data protection information
Management of personal data
The RV Event Kft. (RV EVENT Limited Liability Company - hereinafter RV EVENT Kft.), whose main activity is medical and hotel services.
RV Event Kft. hereby informs its customers, guests and visitors to its website about the personal data it manages, the principles and practices it follows in the management of personal data, as well as the manner and possibilities of exercising the rights of those concerned.
In order to protect the personal data of its dedicated users and partners, the company considers it of utmost importance to respect its customers' right to informational self-determination. RV Event Kft. declares that it respects the personal rights of its partners, customers and website visitors. It handles recorded personal data confidentially, in accordance with data protection legislation and international recommendations, in accordance with this data management policy, and takes all security, technical and organizational measures that guarantee data security.
Information arising in connection with RV Event Kft.'s data management activities and the version of the regulations valid at all times is continuously available at www.rvevent.hu.
The company reserves the right to change these regulations at any time. Of course, you will notify your customers, partners, and guests of any changes in a timely and appropriate manner.
A partner entering into a customer relationship with the company accepts the following and consents to the data management defined below.
1./ Purpose of the Regulations
The purpose of these Regulations is to ensure that the RV Event Kft. complies with the applicable data protection legislation, in particular the following:
– CXII of 2011 law - on the right to self-determination of information and freedom of information;
– XLVII of 2008 law - on the prohibition of unfair trade practices towards consumers;
– XLVIII of 2008 Act - on the basic conditions and certain limitations of economic advertising activity.
– CXXXIII of 2005 law - on the rules of personal and property protection, as well as private detective activity;
– CVIII of 2001 Act - on certain issues of electronic commercial services and services related to the information society;
2./ Scope of the Regulations
2.1. Temporal scope
These Regulations are effective from 01.06.2021 until further notice or withdrawal.
2.2. Personal scope
The scope of these Regulations covers the RV Event Kft., the persons whose data is included in the data processing covered by these Regulations, and also the persons whose rights or legitimate interests are affected by the data processing.
2.3. Subject scope
The scope of these Regulations covers all data management involving personal data carried out by the RV Event Kft. in all its organizational units.
The following concepts are understood in the application of these Regulations:
data protection: the set of principles, rules, procedures, data management tools and methods that ensure the legal handling of personal data and the protection of the persons concerned.
personal data: any data that can be associated with a specific, identified or identifiable natural person [data subject] and the conclusion that can be drawn from the data regarding the data subject. During data management, personal data will retain its quality as long as the relationship with the data subject can be restored. The relationship with the data subject can be restored if the Data Controller has the technical conditions necessary for the restoration.
data subject/data subject: any natural person identified on the basis of specific personal data or otherwise - directly or indirectly - identifiable. A person can be considered identifiable in particular if he can be identified - directly or indirectly - on the basis of a name, identification mark, or one or more factors characteristic of his physical, physiological, mental, economic, cultural or social identity.
special data: personal data relating to racial origin, belonging to a nationality, political opinion or party affiliation, religious or other worldview convictions, interest-representation organization membership, sex life, health status, and pathological passion.
criminal personal data: during or prior to the criminal proceedings, in connection with the crime or the criminal proceedings, the personal data related to the criminal record, generated by the bodies authorized to conduct the criminal proceedings or to detect crimes, as well as by the organization of the execution of the sentence, which can be associated with the person concerned, as well as the criminal record.
data management: regardless of the procedure used, any operation performed on the data, such as the collection, recording, recording, organization, storage, change, use, query, transmission, disclosure of the data, total tuning or linking, locking, erasing and destruction, as well as preventing further use of the data, taking photographs, audio or video recordings, and recording physical characteristics suitable for identifying the person (fingerprint or palm print, DNA sample, iris image, etc.).
data controller: the person or organization who determines the purpose of data management, makes and implements decisions regarding data management (including the device used), or has them implemented by the data processor commissioned by them.
data processing: performing technical tasks related to data management operations (regardless of the method and tool used to perform the operations, as well as the place of application).
data processor: the person or organization who, on the basis of the contract concluded with the data controller - including the conclusion of a contract based on the provisions of the law - processes the data.
the rights of the data subject: the data subject must be clearly informed of all details of the data processing even before data processing begins, but also at any time upon request. The data subject may request the correction of his or her data, and in some cases its deletion, as well as object to the processing of his personal data in cases defined by law.
legal basis for data management: as a general rule, the consent of the data subject or mandatory data management mandated by law.
consent: the voluntary and decisive declaration of the data subject's will, which is based on adequate information, and with which he gives his unequivocal consent to the processing of his personal data - in full or covering certain operations. In the case of special data, the written form is required.
adequate information: before data processing begins, the data subject must be informed whether the data processing is based on their consent or is mandatory, and they must also be informed clearly and in detail about all the facts related to the processing of their data, in particular the purpose and legal basis of the data processing, the person entitled to the data processing and the data processing about the person, the duration of the data management, and who can see the data. The information must also cover the data subject's rights and legal remedies.
protest: the statement of the data subject objecting to the processing of his personal data and requesting the termination of data processing or the deletion of the processed data.
data security: a system of technical and organizational solutions against unauthorized acquisition, modification and destruction of data.
principles of data management: the requirement of purpose-related data management (see below) and the requirement of data quality. The latter includes the need for accurate, complete and up-to-date data, as well as the fair and legal nature of data collection and data management.
purpose-based data management: personal data can only be processed for a specific purpose, to exercise a right and to fulfill an obligation. In all stages of data management, the purpose of data management must be met, the collection and management of data must be fair and legal. Only personal data that is essential for the realization of the purpose of data management and suitable for achieving the purpose can be processed. Personal data can only be processed to the extent and for the time necessary to achieve the purpose. During data management, it must be ensured that the data is accurate, complete and – if necessary in view of the purpose of the data management – up-to-date, and that the data subject can only be identified for the time necessary for the purpose of the data management.
data transfer: making the data available to a specific third party;
transfer of data abroad: transfer of personal data to a data controller outside the EEA (European Economic Area: the countries of the European Union, as well as Iceland, Norway and Liechtenstein) engaged in data management activities in a third country.
freedom of information: the fundamental right to the knowledge and distribution of data of public interest and public interest, which promotes democratic control of the exercise of public power and the transparency of public institutions (transparency).
public interest data: information or knowledge in the management of a body performing a state/municipal task or other public task and relating to its activities or arising in connection with the performance of its public tasks, not covered by the concept of personal data, recorded in any way or form, regardless of the way it is handled, its independent or collective nature (thus, in particular, data on competence, competence, organizational structure, professional activity, including its effectiveness evaluation, the types of data held and the legislation governing the operation, as well as management, the contracts concluded).
public data in the public interest: all data that does not fall under the concept of data in the public interest, the disclosure, knowledge or availability of which is sought he orders it in the public interest. (e.g. in order to protect the interests of creditors and the safety of market traffic, a wide range of data is classified as public in the public interest by the Act on Real Estate Registration, the Companies Act and the Accounting Act)
third party: a natural or legal person, or an organization without legal personality, who or which is not the same as the data subject, the data manager or the data processor;
disclosure: making the data available to anyone;
data deletion: making data unrecognizable in such a way that their recovery is no longer possible;
data designation: providing the data with an identification mark for the purpose of distinguishing it;
data blocking: providing the data with an identification mark for the purpose of limiting its further processing permanently or for a specified period of time;
data destruction: complete physical destruction of the data carrier containing the data;
cookies: short data files placed on the user's computer by the visited website. The purpose of the cookie is to make the given information communication and Internet service easier and more convenient. There are many types, but they can generally be classified into two large groups. One is the temporary cookie, which the website places on the user's device only during a specific session (e.g. during the security identification of internet banking), the other type is the permanent cookie (e.g. the language setting of a website), which until then remains on the computer until the user deletes it. Based on the guidelines of the European Commission, cookies [unless they are absolutely necessary for the use of the given service] can only be placed on the user's device with the user's permission. Cookies raise many data protection concerns, for example, they can be used to track the user's browsing habits.
cloud computing: ("computer cloud", "cloud-based informatics"): the collective term covering numerous IT services, which is expanding every day, the common feature of the services is that they can be located not on the user's computer/company computer center, but on a remote server/anywhere in the world provided by server center. The most common cloud-based services are Internet mail systems, storage spaces, development environments, and virtual workstations. Internet mail systems used by millions (e.g. Gmail) or online storage facilities (e.g. Dropbox) operate on a cloud-based IT basis. An important advantage is that the customer can access an IT system in an economical and personalized manner, without having to spend on the necessary expensive investments and employ the personnel required to maintain the systems. However, cloud-based IT raises many data protection concerns. The data uploaded by the user is in constant motion, of which the user is not informed. In the case of multiple services, the service provider also uses the customer's personal data for its own purposes, mainly for marketing. The service provider uses subcontractors all over the world who process their data without the knowledge of the customer. In the case of several (more complex corporate) applications, the data can only be saved from the cloud with difficulty, so the user can only get rid of the cloud-based service at the cost of serious financial burdens.
EU data protection directive: Directive 95/46/EC of the European Parliament and the Council on the protection of individuals with regard to the processing of personal data and the free flow of such data. The general data protection directive of the European Union was born on October 24, 1995, which, among other things, established the so-called 29 Data Protection Working Group (see below).
4./ Basic principles during data management
Personal data can be processed if the person concerned consents to it, or
it is ordered by law or - based on the authority of the law, within the scope defined therein - by a local government decree for a purpose based on public interest (mandatory data management).
Personal data may be processed even if obtaining the data subject's consent would be impossible or disproportionately expensive, and the processing of personal data is necessary for the purpose of fulfilling a legal obligation to the data controller, or is necessary for the purpose of asserting the legitimate interest of the data controller or a third party, and the enforcement of this interest is based on the personal data is proportionate to the limitation of the right to protection.
The consent of the legal representative is required for the declaration of an incapacitated person and a minor with limited legal capacity under the age of 16, except for those parts of the service where the declaration is aimed at data processing that occurs en masse in everyday life and does not require special consideration.
If the data subject is unable to give his consent due to his incapacity or other unavoidable reasons, the immediate threat to the protection of his own or another person's vital interests, as well as the life, physical integrity or property of the persons, is removed to the extent necessary for its prevention or prevention, the data subject's personal data may be processed if there are obstacles to consent.
If the personal data was recorded with the consent of the data subject, the data controller shall, unless otherwise provided by law, use the recorded data for the purpose of fulfilling the relevant legal obligation, or for the purpose of asserting the legitimate interest of the data controller or a third party, if the assertion of this interest is limited by the right to the protection of personal data is proportionate without further separate consent, and can be handled even after the consent of the person concerned has been withdrawn.
Personal data may only be processed for a specific purpose, in order to exercise a right and fulfill an obligation. All stages of data management must comply with this purpose, and the collection and handling of data must be fair.
Only such personal data can be processed that is essential for the realization of the purpose of data management, suitable for achieving the purpose, and only to the extent and for the time necessary for the realization of the purpose.
Personal data can only be processed with consent based on appropriate information.
Before data processing begins, the data subject must be informed that data processing is based on consent or is mandatory.
The data subject must be informed - clearly, clearly and in detail - about all the facts related to the processing of his data, in particular the purpose and legal basis of data processing, the person entitled to data processing and data processing, the duration of data processing, if the personal data of the data subject is processed by the data controller with the consent of the data subject and handles it for the purpose of fulfilling the legal obligation of the data controller or enforcing the legitimate interest of a third party, as well as about who can access the data. The information must also cover the data subject's rights and legal remedies.
During data management, the accuracy, completeness, and up-to-dateness of the data must be ensured, as well as that the data subject can only be identified for the time necessary for the purpose of data management.
Employees performing data management at the organizational units of RV Event Kft. are obliged to keep the personal data they learn as a business secret. Persons handling personal data and having access to them are required to make a Privacy Statement.
5./ Scope of personal data, purpose of data management, legal title, duration The Data Controller only processes personal data for specific purposes, in order to exercise rights and fulfill obligations. It meets the purpose of data management at all stages of data management. Data is collected and processed fairly and legally.
The Data Controller strives to ensure that only such personal data is processed that is essential for the realization of the purpose of data management and suitable for achieving the purpose. Personal data can only be processed to the extent and for the duration necessary for the realization of the purpose. We would like to draw the attention of informants to the RV Event Kft. that if they do not provide their own personal data, the informant is obliged to obtain the consent of the person concerned.
5.1. Data management on the website
a) The legal basis for data management on the website: the User's consent, and CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. Act 13/A. (3) of §
b) Scope of processed data: date and time of the visit, IP address of the visiting user's computer, browser type, name, telephone, e-mail address, date and time, number of adults, number and age of children, type of care, and Other personal data provided by the user.
c) Data deletion deadline: 5 years from the date of the room reservation, in the case of a request for an offer, if no contract was concluded immediately; while in the case of consents given to sending the newsletter, until consent is withdrawn. In the case of accounting documents, the Service Provider keeps them for 8 years based on Section 169 (2) of Act C of 2000 on accounting.
d) The deletion or modification of personal data can be initiated in the following ways:
– by post: Vilma utca 38, 8647 Balatonmáriafürdő, or by e-mail at firstname.lastname@example.org.
e) We inform our Users that the court, the prosecutor, the investigative authority, the infringement authority, the public administrative authority, the data protection commissioner, or other bodies based on the authorization of the law, may contact the Service Provider in order to provide information, communicate and transfer data, or make documents available .
f) RV Event Kft. will only release personal data to the authorities - if the authority has specified the exact purpose and the scope of the data - to the extent and to the extent that is absolutely necessary to achieve the purpose of the request.
g) The data and information provided by RV Event Kft. guests, necessary for the performance of the Service, is governed by the information regulation CXII of 2011 on the right of disposal and freedom of information. law. is handled in accordance with its regulations.
h) RV Event Kft. manages the Users' personal data for the purpose of providing the service (full use of the website, e.g. booking, sending newsletters), only to the extent and for the time necessary for this. It complies with this purpose at all stages of data management.
i) It also manages the personal data that are technically absolutely necessary for the provision of the service. If the personal data was collected with the consent of the User, the RV Event Kft. uses the collected data for the purpose of fulfilling the relevant legal obligation, unless otherwise provided by law, or
In order to enforce the legitimate interests of the company or a third party, if the enforcement of this interest is proportional to the restriction of the right to protect personal data, it may be processed without further separate consent and also after the withdrawal of the User's consent.
j) In addition, RV Event Kft. only collects such information about the Users (IP address, time of use, visited website, browser program, and one or more cookies enabling the unique identification of the browser) that is solely for the purpose of developing and maintaining the Services, as well as for statistical uses for purposes. The Service Provider uses data processed for these statistical purposes only in a form that is not suitable for personal identification. In order to improve the quality of the Services, RV Event Kft. stores a file containing a series of characters on the User's computer, so-called places a cookie if the User consents to this. If the User does not agree, this will be indicated in advance in the "Data management on the website" chapter d. at the contact details specified in
k) RV Event Kft. transfers the personal data it manages to third parties only for the purpose of developing and/or operating certain services of the company - used by the User. The company does not use the personal data it manages for the purposes of third parties, and does not abuse them in any other way.
l) The Websites also contain links to external servers (not managed by RV Event Kft.), the pages accessible from these links may place their own cookies or other files on the computer, collect data or request personal data. RV Event Kft. disclaims all responsibility for these.
m) By using the service, the User consents to the RV Event Kft. collecting and managing their personal data in accordance with the provisions of this data protection information sheet, in order to fully provide the service.
Our company selects and operates the IT tools used in the provision of the service to manage personal data in such a way that the processed data:
accessible to those authorized to do so (availability),
its authenticity and authentication are ensured (authenticity of data management),
its immutability can be verified (data integrity),
be protected against unauthorized access (data confidentiality).
Our company ensures the protection of the security of data management with technical, organizational and organizational measures that provide a level of protection corresponding to the risks associated with data management.
During data management, our company keeps:
confidentiality: protects the information so that only those authorized to do so can access it,
integrity: protects the accuracy and completeness of the information and the method of processing,
availability: it ensures that when the authorized user needs it, he can really access the desired information and that the related tools are available.
The IT system and network of our Company and its partners are both protected against computer-supported fraud, espionage, sabotage, vandalism, fire and flood, as well as computer viruses, computer intrusions and denial-of-service attacks. The operator ensures security with server-level and application-level protection procedures.
We inform users that electronic messages transmitted on the Internet, regardless of the protocol (e-mail, web, etc.), are vulnerable to network threats that lead to unfair activity, contract disputes, or the disclosure or modification of information. To protect against such threats, the service provider takes all necessary precautions. Monitors systems to capture any security discrepancies and provide evidence for any security incidents. In addition, system monitoring also makes it possible to check the effectiveness of the precautions used.
Information and contact information of the data controller
data in the imprint
5.2. Data management of business cards
a) The legal basis for data management: the User's voluntary consent, which acts accordingly
occurs when the User hands over his business card containing his personal data to the company.
b) Scope of processed data: name, telephone number, residential address, e-mail address, workplace, workplace address, as well as other personal data on the business card.
c) The purpose of data management: building relationships and facilitating contact between people.
d) The provisions of this data management information sheet must be applied appropriately in the case of handing over and handling business cards.
e) Data deletion deadline: until the consent statement is revoked, i.e. until the order to destroy the business card.
5.3. Newsletter, DM activity
a) XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activities. Pursuant to § 6 of the Act, the User expressly consents in advance to the company's advertising offers and other mailings using the contact details provided during registration (e.g. e-mail address or telephone number).
b) Furthermore, taking into account the provisions of this information, the Customer consents to the company handling his personal data necessary for sending advertising offers.
c) RV Event Kft. does not send unsolicited advertising messages, and the User can unsubscribe from the sending of offers free of charge without limitation or justification. In this case, the company will delete all personal data necessary for sending advertising messages from its records and will not contact the User with further advertising offers. Users can unsubscribe from advertisements by clicking on the link in the message.
d) Purpose of data management: sending electronic newsletters containing economic advertising messages to the User, providing information on current information and products.
e) Legal basis for data management: the voluntary consent of the concerned person and XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activities. § 6 (5) of the Act.
f) Scope of processed data: name, e-mail address, phone number, date, time.
g) Data deletion deadline: until withdrawal of consent, i.e. until unsubscription.
6./ Data security
a) RV Event Kft. takes all necessary security steps, organizational and technical measures in order to ensure the highest level of security of personal data and to prevent their unauthorized change, destruction and use.
b) The company takes all necessary measures to ensure data integrity, i.e. to ensure the accuracy, completeness and up-to-date status of the personal data it manages and/or processes.
c) RV Event Kft. protects the data with appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction, damage, and inaccessibility resulting from changes in the technology used.
d) The company therefore reserves the right to inform its customers and partners of any security holes in its system if it detects a security hole on the part of its customers or partners, and at the same time restrict access to the Service Provider's system and services, or some of its functions, until the security hole is eliminated.
e) In order to ensure the security of data stored on the network, RV Event Kft. avoids data loss by continuous mirroring on the server.
f) The company performs a daily backup of the active data of the databases containing personal data.
g) The RV Event Kft. continuously ensures virus protection on the network handling personal data.
h) Access to data and data files managed on the RV Event Kft. network must be provided with a username and password.
7./ Information on data management
a) The User may request information about the management of his personal data, and may request the correction of his personal data or, with the exception of the data management mandated by law, the deletion of his personal data in the manner indicated at the time of data collection or at the Service Provider's indicated contact details.
b) At the User's request, the company provides information about the data it manages, its source, the purpose, legal basis, and duration of data management. RV Event Kft. will provide the information in writing in an understandable form as soon as possible, but no later than 30 days after the submission of the request.
c) The company corrects the personal data if it does not correspond to the reality, and the personal data corresponding to the reality is at its disposal.
d) RV Event Kft. blocks personal data if the User requests this, or if, based on the information available, it can be assumed that deletion would harm the User's legitimate interests. Locked personal data can only be processed as long as the data management purpose that precluded the deletion of personal data exists.
e) The company deletes the personal data if its processing is illegal, the User requests it, the processed data is incomplete or incorrect - and this situation cannot be legally remedied - provided that the deletion is not precluded by law, the data processing c
has ceased to exist, or the statutory period for storing the data has expired, it was ordered by the court or the National Data Protection and Freedom of Information Authority.
f) The data manager has 30 days to delete, block or correct personal data. If the company does not comply with the User's request for correction, blocking or deletion, it shall notify the reasons for the refusal in writing within 30 days.
g) The company notifies the Customer of the correction, blocking and deletion, as well as all those to whom the data was previously transmitted for the purpose of data management. The notification is omitted if this does not violate the User's legitimate interests in view of the purpose of the data management.
The managers of the organizational unit handling data at the RV Event Kft. are obliged to continuously monitor compliance with the regulations related to data protection, especially the provisions of this regulation.
At the RV Event Kft., the company and Operations Director and the data protection officer appointed by him check the data managed once a year.
The RV Event Kft. accepts and respects the recommendations of the National Data Protection and Freedom of Information Authority on "the basic requirements of the electronic monitoring system used in the workplace" (January 30, 2013).
9./ The data protection officer and the data protection regulations
a) RV Event Kft. appoints an internal data protection officer directly under its supervision, whose duties are:
It participates and provides assistance in making decisions related to data management, as well as in ensuring the rights of the data subjects.
ii. It verifies compliance with the provisions and data security requirements of this law and other legislation relating to data management, as well as the data protection and data management regulations.
iii. It investigates the reports received and, in the event of detection of unauthorized data management, calls the head of the data management organizational unit or the data processor to terminate it.
arc. Maintains the internal data protection register.
v. He takes care of the education of data protection knowledge.
a) The user may object to the processing of his personal data if
the processing or transmission of personal data is necessary only to fulfill the legal obligation of the Service Provider, or to enforce the legitimate interests of the Service Provider, the data recipient or a third party, unless the data processing is mandated by law;
personal data is used or forwarded for the purpose of direct business acquisition, public opinion polls or scientific research; in other cases specified by law.
b) The company examines the protest as soon as possible, but no later than 15 days after the submission of the request, makes a decision on its merits, and informs the applicant of its decision in writing. If the company determines that the protest of the person concerned is well-founded, it will terminate the data management - including further data collection and transmission - and block the data, as well as notify all those to whom the personal data affected by the protest was previously transmitted about the protest and the measures taken based on it. and who are obliged to take measures to enforce the right to protest.
c) If the User does not agree with the company's decision, he may appeal to the court within 30 days of its notification.
d) In the event of a violation of his rights, the User may apply to court against the company. The court acts out of sequence in the case. Legal remedies and complaints can be made at the National Data Protection and Freedom of Information Authority:
National Data Protection and Freedom of Information Authority
Headquarters: 1055 Budapest, Falk Miska u. 9-11.
Mailing address: 1374 Budapest, Pf.: 603
E-mail: email@example.com Website: http://www.naih.hu
About the camera system
An electronic monitoring and recording system operates in the RV Event Kft. area.
Cameras, which are part of the electronic surveillance system, were placed on the outer areas of the RV Event Kft., directed at the parking lot and the beach. Cameras are located inside the buildings in the company's internal circulation areas, in the wellness department in the pool area, in the event halls, in the dining rooms and at the receptions.
Controller of personal data: RV Event Kft. (8647 Balatonmáriafürdő, Vilma utca 38).
The purpose of data management: to prevent and detect violations of law in order to protect human life, physical integrity, and property, to prosecute and prove violations, to identify those who enter the RV Event Kft. without permission, to record the fact of entry, to track the activities of unauthorized persons documentation, examination of the circumstances of possible workplace and other accidents.
The legal basis for data management: the consent of the data subject upon entering the RV Event Kft. area, as well as the rules for personal and property protection and private investigative activities CXXXIII of 2005 on Act (SzVMt.) § 30.
The scope of the processed data: The facial image and other personal data of the persons entering the RV Event Kft. area visible in the photographs.
Duration of data management: three working days in the absence of use, and thirty days for cameras directed to the transport route or storage location of significant cash [SzVMt. Section 31 (3) point c)].
Lop-Stop Asset Protection Limited Liability Company, hereinafter referred to as Lop-Stop Kft. (7400 Kaposvár, Rákóczi tér 9.), participates in the operation of the electronic monitoring and recording system as a data processor.
The person appearing in the recordings can request information about the handling of their data and can request the deletion and blocking of the recordings made of them, as well as object to the handling of their data.
The person concerned can contact the owner with his comments, and CXII of 2011. based on the law, you can enforce your rights in court, and you can file a report with the National Data Protection and Freedom of Information Authority.
If you have a problem with data management, contact the operator, RV EVENT Kft.!