Information on the data controller
- Name of the company: Mancs 2002 Kft.
- Company registry number: 01-09-702599
- Seat: 1051 Budapest, Hercegprímás u. 9. 3. em. 4.
- Homepage: palshostel.com
- E-mail contact: firstname.lastname@example.org
- Phone: +36305242466
- Data Protection Officer: not obligatory under Article 37 of GDPR
- Data processing outside EU: the data processor does not process data outside the European Union.
We will only collect personal data that is necessary for data processing in the frame of our daily operation. We will take all reasonable steps to ensure that the personal data we hold is accurate and up to date. When collecting and processing your personal data, we will communicate all information to you and inform you of the purpose and recipients of the data. We ensure the transparency of our data processing policy. We act in good faith and according to the general duty of cooperation to safeguard the privacy of our guests.
What kind of personal data is collected and controlled?
Our main purpose is to manage your stay with our hostel. Our hostel uses the Cloudbeds booking management system. We collect and use personal information if you make a booking through our reservation system or check-in at the desk. We generally collect this information directly from you, but in some cases we may receive your information from a third-party, such as when you book through an online travel agency or you use booking sites. Information collected during the course of the reservation and during your stay may include:
- Your name, email address, date and place of birth, home or business address, phone number, nationality, ID number (passport, ID card, driving-license, payment card information;
- Information made during the course of your reservation such as date of arrival and departure, payment method, your signature, your preferred room type and specific requests to the hostel.
- Our staff has access to our Facebook page and we track the opinions that our guests leave as an evaluation of our services.
Specific data control
- CCTV: A CCTV system operates within the public areas of the hostel in order to provide security of our guest and that of the staff. The areas under 24/7 surveillance include the entrance gates of the reception’s building and the staircase, and the entrance of the building located at the following address: 1051 Budapest, Hercegprímás u. 3. The system delates the recordings after 365 days.
- Homepage: The homepage is operated – as data processor - by 3 in 1 Hosting Bt. Our server is in Hungary.
- We may ask you to sign up to our newsletter. The newsletter helps us to promote directly our offers to our guests. We will retain the data you provide in the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains.
Purpose of the use of the data
The primarily purpose of the collection and procession of the data is to perform the contract between you as our customer and us as service provider. We use the information collected from you to fulfill your hotel reservation. This includes: managing the reservation and accommodation requests, monitoring our services, internal management of lists of customers having behaved inappropriately during their stay at the hotel (aggressive and anti-social behavior, non-compliance with the hotel contract, non-compliance with safety regulations, theft, damage and vandalism, or payment incidents).We may use information for purposes of aggregated trend and statistical analysis to evaluate and improve our services. We do not create profiles by connecting multiple sources of data, such as our reservation system or Facebook.Our company has to comply with legal duties under law, such as proper administration of taxation, accounting. The disclosure of the data might be required to comply with a judicial proceeding, court order, subpoena or warrant. (For example in the case of criminal investigation.)Under the law, we are obliged to send aggravated statistical data on the nationality of our visitors to the National Office of Statistics.
Legal basis for processing your personal data
We are committed to collecting and using your information in accordance with applicable data protection laws. We will only collect, use and share your information where we are satisfied that we have an appropriate legal basis to do this. The following legal basis are applicable:
- If you have provided your consent to us using the personal information – Article 6.1.(a) of the GDPR
- If the processing of your personal data is necessary to perform our contractual duties and rights in relation the legal relationship - Article 6.1.(b) of the GDPR
- Your information is necessary to meet responsibilities we have to our regulators, tax officials, law enforcement, or otherwise meet our legal responsibilities - Article 6.1.(c) of the GDPR
- Use of your information is in our legitimate interest as a commercial organization, for example to operate and improve our services or ensure our contractual rights - Article 6.1.(f) of the GDPR
Who has access to your personal data
In order to offer you the best service, we can share your personal data and give access to authorized personnel from our hostel and company, including: hotel staff, IT departments, commercial partners, legal services if applicable.Your personal data may be sent to a third party for the purposes of supplying you with services and improving your stay, for example: external service providers (IT sub-contractors, banks, credit card issuers, external lawyers).We may also be obliged to send your information to local authorities if this is required by law or as part of an inquiry and in accordance with local regulations.
How we secure your data?
We take appropriate technical and organizational measures, in accordance with applicable legal provisions, to protect your personal data against illicit or accidental destruction, accidental alteration or loss, and unauthorized access or disclosure. To this end, we have taken technical measures and organizational measures (such as a user ID/password system, means of physical protection etc.).
Our websites are not intended for children and we do not intentionally solicit or collect personal information from individuals under the age of 16 unless provided by the parents. If we are notified or otherwise discover that a minor’s personal information has been improperly collected, we will take all commercially reasonable steps to delete that information.
Your rights under GDPR
You have legal rights under EU data protection laws in relation to your personal information. :
- To access personal information: You can ask us to confirm whether or not we have and are using your personal information and for a copy of your information.
- To correct / erase personal information: You can ask us to correct any information about you which is incorrect. We will be happy to rectify such information but would need to verify the accuracy of the information first. You can ask us to erase your information if you think we no longer need to use it for the purpose we collected it from you. You can also ask us to erase your information if you have either withdrawn your consent to us using your information (if we originally asked for your consent to use your information), or exercised your right to object to further legitimate use of your information, or where we have used it unlawfully or where we are subject to a legal obligation to erase your personal information. We may not always be able to comply with your request, for example where we need to keep using your information to comply with our legal obligation or where we need to use your information to establish, exercise or defend legal claims.
- To restrict how we use personal information: You can ask us to restrict our use of your information in certain circumstances, for example: where you think the information is inaccurate and we need to verify it; where our use of your information is not lawful but you do not want us to erase it; where the information is no longer required for the purposes for which it was collected but we need it to establish, exercise or defend legal claims; or where you have objected to our use of your personal information but we still need to verify if we have overriding grounds to use it.
- We can continue to use your information following a request for restriction where we need to use it to establish, exercise or defend legal claims, or we need to use it to protect the rights of another individual or a company or fulfill legal duties imposed by the municipal law.
- To object to how we use your information: You can object to any use of your information which we have justified on the basis of our legitimate interest, if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information. If you raise an objection, we may continue to use your information if we can demonstrate that we have compelling legitimate interests to use the information.
- To ask us to transfer your information to another organization: You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller (e.g. another company). You may only exercise this right where we use your information in order to perform a contract with you, or where we asked for your consent to use your information. This right does not apply to any information which we hold or process that is not held in digital form.
How to contact us?
For any questions or concerns regarding this Privacy Statement or our data privacy practices, please contact us:
- E-mail contact: email@example.com
- Phone: +36305242466
- Address: 1051 Budapest, Szent István tér 3. 2. em. 2.
Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. Personal data breach covers a range of data incidents, everything from accidental disclosure to deletion to an actual breach of security where information is stolen. In the case of a personal data breach, after a careful internal investigation of the incident, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.
You have a right to lodge a complaint with your local data protection supervisory authority at any time. The procedures are regulated by Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information. In the event of any infringement of your rights as data subject, you may submit a complaint with the National Authority for Data Protection and Freedom of Information (www.naih.hu) or launch a court procedure at the Metropolitan Court of Budapest. However, we ask that you please try to resolve any issues with us first before referring your complaint to the supervisory authority.
Effective Date: October 1, 2019 Act CXII. of 2011 on Informational Self-determination and Freedom of Information
|_ga||persistent||2 years||Registers a unique ID that is used to generate statistical data on how the visitor uses the website.|
|_gat||persistent||1 day||Used by Google Analytics to throttle request rate.|
|_gid||persistent||1 day||Registers a unique ID that is used to generate statistical data on how the visitor uses the website.|
|acessa_session||persistent||2 years||Cloudbeds cookie|
|ads/ga-audiences||session||Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor's online behaviour across websites.|
|AWSALB||persistent||6 days||Cloudbeds cookie Registers which server-cluster is serving the visitor. This is used in context with load balancing, in order to optimize user experience.|
|collect||session||Used to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devices and marketing channels.|
|cookielawinfo-checkbox-necessary||persistent||1 day||Determines whether the visitor h as accepted the cookie consent box.|
|cookielawinfo-checkbox-non-necessar||persistent||1 year||Determines whether the visitor has accepted the cookie consent box|
|events||session||New Relic cookie|
|HotelDefLng||persistent||21842 days||Cloudbeds cookie|
|HotelLng||persistent||10 years||Cloudbeds cookie|
|jserrors||session||New Relic cookie|
|JSESSIONID||session||The JSESSIONID cookie is used to store a session identifier so that New Relic can monitor session counts for an application. The cookie value is generated by Jetty.|
|NID||persistent||6 months||Cookie used by Google, necessary for recaptcha for spam protection|
|PHPSESSID||session||Preserves user session state across page requests.|