Preamble to the Information: The BudaVIP Tours website is owned by ATPP FITT Kft, which is registered at: 3556 Kisgyőr, Akác út 18. (Company Tax Number: 27439870-1-05); – which is your personal manages your data, pays special attention to data protection. The data management carried out by the Company is in accordance with the relevant European Union and Hungarian national data protection legislation and is carried out in accordance with this Notice, both with regard to the personal data of its current, former and future customers. Legal background of the Information:
Regulation 2016/679/EU on the protection of natural persons with regard to the processing of personal data and the free flow of such data, as well as the repeal of Regulation 95/46/EC (General Data Protection Regulation).
CXII of 2011 on the right to information self-determination and freedom of information. law.
LIII of 2017 on the prevention and prevention of money laundering and terrorist financing. law.
Act V of 2013 on the Civil Code.
XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activity. law.
Act C of 2003 on electronic communications.
CVIII of 2001 on certain issues of electronic commercial services and services related to the information society. law.
Act C of 2000 on accounting.
CXIX of 1995 on the management of name and address data for the purpose of research and direct business acquisition. law.
213/1996. (XII.23.) Government decree on travel organization and intermediary activities.
281/2008. (XI.28.) Government decree on the travel contract.
Conceptual definitions of the Information: GDPR: Regulation 2016/679/EU of the European Parliament and the European Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and 95/46/ on the repeal of the EC Directive. Data management: any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission , distribution or making it available in other ways, coordination or connection, restriction, deletion or destruction. Principles of data management: legality, integrity, fair procedure, confidentiality, transparency, data economy, limited storage capacity, accuracy, specificity, clarity. Data manager: the natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others.
If the purposes and means of data management are determined by European Union or Member State law, the data controller or special aspects regarding the designation of the data controller may also be determined by European Union or Member State law. Data processor: the natural person or legal entity, public authority, agency or any other body that manages personal data on behalf of the data controller. Personal data: any information relating to an identified or identifiable natural person - data subject. A natural person can be identified directly or indirectly, in particular by an identifier, for example: name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person can be identified based on
Special categories of personal data: personal data referring to racial or ethnic origin, political opinion, religious or worldview beliefs, or trade union membership, as well as genetic and biometric data aimed at the unique identification of natural persons, health data and the sex life or sexual orientation of natural persons personal data. Customer: those interested in the Company's services and products on our website/application, by phone or in any other way. Supervisory authority: National Data Protection and Freedom of Information Authority (NAIH). Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C., Telephone: +36 1 391 1400, Fax: +36 1 391 1410, e-mail: ugyfelszolgalat@naih.hu, website: www.naih.hu. the etiquette of its operation in the relationship between the Customer and the Company:
Use of the Customer's (You) data based on the information requested by us:
1.1. Management of your personal data: This Notice applies to all personal data that you provide to us and that we collect and process in connection with your relationship with the Company. For the purposes of this Notice, "personal data" means any information about you on the basis of which you have been identified or can be identified in a direct or indirect way (in particular, your name, address, telephone number, e-mail address, and information about special treatment), and conclusions drawn from information about you.1.2. Collection of your personal data: Whenever you use our services or services offered by third parties through our website/application (or book any related services), we collect personal data about you; the data is either provided directly by you or collected when you use our services on our website/application or when you purchase the services of a third party.
However, the Company is not responsible for the use of your data by third parties for their own purposes, if such use is permitted. In such a case, for further information, please see the data protection policy of the third party concerned. 1.3. Information collected and managed by the company: We collect and manage the following personal data about you: 1.3.1. Information about you (the information you provide may include, for example, your name, address, e-mail address and telephone number, photo); 1.3.2. information about the services you have purchased; 1.3.3. data related to your program application (Online Programs); 1.3.4. data related to how you use our website/application. We automatically collect information about how you use our website/application. This includes technical information such as the IP address with which your computer connects to the Internet, your login information, your browser type and version, time zone settings, browser plug-in types and versions, operating system and platform, as well as our site.
Information about your visit, including the unique resource identifiers (URLs) through which you arrived at our website/application, including through which you left it (including date and time); the products you have viewed and the products you have searched for; the response time of the pages, download errors, how much time you spent on each page, information about your activities on the pages (for example, scrolling, clicking, and if you hovered over certain images or links with the mouse ("mouse-over") as well as how you navigated from the site and 1.3.5 information about your communication with us. We can also obtain information about you if you use other websites/applications operated by us or our other services. : We use your personal data for the following purposes: 1.4.1.1 to provide the services you have purchased from us or to enable the purchase of third party products and services through our website/application. 1.4.1.2 for direct marketing purposes, to adapt the services and offers to your requirements (see point 1.4.2 below); 1.4.1.3. in order to improve our services (see point 1.4.2 below); 1.4.1.4. to communicate with you (for example, to send you reminder emails or change notifications) (for this purpose we use personal data such as name and contact details); 1.4.1.5. for other administrative purposes 1.4.1.6. for the purpose of fulfilling our obligations arising from our contracts with you. 1.4.2. Cookies and direct marketing. When using our website/application, your browser stores cookies on your device. Our goal is to ensure that visitors to our website/application find what they are looking for and that they encounter the most relevant marketing communication on our website/application. In order to achieve this, we can use your data for the purposes of analysis, for quality improvements, for the further development of services, to improve the performance of the website/application, to assess the success of our advertising campaigns, and to adapt our services to your needs. For these purposes, we may forward data that is not suitable for your identification to our contractual partners (for example, the third-party service providers listed in point 2); this includes, but is not limited to, anonymous demographic information and online behavior data.
We store the data sent to our website by your browser and device during the booking process. If you have indicated that you would like to receive such messages by subscribing to our newsletter, or if you have provided your information when participating in a competition or registering for a promotion, we may send you special offers. Based on your subscription to the newsletters, or if you enter your data as described above, we will send you direct marketing messages, including direct marketing messages or special offers from the Company and our contractual partners. In order to be able to send you such direct marketing messages/special offers, we process the following personal data: your name, e-mail address and/or telephone number. In addition, depending on your consent, the data related to your purchases and your use of our website/application and our services are profiled We may also use it for our purposes, in order to determine which services, offers and/or promotions may be of interest to you, as well as to send you personalized messages. For this purpose, your 1.3.2., 1.3.3., 1.3.4. we can manage your data listed in point 1.5, as well as your name, e-mail address and telephone number. The specific legal basis for processing your personal data. We process your personal data on the following legal basis: of your personal data in 1.4.1.1., 1.4.1.4.- 1.4.1.6. its processing for the purposes listed in point 2 is necessary to fulfill the contract between us or to take steps at your request prior to the conclusion of the contract (according to Article 6 (1) (b) of the General Data Protection Regulation (GDPR);
1.4.1.5 of your personal data. its processing for the purposes specified in point 1 is either necessary to fulfill one of our legal obligations (according to Article 6 (1) point c) of the GDPR), or it may be necessary to assert our legitimate interest (according to Article 6 (1) point f) of the GDPR); such legitimate interests may include: protection of our rights and property (including our IT system), and protection of the rights and property of third parties; detect, prevent and detect fraud or other crimes; submission, enforcement and defense of legal claims;
1.4.1.2 of your personal data. and 1.4.1.3. its processing for the purposes listed in point 2 is based on your consent (according to Article 6, Paragraph 1, Point a) of the GDPR.
In addition to the above, the processing of your special data is based on your express consent (according to Article 9 (1) point a) of the GDPR). Your data is provided on a voluntary basis. However, if you do not provide your personal information, we may not be able to provide you with the requested services in whole or in part. Please note that in this case you cannot withdraw the fees you have already paid, and you are not entitled to any refund. In the case of the processing of your data for direct marketing purposes (including profiling) based on your consent, you can freely withdraw your consent at any time. Please note that withdrawal of consent does not affect the legality of data processing carried out prior to it. You can unsubscribe free of charge at any time, without reason, via the link provided in the newsletters or by sending a letter to the following address: 3556 Kisgyőr, Akác út 18. In the case of the processing of your personal data based on your consent, you may freely withdraw your consent at any time. However, please note that if you withdraw your consent to the processing of special data, we may not be able to provide you with the special assistance you have requested. We would also like to draw your attention to the fact that the withdrawal of consent does not affect the legality of data processing carried out before it.
Sharing your personal data with third parties:
2.1. For the purposes specified in this Notice, we may also share your personal data with the following categories of third parties:
third-party service providers whose services you have purchased through our website/application third parties that conduct customer surveys on our behalf; other third-party service providers that we use, among other things, for the purpose of data management; third parties, such as law firms or courts, to enforce or apply contracts with you; authorities or enforcement bodies – such as the police and regulator authorities - at the request of the relevant body and only to the extent that it is mandatory under the applicable law, or if it is necessary to protect our rights or protect the safety of our customers and property.
2.2.Third party service providers. When you purchase the services of a third-party provider through our website/application, we transmit your personal data in order to enable the purchase. Their own data protection regulations also apply to the data management carried out by these third parties. For more information on the data management practices of the mentioned third parties, please view the data protection policies directly on the websites of the third parties (Apple Store and Google Play websites for the Application). Please note that we assume no responsibility for these policies. In some cases, our general terms and conditions and data protection policy, as well as the third party's general terms and conditions and data protection policy, must also be accepted in order to use the given service.
Safety: We apply appropriate technical and organizational measures to prevent the accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or unauthorized access to your personal data - especially in cases where data management involves the transfer of data over a network transmission - and in order to protect your personal data against all other illegal forms of data management. We pay special attention to the secure transmission of personal and financial data. These data are transmitted from your computer to the Company's reservation server via encrypted channels, using the most modern Secure Socket Layer (SSL) technology.
Retention of data: We process your personal data as long as they are necessary to achieve the purpose for which we obtained them. In general, we apply the following data retention periods: (a) with the exception of data contained in documents required for accounting purposes, 1.4.1.1., 1.4.1.4.- 1.4.1.6. We will keep the data collected for the purposes listed in point 5 for 5 years from the date of the conclusion of the contract between you and us; and (c) 1.4.1.2. – 1.4.1.3. the data collected for the purposes listed in point 1.4.1.3 will be kept until you withdraw your consent to data management. point, we would like to draw your attention to the fact that the following data will be retained for 5 years after the withdrawal of consent in order for the Company to be able to prove that it has complied with the applicable data protection legislation: date of consent, date of withdrawal of consent, e-mail related to consent email address and/or phone number.
Your rights: You have the following rights and remedies in relation to data processing under the scope of the GDPR: (1) you can request access to your personal data; (2) you can request the correction of your personal data; (3) you can request the deletion of your personal data; (4) you can request the restriction of the processing of your personal data; (5) you have the right to data portability; and (6) you can object to the processing of your personal data. (1) Right of access: You have the right to receive feedback on whether we are processing your personal data and, if such data processing is in progress, you can request access to your personal data. The right of access includes applies to the following information: the purpose of data management, the categories of processed personal data and the categories of recipients and recipients to whom the personal data has been or will be communicated. In addition, you have the right to request a copy of your personal data that we manage. (2) The right to rectification: In certain cases, you may request the correction of inaccurate personal data or the addition of incomplete personal data. (3) The right to deletion (the right to be forgotten): In certain cases, you may request the deletion of your personal data, and we may be obliged to delete the given personal data. (4)
The right to restrict data processing: In certain cases, you can request the restriction of the processing of your personal data. In such cases, the personal data concerned may only be processed for specific purposes. (5) The right to data portability: In certain cases, you are entitled to receive the personal data you have provided us in a segmented, widely used, machine-readable format, and you are also entitled to transfer these data to another data controller without us hindering this. (6) The right to object: In certain cases, you may object to the processing of your personal data, and we may be obliged to stop processing the given personal data. If we process your personal data for direct marketing purposes - including including profiling - you can object to the processing of your personal data at any time. In such a case, we will stop processing your personal data for the aforementioned purposes. Please note that the above rights are not absolute rights and their exercise may be subject to conditions in accordance with the applicable data protection legislation. If you feel that your rights to your personal data have been violated, you can also contact the local data protection authority - in particular in the Member State where you have your usual place of residence, place of work or the place of the alleged violation - and file a complaint with them. You can also contact the National Data Protection and Freedom of Information Authority (1125 Budapest, Szilágyi Erzsébet fasor 22/C.; phone: +36-1 391-1400; fax: +36-1 391-1410; e-mail: ugyfelszolgalat@naih.hu) .In addition to the above, you can also initiate court proceedings before the competent court based on the seat of our company or your usual place of residence. If you register on our website or download and register in our application, we assume that you consent to the processing of your data provided during registration. If you would like to receive more information about other data held by the Company, about data management and data processing organizations (if any), or if you would like to exercise the above rights, please contact us.
Data Protection Officer:
The Company has appointed a data protection officer who also supervises the data management activities of the Company. If you have any questions or problems, you can contact the Data Protection Officer at the Website at the following contact details: atppteam@gmail.com
Miscellaneous Provisions:
8.1. Notification and handling of a potential data protection incident: The data controller shall report the data protection incident to the competent supervisory authority (NAIH) on the basis of Article 55 of the GDPR without undue delay and, if possible, no later than 72 hours after becoming aware of the data protection incident, unless the data protection incident probably does not pose a risk to the rights and freedoms of natural persons. If the notification is not made within 72 hours, the reasons justifying the delay must also be attached. 8.2. If we modify this Privacy Notice, we will publish its updated version on our website or application. 8.3. The BudaVIPTours website contains links to additional websites for your convenience and information. Please note, however, that these sites may be owned and operated by other companies or organizations and may have different security and privacy policies. 8.4. The Company reserves the right to amend this Information Notice at any time. The Company shall inform Dear Customers of such amendments by letter or e-mail, as appropriate, and in all cases in accordance with the relevant legislation. 8.5. Our Data Protection Notice, which is valid at all times, is available on the Internet at the following address: www.budaviptours.com 8.6. This Privacy Notice is in effect from June 5, 2024.
