Privacy Policy

1.Introduction

This Privacy Policy is based on Regulation (EU) 2016/679 of the European Parliament and Council with regard to the protection of individual’s personal data and the free flow of data. While preparing this privacy policy, the content of the „Act CXII of 2011 on information self-determination and freedom of information (Hungary)” has also been taken into account.

Name and contact details of the Service Provider and Data Controller:

Mrs. Vilmos Verebélyi
Headquarters: 8380 Hévíz, Dr. Babócsay street 12.
Web: www.williamshaus.hu
Email: hello@williamshaus.hu
Phone: +36 83 341 567

During the operation of the website, the service provider / data controller manages the data of individuals on the site in order to provide them with a suitable service.

2. Our privacy policy

We process personal data lawfully and fairly and in a way that is transparent to the data subject.

The processing of personal data is only for a specific, clear and legitimate purpose.

The purpose of the processing of personal data is appropriate and the scope of the data processed is only to the extent necessary.

Personal data shall be stored in a form which permits identification of data subjects for no longer than is necessary.

The processing of personal data shall be carried out in such a way as to ensure the adequate security of the personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage to the data, using appropriate technical or organizational measures.

The principles of data protection apply to all information about an identified or identifiable natural person.

3. Definitions

GDPR: (General Data Protection Regulation) is the new Data Protection Regulation of the European Union;

Data processing or data management or data handling: any operation or set of operations on personal data or collection of data, whether automated or non-automated, such as collecting, recording, organizing, segmenting, storing, transforming or altering, retrieving, accessing, using, communicating, transmitting, disseminating or otherwise by making available, harmonizing or linking, restricting, deleting or destroying;

Data processor: any natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;

Personal data: any information relating to an identified or identifiable natural person; a natural person is identifiable if he or she, directly or indirectly, by an identifier can be identified. Such identifiers are: names, numbers, locations, online identifiers or factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of a person;

Data controller or controller: the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law;

Data subject: any natural person identified or identifiable, directly or indirectly, on the basis of personal data;

Data subject’s consent: a voluntary, specific and unambiguous declaration of the intention of the data subject, based on adequate information, to indicate his or her consent to the processing of personal data concerning him or her by means of a statement or an act which unequivocally expresses confirmation.

Recipient: any natural or legal person, public authority, agency or any other body to whom personal data are disclosed, whether a third party or not. Public authorities that may have access to personal data in the framework of an individual investigation in accordance with Union or Member State law shall not be considered as recipients; the processing of such data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;

Third party: any natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or persons who have been authorized to process personal data under the direct control of the controller or processor.

4.Data management purposes

4.1. Contact through the Website

In case the data subject wishes to contact us through the website, it is necessary to provide the requested personal data. The data subject is not obliged to provide personal data in all cases (eg the email address is not obligatory to contain personal data) and there are no adverse consequences for the non-provision of data. However, it is not possible to use certain functions of the website without providing personal data.

Scope and purpose of data processed:

  • Name: For identification and contact purposes.
  • Email Address: For contact purposes. We will respond to your request with this address.
  • Phone number: For contact purposes. We will respond to your request at this number.

Legal basis for data processing: consent of the data subject. Article 6 (1) (a) of the GDPR.

The legal basis of data management, if the service is used after the request for quotation or contact: performance of the contract. Article 6 (1) (b) of the GDPR.

Contacting the website is optional. You can also choose to contact us through another channel provided in our contact details. Thus, you are free to choose this contact and consent to the processing of your personal data for this purpose.

Duration of data management: 30 days from the request for quotation or contact.

Duration of data management, if the service is used after the request for quotation or contact: 5 (five) years from the provision of the service; in the event of a possible breach of contract, 5 (five) years from the failure to provide the service or, in the event of a legal dispute, from the alleged defective performance of the person concerned.

Deletion of data is possible after the expiration of the legal term. You can request the deletion of your data by sending a letter to the contact e-mail address. It is not possible to delete the data before expiration of the legal term.

When handling the data, the Service Provider uses a data processor, the details of which can be found in point 5.

4.2. Subscription for newsletter

In case the data subject wishes to use the newsletter service of the website, it is necessary to provide the requested personal data.

Scope and purpose of data processed:

  • Name: For identification and contact purposes.
  • E-mail:For contact purposes only. We will send the newsletter to this address.

Legal basis for data processing: consent of the data subject. Article 6 (1) (a) of the GDPR.

Newsletter subscription on the website is not mandatory.

Duration of data processing: until the data subject’s consent is withdrawn.

You can withdraw your consent at any time by clicking the unsubscribe button at the bottom of any of our emails.

When handling the data, the Service Provider uses a data processor, the details of which can be found in point 5.

4.3. Booking on the website

In case the data subject wishes to use the services of the Data Controller, it is necessary to provide the requested personal data.

Scope and purpose of data processed:

  • Name: For identification and contact purposes.
  • Email Address: For identification and contact purposes. We will respond to your request with this address.
  • Phone number: For contact purposes.
  • Address: For identification and contact purposes. (country, zip code, city, street, house number)

Legal basis of data management: data management necessary for the performance of the contract or the fulfilment of a legal obligation. Article 6 (1) (b) and (c) of the GDPR.

The provision of data is based on a legal obligation, their provision is mandatory.

Duration of data management: 5 (five) years from the provision of the service;

Deletion of data is possible after the expiration of the legal term. You can request the deletion of your data by sending a letter to the contact e-mail address. It is not possible to delete the data before expiration of the legal term.

When handling the data, the Service Provider uses a data processor, the details of which can be found in point 5.

4.4. Cookies

We use cookies on the website in order to provide the best possible user experience for our visitors and to make our website more efficient. Cookies are small data files that a website places on your browsing device. Cookies save your browsing data, so the next time you visit our website, our site will recognize your browser and may make it more convenient for you to use our site. In addition, it helps to provide certain functions, to ensure their smooth operation, to maintain the security of our services and to further develop our website.

You have the option to disable cookies and change cookie settings. You can do this when accepting cookies in the pop-up window or in your browser’s Cookie Settings.

4.5. Analytics and marketing

Google Analytics:
The use of this data is used for technical purposes, such as the analysis and subsequent verification of the secure operation of the servers, and on the other hand, the Data Controller uses this data to compile page usage statistics and analyse user needs in order to improve the quality of services. The above data is not suitable for the identification of the user and is not linked to other personal data by the Data Controller.

Google Analytics cookies will only be enabled if the data subject enables them. The system logs the following data after consent:

  • the IP address of the user’s computer;
  • the type of browser and operating system used by the user;
  • user activity related to the website.

Additional privacy policies about Google services: https://policies.google.com/privacy?hl=en_US

Legal basis for data management: the legitimate interest of the Data Controller. Article 6 (1) (f) of the GDPR.

Duration of data management: 14 months from the last visit to the website.

5. Security of data management, data processors

In the light of development of technology, the Service Provider shall ensure the protection of the security of data management with technical and organizational measures that provide a level of protection appropriate to the risks arising in connection with data management.

The Service Provider’s computer systems and other data storage locations can be found at the Service Provider’s headquarters and at the Hosting Provider.

The Data Controller is entitled to use a data processor to perform its activities. The data processors do not make any independent decisions. They are only authorized to act in accordance with the contract concluded with, and the instructions received the Data Controller. The Data Controller monitors the work of the data processors. Data processors are only entitled to use an additional data processor with the consent of the Data Controller.

Data processors used by the Data Controller:

Hosting Provider:

RACKFOREST INFORMATIKAI KERESKEDELMI SZOLGÁLTATÓ ÉS TANÁCSADÓ KFT.
Tax number: 14671858-2-41
Address: 1132 Budapest, Victor Hugo street 18-22, 3. floor 3008 a.
Email address: info@rackforest.hu

6. Rights related to data processing

6.1. Right of access by the data subject

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

In case we receive such a request, we will send you information to one of the contact details you have provided without delay, but within a maximum of 30 days.

6.2. Right to rectification

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

In case we receive such a request, we will send you information to one of the contact details you have provided without delay, but within a maximum of 30 days.

6.3. Right to erasure

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • the data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing;
  • the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
  • the personal data have been unlawfully processed;
  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

The previously established shall not apply to the extent that processing is necessary for legal or other reasons.

We will review your request for deletion as soon as possible, but no later than 15 days, and will make a decision on its merits, and we will send you information about the decision to one of the contact details you have provided.

6.4. Right to restriction of processing

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

  • the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or
  • the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted based on the above, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

A data subject who has obtained restriction of processing based on the above shall be informed by the controller before the restriction of processing is lifted.

We will investigate such a request as soon as possible, but no later than within 15 days, and will make a decision on its merits, and will send information about the decision to one of the contact details you have provided.

6.5. Right to object

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing.

We will investigate the objection as soon as possible after the submission of the application, but not later than within 15 days, and we will make a decision on its merits, and we will send information about the decision to one of the contact details you have provided.

7. Remedies

In the event of a breach of his rights, the data subject may take legal action against the data controller. The court is acting out of turn in the case. The data controller shall compensate the damage caused to others by the unlawful processing of the data subject’s data or by violating the data security requirements. The data controller is released from liability if the damage was caused by an unavoidable cause outside the scope of data processing.

The controller shall not reimburse the damage to the extent that it resulted from the intentional or grossly negligent conduct of the data subject. Remedies and complaints can be lodged with the National Authority for Data Protection and Freedom of Information.

If you consider that the legal situation cannot be restored, please notify the authority at the following contact details:

NATIONAL DATA PROTECTION AND FREEDOM OF INFORMATION AUTHORITY
Postal address: 1530 Budapest, Pf .: 5.
Address: 1125 Budapest, Szilágyi Erzsébet avenue 22 / c
Phone number: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail address: ugyfelszolgalat@naih.hu
Web: https://naih.hu

Hévíz, 12th August, 2020