Magyar Turisztikai Ügynökség Zrt. (Hungarian Tourism Agency, contact details: H-1027 Budapest, Kacsa u. 15-23; mailing address: H-1525 Budapest, Postafiók 97; central telephone number: +36 1 488 8700; central e-mail address: email@example.com) (hereinafter the Agency), as Controller, is committed to respecting the right to privacy and the right to the protection of personal data of all visitors to the info.vendegem.hu homepage and in the course of its operations, to acting in accordance with the general data protection regulation of the European Union (hereinafter GDPR), the Hungarian Privacy Act (hereinafter Privacy Act) and all other legislation, guidelines and established data protection practices, as well as in consideration of the main international recommendations on data protection.
The Agency as Controller accepts and agrees to be bound by the content of this legal notice. It undertakes to ensure that its data processing related to its services complies with the expectations stipulated in this notice and in operative legislation. The processing activity of the Agency is in compliance with the following data protection regulations:
Personal data may be processed where
Pursuant to Article 8(1) of the GDPR, the validity of the declaration of consent of a minor is not subject to the consent or subsequent approval of the holder of parental responsibility if such minor is at least 16 years old. Where such minor is under 16, however, the validity of his or her declaration of consent shall be subject to the consent of the holder of parental responsibility for the child. The Agency is not able to verify the accuracy and authenticity of the consent; the person granting the consent shall warrant the accuracy thereof.
The Agency may use your (hereinafter: Person Concerned) personal data for the following purposes:
The legal basis for data processing is the voluntary consent to the handling of cookies granted by the Person Concerned. Technical data related to and ensuring the secure operation of the website, including the IP addresses of visitors, shall be processed on the legal basis of legitimate interests.
When you visit this website, your computer’s IP address will be treated as technical data during operation of the website, and with your consent we may create cookies on your computer.
Personal data processed with your consent are processed by the Agency until such consent is withdrawn. The withdrawal of consent does not affect the lawfulness of data processing before consent is withdrawn. Technical data related to and ensuring the secure operation of the website, including IP addresses of visitors and processed on the legal basis of legitimate interests, are retained for 1 year.
The Agency staff and its data processors operating the website.
In carrying out its various professional tasks, the Agency uses the services of the following companies as data processors:
During operation of the website, the Agency may use the following cookies:
|Name of the COOKIE||Issued by||Type||Duration of storage|
|_ga cookie||google analytics||HTTP||2 years|
The Agency ensures that IT data and the technical environment of the website are appropriately backed up, using the parameters necessary based on the retention period of the individual data to guarantee the availability of the data within the retention period, and at the end of the retention period the data will be permanently destroyed. The integrity and functionality of the IT system and the data storage environment are verified by advanced monitoring techniques, and the necessary capacities are provided continuously. Events in the IT environment are captured using sophisticated logging features to ensure that potential incidents can be subsequently detected and evidenced with legal force. The Agency uses a redundant network environment providing consistently high bandwidth to serve its web pages, which environment is able to distribute resulting loads securely among the resources. The systems are designed to provide planned disaster resilience, to deliver business continuity and thus continuous service to users at a high standard, also through organisational and technical means. High priority is given to the controlled installation of security patches and manufacturers’ updates that also ensure the integrity of our IT systems, thus preventing, avoiding and handling attempts to access or damage the system due to vulnerability. The IT environment is regularly checked by security testing, errors or weak points identified are corrected, and reinforcement of IT system security is seen as an ongoing task. High standards of security, including confidentiality, are set for employees of the Agency, which are also met by providing regular training, and the Agency strives to implement planned and controlled processes in its internal operations. Any possible incidents affecting personal data detected or reported to the Agency during operation of the website will be investigated in a transparent manner using responsible and strict principles within 72 hours. Incidents which occur are dealt with and entered into records. When developing its services and IT solutions, the Agency ensures that the principle of data protection by design is met, data protection already being of high priority in the design phase.
Persons Concerned may request information on the processing of their personal data, and they may request that their data be corrected or deleted, unless the data processing is required by law.
Persons Concerned have the right to receive notification on facts and information related to data processing prior to the start of the data processing. This Privacy Notice has also been drawn up to ensure this right.
Persons Concerned may request the Agency to:
Persons Concerned may request the Agency to correct or complete their incorrect, inaccurate or incomplete personal data. Prior to correcting any incorrect data, the Agency is entitled to check the truthfulness or accuracy of such data.
Persons Concerned may request the deletion of their personal data where:
The Agency is not obliged to fulfil the Person’s request for deletion if the processing of personal data is necessary and justified for the following reasons:
Persons Concerned may request that the processing of their data be restricted (blocked) where
Where the right to block is exercised, the Agency may continue to use the personal data where:
Persons Concerned may request the Agency to provide the Person Concerned with their personal data in an organised, structured manner in a format readable by IT systems, and/or to send such data directly to another controller.
Persons Concerned have the right to object at any time, on grounds related to their particular situation, to the processing of their personal data where they believe this is required by their fundamental rights. Those Concerned may object at any time to the processing of their personal data for direct marketing purposes, without having to give reasons, in which case the Agency will terminate data processing as soon as possible.
The Agency protects the personal and other data of Persons Concerned to the best of its ability in proportion to the relevant risks, it operates a modern and reliable IT environment, and selects its collaborating partners with particular care. It conducts its internal procedures in a regulated and supervised manner, so as to prevent and avoid even the smallest mistake, problem or incident regarding the processing of personal data or, should one occur, to detect, investigate and resolve the case. Should an incident concerning personal data be proven to have occurred and should this be likely to result in a high risk to the rights and freedoms of Persons Concerned, the Agency undertakes to notify the Person Concerned and the data protection authority of the data protection incident in the manner and with content in compliance with operative data protection regulations and without undue delay.
Persons Concerned have the right not to be subject to any decision based solely on automated data processing, including profiling, which would have a legal effect on them or significantly affect them in any similar way. The Agency does not operate any procedure involving automated decision making.
Complaints regarding data processing may be filed with the court or with the Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság):
Registered office: H-1125 Budapest, Szilágyi Erzsébet fasor 22/c
Postal address: H-1534 Budapest, Pf.: 5
Telephone: +36 (1) 391-1400
E-mail address: firstname.lastname@example.org
You have the right to an effective judicial remedy against a legally binding decision made by a supervisory authority with regard to you.
Right to an effective judicial remedy against the Controller or Data Processors
You have the right to an effective judicial remedy where you consider that your rights have been infringed as a result of the non-compliant processing of your personal data.