Privacy-Policy

This document provides information regarding the data processing activities carried out by Marietta Veress, as data controller (hereinafter: „Controller”), through the website operated by the Controller (www.abejarat.hu) and in person at the „A Bejárat Vendégház” guesthouse (8275 Balatonhenye, Kossuth utca 68.) operated by the Controller.

1. Governing Laws

In establishing the provisions of this Policy, the Controller has paid particular attention to the following:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council („General Data Protection Regulation” or „GDPR”);
  • Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information („Infotv.”);
  • Act V of 2013 on the Civil Code („Ptk.”);
  • Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities („Grtv.”).

2. Details of the Data Controller

  • Name: Marietta Veress (A Bejárat Vendégház, NTAK registration number: MA25114904)
  • Registered Office: 8275 Balatonhenye, Kossuth utca 68.
  • Phone: 06-30-612-5828
  • E-mail: info@abejarat.hu
  • Data Protection Officer: Marietta Veress (Operator of A Bejárat Vendégház)

3. Principles of Data Processing

The Controller acts in accordance with the requirements of good faith, fairness, and transparency, cooperating with the data subjects. The Controller only processes data defined by law or provided by data subjects for the purposes specified below. The scope of processed Personal Data is proportionate to the purpose of the processing and does not exceed it.

The Controller stores personal data in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. The Controller ensures adequate security of personal data by implementing appropriate technical and organizational measures against unauthorized or unlawful processing, accidental loss, destruction, or damage. The Controller shall not transfer the Personal Data it processes to any third party other than the Data Processors specified in this Policy.

4. Purpose of Data Processing

The Controller processes personal data solely for specific purposes, in order to exercise rights and fulfill obligations. Data collection and processing are conducted fairly and lawfully. The purposes of data processing are as follows:

  • Contacting the Guest and/or the User filling out the contact/booking form on the website (directly or indirectly via a booking intermediary) for the purpose of room reservation, and ensuring mandatory legal compliance related to the reservation.
  • Sending newsletters and advertisements via email, subject to the Guests’ separate consent.
  • Collection and analysis of website visit data and management of cookies.

5. Scope of Processed Data

The Controller only processes personal data provided by Guests/Users as required by law (according to the MTÜ/VIZA system) and data necessary for the operation and analysis of the website.

Processed data include:

Surname and first name, birth surname and first name, place and date of birth, gender, nationality, mother’s birth surname and first name, identification data of the identity document or travel document, email address, phone number, IP address, browser type and version, device data (operating system and screen resolution), time and duration of visit, pages viewed and clicks, interactions with advertisements.

6. Description of Data Processing Activities

A. Room Reservation and Statutory Compliance
  • Data Processed: Surname and first name, birth name, place/date of birth, gender, nationality, mother’s birth name, ID/passport details, email, phone number.
  • Purpose/Legal Basis: Provision of accommodation services and communication. Legal basis: Performance of a contract and Consent.
  • Retention Period: Until the last day of the 12th month following the use of the service.
    • Exceptions: Name and address: 8 years (pursuant to Section 169 of Act C of 2000 on Accounting). Guest name and age: until the end of the 5th year following the current year (pursuant to tax laws regarding local tax obligations).
    • If the service was not utilized, all personal data will be deleted within 15 days.
  • Authorized Persons: The Operator of the Guesthouse.
B. Newsletter Subscription
  • Data Processed: Guest/User email address.
  • Purpose/Legal Basis: Communication, sending newsletters. Legal basis: Consent.
  • Retention Period: Within 3 days following unsubscription.
  • Authorized Persons: The Operator of the Guesthouse.
C. Website Analytics and Cookies
  • Data Processed: Statistical/visit data (non-personally identifiable).
  • Purpose/Legal Basis: Proper and high-quality operation of the website, enhancing user experience, collecting statistics. Legal basis: Consent (for optional cookies) and Legitimate Interest (for essential cookies).
  • Retention Period: Session cookies: until the browser is closed. Persistent cookies: 30 days – 2 years. Google Analytics data: max. 14 months.
  • Authorized Persons: The Operator of the Guesthouse; Google LLC.

7. Storage of Personal Data

The Controller stores the data in electronic form for the periods specified above.

8. Rights of the Data Subject

The Data Subject (Guest/User) may request the following from the Controller:

  • Access to personal data;
  • Rectification of stored personal data;
  • Erasure of personal data;
  • Restriction of processing;
  • Objection to the processing of personal data;
  • Data portability (receiving and transferring data to another controller).
  • Withdrawal of consent at any time (where processing is based on consent).

The Controller shall respond to such requests within 30 days.

Legal Remedies:

If you disagree with the Controller’s action, you may:

  1. File a complaint with the National Authority for Data Protection and Freedom of Information (NAIH) (Address: 1055 Budapest, Falk Miksa utca 9-11; Phone: +36-1-391-1400; Email: ugyfelszolgalat@naih.hu).
  2. Bring the case before a Competent Court.

9. Data Processors

  • MTÜ/VIZA: Mandatory data collection for accommodation guests by law.
  • Rackforest Zrt.: Website hosting and email services.
  • Google LLC: Website analytics and statistics.

10. Miscellaneous Provisions

The Controller reserves the right to modify this Policy at any time. Users will be notified of modifications via the website (www.abejarat.hu).

Balatonhenye, 1. September, 2025