Your complete satisfaction and confidence in Pal’s Hostel are absolutely essential to us. In order to meet your expectations, we have set up a customer privacy protection policy. Pal’s Hostel is operated by Mancs 2002 Kft. The “Privacy Policy” statement formalizes our commitment to safeguard your personal data and it describes how Mancs 2002 Kft. uses your personal data in accordance with the General Data Protection Regulation of the European Union (hereinafter: GDPR) and the national legislation of Hungary[1]. The present Privacy Policy forms part of the terms and conditions that govern our hostel services. By accepting these terms and conditions, you expressly accept the provisions of this Charter. "Personal data" means any information collected and logged in a format that allows you to be identified personally, either directly (e.g. name) or indirectly (e.g. telephone number) as a natural person. Before providing us with this information, we recommend that you read this document describing our customer privacy protection policy.

Information on the data controller

  • Name of the company: Mancs 2002 Kft.
  • Company registry number: 01-09-702599
  • Seat: 1051 Budapest, Hercegprímás u. 9. 3. em. 4.
  • Homepage:
  • E-mail contact:
  • Phone: +36305242466
  • Data Protection Officer: not obligatory under Article 37 of GDPR
  • Data processing outside EU: the data processor does not process data outside the European Union.

General principles

We will only collect personal data that is necessary for data processing in the frame of our daily operation. We will take all reasonable steps to ensure that the personal data we hold is accurate and up to date. When collecting and processing your personal data, we will communicate all information to you and inform you of the purpose and recipients of the data. We ensure the transparency of our data processing policy. We act in good faith and according to the general duty of cooperation to safeguard the privacy of our guests.

What kind of personal data is collected and controlled?

Our main purpose is to manage your stay with our hostel. Our hostel uses the Cloudbeds booking management system. We collect and use personal information if you make a booking through our reservation system or check-in at the desk. We generally collect this information directly from you, but in some cases we may receive your information from a third-party, such as when you book through an online travel agency or you use booking sites. Information collected during the course of the reservation and during your stay may include:

  • Your name, email address, date and place of birth, home or business address, phone number, nationality, ID number (passport, ID card, driving-license, payment card information;
  • Information made during the course of your reservation such as date of arrival and departure, payment method, your signature, your preferred room type and specific requests to the hostel.
  • Our staff has access to our Facebook page and we track the opinions that our guests leave as an evaluation of our services.
Our company does not collect and process special categories of personal data as specified in Article 9 of the GDPR. This article refers to health data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation; personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data. If this kind of data is collected incidentally, it should be removed immediately to avoid undertaking new obligations for the protection of that data.We generally only keep your information for as long as is reasonably required for the reasons explained in this privacy policy. The data necessary for the fulfillment of the contract is stored for 1 year. In some cases we keep transactional records (which may include your information) for longer periods if necessary to meet legal, regulatory, tax or accounting needs. We will also retain information if we reasonably believe there is a prospect of litigation.Prior to your stay this may include sending your information to the hotel or sending you pre-stay communications. Following your stay, we may also send you post-stay communications and satisfaction surveys to get feedback on your experience.

Specific data control

  • CCTV: A CCTV system operates within the public areas of the hostel in order to provide security of our guest and that of the staff. The areas under 24/7 surveillance include the entrance gates of the reception’s building and the staircase, and the entrance of the building located at the following address: 1051 Budapest, Hercegprímás u. 3. The system delates the recordings after 365 days.
  • Homepage: The homepage is operated – as data processor - by 3 in 1 Hosting Bt. Our server is in Hungary.
  • We may ask you to sign up to our newsletter. The newsletter helps us to promote directly our offers to our guests. We will retain the data you provide in the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains.
  • Our website uses cookies to distinguish you from other users. This helps us provide you with a good experience when browsing and also allows us to improve our site. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Necessary cookies are essential and help you navigate the Site. These cookies make sure your basket is saved during all steps of the checkout process. This helps to support security and basic functionality of the Site.  These cookies are necessary for the proper operation of our Site, so if you block these cookies we cannot guarantee your use or the security of our Site during your visit. Functional cookies are used to provide you the best user experience.  These cookies could recognize if a Site user has already signed up for our newsletter/requested information about a service or if the user is seeing a certain page for the first time. Performance cookies help us to understand the behavior of our visitors and the usage of the Site. This allows us to continuously improve the Site to provide you the best user experience. See the list of cookies here.
  • By accepting the present Privacy Policy, we presume that you gave your consent for us to take photos during events organized by the hostel. We may use these photos for marketing purposes.

Purpose of the use of the data

The primarily purpose of the collection and procession of the data is to perform the contract between you as our customer and us as service provider. We use the information collected from you to fulfill your hotel reservation. This includes: managing the reservation and accommodation requests, monitoring our services, internal management of lists of customers having behaved inappropriately during their stay at the hotel (aggressive and anti-social behavior, non-compliance with the hotel contract, non-compliance with safety regulations, theft, damage and vandalism, or payment incidents).We may use information for purposes of aggregated trend and statistical analysis to evaluate and improve our services. We do not create profiles by connecting multiple sources of data, such as our reservation system or Facebook.Our company has to comply with legal duties under law, such as proper administration of taxation, accounting. The disclosure of the data might be required to comply with a judicial proceeding, court order, subpoena or warrant. (For example in the case of criminal investigation.)Under the law, we are obliged to send aggravated statistical data on the nationality of our visitors to the National Office of Statistics.

Legal basis for processing your personal data

We are committed to collecting and using your information in accordance with applicable data protection laws. We will only collect, use and share your information where we are satisfied that we have an appropriate legal basis to do this. The following legal basis are applicable:

  • If you have provided your consent to us using the personal information – Article 6.1.(a) of the GDPR
  • If the processing of your personal data is necessary to perform our contractual duties and rights in relation the legal relationship - Article 6.1.(b) of the GDPR
  • Your information is necessary to meet responsibilities we have to our regulators, tax officials, law enforcement, or otherwise meet our legal responsibilities - Article 6.1.(c) of the GDPR
  • Use of your information is in our legitimate interest as a commercial organization, for example to operate and improve our services or ensure our contractual rights - Article 6.1.(f) of the GDPR

Who has access to your personal data

In order to offer you the best service, we can share your personal data and give access to authorized personnel from our hostel and company, including: hotel staff, IT departments, commercial partners, legal services if applicable.Your personal data may be sent to a third party for the purposes of supplying you with services and improving your stay, for example: external service providers (IT sub-contractors, banks, credit card issuers, external lawyers).We may also be obliged to send your information to local authorities if this is required by law or as part of an inquiry and in accordance with local regulations.

How we secure your data?

We take appropriate technical and organizational measures, in accordance with applicable legal provisions, to protect your personal data against illicit or accidental destruction, accidental alteration or loss, and unauthorized access or disclosure. To this end, we have taken technical measures and organizational measures (such as a user ID/password system, means of physical protection etc.).


Our websites are not intended for children and we do not intentionally solicit or collect personal information from individuals under the age of 16 unless provided by the parents. If we are notified or otherwise discover that a minor’s personal information has been improperly collected, we will take all commercially reasonable steps to delete that information.

Your rights under GDPR

You have legal rights under EU data protection laws in relation to your personal information. :

  • To access personal information: You can ask us to confirm whether or not we have and are using your personal information and for a copy of your information.
  • To correct / erase personal information: You can ask us to correct any information about you which is incorrect. We will be happy to rectify such information but would need to verify the accuracy of the information first. You can ask us to erase your information if you think we no longer need to use it for the purpose we collected it from you. You can also ask us to erase your information if you have either withdrawn your consent to us using your information (if we originally asked for your consent to use your information), or exercised your right to object to further legitimate use of your information, or where we have used it unlawfully or where we are subject to a legal obligation to erase your personal information. We may not always be able to comply with your request, for example where we need to keep using your information to comply with our legal obligation or where we need to use your information to establish, exercise or defend legal claims.
  • To restrict how we use personal information: You can ask us to restrict our use of your information in certain circumstances, for example: where you think the information is inaccurate and we need to verify it; where our use of your information is not lawful but you do not want us to erase it; where the information is no longer required for the purposes for which it was collected but we need it to establish, exercise or defend legal claims; or where you have objected to our use of your personal information but we still need to verify if we have overriding grounds to use it.
  • We can continue to use your information following a request for restriction where we need to use it to establish, exercise or defend legal claims, or we need to use it to protect the rights of another individual or a company or fulfill legal duties imposed by the municipal law.
  • To object to how we use your information: You can object to any use of your information which we have justified on the basis of our legitimate interest, if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information. If you raise an objection, we may continue to use your information if we can demonstrate that we have compelling legitimate interests to use the information.
  • To ask us to transfer your information to another organization: You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller (e.g. another company). You may only exercise this right where we use your information in order to perform a contract with you, or where we asked for your consent to use your information. This right does not apply to any information which we hold or process that is not held in digital form.

How to contact us?

For any questions or concerns regarding this Privacy Statement or our data privacy practices, please contact us:

  • E-mail contact:
  • Phone: +36305242466
  • Address: 1051 Budapest, Szent István tér 3. 2. em. 2.
For the purposes of confidentiality and personal data protection, we will need to identify you in order to respond to your request. You will be asked to include a copy of an official piece of identification, such as a driver's license or passport, along with your request. Our staff will respond within 25 days.

Data breach

Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. Personal data breach covers a range of data incidents, everything from accidental disclosure to deletion to an actual breach of security where information is stolen. In the case of a personal data breach, after a careful internal investigation of the incident, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.

Legal remedies

You have a right to lodge a complaint with your local data protection supervisory authority at any time. The procedures are regulated by Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information. In the event of any infringement of your rights as data subject, you may submit a complaint with the National Authority for Data Protection and Freedom of Information ( or launch a court procedure at the Metropolitan Court of Budapest.   However, we ask that you please try to resolve any issues with us first before referring your complaint to the supervisory authority.

Effective Date: October 1, 2019

[1] Act CXII. of 2011 on Informational Self-determination and Freedom of Information