Data protection information | Liget Royal Restaurant Hévíz

Privacy policy

OUR DATA MANAGEMENT INFORMATION OFFICER
OUR GUESTS,
OUR BUSINESS PARTNERS,
TO STOP AT OUR RESTAURANT
FOR APPLICANTS

1.    What principles do we follow in our data management?

Our company follows the following basic principles in its data management:
a)    we handle personal data legally and fairly, as well as transparently for you,
b) we collect personal data only for specific, clear and legitimate purposes and do not process them in a way that is incompatible with the purposes,
c)    the personal data we collect and manage are appropriate and relevant from the point of view of the purposes of data management, and are limited to what is necessary,
d)    Our company takes all reasonable measures to ensure that the data we manage are accurate and, if necessary, up-to-date, we delete or correct inaccurate personal data immediately,
e) we store personal data in such a way that you can only be identified for the time necessary to achieve the goals of personal data management,
f)    by applying appropriate technical and organizational measures, we ensure adequate security of personal data against unauthorized or illegal processing, accidental loss, destruction or damage.
 

2.    Who are we?

Our restaurant: Liget Royal Restaurant, 380 Hévíz, Petőfi u. 7.
Our company: Liget Hévíz Trading and Hospitality Limited Liability Company
Our company's website: https://ligetroyalrestaurant.hu
Contact: ligeteviz@gmail.com
Our postal address: 2851 Környe, Tópart u. 1.
Our phone number: +36 20 373 6979
Company registration number: 1109025711
Tax number: 12414558-2-11


Our company uses data processors when handling data. The list of data processors can be found in no. 1. included in the appendix. If we change the scope of our data processors, we will introduce the changes in this information.
If you have questions about data management, you can request further information by e-mail at adatkezeles@transintertop.hu or at our postal address. We will send our answer without delay, but within one month at most, to the contact information you provided.
If you are in the public interest or interested in public information about our Company, you can notify us of your request by e-mail at adatkezeles@transintertop.hu or by letter addressed to our postal address.

 

3.    What else do you need to know about our data management?

3.1. Data service

If you provide personal data to our Company, we ask that you gradually ensure that your data is truthful, correct and accurate, because you are responsible for this. Incorrect, inaccurate or incomplete data can be an obstacle to making contact and, where applicable, to the proper fulfillment of the contract concluded with our Company.
The effect of failure to provide data on data management:
- If the provision of data is necessary for the fulfillment of a legal obligation concerning our Company, the fulfillment of this obligation becomes impossible.
- If the provision of data is necessary for the preparation of a contract, in that case failure to provide data will result in the failure to conclude a contract
- If consent is not given, the data processing on which the request for consent is based cannot be carried out.

 

3.2. Data management based on the consent of the data subjects

If our data processing is based on the data subject's consent, in that case, the data subject may withdraw his consent to the processing of his personal data at any time. If we process special data on the basis of consent, we can only do so based on your express consent, in view of point a) of Article 9 (2) of the GDPR.
We would like to draw your attention to the fact that in order to fulfill our legal obligations or assert our legitimate interests, we may process certain data even after the withdrawal of consent, and the withdrawal of consent does not affect the legality of the data management based on the consent before the withdrawal.
On our website, we can only process your personal data with your consent, such as a recording in which you can be identified.

 

3.3. With reference to the preparation and fulfillment of our data management contract

Our data management may be necessary for the fulfillment of a contract, if we have to process the personal data of those concerned to fulfill such an obligation (for example, you are our business partner as an individual entrepreneur).

 

3.4. Our data processing is based on a legal obligation

Some of the data management is based on a legal provision, i.e. a regulation that makes data management mandatory, such as tax and social insurance legislation, as well as occupational health and safety legislation

 

3.5. Our data management is based on the legitimate interests of our Company

Your personal data may be processed by our Company even if the data processing is necessary to enforce the legitimate interests of our Company – exceptionally a third party – unless these interests are overridden by the rights of the data subjects to protect their personal data and respect their privacy .
One of the main features of "legitimate interest" as the legal basis defined in Article 6 (1) point f) of the GDPR is that reference to this legal basis can make our Company's data processing legal regardless of the consent of the data subjects, provided that our Company - or, exceptionally, a third party party - its legitimate interest proportionally limits the right to the protection of personal data and privacy of the affected parties.
In the case of data processing based on legitimate interests, compliance with the requirements of necessity and proportionality is fundamental, and for this purpose, in the case of such data processing, our Company carries out an interest assessment test.

 

4.    Data management related to job applications received by our company
 

Your personal data, as the data of a natural person applying for an open position with our Company
a)    we process it for the purpose of preparing an employment contract,
b)    in some cases, the processing of your data is based on legal regulations and is mandatory, in such cases we draw your attention to this fact, and
c)    in some cases, our Company or a third party has a legitimate interest in handling your personal data,
d) we may also collect data based on your voluntary consent based on prior information,
in all cases, handled only to the extent necessary and subject to purpose, respecting the basic principles of the GDPR.



Our detailed information about our data management can be found in this information
No. 2 included in the annex



Applications received by our Company are treated with increased care, and the information contained therein is considered confidential. If we do not have an open position, we will inform the applicant about this and ask for his consent to the processing of his data, otherwise we cannot process his personal data.
In the case of an open position, until the position is filled, we process the applications received for the purpose of preparing an employment contract, after the position is filled, we keep the rejected applications until the expiry of the legal remedy deadline based on the legitimate interest of our Company. If you want us to contact you in the event of a new opening position, we can do this based on your consent. You can withdraw this consent at any time. For more information on the data management of job applications, refer to Nos. 1 and 2 of this information sheet. annex contains.

Our company may only require you to make a statement or provide personal data that is essential for the establishment, performance, termination (termination) of the employment relationship or for the enforcement of claims from the Labor Code; for this purpose, we can also demand the presentation of a document. [Mt. Section 10 (1)-(3)]
Our company does not use anonymous job advertisements, and during the recruitment process we can only examine your social media presence (e.g. Facebook, Instagram, Tiktok, etc.) if we have informed you about this in advance.
Our company may only apply to you an aptitude test that is required by a rule relating to an employment relationship, or which is necessary in order to exercise a right or fulfill an obligation defined in the legislation relating to an employment relationship.
If you provide us with your personal data, we ask that you gradually take care of their veracity, correctness and accuracy when communicating your data, because incorrect, inaccurate or incomplete data can be an obstacle to the preparation and proper fulfillment of the employment contract.
The effect of failure to provide data on our Company's data management:
- if the provision of data is necessary for the preparation of a contract (e.g. employment contract, study contract, etc.), in that case failure to provide data will result in the non-contraction of the contract
- If the provision of data is necessary in order to fulfill a legal obligation concerning the Company, the fulfillment of this obligation becomes impossible (for example, we cannot announce the employment of our employee)
- If consent is not given, the data processing on which the request for consent is based cannot be carried out (for example, we cannot process the applicant's data for the purpose of re-searching).
Our company does not use automated decision-making in relation to job applications, including profiling.

 

5.    Who can see your data?

Your data can only be seen by our staff with authority and competence regarding the given data management, and within the framework defined by law, we can forward it to, for example, the tax office. Data transmissions (data sharing) related to data management are regulated in Art. 2 no. included in the appendix.

In the case of our data processors, we ensure by stipulating contractual conditions that they cannot use your personal data for purposes contrary to the purpose of the given data management. The contributors involved in the data management and data processing of our company are entitled to know your personal data to a predetermined extent - under the burden of confidentiality. The list of our data processors can be found in no. 1. included in the appendix.

Based on the provisions of the GDPR (Chapter V), our company may only transmit data abroad (to a third country) with the provision of appropriate guarantees.

Courts, prosecutors and other authorities (e.g. police, tax office, National Data Protection and Freedom of Information Authority) may contact our Company to provide information, provide data or make documents available. In these cases, we have to fulfill our obligation to provide data, but only to the extent absolutely necessary to fulfill the purpose of the search.

 

6.    How do we protect data?

We protect your personal data with appropriate technical and other measures, as well as ensure the security and availability of the data, as well as protect them from unauthorized access, alteration, damage, disclosure and any other unauthorized use.
As part of organizational measures, we control physical access in our building, we continuously train our employees and keep paper-based documents locked away with appropriate protection. As part of the technical measures, we use encryption, password protection, anti-virus software, firewalls and other tools.
We log access to the personal data stored in our computers, so it is always possible to check who, when and what personal data has been accessed, and with appropriate organizational measures (e.g. strict definition of tasks and powers, authorization management, etc.) we ensure that personal data should not become accessible to an unspecified number of persons.
 

7.    What are your rights and remedies?

 You can request information about data management,
 You can request the correction, modification or addition of your personal data managed by us,
 You can object to data management and request the deletion and restriction of your data (if this is allowed by law),
 You can exercise your right to data portability (if the law allows for this),
 You can take legal action before the court,
 You can file a complaint with the supervisory authority or initiate a procedure (https://naih.hu/panaszuegyintezes-rendje.html). The complaint can also be submitted in the Member State of your usual place of residence, place of work or the place of the suspected infringement.
Supervisory Authority: National Data Protection and Freedom of Information Authority
Headquarters: 1055 Budapest, Falk Miksa utca 9-11
Mailing address: 1363 Budapest, Pf.: 9.
Phone: +36 (1) 391-1400, +36 (30) 683-5969, +36 (30) 549-6838
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat@naih.hu
Website: https://naih.hu/
Office gate - Short name: NAIH, KR ID: 429616918

 

7.1. Right to rectification

You are entitled to have inaccurate personal data corrected without undue delay upon your request. Taking into account the purpose of data processing, you are entitled to request the completion of incomplete personal data, including by means of a supplementary statement.
In the case of some data processing – given the nature of the data processing – the right to rectification cannot be exercised.

 

7.2. Right to erasure ("right to be forgotten")

You have the right to request that our Company delete your personal data without undue delay, and our Company is obliged to delete your personal data without undue delay if one of the following reasons exists:
- your personal data are no longer needed for the purpose for which they were collected or otherwise processed,
-    You withdraw your consent that forms the basis of the data management pursuant to point a) of Article 6 (1) or point a) of Article 9 (2) and there is no other legal basis for the data management,
-    You object to data processing and there is no overriding legal reason for data processing,
- your personal data was handled illegally,
- your personal data must be deleted in order to fulfill a legal obligation prescribed by EU or member state law applicable to our Company,
- Personal data was collected in connection with the provision of information society-related services referred to in Article 8 (1) of the GDPR.
If our Company has made your personal data public and we are obliged to delete it based on the above, we will take reasonable steps, including technical measures, taking into account the available technology and the costs of implementation, in order to inform the data controllers handling the data that you have requested from them to delete the links to the personal data in question or the copy or duplicate of this personal data.
We do not have to delete the data if data management is necessary
- for the purpose of exercising the right to freedom of expression and information,
-    for the purpose of fulfilling the obligation according to the EU or member state law applicable to our Company, which prescribes the processing of personal data, or for the execution of a task carried out in the public interest or in the context of the exercise of public authority granted to the data controller,
- for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, if the right to erasure would likely make this data management impossible or seriously endanger it,
- to present, enforce and defend legal claims.


 

7.3. The right to restrict data processing

You are entitled to request that our Company limit data processing if one of the following is met:
-    You dispute the accuracy of the personal data, in this case the limitation applies to the period of time that allows our Company to check the accuracy of the personal data,
- the data management is illegal and you oppose the deletion of the data and instead request the restriction of their use,
-    Our company no longer needs the personal data for the purpose of data management, but you require them to present, assert or defend legal claims, or
-    You objected to data processing, in which case the restriction applies to the period until it is determined whether the legitimate reasons of our Company take precedence over your legitimate reasons.
If data management is subject to restrictions, such personal data, with the exception of storage, will only be processed with your consent or for the presentation, enforcement or defense of legal claims, or for the protection of the rights of other natural or legal persons, or in the important public interest of the Union or a member state we can handle.
Our company informs the data subject at whose request we have restricted the data processing in advance of the lifting of the data processing restriction.
Our company informs all recipients of all corrections, deletions or data management restrictions to whom or to whom we have disclosed personal data, unless this proves to be impossible or requires a disproportionately large effort. At your request, our Company will inform you about these recipients.

 

7.4. The right to data portability

You have the right to receive the personal data concerning you that you have provided to our Company in a segmented, widely used, machine-readable format, and you are also entitled to transfer this data to another data controller without any hindrance, if
- data management is based on consent pursuant to Article 6 (1) point a) or Article 9 (2) point a) or on a contract pursuant to Article 6 (1) point b) and
- data management is automated.
When exercising the right to data portability, you are entitled to - if this is technically possible - request the direct transmission of personal data between data controllers. The right to data portability must not adversely affect the rights and freedoms of others.

 

7.5. The right to protest

You have the right to object at any time to the processing of your personal data based on points e) or f) of Article 6 (1), including profiling based on the aforementioned provisions, at any time for reasons related to your own situation. In this case, our Company may no longer process the personal data, unless we prove that the data processing is justified by compelling legitimate reasons that take precedence over your interests, rights and freedoms, or that are related to the submission, enforcement or defense of legal claims.
If your personal data is processed for scientific and historical research purposes or for statistical purposes, in that case you have the right to object to the processing of your personal data for reasons related to your own situation, unless the data processing is carried out for reasons of public interest necessary for its implementation.
 

7.6. Enforcement of affected rights

At your request, we provide information about the data you manage or process by us - or by our commissioned data processor
 about your data,
 about their source,
    the purpose and legal basis of data management,
 on its duration, and if this is not possible, on the aspects of determining this duration,
 About the name and address of our data processors and their activities related to data management,
 About the circumstances and effects of data protection incidents and the measures we have taken to prevent them, as well as
    in the case of forwarding your personal data, about the legal basis and recipient of the data transfer.


We will provide our information as soon as possible from the submission of the application, but within one month or day at the most. The information is free of charge, unless you have already submitted an information request to us for the same data area in the current year. We will refund the cost compensation you have already paid in the event that the data was handled unlawfully or the request for information led to a correction. Information can only be refused in cases provided for by law by indicating the legal place, as well as by providing information about the possibility of judicial remedy or turning to the Authority.
If we do not comply with your request for correction, restriction or deletion, we will inform you of the reasons for our refusal in writing or - with your consent - electronically as soon as possible after receiving the request (but no later than one month) and inform you of the court remedy, as well as the About the possibility of turning to the authorities. You can file a complaint with the Authority in the Member State of your usual place of residence, workplace or the place of the suspected infringement.
If you object to the processing of your personal data, we will examine the objection as soon as possible (but no later than one month) after submitting the request and inform you of our decision in writing. If we have decided that your protest is well-founded, in that case we will terminate the data management - including further data collection and data transmission - and we will notify all those affected by the protest about the protest and the measures taken based on it. we previously transmitted personal data, and who are obliged to take action to enforce the right to protest.

We can refuse to fulfill your request if we prove that the data processing is justified by compelling legitimate reasons that take precedence over your interests, rights and freedoms, or that are related to the presentation, enforcement or defense of legal claims. If you do not agree with our decision, or if we miss the deadline, you can go to court within 30 days from the notification of the decision or the last day of the deadline.
We ask that you contact our company before filing a complaint with the supervisory authority or the court - in order to negotiate and resolve the problem as quickly as possible. Contact information of our data protection officer: adatkeze-les@transintertop.hu
 

8.    What are the main governing laws for our activities?
 

 Regulation (EU) 2016/679 of the European Parliament and of the Council on the processing of personal data of natural persons (GDPR)
 CXII of 2011 on the right to information self-determination and freedom of information. law (Info tv.)
 Act V of 2013 on the Civil Code (Ptk.)
 Act I of 2012 on the Labor Code (Mt.)
 XCIII of 1993 on labor protection. law (Mvt.)
 CXXV of 2003 on equal treatment and the promotion of equal opportunities. law (Ebktv.)
 Act C of 2003 on electronic communications.
 

9.    Amendment of data management information

Our company reserves the right to amend this Data Management Information, which we will inform you of as required by law. This information sheet is available in printed form - during opening hours - in our Restaurant.

Hévíz, December 01, 2023

Tamás Léhner
managing director
 

1. No. Annex - List of our data processors and data controllers

Deninet Kft.    
1188. Budapest, Bercsényi u. 79/b.    
hosting service


Főnix Tűzvédemi Kft
2252 Tóalmás, Kossuth u.50.
work and fire protection


Munkabiztonsági 2000 Mun-ka-Tűz-és Környezetvédelmi Kft
8800 Nagykanizsa, Csengery u.43.
work and fire protection


Kovács Eszter
2851 Környe, Alkotmány u.72.
booking


Magyar Posta Zrt.
1138 Budapest, Dunavirág utca 2-6.
postal service

 

List of data controllers involved in data sharing
 

ERSTE Bank Hungary NyRt.    
1138 Budapest, Népfürdő utca 24-26.    
financial services (accounting financial institution)

 

2. No. annex - Our data management

Name of activity and purpose of data management	Legal basis	Scope of processed data	Period	Who has access to the data within the organization	Addressee (data transfer)	Purpose and legal basis of data transfer	Data its source
Data management related to our guests' orders and table reservations	contract preparation and fulfillment GDPR Article 6 (1) point b). in the case of special data, Article 9 (2) GDPR the dot   fulfillment of legal obligations regarding invoicing GDPR Article 6 (1) point c).	guest (customer) name, contact information (phone number, e-mail address) order/table reservation data (date, ordered service, etc.)   legally defined data required for invoicing	table reservations, orders for 1 month, after which the data will be anonymized for statistical purposes personal data included in accounting documents: 8 years (or the period specified in the relevant legislation	managing director employee in charge of administration			guest managing director employee in charge of administration
Data management related to found objects	It is our company's legitimate interest to return the items left by the guests to our guests, and to keep them Article 6 (1) point (f) GDPR	name of the object found, date, location, owner's name, other information on the receipt (date, signature)	1 year	managing director employee in charge of administration			guest managing director employee in charge of administration
Data management related to guest book entries	contribution Article 6 (1) point a) GDPR in the case of special data, Article 9 (2) GDPR a) dot	personal data included in the entry	cannot be scrapped	public			registering person
Use of Guest Wifi (the detailed rules are contained in the Information Security Guidelines)	it is the legitimate interest of the company that no one abuses the use of the device and does not cause harm to others Article 6 (1) GDPR point f).	browsing data ("login data") data generated during inspection	1 year, or if proceedings are initiated, in that case 5 years after the conclusion of the proceedings	managing director			guest applicant Business Partner representative of a business partner visitor person conducting an inspection
Management of representation-related data of our company's representatives and transfer to third parties (based on work and other contracts)	performance of contract Article 6 (1) GDPR point (b).	name, assignment-related data, data contained in contracts, other business documentation, correspondence	max. 5 years after the completion of the contract	managing director	business partners applicants visitors authority representatives, etc.	performance of contract Article 6 (1) GDPR point (b).	affected
Management of the data of our natural person contractual partners	contract preparation and fulfillment GDPR Article 6 (1) para. point b). legal obligation GDPR Article 6 (1) para. point c). (based on tax, accounting and other legislation)	name, personal data recorded in the contract and during the performance of the contract (contact details, etc.)	5 years after the completion of the contract, 8 years for data processed to fulfill our legal obligations	employees who sign the contract and are designated as representatives in the contract employees dealing with invoicing, finance and business partners	NAV authorities business partners (within contractual relations)	legal obligation GDPR Article 6(1)(c)	contractual partner
Management of the data of the representative of our business partners in order to prepare and fulfill the contract	It is our business partner's legitimate interest to be able to provide close business cooperation by handing over the data of its representatives Article 6 (1) GDPR point f).	name, details of the organization represented, contact details other personal data recorded in the contract and during the performance of the contract	5 years after the completion of the contract, 8 years for data processed to fulfill our legal obligations or 5 years after termination of representation	employees who sign the contract and are designated as representatives in the contract employees dealing with invoicing, finance and business partners	NAV authorities