PRIVACY & COOKIES POLICY
in which we provide information on the data protection activity of the www.shuttlesfrombudapest.com website (hereinafter Website)
- complying the General Data Protection Regulation (EU) 2016/679 - which is operated by Vizvari Zsuzsanna Csilla , sole trader, hereinafter Data Manager or Enterprise (registered office: 25 Alacskai út, Budapest 1182, tax number: 67051089143, registration number: 42900498, E-mail:email@example.com).
Our company respects your fundamental rights for data protection; therefore, we inform you about the legal basis, purpose, storage time, method of data protection concerning you; furthermore, protective measures to be taken and regulatory opportunities under data usage.
The Data Protection Sheet relates to all personal data given on the Website. During browsing you can find the relevant data protection sheet, the customer makes a declaration on the acceptance of it and its content by ordering the advertised service on the Website.
The Data Protection Sheet is subject to change by the enterprise.
The user is under this regulation a private person who clicks on the Website regardless of whether he chooses the service or not.
The service displayed on the above-mentioned website is only available in Hungary. During the time of service, the Hungarian law is applicable for users.
The operator and editor of the Website is the Data Manager, that is, our enterprise.
Host provider: MikroVps Informatikai és Szolgáltató Kft. (Sobieski János utca 19-21. A lh. 1. em. 1., Budapest 1096) . registered number: 01-09-205021, adószám: 25189861-2-43, firstname.lastname@example.org)
The data storing host operates within the territory of the European Union.
Regarding our sales activity we protect personal data for the below data protection purposes.
Data protection purpose: Sales of own shuttle service
You get involved into confidentiality matters if your order under the „Book Transfer” menu – complying the General Terms and Conditions (hereinafter GTC) has been placed.
Regulations on ordering/purchasing can be found in GTC.
By filling out the form available on our Website your personal data is to be stored in order to fulfill the contractual obligation between parties not present during the sales of the product.
The legal basis of data protection is the contract between you as a Customer and the Data manager.
Data managed by us: purpose, type and category of chosen travel, date of transfer, number of passengers, first name, surname, e-mail, phone number, airline, flight number, number of luggage, meeting time, arrival address, arrival time, notes, chosen payment method, bank details; besides, for having a smooth order process you can create an own account, and by giving a password the content of the customer basket will be stored.
Source of data is the form filled out by the Customer.
Your data is stored 5 years after the contract ended.
The service having been ordered on the Website is carried out by us, data shall not be given to a third party.
The data given during the ordering process is stored online on the website’s admin center; data is stored on our host operated by our host provider.
For payment, depending on your choice, you will be directed to the Stripe transaction site of the Stripe Inc. or to the website of PayPal. Your bank details used in financial transactions are unknown to the Data Manager.
Data protection purpose: Sales of indirect services
Provided indirect service(s) offered by other service providers are to be chosen, your data given in the order form will be sent to the companies carrying out the service(s).
- Name: Silverline Cruises Kereskedelmi és Szolgáltató Kft.
Registered number: 01-09-973821
Registered office: Marina part hrsz 25904/1., Budapest, 1138
Tax number: 23692800-2-41
- Name:Legenda Idegenforgalmi, Művészeti és
Műszaki Szolgáltató Kft.
Registered office: V. district, Jane Haining rakpart Dock 7., Budapest 1051
4 Fraknó u., Budapest 1115
Registered number: 01-09-066303
Tax number: 10346406-2-43
- Name:Eurama Idegenforgalmi Kft.
Registered office: 12-14. Apáczai Csere János utca, Budapest 1052
Registered number: 01-09-717783
Tax number: 13081474-2-41
- Name:CRB Cityrama Kft.
Registered office: 22 Báthory utca, Budapest 1054
Registered number: 01-09-870771
Tax number: 13739933-2-41
- Name:Programcentrum Utazásszervező Kft.
Registered office: 15/B Szabina utca, Budapest 1221
Registered number: 01-09-688375
Tax number: 12480715-2-43
- Name:Hungaria Koncert Idegenforgalmi és Műsorszervező Kft,
Registered office: 27. Fszt. 2.Abonyi u. 1146 Budapest
Registered number: 01-09-369387
Tax number: 12032707-2-42
For the purpose of protection of your data the service providers are regarded as data managers as well; thus, beyond data management activities confidentiality activity complying with the General Data Protection Rule must be ensured by service providers.
In case of ordering indirect services (guided sightseeing, private tours, excursions, round trips) the managed data is the following: name, invoice name, e-mail, phone number, address, chosen language, date and place of travel/meeting, number of passengers, number of adults, number of children.
Data protection purpose: Login
If an account has been made at the time of booking by a password, in which the content of your order can be checked, you can log in to our website next time with your e-mail address and password by using the login function.
The legal basis of data management of your data given at the time of login is your statement made before signing in by filling out the dedicated heading.
Your login data is stored until receipt of revocation initiated by you.
Source of data is the form filled out by you as Customer.
The data given during the ordering process is stored online on the website’s admin center; data is stored on our host operated by our host provider.
Data protection purpose: Customer service contact
Under the menu Contact you can ask for further information on our services by filling out the message board.
Your data managed on the message board (surname and first name, e-mail, phone number, subject, message) is sent to email@example.com address by our e-mail server for the purpose of contact management; this data is stored until the fulfillment of the data management purpose, then it is to be deleted from our server. The legal basis of data management is your contribution if the given e-mail is sent by you voluntarily. Your contact data is managed by our sales and customer service representatives.
Data protection purpose: a Guaranteed exercise of rights of withdrawal/cancellation
According to the current consumer protection regulations and in the frame of exercising the right of withdrawal in GTC the name, address of the consumer exercising his withdrawal/cancellation rights and the date of withdrawal are to be protected by the Data Manager.
The legal basis of data protection is the contract between you and our company. The source of data is the withdrawal statement sent by you either on paper or by mail. Data is stored until enforceability of the civil law’s limitation period. Data is sent further to our legal representative and/or claim manager only in case of dispute.
All statements sent in e-mail are stored on our online mail server.
Your data is managed only by our sales and customer service representatives.
Data protection purpose: Complaint management
In case of complaint and its management this personal data of the user (name, address, e-mail address, subject of complaint) is stored. According to GTC and consumer protection instructions during complaint management your data written in the complaint is stored electronically for 5 years in a separate folder on our server. The legal basis of data management is the fulfillment of our legal obligation which is required by the regulations within consumer protection instructions. Your data is managed only by our staff; it shall not be handed over to a third party.
Taxation and accounting obligations
Data determined by the law of natural persons getting into business contact with us is managed for the fulfillment of legal, taxation and accounting obligations. Managed data is name, address, tax number. Duration of storage of personal data is 8 years after the termination of legal relation as legal basis. Your personal data can be found on the invoice made for you which is also sent to the Alterego Számviteli Bt., accounting company, for data management purposes. Our data management contract with the data manager ensures meeting the legal requirements of appropriate data management. Your data is only sent to the National Tax and Customs Administration (NAV).
We ensure protection of your data by password protection on our computers and other technical and organizational measurements taken by the host provider which deals with the data storage.
By writing a security code (so called captcha) on our form we can protect our sites and database by any attacks from robots and spam senders. By captcha people cannot be identified.
DATA MANAGED IN ANOTHER WAY (Cookies)
As Data Manager our company is allowed to manage personal data which is technically essential to the services.
In case of other similar conditions the methods used during the service in any event are only chosen for the purpose of personal data management if it is indispensable to the service and the fulfillment of other goals set by the law; although only to the required extent and time.
Therefore, the browsing data of the Website is stored in form of cookies on your device (computer, tablet, laptop, mobile phone).
These cookies are stored until the end of browsing except those ones which are put there to remember your confirmed cookie management. Duration time of this storage is 30 days.
During browsing on the Website and laying products into the basket, cookies ensure preservation of the chosen products.
The Google Analytics system is regarded as a cookie laid down by a third party, which measures the number of visitors on the Website; though there is no data storage regarding the data given by the third party. The visitor remains unknown during the analysis of data. Duration of cookie storage in this case is until the end of surfing.
Our Website has a business profile in social media (Facebook, Google+) too. If you “like” or “follow” us you must be aware that your data known by the public will be known by us as well. However, data management of social media sites is regulated by their own policy.
IF COOKIES ARE NOT SUPPORTED
Settings of cookies can be modified at any time in your browser. Usage of cookies can be disabled by activating the adequate settings with which all or certain cookies will not be placed. These settings can be found in your browser’s menu under “Settings” or “Preferences”. Get more information on the below links:
Internet Explorer: visit https://support.microsoft.com and type in the word “cookies”.
Safari: visit https://support.microsoft.com and type in the word “cookies”.
User/Visitor must be aware that by disabling cookies certain functions of the Website are only accessible partially or even not at all.
YOUR RIGHTS OF PERSONAL DATA PROTECTION
Under the rules of the European Union General Data Protection Regulation we provide enforcement of your rights on data management. You can exercise your rights by sending an e-mail to 25 Alacskai út, or firstname.lastname@example.org.
Before actual data management we give you a free guidance on facts of data management by making the Data Management Information Sheet available.
You are entitled to gain information about your managed data, purpose of data management, legal basis, source of data, data managers, and data protection incidents. The information service is free of charge in the current year, it costs, though, 1000 HUF in any other cases. Requests for unlawful data management or amendment are free of charge. Answer to requests is sent within 30 days after receipt to your dedicated address.
We take no responsibility for the authenticity of your given personal data. Further information could be requested for the protection of your personal rights and the exercise of your rights, or for the legitimate interest of our company or in cases of justified doubt. This measurement is necessary to facilitate the confidentiality of data management, that is, to prevent unauthorized access to personal data.
By the amendment request you can inform us about any changes in your data which will be updated immediately.
You are entitled to ask for the deletion of your personal data. Data is to be deleted in 15 working days after the receipt your request and it cannot be reactivated again. Deletion does not refer to the data management regulated by certain laws (i.e. accounting regulations) and contracts; this data is stored until the requested period.
You can also ask for restriction of management of your data; furthermore, you are entitled to request data portability.
You can object to data management and are entitled to file a complaint to the supervisory authority.
Before, during and after giving your personal data you can read the Data Management Information Sheet by clicking on the dedicated link on our Website.
Before sending the order form you need to make a statement on the management of your personal data; moreover, on the acceptance of the content of the Data Management Information Sheet.
Your personal data - except the above mentioned data managers - shall not be handed over, sold or given in any cases to other companies or individuals or to a third party. If law requested, exceptions can occur.
During our data management activity we take care of the enforcement of the relevant data protection and confidentiality obligations.
With appropriate technical and organizational measurements your data is prevented from unauthorized access, modification, forwarding, publication, deletion or destruction, unintended destruction or damage, inaccessibility due to applied technical steps.
For data encryption the HTTPS protocol certificate of Cloudflare Ltd. is used to ensure the smooth flow of data through a secure channel towards our database.
Computers assigned for data management are protected with user name and password; also their physical protection is ensured by security technology equipment.
Data is stored by the data manager on a secure server with built-in firewall and on softwares with adequate virus protection.
If any data protection incident occurs we possess an appropriate incident management plan.
If you have any comments, proposals or complaints which require further administration, or any problems occur, you can contact us in several forms displayed on the Website. Statements on personal data must be sent to email@example.com. A reply will be given in 30 days.
You are entitled to turn to the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) as supervisory authority or court.
Hungarian National Authority for Data Protection and Freedom of Information
Address: 22/C Szilágyi Erzsébet fasor, Budapest 1125
Post address: 1530 Budapest Postbox 5.
Phone number.: +36 1 391 1400
Fax: +36 1 391 1410
Our Data Management Information Sheet in force is available on our Website.
The content of our Data Protection Sheet is subject to change unilaterally by the enterprise. If changes occur we inform our visitors; although this does not affect the legality of our previous data management.
Nyíregyháza, 25 May 2018
Vizvari Zsuzsanna Csilla
RELEVANT REGULATIONS, DIRECTIVES
- Regulation (EU) 2016/679 of the EUROPEAN PARLIAMENT and of the COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (hereinafter: GDPR),
- Act CXII of 2011. on information self-determination and freedom of information,
- Act CVIII of 2001. on certain issues of electronic commerce activities and information society services,
- Act XLVIII of 2008. on basic conditions of economic commercial activities and certain restrictions.
BASIC TERMS FROM THE INFORMATION SHEET
Person concerned: any natural person defined, identified - directly or indirectly - based on personal data.
Contribution of the person concerned: clear statement of the person concerned made voluntarily after exact and adequate information share, with this statement concerned or by his/her unambiguous confirmation the person concerned agrees to the management of his/her personal data.
Personal data: any data concerning the person - especially name, address, phone number of the person; furthermore, a physical, physiological, mental, cultural or social features, and any conclusions drawn from the data of the person.
Data controller: such a natural or legal person, public authority or other body, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by the data manager (including the used method). In our case the data manager is the Service Provider.
Data management: any action(s) taken by the person concerned on the data given to the Service Provider, especially collection, recording, setting, classification, storing, changing, using, requesting, forwarding, publishing, alignment or connection, locking, deletion or destruction or prevention of further use of data.
Data protection incident: unlawful management or processing of personal data, especially the unauthorized access, change, forwarding, publishing, deletion or destruction, unintended deletion or damage.
Third party: a natural or legal person, public authority, agency or any other body which is not similar with the person concerned, the data manager, data processor or those persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Data security: unlawful management of personal data, especially all organizational, technical and process rules of its acquiring, processing, changing and deletion; the status of data management in which risk factors - together with threat, organizational, technical solutions and measurements can be reduced to their minimum level.
Legal basis of data management: according to the main rule the statement of agreement of the person concerned or the compulsory data management regulated by the law (for example: fulfillment of contract, legal obligations etc.)
Basic terms can be found on the website of NAIH too.