MMG HOTELS LTD. – DATA MANAGEMENT GUIDE
3. BASIC PRINCIPLES OF THE MMG HOTELS LTD. ABOUT DATA MANAGEMENT
4. SCOPE OF THE PERSONAL DATA, AIM, ITEM AND DURATION OF DATA MANAGEMENT
4.1. DATA OF WEBSITE VISITORS
4.2. DATA COLLECTION ABOUT EXTERNAL PROVIDERS ON THE WEBSITE
4.3. REGISTRATION DATABASE
4.5. ROOM RESERVATION REQUEST
4.6. HOTEL SERVICES REQUEST
4.8. OTHER DATA MANAGEMENTS
5. THE WAY OF STORAGE OF PERSONAL DATA, SECURITY OF DATA MANAGEMENT
6. LEGAL REMEDY
The MMG HOTELS LTD. (1077 Budapest, Baross sqr. 15. 5th. Fl. 1.) as data controller, is bound by the content of this legal declaration. It undertakes to guarantee that its data management related to its service corresponds to the expectations defined in this guide and current legislation. MMG HOTELS LTD. is also acting as data processor in respect of the hotels:
Impulso Fashion Hotel
Baross City Hotel
Alta Moda Fashion Hotel
Expo Congress Hotel
La Prima Fashion Hotel
Promenade City Hotel owned by:
MMG Hotels Ltd.
Baross Gábor Tér 15. 5/1, Budapest 1077, HUNGARY
TAX NUMBER: 14924527-2-42
COMPANY REGISTRATION NUMBER: 01 09 926248
Atrium Fashion Hotel
Estilo Fashion Hotel
Star City Hotel
Mellow Mood Hungary Ltd.
Baross Gábor Tér 15. 5/1, Budapest 1077, HUNGARY
TAX NUMBER: 13791018-2-42
COMPANY REGISTRATION NUMBER: 01 09 873388
Párisi Udvar Hotel Budapest owned by:
Párizs Property Ltd.
Vörösmarty tér 5. I. floor, Budapest 1051, HUNGARY
TAX NUMBER: 24863832-2-41
COMPANY REGISTRATION NUMBER: 01-09-186523
The scope of this guide covers the management of personal data of the provider on the www.mellowmoodhotels.com website .
The hotels of the MMG HOTELS LTD., Mellow Mood Hungary Ltd., Párizs Property Ltd. and their online portals or websites including the www.mellowmoodhotels.com are enlisted below:
– Promenade City Hotel – http://promenadehotelbudapest.com/hu
– La Prima Fashion Hotel – http://www.mellowmoodhotels.com/hu/hotelek/la-prima-fashion-hotel-budapest/
– Alta Moda Fashion Hotel – http://altamodahotel.hu/
– Baross City Hotel – http://www.barosshotel.hu/hu
– Impulso Fashion Hotel – http://impulsohotel.hu/
– Expo Congress Hotel – http://www.expohotelbudapest.com/hu/hu
This data management guide about the personal data on the websites and by using the hotel services is always available on the above specified websites.
The MMG HOTELS LTD. reserves the right to change this guide anytime. The modifications of the guide enter into force by their publication on the websites. If this guide does not answer one of questions, then please write us and you will get a precise answer.
The MMG HOTELS LTD. does not take the responsibility for defaults due the use of the system.
The MMG HOTELS LTD. manages all personal data confidentially and takes all technical and organizational measures to guarantee the security of the data.
2.1. personal data: data related to the client – particularly the name, identification number, one or more special knowledge about physiological, mental, economical, cultural or social identity or a conclusion derived from the personal data.
The person can be considered particularly identifiable if he/she can be directly identified based on factors related to name, ID number, one or more physical, physiological, mental, economical, cultural or social character.
2.2. approval: the client declares voluntary and clear after he/she is properly notified that he/she agrees on the general or special management of personal data;
2.3. objection: declaration of the client, in which he takes an objection about the management of his/her personal data or he/she asks the termination or cancellation of data management;
2.4. controller: natural or legal person or certain types of entity which lack legal personality, who defines the goal of the data management and takes the decisions about data management (including the applied method) and carries out or makes carry out by an authorized controller;
2.5. data management: operation or set of operations on the data independently of the applied method, like collection, registration, archiving, organization, storage, modification, utilization, transfer, publication, modulation or association, blocking or delete, and blocking of future utilization.
The production of photo, voice or video material, or archiving of physical features (like finger or palm print, DNA sample, iris picture) is considered as data management.;
2.6. transmission of data: if the data is transferred to the third-party;
2.7. publication: if the data is published;
2.8. data erasure: such a modification of the data, that they cannot be restored anymore;
2.9. limitation of processing: the marking of stored personal data for the purpose of limiting their future processing;
2.10. data erasure: the erasure of data or physical destruction of the data storage system;
2.11. data processor: natural or legal person, certain types of entity which lack legal personality, who performs the processing of personal data authorized by the controller;
2.12. third party: natural or legal person, certain types of entity which lack legal personality, who is different from the client, data controller or data processor;
2.13. third country: all countries outside the European Economical Area.
- BASIC PRINCIPLES OF THE MMG HOTELS LTD. ABOUT DATA MANAGEMENT
The personal data can be managed
a) if the client approves, or
b) a law or regulation of the local municipality with the power in therein specified scope orders, or
c) it is necessary to fulfill the contractual obligations of the hotel.
The approval of the legal representative of a legally incapacitated and restricted capacitated minor is not required, because the declaration aim at the registration in everyday life and does not require any special consideration or knowledge.
The personal data can be managed only for specific reason, for legal obligation or performance of duty.
The data management should always fill this requirement. Only such a data can be managed where the goal of the data management requires this activity and is suitable for reaching the aim with the required extent and period.
Personal data can be managed with the agreement based on proper notification.
The client should be notified – unambiguously, clear and detailed – about all facts related to the data management, particularly about the person authorized for data management and processing, the duration of the data management, and about the group of people with right to access the data.
The notification should cover the laws and legal remedies of the client as well.
The personal data of the management have to fill the following requirements:
a) their collection and management is fair and legitimate;
b) precise, complete, and up-to date if it is required;
c) the way of their storage makes it possible to identify the client only during the period required for the storage.
It can be applied without any restriction, and it is prohibited to apply general and personal ID numbers.
The personal data can be transferred to a third party and different data managements can be associated, if the client approves or the law allows this action and the requirements of the data management are filled for all personal data.
The personal data (including the special data as well) can be transferred from the country to the data controller or data processor in third country, if the client approves or the law allows this action and the proper protection of the personal data related to the management or processing of transferred data is ensured in the third country independently of the data storage device and the way of data transfer.
The data transfer to the countries of the European Economic Area can be considered as data transfer within Hungary.
- SCOPE OF PERSONAL DATA, AIM, ITEM AND DURATION OF DATA MANAGEMENT
In the frame of the service the management of all personal data related to the client is based on personal approval, legal obligations or performance of duty. The MMG HOTELS LTD. does not take responsibility for the accuracy of the transferred data of the user or guests.
4.1. COOKIES USED ON THE WEBSITE
When a visitor visits the website at https://mellowmoodhotels.com/, a small file called a “cookie” (hereinafter “cookie”) is placed on his or her computer for a variety of purposes. Some of the cookies we use are essential for the proper functioning of the site (“process cookies”), while others collect information about the use of the website (statistics) to make the site more convenient and useful. Some cookies are only temporary and disappear when you close your browser, while there are also persistent versions that remain on your computer for a longer period of time.
Please find the full list of cookies used on the website here.
The user has the possibility to register to the newsletter service on the website of the MMG HOTELS LTD. by providing his/her name and e-mail address. The subscription for the newsletter service can be done also in special menu point or by receiving of other services as well.
The provider informs the users, who are registered to the newsletter service, about recent news, recommendations and novelties. The content of the newsletters might be different according to the specified data by the users.
By providing his/her name and e-mail address during the registration to the newsletter service the user accepts that the provider sends for the user a newsletter as an e-mail message, or other recommendations, information materials and manages the personal data of the user according to the specified goal. According to this guide the provider is authorized to manage the data until the client declares in written form about the withdrawal of his/her approval about the data management for the goal specified in this point.
The provider can send occasionally other messages related to the service.
It can be unsubscribe from this newsletter service by clicking the –Unsubscribe from the newsletter (Leiratkozás a hírlevélről) menu point available in all newsletter. The unsubscription is considered as a withdrawal of the approval of the management of e-mail address provided by Mailchimp.
4.4. ROOM RESERVATION REQUEST
The user has the possibility to request a room reservation in the hotels available on the website. The user enters in a form for room reservation besides the data of the reservation (particularly the time of arrival and leave, number of guests etc.) his/her name, phone, e-mail address and address.
MMG HOTELS LTD does not receive any information on the bank card used for paying the reservation, as it is solely operated by the bank providing the online payment.
4.5. HOTEL SERVICES REQUEST
The guest fills in a hotel registration form by requesting hotel services.
The guest agrees by signing the hotel registration form that the provider manages the obligatory data specified below to fill the requirements of the corresponding regulations (special regulations related to public prosecutor’s office, and tax of tourism) and to prove the performance of the obligations until the competent authority could check the performance of duties specified by regulations.
The obligatory specified data are the name, address, citizenship, place and time of birth. The specification of the obligatory data by the guest is a prerequisite for the hotel service request.
By signing the hotel registration form the guest allows the provider also to manage and archive his/her personal data by filling in the form in order to prove the validity and the completion of the contract for possible claim within the limitation period.
There is a possibility for the guest to approve the utilization of his/her personal data for marketing purpose until the MMG HOTELS LTD. is authorized to manage his/her personal data. On basis of this approval the MMG HOTELS LTD. is (not exclusively) authorized to send for the client his/her mails, e-mail or other messages, packages or other notifications.
The MMG HOTELS LTD. is authorized to manage the personal data of the client for marketing purpose until the client withdraws in written form his/her approval about the data utilization for marketing purpose.
By sending the form including the name, the e-mail address, and the message available on the website you can contact the provider. The messages are utilized by the provider under normal condition by archiving after completion of the request.
4.7. OTHER DATA MANAGEMENT
You are informed that the court, public prosecutor and investigating authority is authorized to ask the provider to show and give your personal data and documents over (under Paragraph 261 of the Code od Criminal Procedure).
The MMG HOTELS LTD. gives to the authority –after the authority defined the aim and scope of the data precisely- only such a personal data over in the meaning of quantity and quality, which is inevitable to reach the goal of the request.
- THE WAY OF STORAGE OF PERSONAL DATA, SECURITY OF DATA MANAGEMENT
The MMG HOTELS LTD. chooses and operates the informatics devices such a way that during the service the personal data:
a) should be accessible for eligible person (availability);
b) authenticity and validation should be ensured (authenticity of data management);
c) steadiness should be justified (data integrity);
d) protected against illegal access (confidentiality of the data).
The MMG HOTELS LTD. ensures the protection of your data with such technical and organizational measures, which provides a proper protection against the risks associated with data management.
The MMG HOTELS LTD. maintain during the data management:
a) confidentiality: protects the information, only the eligible person can get an access;
b) integrity: protects the accuracy and integrity of the information and the processing method;
c) availability: ensures for the eligible person the access to the desired information and the availability of the required devices.
The informatics system and the network of the MMG HOTELS LTD. is protected against computer fraud, espionage, sabotage, vandalism, fire and flood, viruses, intrusions and attacks leading to refuse a service.
The provider ensures the security with measures on server and application level. We inform the users that the electronic messages are vulnerable against such threats- independently of the protocol (e-mail, web, ftp, etc.)- that lead to the illegal activity, contract conflicts or disclosure, modification of information.
The provider takes all possible measures and precautions against these threads. The systems are controlled to fix all security defaults, and to provide a proof for all security events. The control enables also to check the efficiency of the precautions.
- APPEAL POSSIBILITIES
The client has the right to ask information about the management of his/her personal data, request their correction- in exception of statutory data management- or erasure through the services on the website or via electronic contact on the website or via formal request in written form sent to the provider’s headquarter.
According to the request of the client the MMG HOTELS LTD. as a data manager gives information about the managed data, the goal, plea and period of data management, name and address (headquarter) of data processor, the activity related to the data management, the list of persons who received the data and the goal of the data transfer. The data processor gives information in written form as soon as possible, within 30 days after the request is received.
The information is free of charge if the client has not requested from the data controller in the same year for information about the same topic. In other cases the MMG HOTELS LTD. requests a data management fee.
The MMG HOTELS LTD. erases the personal data if the data management is illegal, the client requests the erasure his/her data, the goal of the data management is not actual anymore, the period of the statutory data management has expired, the authority, or the court or data protection supervisor has requested the erasure.
The MMG HOTELS LTD. informs the client and all other person who received the data about the modification, correction or erasure of the data.
The notification can be omitted if the omission does not undermine the legitimate interest of the client respecting the goal of the data management.
The client has the right to protest against the management of his/her personal data, if
a) the management (transfer) of personal data is required exclusively for the purposes of legitimate interest of the data controller or processor, except if it is about a statutory data management;
b) utilization and transfer of personal data is for direct marketing, opinion polls or scientific research;
c) nevertheless the law allows the exercising of the right of protest.
The MMG HOTELS LTD. investigates the protest – with the simultaneous suspension of the data management – as soon as possible, within 15 days after the request is receipt and informs the client about the result of the investigation. If the protest is justified the data controller suspends and blocks the data management including the collection and transfer of further data and informs the third parties who received the transferred data and the clients who are obliged to take measures to assert their rights, about the protest request and the measures taken thereafter (suspension of data management).
If the client does not agree with the decision of the data controller, has the right to apply for the court within 30 days after receipt of order.
The MMG HOTELS LTD. has not right to erase the data of the client if it is about statutory data management. It is not allowed to transfer the data to the receiver, if the data controller approved the protest or the competent court accepted the justification of the protest.
In case of infringement of the client’s right by the data controller, the client has the right to apply for the court. The court orders the case with a priority.
The MMG HOTELS LTD. refunds all damages, which caused by illegal management of client’s data or infringement of the requirements of technical data protection.
The data controller does not take the responsibility for the damage if it is caused by any unavoidable circumstances outside the scope of the data management.
The data controller does not take the responsibility for the damage if it is caused intentionally or with gross negligence.
You can apply for a remedy or submit a complain to the Hungarian National Authority for Data Protection and Freedom of Information:
Name: Hungarian National Authority for Data Protection and Freedom of Information (“NAIH”)
Seat: 1055 Budapest, Falk Miksa utca 9-11.
Postal Address: 1363 Budapest, Pf.: 9.
Phone: (06-1) 391 1400
Fax: (06-1-) 391-1410