card acceptor is entitled to dispose of the data independently in accordance with the provisions of the contracts concluded by the bank card holder with his own bank. The data processing of our card accepting partner as data controller is subject to its own data processing information and rules.

OTP Mobil Kft. (Cg. 01-09-174466; registered office: Váci út 135-139. B. ép. 5. floor, ugyfelszolgalat@simple.huwww.simplepay.hu) as the operator of the Simple Pay system , provides the necessary payment services in connection with the payment transactions of the Data Controller via the online route. It stores the bank card data provided during these transactions in accordance with its own data management policy.

A WORDLINE FIN. SERVICES (EUROPA)S.A. (contact in Hungary: Tímár utca 20, 1034 Budapest, Hungary, phone number: +36 1 480 1123, www.worldline.comprovides the Data Controller with the payment of credit cards to its guests paying by bank card through the bank card terminal. It stores the bank card data provided during these transactions in accordance with its own data management policy.

Nevogate Payment Services Ltd. (1061 Budapest, Andrássy út 33., 3rd floor, door 5) provides the Data Controller with payment on the online interface with a SZÉP card, as well as on the online interface and with a bank card. The SZÉP card and bank card data provided during these transactions are stored in accordance with its own data management policy.

  1. 4.21. Data processing related to camera surveillance

The purpose of camera surveillance – in accordance with the provisions of Act CXXXIII of 2005 on the Rules of Personal and Property Protection and Private Detective Activities (hereinafter referred to as the Criminal Code) – is to protect the lives and physical integrity of the Data Controller and the employees, suppliers and/or customers (guests) of the Data Controller, as well as to protect property, including, in justified cases, to facilitate the effective investigation of any complaints related to this. The Data Controller shall also apply the rules of camera surveillance set out in Section 2.5.3 of Annex 1 of Government Decree No. 510/2023 (XI.20.) on the establishment and operation of public baths.

The legal basis for the data processing is the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR).

In the course of surveillance with the electronic surveillance system, the Data Controller processes the facial image of the data subjects, possibly their movements and behaviour for the purpose of personal and property protection. The cameras placed are capable of capturing and recording recordings of a quality that allows for the unique identification of participants.

If the recordings are used, then the behaviour of the data subject can also be considered as personal data as a conclusion concerning the data subject.

The list of areas monitored by the Data Controller with a camera is available in the appendix to the Privacy Policy of Adventor Hotel Kft. The privacy notices are available on the website of the given hotel (Headquarters: https://adventorhotels.hu/adatvedelmi-tajekoztato; Fagus Hotel: https://fagus.adventorhotels.hu/adatvedelem, Sirius Hotel - https://sirius.adventorhotels.hu/adatvedelmi-tajekoztato, Greenfield Hotel Golf & Spa https://greenfield.adventorhotels.hu/adatvedelmi-tajekoztato).

The data controller refers to the surveillance and the essential elements of data processing, as well as the place of access to the detailed provisions, with a sign with a clear sign placed at eye level in an easily visible place in the monitored parts of the hotel area.

The operating system runs from a separate hard drive in the recording device, and the recorded recordings are stored only on this separate hard drive located in the security center. There is no separate backup of the recordings. Recordings are overwritten in a cycle of about two weeks (in Fagus Hotel in a cycle of about one week) and permanently deleted. If the hard disk capacity of the cameras is full, the recordings are automatically deleted and overwritten, which typically happens during the mentioned periods, but the actual retention period may be affected by the amount of movement recorded in the recordings of the respective cameras. It is not possible to delete certain recordings from the system, only the entire recording, but it also has a trace and can be traced. The recordings are monitored by security personnel on dedicated monitors from 0 to 24 hours. In the case of camera surveillance by the pool supervisor based on Section 2.5.3 of Annex 1 of Government Decree No. 510/2023 (XI.20.) (currently cameras 31/A and 31/B located at the outdoor beach pool of the Greenfield Hotel), the pool supervisor will also see the camera images. If there is no event that justifies it, the recordings cannot be viewed or saved separately. In justified cases, the duration of the rescue shall be recorded during the documentation of the event related to the rescue. If this period has elapsed, the recording must be deleted if there is no longer a legal basis for storing the backup. If the legal basis remains unchanged and the recording is necessary, the Data Controller may decide to extend the duration of the saving (e.g. in the event of a protracted procedure).

Only authorized agents of the Data Controller are entitled to access the recordings. At present, the managing director, the hotel manager or the head of the security service on duty has the right to make arrangements regarding the recordings. This may be the case in particular in the event of an incident (security incident), data processing request or data breach related to protected purposes.  In the event of a personal data breach, statutory authorities may also be entitled to data processing. The data subject can submit his request through the channels available to him in the course of exercising his rights. 

Access to the stored image recordings can only be done in a secure way and only in such a way that the rights of other persons visible in the recording, who are definitely not affected by the event, are protected, typically in a way that they cannot be identified. The Data Controller is obliged to document the review of the stored image recordings and the backup of the image recordings. In the event of the termination of the reason for the authorization, access to the stored image recordings shall be terminated immediately.

Following the detection of an unlawful act, the Data Controller shall take measures for the immediate initiation of the necessary official procedure and for the storage of the recordings of the act, and shall also inform the authority that a video recording of the act has been made. The Data Controller keeps a separate record of the provision of data.

The data controller shall keep a record of the data protection events applied during the operation of the electronic surveillance system. The register contains the date of the recording, the legal basis and the recipient of any data transfer, the definition of the scope of any personal data transferred, and other data specified in the legislation prescribing data processing.

The Data Controller declares that it will take all necessary measures to protect the personal data contained in the recordings recorded by the cameras against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage, as well as inaccessibility due to changes in the technology used. The Data Controller declares that it has properly informed the employees and data processors accessing the data about the data protection requirements and who they should turn to in case of data protection questions, inquiries or events.

 

  1. 4.22. Acquisition of equipment, ordering of services

Purpose of data processing

Purchase and order of the necessary equipment, tools and related services.

Legal basis for data processing

Performance of a contract, fulfilment of a legal obligation in the case of invoicing pursuant to Article 6 (1) (b) of the GDPR, during the limitation period or during contact: legitimate interest Article 6 (1) (f) of the GDPR.

Identification of the legitimate interest

In the event of contact, to properly inform the customer through the contact person. Enforcement of claims during the limitation period.

Categories of stakeholders

Data of natural persons in a contractual relationship with the data controller, natural person contact persons of legal entity clients, and contributors performing transport and commissioning.

Categories of Personal Data

Storage duration

In the case of the fulfilment of a contractual obligation, the data will be deleted after 6 years after the termination of the relationship with the Data Subject pursuant to Section 6:22 of the Civil Code, except if the limitation period has been interrupted or suspended and there is still an active procedure in progress in respect of the Data Subject. We will retain the data for a longer period of time if required by law, for example, if we are obliged to retain the data pursuant to Section 169 of Act C of 2000 on Accounting ("Accounting Act"), the data will be deleted 8 years after the termination of the relationship with the Data Subject. In practice, this is the case if the data are part of the documents supporting the accounting, for example in the documents related to the conclusion of the contract (if applicable, in the contract itself) or on the invoice issued, or in the case of a police report, for 6 years.

1          4.23 Data processing in connection with the Complaints Act (BVBR, internal whistleblowing system)

Purpose of data processing

The Data Subject has the opportunity to submit a report to the Data Controller in accordance with Act XXV of 2023 on Complaints, Public Interest Reports and Rules Related to Whistleblowing (Bvtv.). The purpose of data processing is to ensure this, to register and investigate reports, to inform the persons concerned, and to take the necessary measures.

Scope of processed data and detailed purposes of data processing

The report can also be made anonymously, in which case name and e-mail address will not be provided.

Legal basis for data processing

(Article 6(1)(c) of the GDPR). It is a legal obligation to comply with the law on the protection of whistleblowers reporting breaches of Union law in respect of the whistleblower, the persons concerned by the report (notified) and other persons concerned, as well as the investigation of whistleblowing.

The most important rules of data processing:

Within the framework of BVBR

a) the notifier,

b) to the person whose conduct or omission gave rise to the report, and

c) the person who may have substantive information about the contents of the notification,

Your personal data that is strictly necessary for the investigation of the report may only be processed for the purpose of investigating the report and remedying or terminating the conduct that is the subject of the report, and may be forwarded to the whistleblower protection lawyer or external organization involved in the investigation of the report.

Personal data that do not fall within the scope of the above must be immediately deleted from the data processed within the framework of the BVBR.

Personal data processed within the framework of the BVBR may only be transferred to the body competent to conduct the procedure initiated on the basis of the notification, if this body is entitled to process it under the law or if the whistleblower has consented to the transfer of its data. The personal data of the whistleblower cannot be disclosed without their consent.

If it became apparent that the whistleblower had provided false information or information in bad faith, and

a) this creates a circumstance indicating the commission of a criminal offence or misdemeanour, and his or her personal data must be handed over to the body or person authorised to conduct the proceedings,

b) there are reasonable grounds to believe that he or she has caused unlawful damage or other violation of the rights of another person, and his or her personal data shall be handed over to the body or person entitled to initiate or conduct the procedure.

If the notification concerns a natural person, the personal data of the person requesting the information shall not be made available to the person requesting the information in the course of exercising the right of that natural person to receive information in accordance with the provisions on the protection of personal data.

Duration of data processing

The Data Controller processes the personal data for 1 year after the closure of the complaint.

 

  1. 5. Persons entitled to data processing

The Data Controller uses the data processors listed in the annex to this data protection notice for the performance of technical tasks related to data processing operations and tasks related to its activities, which typically require special expertise. The rights and obligations of the Data Processor in relation to the processing of personal data are determined by the Data Controller within the framework of the GDPR and the specific laws on data processing. The Data Controller is responsible for the legality of the instructions given by the Data Controller. The Data Processor may not make any substantive decision concerning data management, may only process the personal data it has become aware of in accordance with the provisions of the Data Controller, may not carry out data processing for its own purposes, and is obliged to store and preserve the personal data in accordance with the provisions of the Data Controller.

Adventor Hotel Kft. has concluded a data processing contract for the data processing tasks, in which the data processors undertake to apply the data protection and data management guarantees prescribed by the data processing contract in the event of the use of an additional data processor, and in view of this, the Data Controller ensures the lawful processing of personal data in the case of the data processor as well.

Data processors supporting the operation or operation of IT systems have access to the given IT system in the cases and to the extent necessary for the performance of their tasks, which, depending on the task, may involve access to the data contained in the system.

 

1.         6. Data transfer

With regard to ad hoc data reporting based on law, the legal basis of data processing must always be ascertained, and in case of doubt, the assistance of a legal expert must be requested. Personal data may only be transferred if its legal basis is clear, its purpose and the identity of the recipient of the data transfer is clearly defined. In all cases, the data transfer must be documented in such a way that its course and legality can be proven. The Data Controller is obliged to perform the data transfer required by law. The Data Controller keeps a record of the system of data transfers.

Prior to data transfer, the Data Controller is obliged to examine whether the statutory conditions for data processing are met, and whether the conditions of data processing are met for each individual after the transfer.

 

  1. 7. Data security measures

The Controller shall act in relation to the personal data provided by the Data Subject in accordance with the provisions of the "Regulation 2016/679 of the European Parliament" and the "Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information".

The Data Controller shall take all necessary measures to ensure the security of the data, ensuring an appropriate level of protection, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage.

Please help us protect your information by not using a too obvious login name or password, and by changing your password regularly, and please do not make your password or login details available to any other person.

 

                    9.         Rights and legal remedies of the Data Subject

The data protection rights and legal remedies of the Data Subject, as well as the relevant provisions and limitations of the GDPR in this regard, are set out in detail in the GDPR (in particular, Articles 15, 16, 17, 18, 19, 20, 21, 22, 77, 78, 79, 80 and 82 of the GDPR). The most important provisions are summarised below.

9.1.      The Data Subject's right of access:

The Data Subject has the right to receive feedback from us as to whether or not their personal data is being processed. If such processing is in progress, the Data Subject shall have the right to access the personal data and the following information:

a)           the purposes of the processing;

b)           the categories of Personal Data Covered;

c)           the recipients or categories of recipients to whom the personal data have been or will be disclosed, including, in particular, recipients in third countries or international organisations;

d)           where applicable, the envisaged period for which the personal data will be stored or, if this is not possible, the criteria for determining that period;

e)           the Data Subject's right to request from us the rectification, erasure or restriction of the processing of personal data relating to the Data Subject and to object to the processing of such personal data;

f)            the right to lodge a complaint with a supervisory authority; and

g)           if the data was not collected from the Data Subject, all available information on their source;

h)           the fact of automated decision-making, including profiling, and, at least in these cases, comprehensible information on the logic used and on the significance of such processing and the expected consequences for the Data Subject.

If personal data is transferred to a third country, the Data Subject has the right to be informed of the appropriate safeguards for the transfer.

We provide the Data Subject with a copy of the personal data subject to data processing. If the Data Subject has submitted the request electronically, the information shall be provided in a commonly used electronic format, unless the Data Subject requests otherwise.

9.2.      Right to rectification

The Data Subject has the right to rectify inaccurate personal data concerning the Data Subject without undue delay at the Data Subject's request. The Data Subject shall have the right to request the completion of incomplete personal data, including by means of a supplementary statement.

9.3.      Right to erasure ('right to be forgotten')

9.3.1.   The Data Subject has the right to have the personal data concerning the Data Subject erased without undue delay at the Data Subject's request if one of the following reasons applies:

a)           the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;

b)           The Data Subject withdraws his/her consent constituting the basis of data processing, and there is no other legal basis for data processing;

c)           The Data Subject objects to the processing of the data and, in certain cases, there is no overriding legitimate reason for the processing;

d)           we have unlawfully processed the personal data;

e)           the personal data must be erased in order to comply with a legal obligation imposed on us by EU or Member State law to which we are subject; or

f)            Personal data was collected in connection with the provision of information society services.

9.3.2.   If the Controller has made the personal data public and is obliged to delete it pursuant to paragraph (1), it shall take reasonable steps, including technical measures, taking into account the available technology and the costs of implementation, to inform the data controllers processing the data that the Data Subject has requested from them the links to the personal data in question or a copy of these personal data,  or the deletion of a duplicate of the Society.

9.3.3.   Paragraphs 9.3.1 and 9.3.2 shall not apply where the processing is necessary, including:

a)           for the purpose of exercising the right to freedom of expression and information;

b)           for compliance with an obligation under EU or Member State law to which we are subject to the processing of personal data;

c)           for archiving purposes in the public interest, for scientific and historical research purposes or for statistical purposes, where the right referred to in paragraph 1 is likely to render such processing impossible or seriously jeopardise; or

d)           for the establishment, exercise or defence of legal claims.

9.4.      Right to restriction of processing

9.4.1.   The Data Subject has the right to restrict data processing at their request if one of the following is true:

a)           The Data Subject contests the accuracy of the personal data, in which case the restriction applies to the period that allows us to verify the accuracy of the personal data;

b)           the processing is unlawful and the Data Subject opposes the deletion of the data and instead requests the restriction of their use;

c)           we no longer need the personal data for the purposes of data processing, but the Data Subject requires them for the establishment, exercise or defence of legal claims; or

d)           The Data Subject objected to the data processing; in this case, the restriction applies to the period until it is established whether the legitimate reasons of the Data Controller take precedence over the legitimate reasons of the Data Subject.

Where the processing is restricted pursuant to paragraph 9.4.1, such personal data may only be processed, with the exception of storage, with the consent of the Data Subject, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.

We will inform the Data Subject in advance of the lifting of the restriction of data processing.

9.5.      Notification obligation related to the rectification or erasure of personal data or restriction of processing

The Data Controller shall inform all recipients to whom and to whom the personal data have been disclosed of any correction, deletion or restriction of data processing, unless this proves impossible or requires a disproportionate effort.

9.6.      Right to data portability

9.6.1.   The Data Subject shall have the right to receive the personal data concerning the Data Subject provided by him or her in a structured, commonly used, machine-readable format, and shall have the right to transmit these data to another Data Controller without hindrance from the Data Controller, if:

a)           the processing is based on consent or a contract; and

b)           The processing is carried out by automated means.

In the course of exercising the right to data portability pursuant to Section 9.6.1, the Data Subject shall have the right to request the direct transfer of personal data between data controllers, if technically feasible.

9.7.      Right to object

The Data Subject has the right to object at any time to the processing of his or her personal data based on legitimate interest, including profiling, on grounds relating to his or her particular situation. In this case, we will no longer process the personal data, unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or which are related to the establishment, exercise or defence of legal claims.

If the processing of personal data is carried out for the purpose of direct marketing, the Data Subject has the right to object at any time to the processing of personal data concerning the Data Subject for this purpose, including profiling, insofar as it is related to direct marketing.

If the Data Subject objects to the processing of personal data for the purpose of direct marketing, the personal data may no longer be processed for this purpose.

In connection with the use of information society services and by way of derogation from Directive 2002/58/EC, the Data Subject may also exercise the right to object by automated means based on technical specifications.

If the processing of personal data is carried out for scientific and historical research purposes or statistical purposes, the Data Subject shall have the right to object to the processing of personal data concerning the Data Subject on grounds relating to his or her particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

9.8.      Right to lodge a complaint with a supervisory authority

The Data Subject may enforce his or her rights in court pursuant to the GDPR and the Civil Code, and may also submit a complaint to the National Authority for Data Protection and Freedom of Information (NAIH) (1055 Budapest, Falk Miksa utca 9-11. ugyfelszolgalat@naih.hu, www.napih.hu) may be contacted in the event of a complaint arising in connection with the data processing practices of the data controller. The detailed rights and legal remedies related to data processing are set out in detail in Articles 77, 79 and 82 of the GDPR.

9.9.      Right to an effective judicial remedy against a supervisory authority

The Data Subject shall be entitled to an effective judicial remedy against the legally binding decision of the supervisory authority concerning the Data Subject.

The Data Subject shall be entitled to an effective judicial remedy if the competent supervisory authority does not deal with the complaint or does not inform the Data Subject within three months of the procedural developments related to the submitted complaint or its outcome.

Proceedings against a supervisory authority must be brought before the courts of the Member State in which the supervisory authority is established.

9.10.    Right to an effective judicial remedy against the controller or processor

The Data Subject has the right to an effective judicial remedy if he/she considers that his/her rights under the GDPR have been violated as a result of the processing of his/her personal data in accordance with the GDPR.

Proceedings against the controller or processor must be brought before the courts of the Member State in which the controller or processor is established. Such proceedings may also be brought before the courts of the Member State of the Data Subject's habitual residence. Before initiating any procedure, it is recommended to send the complaint to the data controller.

9.11     Facilitating the exercise of rights of data subjects, examination of applications

The Data Controller awaits the inquiries of the Data Subjects primarily to the adatkezeles@adventorhotels.hu email address.

At the request of the Data Subject, the Data Controller may also provide oral information, provided that the identity of the Data Subject has been verified.

The Data Controller facilitates the exercise of the Data Subject's rights. The Data Controller may not refuse to comply with the request for the exercise of the rights of the Data Subjects, unless it proves that the Data Subject cannot be identified or that the Data Controller is not in a position to identify him.

The Data Controller shall inform the Data Subject of the measures taken in response to the request without undue delay, but in any event within one month of the receipt of the request. If necessary, taking into account the complexity of the application and the number of applications, this deadline may be extended by a further two months. The Data Controller shall inform the Data Subject of the extension of the deadline within one month of receipt of the request, indicating the reasons for the delay. If the Data Subject submitted the application electronically, the information shall be provided electronically if possible, unless the Data Subject requests otherwise.

If the Data Controller fails to take action in response to the Data Subject's request, it shall inform the Data Subject without delay, but no later than one month from the receipt of the request, of the reasons for the failure to take action, as well as of the fact that the Data Subject may file a complaint with a supervisory authority and exercise his or her right to judicial remedy.

The Data Controller shall provide information to the Data Subjects and measures related to the exercise of their rights free of charge. If the Data Subject's request is clearly unfounded or excessive, in particular due to its repetitive nature, the Data Controller:

(a) charge a reasonable fee, taking into account the administrative costs involved in providing the information or information requested or taking the action requested, or

b) may refuse to take action on the basis of the application.

The burden of proving that the request is clearly unfounded or excessive is the responsibility of the data controller.

If the controller has reasonable doubts about the identity of the natural person submitting the request, it may request the provision of additional information necessary to confirm the identity of the Data Subject.

 

  1. 8. Information about children

Persons under the age of 16 may not lawfully consent to the processing of information society services offered directly to children, unless a parent or guardian has given their consent. In the absence of a declaration of consent, the data controller does not collect personal data relating to data subjects under the age of 16.

In the case of a Data Subject under the age of 14, his/her legal representative or guardian may provide personal data and make a legal declaration on his/her behalf.

Data Subjects over the age of 14 but not under the age of 18 may only provide personal data with the consent of their legal representative or guardian, and may make a legal declaration with their consent.

The Data Controller pays special attention to the effective enforcement of the rules on the protection of children's personal data, so it takes special care in the course of data processing specifically affecting children. This can be manifested either in the possible control of the source of the necessary contributions, or in the provision of information at the level of development of children and the application of related organizational and technological measures.

By providing the information, you represent and warrant that you will act in accordance with the above and that your legal capacity to act in connection with the provision of the information is not restricted. If you are not legally entitled to provide the information independently, you are obliged to obtain the consent of the Relevant third parties (e.g. legal representative, custodian). In this context, you must consider whether the consent of a third party is required in connection with the provision of the information in question. It may happen that the Data Controller does not have a personal relationship with you, so you are obliged to ensure compliance with this point, and the Data Controller is not liable in this regard.

The Data Controller does not have sophisticated methods or legal means to verify the authenticity of the authorization, real age or statement of the person giving the consent, or the right of representation of the person exercising the right of representation next to or on their behalf, so the user or the person exercising parental authority over them guarantees that the statement or consent complies with the law.

We will make all reasonable efforts to detect any cases where minors' data have been unauthorised to be disclosed to us, in which case we will promptly remedy this condition.

Please let us know if you find that a child has provided information about themselves without authorization. You can contact us at the beginning of this Policy at our main contact details.

  1. 9. Transfer of data to countries outside the EEA and its guarantees

The Data Controller does not transfer data to other countries or regions outside the European Union in any way.

  1. 10. Analytics services, cookies

The Data Controller uses cookies and tracking codes from external service providers (in particular: Google, Facebook) to monitor user interest, demographic data and behaviour on the website. The Data Controller does not use the collected data for profiling, does not use it in connection with automated decision-making, collects them specifically for statistical purposes and analyzes them in order to improve its services.

In addition, the Data Controller may use aggregated data obtained from interest-based advertising services or audience data (such as age, gender and interests) for general website reporting and development, as well as for use in advertising marketing lists. This aggregated data does not contain any personal data.

The purpose of the above is to continuously improve our internet interfaces, to increase the effectiveness of our online interfaces and advertisements related to our campaigns.

  1. 10.1. Google Analytics

In the cookie settings of the Data Controller, even when the website is first set up, the website visitor can allow or disable the use of the Google Analytics service at their own discretion.

External service providers help to independently measure and audit the number of visitors and other web analytics data of the website (for details, please visit: google.com/analytics/ ).

On the Ad Settings website made available by Google, you can disable Google Analytics for Display ads and customize ads on the Google Display Network. All tracking by Google Analytics can be disabled using the browser module.

  1. 10.2. Facebook remarketing

In the data controller's cookie settings, even when the website is first set up, the website visitor can at their own discretion allow or disable the use of Facebook's remarketing code, which can be used to display targeted advertisements. If you don't want to see ads based on page visits and interests later, you can turn off the feature later.

  1. 10.3. Cookies

A cookie is a small package of letters and numbers. The cookie is automatically sent by the web server to the visitor's browser when the website is visited for the first time. The visitor's computer or mobile device stores the cookie for a period of time determined by the person who placed the cookie.

The browser sends the cookie back to the web server the next time you visit the website. Based on the data sent, the web server can identify the computer or mobile device that sent the cookie and link the cookies sent by that device. The cookie provides information to the web server about the activity that occurs between visits to the website. A web beacon is a small, usually imperceptible, image placed on a website. By placing web beacons, the visitor's actions on the website can be tracked and statistics can be created from the data obtained.

Adventor Hotel Kft. places cookies and web beacons on the website in order to recognize the person who has already visited the website before; map the visitor's interests; Improve the visitor's user experience and display personalized advertisements to the visitor, as well as to improve the security of the website.

The operation of the Data Controller's www.adventorhotels.hu, www.fagus.adventorhotels.huwww.greenfield.adventorhotels.hu and www.sirius.adventorhotels.hu websites is facilitated by the following cookies:

Essential cookies help make the website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies;

By using preference cookies, the website can remember information that changes the behaviour or appearance of the website, such as the user's preferred language or the region in which you are located. ;

Through the collection and reporting of data in an anonymous form, statistical cookies help the website owner to understand how visitors interact with the website.

•           marketing cookie-k

Marketing cookies are used to track visitors' website activity. The goal is to publish relevant ads for individual users and to encourage them to be active, which makes our website even more valuable to content publishers and third-party advertisers.

•           Unclassified cookies

Unclassified cookies are cookies that are still being classified, along with the providers of individual cookies.

The information on the website covers the domains for which the user gives his consent or refusal.

We inform our users that the use of cookies operated by our website is subject to the provisions of Act C of 2003 on Electronic Communications ("Eht.") Pursuant to Section 155 (4) of the Consumer Protection Act, the user shall require the prior, informed consent of the user. Therefore, on the first visit to the website, a banner pops up at the bottom of the screen stating that the website uses cookies and a link to this information. The user can consent to the use of cookies by clicking on "allow all cookies". You can also select the "use only essential cookies" option and select the cookies you wish to accept by clicking on the "allow selection" button.

Learn more about our use of cookies on the allaboutcookies.org page – including detailed instructions on how to delete cookies from your computer. For information on how to delete cookies from your mobile phone, please refer to your device's manual.

By using this site, you agree to the use of technical data and essential cookies as described above. Importantly, these cannot be used to identify you on their own and are deleted after you leave the page according to your browser settings.

The cookies used on the website do not store any personally identifiable information.

If you do not wish to receive certain types of cookies, you can set your browser to prevent the placement of a unique identifier or to warn you if the website wants to send a cookie.

11. Remedies

In case of any request or problem, please contact us; by post to the address of Adventor Hotel Kft., 9740 Bük, Golf út 4., electronically centrally  at the adatkezeles@adventorhotels.hu address, and in cases involving certain hotels, to the reservation@fagushotel.hureservation@greenfieldhotel.hu or reservation@siriushotel.hu  and will endeavour to respond promptly and comply with your request as soon as possible. If you are not satisfied with something or you feel that your rights have been violated in connection with the processing of your personal data, you can turn to the competent court, or to the Metropolitan Court in the capital, or you can initiate an investigation at the National Authority for Data Protection and Freedom of Information.

President: dr. Attila Péterfalvi,

Address: 1055 Budapest, Falk Miksa utca 9-11.

Contact: ugyfelszolgalat@naih.hu, +36-1-3911400, www.naih.hu 

 

Bük, 19.08.2025.

 

Adventor Hotel Ltd.

 

 

 

Privacy Policy - Annex

Greenfield Hotel Golf & Spa (9740 Bük, Golf út 4.)

Camera Location

 

Nr.

Camera location

Area monitored by camera

People in the monitored space

The purpose of the camera placement

1

Ground floor behind economic entrance on the side wall

Cold Room

Workers

Personal and property protection

2

Restaurant extension basement

Entrance to the Bag Storage

Workers

Personal and property protection

3

basement level above entrance in the corner to the left

Interior of the playhouse

Employees, guests

Personal and property protection

4

Ground floor on the side wall

area in front of the reception desk

Employees, guests

Personal and property protection

5

Ground floor is the left side of the main entrance on the wall

Left side of the reception desk

Employees, guests

Personal and property protection

6

Ground floor bar above ceiling

Bar Counter Interior

Workers

Personal and property protection

7

basement ceiling

Dressing room corridor

Workers

Personal and property protection

8

ceiling opposite the farm entrance

Beverage warehouse, dry goods warehouse

Employees, suppliers

Personal and property protection

9

Side wall above the office of the economic corridor

Economic corridor

Employees, suppliers

Personal and property protection

10

basement economic corridor sidewall

food preparation

Workers

Personal and property protection

11

Right side of the ground floor bar on a column

Piano bar exterior

Employees, guests

Personal and property protection

12

ground floor next to the main entrance, left side ceiling

Reception desk

Employees, guests

Personal and property protection

13

Restaurant exit to the left on the side wall

Restaurant terrace

Employees, guests

Personal and property protection

14

Restaurant exit above the side wall on the right side

Restaurant terrace

Employees, guests

Personal and property protection

15

Above the economic entrance, to the left

waste container, fuel stack.

Workers

Personal and property protection

16

basement door opposite the pillar

Playhouse exit

Employees, guests

Personal and property protection

17

basement entrance to the right on the side wall

Economic entrance and exit

Employees, suppliers

Personal and property protection

18

Ground floor entrance on the upper right column

Lobby entrance

Employees, guests

Personal and property protection

19

Ground floor above elevators to the left

elevator lobby, kitchen

Employees, guests

Personal and property protection

20

basement SPA entrance on the left side wall

Spa massage entrance

Employees, guests

Personal and property protection

21

Parking Southeast Hotel Sidewall

parking

Employees, guests, suppliers

Personal and property protection

22

Ground floor wellness dressing room on the side wall

Entrance to changing rooms

Workers

Personal and property protection

23

Wellness interior side wall

Enchantment service room

Workers

Personal and property protection

24

parking column

parking

Employees, guests, suppliers

Personal and property protection

25

parking column

parking

Employees, guests, suppliers

Personal and property protection

26

next to the main entrance to the left on the hotel side

parking

Employees, guests, suppliers

Personal and property protection

27

Economic entrance on the side of the hotel

Commercial parking lot

Employees, guests, suppliers

Personal and property protection

28

Wood chip storage room

stored chips

Workers

Personal and property protection

29

on a pole in the parking lot

parking

Employees, guests, suppliers

Personal and property protection

30

ground floor kitchen ceiling

kitchen hallway

Employees, suppliers

Personal and property protection

31/A

Outdoor beach pool

strandmedence

Employees, guests

personal and property protection, pursuant to Section 2.5.3 of Annex 1 of Government Decree 510/2023 (XI.20.)

31/B

Outdoor Beach Slide

Top of the slide

Employees, guests

personal and property protection, pursuant to Section 2.5.3 of Annex 1 of Government Decree 510/2023 (XI.20.)

32

Ground floor opposite elevators

Lobby - elevator lobby

Employees, guests, suppliers

Personal and property protection

33

on a column above the main entrance

main entrance from the outside

Employees, guests, suppliers

Personal and property protection

34

on the right side wall next to the main entrance

Entrances to the area in front of Flamingo

Employees, guests, suppliers

Personal and property protection

35

main entrance inside ceiling

Main entrance inside

Employees, guests, suppliers

Personal and property protection

36

end of corridor on side wall

Flamingo bar hallway

Employees, guests

Personal and property protection

37

Wall behind the ground floor reception

irodasor

Employees, suppliers

Personal and property protection

38

Golf workshop above the entrance

Entrance and exit of the building

Workers, unauthorized intruders

Personal and property protection

39

Ground Floor Back Office

safe

Workers

Personal and property protection

40

Ground Floor Piano Bar Beverage Storage Ceiling

Beverage warehouse

Employees, suppliers

Personal and property protection

41

Ground Floor Piano Bar Cash Desk Above Column

checkout

Workers

Personal and property protection

42

Side wall of the ground floor restaurant on the bar side

restaurant

Employees, guests, suppliers

Personal and property protection

43

Ground floor restaurant end on the side wall

restaurant

Employees, guests, suppliers

Personal and property protection

44

Ground floor Piano bar storage sidewall

warehouse

Employees, suppliers

Personal and property protection

45

basement ramp end on a pillar

Fuel storage

Workers

Personal and property protection

46

basement elevator lobby left side wall

Elevators lobby

Employees, guests, suppliers

Personal and property protection

47

above the ground floor entrance on the left side wall

Wellness Auditorium

Employees, guests

Personal and property protection

48

To the right of the ground floor entrance Wellness

Reception desk Wellness

Employees, guests

Personal and property protection

49

Ground floor on the wall opposite the wellness entrance

Upper part of the wellness entrance

Employees, guests

Personal and property protection

50

basement next to the ramp on the side wall

Receipt of goods

Employees, suppliers

Personal and property protection

51

Ground floor above the masseur entrance

Hotel Passage Stairs

Employees, guests

Personal and property protection

52

basement economic entrance above offices

entrance to the beverage warehouse

Employees, suppliers

Personal and property protection

53

basement Spa entrance ceiling

SPA entrance lifts

Employees, guests

Personal and property protection

54

Basement Economic Corridor End

Beverage warehouse inside

Employees, suppliers

Personal and property protection

55

Golf clubhouse main staircase

clubhouse, passenger traffic

Employees, guests

Personal and property protection

 

Bük, 19.08.2025.

 

Adventor Hotel Ltd.

 

 

Privacy Policy - Annex

Fagus Hotel Conference & Spa (9400 Sopron, Ojtózi fasor 3.)

Camera Location

 

Nr

Camera location

Area monitored by camera

People in the monitored space

The purpose of the camera placement

1

Barrier

Entry to the Fagusba area

Workers

Personal and property protection

guests

2

Underground garage entrance

Underground garage

Employees, guests

Personal and property protection

3

Underground Garage Water Softener

Economic entrance

Employees, guests

Personal and property protection

4

Internal economic entrance

Goods Receiver

Workers

Personal and property protection

Suppliers

5

Conference Fire Door Exit

Parking, elevator lobby

Employees, guests

Personal and property protection

6

Kitchen hallway

Cold rooms

Workers

Personal and property protection

7

Economic corridor I.

HK Warehouse

Workers

Personal and property protection

8

Economic corridor II.

Central warehouse

Workers

Personal and property protection

9

Wellnes reception

Reception desk

Employees, guests

Personal and property protection

10

Restaurant

Restaurant

Workers

Personal and property protection

11

II.em. Bar

Courtyard exit

Employees, guests

Personal and property protection

12

Pumping pump

Staircase "B" escape exit

Employees, guests

Personal and property protection

II. Em.

13

Intercom on

Arrivals

Employees, guests

Personal and property protection

14

Intercom Off

Departures

Employees, guests

Personal and property protection

15

Main entrance outside

Disabled entrance, parking lot

Employees, guests

Personal and property protection

16

Lobby

Reception desk

Employees, guests

Personal and property protection

17

Lobby

Elevator lobby

Employees, guests

Personal and property protection

18

Lobby terrace

Parking, terrace

Employees, guests

Personal and property protection

19

Back office

Back office

Workers

Personal and property protection

20

Underground Garage Level II

Garage storage, parking lot

Employees, guests

Personal and property protection

21

4th floor

Elevator lobby

Employees, guests

Personal and property protection

22

5th floor

Elevator lobby

Employees, guests

Personal and property protection

23

6th floor

Elevator lobby

Workers

Personal and property protection

24

7th floor

Elevator lobby

Employees, guests

Personal and property protection

 

Sopron, 19.08.2025.

 

Adventor Hotel Ltd.

 

 

Privacy Policy - Annex

Sirius Hotel Superior (8360 Keszthely, Mikus Gyula sétány 8.)

Camera Location

 

Well.

Monitored area

people in the monitored space

Purpose of placement

1.

back office

Guests, employees

 Property protection

2.

Lobby

Workers

Personal and property protection

3.

Staff entrance

Workers

Personal and property protection

4.

staff corridor I.

Workers

Personal and property protection

5.

Freight gate I.

Workers, suppliers

Personal and property protection

6.

barrier I.

Workers, suppliers

Personal and property protection

7.

Adult Playroom

Guests, employees

Personal and property protection

8.

B ép. escape corridor

Guests, employees

Personal and property protection

9.

Corridor B door to rooms

Workers

Personal and property protection

10.

Fitness room

Guests, employees

Personal and property protection

11.

Main entrance exterior

Guests, employees

Personal and property protection

12.

Parking back row

Guests, employees

 Property protection

13.

Parking third row

Guests, employees

 Property protection

14.

Parking second row

Guests, employees

 Property protection

15.

Parking front row

Guests, employees

 Property protection

16.

empty

17.

empty

18.

Children's playroom

Guests, employees

Personal and property protection

19.

tables in front of the adult play area

Guests, employees

Personal and property protection

20.

parking lot from the north

Guests, employees

Personal and property protection

21.

reception I.

Guests, employees

Personal and property protection

22.

reception II.

Guests, employees

Personal and property protection

23.

The intact. corridor in front of the secretariat

Guests, employees

Personal and property protection

24.

barrier II.

Guests, employees

 Property protection

25.

Building B corridor

Workers

Personal and property protection

26.

Floor corridor 1

Guests, employees

Personal and property protection

27.

Floor corridor 2

Guests, employees

Personal and property protection

28.

Floor corridor 3

Guests, employees

Personal and property protection

29.

Floor corridor 4

Guests, employees

Personal and property protection

30.

Floor corridor 5

Guests, employees

Personal and property protection

31.

B ép. Outdoor terrace

Guests, employees

Personal and property protection

32.

NW polar camera towards parking lot

Guests, employees

Personal and property protection

33.

Loading space exterior

Workers, suppliers

34.

VIP parking at the main entrance

Guests, employees

Personal and property protection

35.

Wave Bar

Guests, employees

Personal and property protection

36.

restaurant I.

Guests, employees

Personal and property protection

37.

Restaurant II.

Guests, employees

Personal and property protection

38.

Exit benches from Lake Balaton

Guests, employees

Personal and property protection

39.

Courtyard from the sun-house

Guests, employees

Personal and property protection

40.

The building has a terrace facing the pool

Guests, employees

Personal and property protection

41.

Corridor 6

Guests, employees

Personal and property protection

42.

Corridor 7

Guests, employees

Personal and property protection

43.

Corridor 8

Guests, employees

Personal and property protection

44.

Corridor 9

Guests, employees

Personal and property protection

45.

Corridor 10

Guests, employees

Personal and property protection

46.

Corridor 11

Guests, employees

Personal and property protection

47.

Corridor 12

Guests, employees

Personal and property protection

48.

Corridor 13

Guests, employees

Personal and property protection

49.

Corridor 14

Guests, employees

Personal and property protection

50.

Aisle 15

Guests, employees

Personal and property protection

51.

Corridor 16

Guests, employees

Personal and property protection

52.

Corridor 17

Guests, employees

Personal and property protection

53.

Restaurant III.

Guests, employees

Personal and property protection

54.

Children's pool

Guests, employees

Personal and property protection

55.

children's playground

Guests, employees

Personal and property protection

56.

The intact. Terrace from the SE corner

Guests, employees

Personal and property protection

57.

Reception, lobby from the main entrance

Guests, employees

Personal and property protection

58.

The ventilation unit housing

Workers

Property protection

59.

Wellness Sweeping Pool

Guests, employees

Personal and property protection

60.

External sauna entrance from the inside

Guests, employees

Personal and property protection

61.

Parking Swimming Pool Machine Room Entrance

Guests, employees

Personal and property protection

62.

The hallway

Guests, employees

Personal and property protection

63.

External loading space A intact. Beside

Workers, suppliers

Personal and property protection

64.

Wellness machine room wall fountain

Workers

Property protection

65.

Low-voltage control panel

Workers

Property protection

66.

The intact. Escape corridor

Guests, employees

Personal and property protection

 

Keszthely, 2025.08.19.

 

Adventor Hotel Ltd.

 

Privacy Policy - Annex

Villa Via (8230 Balatonfüred, Malomvölgy Hrsz. 095/24 )

Camera Location

Well.

Monitored area

people in the monitored space

Purpose of placement

1.

Corridor cleaner

Corridor cleaning supplies warehouse

Workers

2.

Employee Gate

Employee Gate

Employees, guests

3.

Tank

Tank

Employees, guests

4.

Main Gate Out

Main gate access road

Employees, guests

5.

Main gate in

Main gate ramp

Employees, guests

6.

Garage

Garage

Employees, guests

7.

Kiskapu vineyard

Loophole gateway to the wecery,

Employees, guests

8.

Beverage warehouse

Beverage warehouse

Workers

9.

Loophole corner

Loophole fence line

Employees, guests

10.

Warehouse Rack

Warehouse Rack

Workers

11.

Panorama courtyard

Panorama courtyard

Employees, guests

12.

Szőlős

Szőlős

Employees, guests

13.

Solar cell

Solar cell

Employees, guests

14.

Bowling alley

Bowling alley

Employees, guests

15.

Employee parking

Employee parking

Employees, guests

16.

Employee parking 2

Employee parking 2

Employees, guests

17.

Bridge

Bridge

Employees, guests

18.

Garden pond

Garden pond

Employees, guests

19.

Pelvis

Pelvis

Employees, guests

20.

Kitchen

Kitchen

Workers

21.

Guest Shop Entrance

Guest Shop Entrance

Employees, guests

22.

Vendégép terasz 2

Vendégép terasz 2

Employees, guests

23.

Bowlingép terrace

Bowlingép terrace

Employees, guests

24.

Sunbathing

Sunbathing

Employees, guests

25.

Solar panel 2

Solar panel 2

Employees, guests

26.

Main entrance

Main entrance

Employees, guests

27.

Reception

Reception

Employees, guests

28.

Vendégép terrace

Vendégép terrace

Employees, guests

29.

Corridor

Corridor

Employees, guests

30.

Office

Office

Workers

31.

Pool 2

Pool 2

Employees, guests

32.

Lower garden gate

Storage fence line downstairs

Employees, guests

33.

Upper garden gate

Forest line fence

Employees, guests

 

Balatonfüred, 2025.08.19.

 

Adventor Hotel Ltd.

 

 

 

Privacy Policy – Annex

Register of data processors

 

 

Name and contact details of data processors

Activity performed during data processing

Duration of data processing

MORGENS Design Ltd. (Zoltán Katona)

(registered office: 8800 Nagykanizsa, Magyar utca 79, cg. 20-09-072782, tax number: 23964710-2-20.)

Availability: https://morgens.hu/kapcsolat

You have access to all personal data processed by the Data Controller on the basis of this Policy. Its task is to operate the websites of the Data Controller and to store personal data. RoomSome system, booking engine Loyalty 1.0, Loyalty 2.0, frequent guest program, RoomSome Voucher, voucher module, Newsletter service, Zadir Ticket systems, ticket sales, Zadir CMS, Hotel CMS systems, online marketing services, campaign management (google + Youtube + bing)

On the basis of an indefinite contract, it lasts until the termination of the contract or until the fulfilment of the data subject's request for deletion addressed to the present data controller and/or data processor.

Eu-Securitas Zrt.

(registered office: 1095 Budapest, Gátőr utca 21. Cg.01-10-048086, tax number: 24933117-2-43)

Security service (facility management), but it has a view of the camera, monitoring the images of the camera system

On the basis of an indefinite contract until the termination of the contract.

Invitech ICT Services Kft. (registered office: 1013 Budapest, Krisztina körűt 39., Cg. 01-09-414291, tax number: 25836965-2-44)

Telecommunications, operation of customer service call centers 

On the basis of an indefinite contract until the termination of the contract.

HostWare Ltd. (registered office: 1149 Budapest, Róna utca 120-122., Cg. 01-09-263594, tax number: 10426917-2-42)

Hostware hotel software system (billing, reservation, accounting, inventory, goods traffic)

 

On the basis of an indefinite contract until the termination of the contract

BMD Rendszerház Kft. (registered office: 1138 Budapest, Madarász Viktor u. 47-49., cg. 01-09-694487, tax number: 12603284-2-41)

anyacég: BMD Systemhaus GmbH (4400 Steyr, Sierninger Str.190; adószám: ATU24168102)

BMD document management and registration system (CMR module), working time recording system (HR module)

 

On the basis of an indefinite contract until the termination of the contract

Z-WARE Informatics Ltd. (registered office: 8360 Keszthely, Rákóczi tér 20. manszárd 54. ajtó, Cg.20-09-072718, tax number: 14204537-2-20, Ferenc Markó)

IT administrator. Access data in supported IT systems. 

On the basis of an indefinite contract until the termination of the contract

Tamás Nyitrai sole proprietorship: 6060 TISZAKÉCSKE OLÁHHÁZDŰLŐ TANYA 18. A, tax number: 75718675-2-23, registration number: 56439155)

project assistant, IT and organizational assistant, accesses documents and IT systems of the Data Controller for the purpose of assistance

On the basis of an indefinite contract until the termination of the contract

dr. Edit Klam (registered office: 1117 Budapest, Nádorliget u. 7/A. 1. em. 110., tax number: 55076621-2-43)

legal advice, access to data in respect of assignments delegated by the Data Controller

On the basis of an indefinite contract, until the termination of the contract or until the end of the retention period prescribed by the Attorneys' Act or other mandatory legislation

MiniCRM Zrt. (registered office: 1075 Budapest, Madách Imre út 13.14,, Cg. 01-10-047449, tax number: 23982273-2-42) 

It operates as a kind of hosting service provider (contracts are stored in it) / management of partner data, partner-related projects, processes, offer sending system (to corporate partners), partner database management, maintenance, management of internal activities and processes

no guest data, only company contacts with a company e-mail address

On the basis of an indefinite contract until the termination of the contract.

Positive by Hinora Group Kft. (1062 Budapest, Délibáb utca 29. Cg. 01-09-739724, tax number: 13523439-2-42)

online marketing - managing social media platforms, managing campaigns (facebook, instagram, TikTok)

Email addresses of those who registered for lead collection campaigns

On the basis of an indefinite contract until the termination of the contract

D-EDGE SAS Direct Commercial Representation in Hungary (registered office: 1096 Budapest, Lenhossék utca 3, Cg. 01-12-074091, tax number: 25283604-1-43)

Providing a channel manager system with a competitor analysis module, yield management support system, guest reviews (under termination), management of online campaigns

Channel Manager: data provided for booking processes: e-mail address (required), phone, address

On the basis of an indefinite contract until the termination of the contract

Bonomi Ltd. (registered office: 8200Veszprém, Óváros tér 14., Cg. 19-09-519150, tax number: 25945441-2-19)

Provision of a chatbot system with an in-house sales support system (Concierge) Extra messages to the guest,

Guest name + email address, phone number (if provided)

On the basis of an indefinite contract until the termination of the contract

BDO Hungary Digital Services Ltd. (registered office: 1103 Budapest, Kőér utca 2/A. C. ép, Cg. 01-09-942171, tax number: 13536266-4-42)

"ticket system" with AI integration - managing incoming emails with the help of storytelling intelligence

e-mail + additional data provided

On the basis of an indefinite contract until the termination of the contract

MGMT Group Limited Liability Company (Everguest) (registered office: 1126 Budapest, Dolgos utca 2. 4. ép. 1st door, Cg. 01-09-299789, tax number: 25979930-2-43)

A system with AI integration to respond to guest reviews, provide statistics, monitor competitors

On the basis of an indefinite contract until the termination of the contract

Tárhely.Eu Ltd. (registered office: 1144 Budapest, Ormánság utca 4. X. em. door 241, reg. 01-09-909968, tax number: 14571332-2-42)

Provision of storage space

On the basis of an indefinite contract until the termination of the contract

 hotelkit GmbH

Mare-Andeßner-Platz 1

A-5020 Salzburg

www.hotelkit.net

ÁSZF: Terms & Conditions | hotelkit

The servers are located in Germany and Austria: Security & Confidentiality | hotelkit

Hotelkit Hotel Management Program (news and announcements, tasks, calendar, corrections, internal information transfers)

 

On the basis of an indefinite contract until the termination of the contract

Hungarian Tourism Agency (1027 Budapest, Kacsa u. 15-23., +36 1 488 8700, info@mtu.gov.hu)

VIZA system designated hosting provider 

The data submitted to the VIZA system will be stored for a maximum of two years

C. E.H Ltd. (registered office: 1143 Budapest, Ilka utca 34., Cg. 01-09-167254, tax number: 10766392-2-42) 

remote settings and repair of electronic equipment (audio, TV), occasional repair of conference rooms

On the basis of an indefinite contract until the termination of the contract

Group Energy Kft. (registered office: 2161 Csomád, Kossuth Lajos út 47., Cg. 13-09-146289, tax number: 23054419-2-13) 

energy consultancy, including getting acquainted with contracts and invoices

on the basis of a contract until the termination of the contract

 

Bük, 19.08.2025

 

Privacy Policy – Annex

Services provided by Morgens Design Kft. Data Processor

Your data processing activities

 

 

  1. 1.     RoomSome-related data (ZADÍR CMS AND HOTEL CMS)

 

 

NAME OF THE PROCESSING ACTIVITY

ONLINE BOOKING

Name of the data controller

Adventor Hotel Ltd. 

Contact details of the data controller

9740 Bük, Golf út 4

Purpose of data processing

Simplifying the room booking process, making online booking smooth and convenient

Legal basis for data processing

the express and voluntary prior consent of the person initiating the online booking

Name of the personal data processed

Booker's personal data as follows:

-name

- e-mail address

-telephone number

- address (country, zip code, city, street, house number)

- IP address (online identifier)

 

Envisaged duration of processing of personal data

until the withdrawal of consent.

Necessity of personal data provided by the data subject

the online room reservation process initiated by the data subject or, in the case of online payment, the completion of the transaction

The use of data processors is necessary for data processing activities

yes

NAME OF THE DATA PROCESSOR

Name of the data processor

MORGENS Design Ltd.

Address of the data processor

8800 Nagykanizsa, Magyar utca 79.

Purpose of data processing on behalf of the data controller

operation of the online booking module on the server of Tárhely.Eu Szolgáltató Kft. (1144 Budapest, Ormánság utca 4. X. emelet 241.), storage of incoming online bookings in a closed system, enabling the confirmation of bookings

Name of the data processor

Rocket Science Group

Address of the data processor

675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308

Purpose of data processing on behalf of the data controller

providing an e-mail function through the Mandrill software about recording an online reservation, preparing a confirmation, and using the guest review function

Name of the data processor

See the list of providers listed in point 7

Address of the data processor

See the list of providers listed in point 7

Purpose of data processing on behalf of the data controller

See the list of providers listed in point 7

 

NAME OF THE PROCESSING ACTIVITY

REQUEST AN ONLINE QUOTE

 

Name of the data controller

Adventor Hotel Ltd. 

 

Contact details of the data controller

9740 Bük, Golf út 4.

 

Purpose of data processing

Simplification of the quotation request process without obligations, viewing of the personalized offer prepared by the data controller

 

Legal basis for data processing

the explicit and voluntary prior consent of the person initiating the online request

 

Name of the personal data processed

Personal data of the Contracting Authority as follows:

-name

- e-mail address

-telephone number

- address (country, zip code, city, street, house number)

- IP address (online identifier)

 

 

Envisaged duration of processing of personal data

until the withdrawal of consent

 

Necessity of personal data provided by the data subject

the implementation of the online request for quotation process initiated by the data subject, and in case the offer is compliant, the subsequent online booking process to make the subsequent online booking process smoother, more efficient and faster

 

The use of data processors is necessary for data processing activities

yes

 

NAME OF THE DATA PROCESSOR

 

Name of the data processor

MORGENS Design Ltd.

 

Address of the data processor

8800 Nagykanizsa, Magyar utca 79.

 

Purpose of data processing on behalf of the data controller

operation of the online request for quotation module on the server of Tárhely.Eu Szolgáltató Kft. (1144 Budapest, Ormánság utca 4. X. emelet 241.), storage of incoming online requests for quotation in a closed system, and enabling the response of requests for quotations

 

Name of the data processor

Rocket Science Group

 

Address of the data processor

675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308

 

Purpose of data processing on behalf of the data controller

providing an e-mail function through Mandrill's software about recording the online request for quotation, preparing the offer and its validity

 

Data recipients

The enterprise; employees of the enterprise; agents for the performance of the contract, including the enforcement of claims arising from the contract;

 

Transfer of data to a third country or international organisation

there is none/there is

 

Automated decision-making / profiling

there is none/there is

 

Rights of data subjects

The data subject may request from the controller access, rectification, erasure or restriction of the processing of personal data concerning him/her, object to the processing of such personal data, and have the right to data portability. In the case of data processing based on consent, the right to withdraw consent at any time, which does not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal

 

Possible consequences of failure to provide data

the data subject is unable to use the service provided by the company

Complaints to supervisory authorities

It can be submitted in accordance with the provisions of the Data Processing Information and Data Management Policy.

You may contact the Data Controller with any questions, comments or problems related to data processing at the contact details provided above.

If the rights of the data subject are violated, he or she may go to court.

The data subject may also contact the National Authority for Data Protection and Freedom of Information directly with his or her complaint regarding data processing (address: 1055 Budapest, Falk Miksa utca 9-11; phone: +36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu; website: www.naih.hu).

 

 

  1. 2.     Loyalty 1.0 System Related Data (ZADÍR CMS)

 

 

NAME OF THE PROCESSING ACTIVITY

ROOMSOME LOYALTY

 

Name of the data controller

Adventor Hotel Ltd.

 

Contact details of the data controller

9740 Bük, Golf út 4

 

Purpose of data processing

providing unique discounts, unique offers and promotions for the hotel's regular guests, thus rewarding loyalty

 

Legal basis for data processing

the explicit and voluntary prior consent of the person initiating the registration

 

Name of the personal data processed

The personal data of the registered guest as follows:

-name

- e-mail address

-telephone number

- address (country, zip code, city, street, house number)

-birthday

- names and relatives of relatives

- the names of the people you invite

- E-mail addresses of the invitees

- Frequent guest status, level, discounts, points collected or redeemed during requests for quotations and reservations

- Requests for quotations and reservations of regular guests

- IP address (online identifier)

 

 

Envisaged duration of processing of personal data

from the time of registration to the exit from the Frequent Guest Program

 

Necessity of personal data provided by the data subject

Providing discounts (% and/or point redemption/point credit) related to the frequent guest during the booking process initiated by the data subject, and then finalizing the booking process smoothly after it has taken effect.

 

The use of data processors is necessary for data processing activities

yes

 

NAME OF THE DATA PROCESSOR

 

Name of the data processor

MORGENS Design Ltd.

 

Address of the data processor

8800 Nagykanizsa, Magyar utca 79.

 

Purpose of data processing on behalf of the data controller

operation of the online request for quotation module on the server of Tárhely.Eu Szolgáltató Kft. (1144 Budapest, Ormánság utca 4. X. emelet 241.), storage of incoming online requests for quotation in a closed system, and enabling the response of requests for quotations

 

Name of the data processor

Rocket Science Group

 

Address of the data processor

675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308

 

Purpose of data processing on behalf of the data controller

providing an e-mail function through Mandrill's software about recording the online request for quotation, preparing the offer and its validity

Name of the data processor

ActiveCampaign, LLC

Address of the data processor

1 N Dearborn Street, Suite 500, Chicago, IL 60602

Purpose of data processing on behalf of the data controller

to provide electronic mail delivery functionality through ActiveCampaign, LLC's Postmark mail sending servers, for the purpose of sending promotional mail.

Data recipients

The enterprise; employees of the enterprise; agents for the performance of the contract, including the enforcement of claims arising from the contract;

Transfer of data to a third country or international organisation

there is none/there is

Automated decision-making / profiling

there is none/there is

Rights of data subjects

The data subject may request from the controller access, rectification, erasure or restriction of the processing of personal data concerning him/her, object to the processing of such personal data, and have the right to data portability. In the case of data processing based on consent, the right to withdraw consent at any time, which does not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal.

Possible consequences of failure to provide data

the data subject is unable to use the service provided by the company

Complaints to supervisory authorities

It can be submitted in accordance with the provisions of the Data Processing Information and Data Management Policy.

You may contact the Data Controller with any questions, comments or problems related to data processing at the contact details provided above.

If the rights of the data subject are violated, he or she may go to court.

The data subject may also contact the National Authority for Data Protection and Freedom of Information directly with his or her complaint regarding data processing (address: 1055 Budapest, Falk Miksa utca 9-11; phone: +36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu; website: www.naih.hu)

 

 

  1. 3.     Loyalty 2.0 System Related Data (HOTEL CMS)

 

 

NAME OF THE PROCESSING ACTIVITY

ROOMSOME LOYALTY 2.0

Name of the data controller

Adventor Hotel Ltd. 

Contact details of the data controller

9740 Bük, Golf út 4.

Purpose of data processing

providing unique discounts, unique offers and promotions for the hotel's regular guests, thus rewarding loyalty

Legal basis for data processing

the explicit and voluntary prior consent of the person initiating the registration

Name of the personal data processed

The personal data of the registered guest as follows:

-name

- e-mail address

-telephone number

- address (country, zip code, city, street, house number)

-birthday

- the names of the people you invite

- E-mail addresses of the invitees

- Frequent guest status, level, discounts, points collected or redeemed during requests for quotations and reservations

- Requests for quotations and reservations of regular guests

- IP address (online identifier)

 

Envisaged duration of processing of personal data

from the time of registration to the exit from the Frequent Guest Program

Necessity of personal data provided by the data subject

Providing discounts (% and/or point redemption/point credit) related to the frequent guest during the booking process initiated by the data subject, and then finalizing the booking process smoothly after it has taken effect.

The use of data processors is necessary for data processing activities

yes

NAME OF THE DATA PROCESSOR

Name of the data processor

MORGENS Design Ltd.

Address of the data processor

8800 Nagykanizsa, Magyar utca 79.

Purpose of data processing on behalf of the data controller

operation of the online request for quotation module on the server of Tárhely.Eu Szolgáltató Kft. (1144 Budapest, Ormánság utca 4. X. emelet 241.), storage of incoming online requests for quotation in a closed system, and enabling the response of requests for quotations

Name of the data processor

Rocket Science Group

Address of the data processor

675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308

Purpose of data processing on behalf of the data controller

providing an e-mail function through Mandrill's software about recording the online request for quotation, preparing the offer and its validity

Name of the data processor

ActiveCampaign, LLC

Address of the data processor

1 N Dearborn Street, Suite 500, Chicago, IL 60602

Purpose of data processing on behalf of the data controller

to provide electronic mail delivery functionality through ActiveCampaign, LLC's Postmark mail sending servers, for the purpose of sending promotional mail.

Data recipients

The enterprise; employees of the enterprise; agents for the performance of the contract, including the enforcement of claims arising from the contract;

Transfer of data to a third country or international organisation

there is none/there is

Automated decision-making / profiling

there is none/there is

Rights of data subjects

The data subject may request from the controller access, rectification, erasure or restriction of the processing of personal data concerning him/her, object to the processing of such personal data, and have the right to data portability. In the case of data processing based on consent, the right to withdraw consent at any time, which does not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal.

Possible consequences of failure to provide data

the data subject is unable to use the service provided by the company

Complaints to supervisory authorities

It can be submitted in accordance with the provisions of the Data Processing Information and Data Management Policy.

You may contact the Data Controller with any questions, comments or problems related to data processing at the contact details provided above.

If the rights of the data subject are violated, he or she may go to court.

The data subject may also contact the National Authority for Data Protection and Freedom of Information directly with his or her complaint regarding data processing (address: 1055 Budapest, Falk Miksa utca 9-11; phone: +36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu; website: www.naih.hu).

 

 

  1. 4.     RoomSome Voucher related data (ZADÍR CMS AND HOTEL CMS)

 

 

NAME OF THE PROCESSING ACTIVITY

ONLINE GIFT CARD ORDERING

 

Name of the data controller

Adventor Hotel Ltd.

 

Contact details of the data controller

9740 Bük, Golf út 4

 

Purpose of data processing

Simplifying and making the online gift card ordering process more convenient

 

Legal basis for data processing

the express and voluntary prior consent of the person initiating the online payment in the process of ordering an online gift voucher

 

Name of the personal data processed

Personal data processed for ordering gift vouchers as follows:

- Customer's name

- Customer's e-mail address

- Customer's phone number

- Customer's mailing address (country, zip code, city, street, house number)

- Customer's billing address (country, zip code, city, street, house number)

- Customer's IP address (online ID)

- name of the recipient(s)

 

 

Envisaged duration of processing of personal data

until the withdrawal of consent

 

Necessity of personal data provided by the data subject

the possibility of a simple and convenient implementation of the gift voucher ordering process initiated by the data subject

 

The use of data processors is necessary for data processing activities

yes

 

NAME OF THE DATA PROCESSOR

 

Name of the data processor

MORGENS Design Ltd.

 

Address of the data processor

8800 Nagykanizsa, Magyar utca 79.

 

Purpose of data processing on behalf of the data controller

operation of the online gift voucher ordering module on the server of Tárhely.Eu Szolgáltató Kft. (1144 Budapest, Ormánság utca 4. X. emelet 241.), storage of incoming gift voucher orders in a closed system, enabling the sending of gift vouchers online

 

Name of the data processor

Rocket Science Group

 

Address of the data processor

675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308

 

Purpose of data processing on behalf of the data controller

Providing an e-mail function through Mandrill's software about recording an online gift card order

 

Name of the data processor

See the list of providers listed in point 7

Address of the data processor

See the list of providers listed in point 7

Purpose of data processing on behalf of the data controller

See the list of providers listed in point 7

Data recipients

The enterprise; employees of the enterprise; agents for the performance of the contract, including the enforcement of claims arising from the contract;

Transfer of data to a third country or international organisation

there is none/there is

Automated decision-making / profiling

there is none/there is

Rights of data subjects

The data subject may request from the controller access, rectification, erasure or restriction of the processing of personal data concerning him/her, object to the processing of such personal data, and have the right to data portability. In the case of data processing based on consent, the right to withdraw consent at any time, which does not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal.

Possible consequences of failure to provide data

the data subject is unable to use the service provided by the company

Complaints to supervisory authorities

It can be submitted in accordance with the provisions of the Data Processing Information and Data Management Policy.

You may contact the Data Controller with any questions, comments or problems related to data processing at the contact details provided above.

If the rights of the data subject are violated, he or she may go to court.

The data subject may also contact the National Authority for Data Protection and Freedom of Information directly with his or her complaint regarding data processing (address: 1055 Budapest, Falk Miksa utca 9-11; phone: +36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu; website: www.naih.hu).

 

  1. 5.     Data related to the newsletter service (ZADIR CMS AND HOTEL CMS)

 

NAME OF THE PROCESSING ACTIVITY

NEWSLETTER SUBSCRIPTION

Name of the data controller

Adventor Hotel Ltd. 

Contact details of the data controller

9740 Bük, Golf út 4.

Purpose of data processing

Keeping in touch, informing

Legal basis for data processing

the express and voluntary prior consent of the person initiating the newsletter subscription

Name of the personal data processed

Personal data processed for newsletter subscription as follows:

- Subscriber's name

- Subscriber's email address

- Subscriber's IP address (online ID)

- Sign-up date

- Subscription source

- Subscription status

- Date of sign-up status

 

Envisaged duration of processing of personal data

until the withdrawal of consent, unsubscribe from the newsletter

Necessity of personal data provided by the data subject

getting acquainted with the special offers and current programs of the accommodation of interest of the data subject, the possibility of obtaining information about possible individual promotions

The use of data processors is necessary for data processing activities

yes

NAME OF THE DATA PROCESSOR

Name of the data processor

MORGENS Design Ltd.

Address of the data processor

8800 Nagykanizsa, Magyar utca 79.

Purpose of data processing on behalf of the data controller

providing the storage space of the Zadír MailR system, which is closed on the server of Tárhely.Eu Szolgáltató Kft. (1144 Budapest, Ormánság utca 4. X. emelet 241.) for the purpose of sending newsletters to the login account specified by the data controller

Name of the data processor

Mailgun Technologies, Inc.

Address of the data processor

535 Mission St., 14th Floor

San Francisco, California 94105

Purpose of data processing on behalf of the data controller

To provide an electronic mail delivery function through Mailgun Technologies, Inc.'s mail sending servers for newsletter purposes

Name of the data processor

ActiveCampaign, LLC

Address of the data processor

1 N Dearborn Street, Suite 500, Chicago, IL 60602

Activities carried out on behalf of the data controller

on ActiveCampaign, LLC's Postmark mail servers

Purpose of data processing

To provide an electronic mail sending function for the purpose of sending newsletters.

Data recipients

The enterprise; employees of the enterprise; agents for the performance of the contract, including the enforcement of claims arising from the contract;

Transfer of data to a third country or international organisation

there is none/there is

Automated decision-making / profiling

there is none/there is

Rights of data subjects

The data subject may request from the controller access, rectification, erasure or restriction of the processing of personal data concerning him/her, object to the processing of such personal data, and have the right to data portability. In the case of data processing based on consent, the right to withdraw consent at any time, which does not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal.

Possible consequences of failure to provide data

the data subject is unable to use the service provided by the company

Complaints to supervisory authorities

It can be submitted in accordance with the provisions of the Data Processing Information and Data Management Policy.

You may contact the Data Controller with any questions, comments or problems related to data processing at the contact details provided above.

If the rights of the data subject are violated, he or she may go to court.

The data subject may also contact the National Authority for Data Protection and Freedom of Information directly with his or her complaint regarding data processing (address: 1055 Budapest, Falk Miksa utca 9-11; phone: +36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu; website: www.naih.hu).

 

  1. 6.     Zadir Ticket system related data (HOTEL CMS)

 

NAME OF THE PROCESSING ACTIVITY

ZADÍR TICKET

Name of the data controller

Adventor Hotel Ltd. 

Contact details of the data controller

9740 Bük, Golf út 4

Purpose of data processing

simplifying the ticketing process, making online ordering smooth and convenient

Legal basis for data processing

the express and voluntary prior consent of the person initiating the order

Name of the personal data processed

The customer's personal data as follows:

-surname

-first name

- e-mail address

-telephone number

- Billing address (country, zip code, city, street, house number, floor/door/other)

- in the case of a corporate customer, company name and tax number

-birthday

- IP address (online identifier)

 

Envisaged duration of processing of personal data

until the withdrawal of consent

Necessity of personal data provided by the data subject

The online ticket purchase process initiated by the data subject, or in the case of online payment, the completion of the transaction.

The use of data processors is necessary for data processing activities

yes

NAME OF THE DATA PROCESSOR

Name of the data processor

MORGENS Design Ltd.

Address of the data processor

8800 Nagykanizsa, Magyar utca 79.

Purpose of data processing on behalf of the data controller

operation of the online ticket sales module on the server of Tárhely.Eu Szolgáltató Kft. (1144 Budapest, Ormánság utca 4. X. emelet 241.), storage of incoming online orders in a closed system

Name of the data processor

Rocket Science Group

Address of the data processor

675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308

Purpose of data processing on behalf of the data controller

providing an e-mail function through Mandrill's software about the recording of online ticket purchases, the sending of the ticket, its validity and usability

Name of the data processor

See the list of providers listed in point 7

Address of the data processor

See the list of providers listed in point 7

Purpose of data processing on behalf of the data controller

See the list of providers listed in point 7

 

 

  1. 7.     Online payment service providers for the affected modules (ZADIR CMS and HOTEL CMS)

 

 

NAME OF THE PROCESSING ACTIVITY

LIST OF ONLINE PAYMENT PROVIDERS

Name of the data processor

OTP Mobil Kft.

Address of the data processor

1093 Budapest, Közraktár u. 30-32.

Purpose of data processing on behalf of the data controller

Ensuring the data communication necessary for the online payment transaction between Adventor Hotel Kft. and the electronic system of SimplePay by OTP Mobil (payment service provider), confirmation of the status of the transaction

Name of the data processor

Nevogate Payment Services,

Address of the data processor

1061 Budapest, Andrássy út 33., 3rd floor, door 5

Purpose of data processing on behalf of the data controller

Ensuring the data communication necessary for the online payment transaction between Adventor Hotel Kft. and the electronic system of the payment service provider operating the SZÉP card online payment system, confirmation of the status of the transaction

 

Bük, 19.08.2025