1. Table of content
1 Table of content
2 Introduction
3 Definitions
4 Data controller
5 Data processors
6 Data controlling
6.1 The use of cookies on the website
6.2 Communication through the website
6.3 Data processing by contract partner contact points
6.4 Newsletter
6.5 Booking
6.6 Request for quotation
6.7 Data management on Facebook and Instagram, data management in the Facebook Messenger application
7 Automated decision making and profiling
8 Data security measures
9 Rights of the data subject
9.1 Right of withdrawal
9.2 Right of access
9.3 Right to rectification
9.4 Right to erasure
9.5 Right to restriction of processing
9.6 Right to data portability
9.7 Right to object
9.8 Exercising rights after the death of the data subject
10 Legal remedy
11 Validity of the privacy notice
12 Annex
2 Introduction
This Privacy Policy provides information to data subjects about the data management practices of the Yacht Camping Üzemeltető Kft. as the data controller (hereinafter referred to as the “Data Controller”) on www.yachtcamping.hu, taking into account the different data management purposes.
The data controller informs the data subjects that this privacy statement reflects the practices in relation to the processing of personal data contained in it.
This Privacy Notice has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as “GDPR”), Act CXII of 2011 on the Right to Information Self-Determination and Freedom of Information and other legal provisions applicable to the operation of the website.
This Privacy Notice applies to personal data of natural persons (hereinafter referred to as “data subjects”).
A list of the relevant legislation applicable to this privacy notice and to the processing of personal data is set out in the Annex.
This privacy notice can be downloaded by clicking HERE or by pasting the following web address into your browser bar: https://yachtcamping.hu/dokumentumok/20230224_privacy_policy_information.pdf
Balatonalmádi, 24 February 2023.
Yacht Camping Üzemeltető Kft.
The terms used in this privacy notice correspond to the definitions in Article 4 of Regulation (EU) 2016/679 of the European Parliament and of the Council.
The definitions are available at the following link: https://eur-lex.europa.eu/legal-content/HU/TXT/HTML/?uri=CELEX:32016R0679#d1e1459-1-1
Data controller’s information:
- name: Yacht Camping Üzemeltető Korlátolt Felelősségű Társaság[1]
- seat: 1037 Budapest, Montevideo utca 5.
- branch: 8220 Balatonalmádi, Véghely Dezső utca 18.
- registry number: 01-09-374737
- tax number: 28804408-2-41
- e-mail: info@yachtcamping.hu
- telephone: +3688584101, +366307422146
- website: yachtcamping.hu
Identity and data of the data processors (hereinafter referred to as Data Processors):
| Data processor | Activity | Private information handled | Seat | Registration | Tax number | Telephone | Website | |
| MediaCenter Hungary Kft. | Web hosting | All private data covered by this privacy notice | 6000 Kecskemét, Erkel Ferenc utca 5. | 03-09-114492 | 13922546-2-03 | mediacenter@mediacenter.hu | 06-21-2010505 | https://www.mediacenter.hu/ |
| Unicredit Bank Zrt. | credit card transaction authentication | e-mail address of the data subject, payer ID, transaction amount, date, time, billing information | 1054 Budapest, Szabadság tér 5-6. | 01-10-041348 | 10325737-4-44 | info@unicreditbank.hu | 06-1-3253200 | www.unicreditbank.hu/ |
| OTP Pénztárszolgáltató Zrt. | Szép-card transaction authentication | e-mail address of the data subject, payer ID, transaction amount, date, time, billing information | 1138 Budapest, Váci út 135-139. A. ép. 3. em. | 01-10-045076 | 13272346-4-41 | info@otpszepkartya.hu | 06-70-7085495 | https://otpszepkartya.hu/ |
| MKB Bank Nyrt. | Szép-card transaction authentication | e-mail address of the data subject, payer ID, transaction amount, date, time, billing information | 1056 Budapest, Váci utca 38. | 01-10-040952 | 10011922-4-44 | szolgaltato.mkbszepkartya@mkb.hu | 06-1-2687272 | https://www.mkbszepkartya.hu/ |
| K&H Bank Zrt. | Szép-card transaction authentication | e-mail address of the data subject, payer ID, transaction amount, date, time, billing information | 1095 Budapest, Lechner Ödön fasor 9. | 01-10-041043 | 10195664-4-44 | szepkartya@kh.hu | 06 1/20/30/70 335 3355 | https://www.kh.hu/napi-penzugyek/bankkartya/szep-kartya |
| MORGENS Design Kft. | Operation of online booking system | Every private data recorded during the booking process | 8800 Nagykanizsa, Csányi László utca 2. | 20-09-072782 | 23964710-2-20 | sales@morgens.hu | 06-30-6480047 | https://morgens.hu/ |
| STEMO MARKETING Kft. | Advertisement agency | First name, last name, email | 1133 Budapest, Pannónia utca 93. III. em. 10. ajtó | 01-09-955856 | 23161632-2-41 | info@stemo.hu | 06-30-6591841 | https://berelj-marketingest.hu/ |
| Tárhely.Eu Szolgáltató Kft. | Hosts the online booking and request for quote module | Data recorded during online booking and request for quote | 1144 Budapest, Ormánság utca 4. X. em. 241. ajtó | 01-09-909968 | 14571332-2-42 | support@tarhely.eu | 06-1- 789 2 789 | https://tarhely.eu/ |
| BIG FISH Internet-technológiai Kft. | Ensures data communication for online payment transactions | e-mail address of the data subject, payer ID, transaction amount, date, time, billing information | 1066 Budapest, Nyugati tér 1-2 | 01-09-872150 | 13767213-2-42 | cafe@bigfish.hu | 06-1-2090760 | www.bigfish.hu |
6.1 The use of cookies on the website
When you visit our site, our website places short data files (“cookies”) on the device you use to browse. This enables the device to be recognised by our website when you connect between your browser device and our website. You can find detailed information about cookies in the window that pops up when you visit the website.
6.2 Communication through the website
You can send us a message via the website at info@yachtcamping.hu or by using the form provided. In this case, your personal data will be processed as described below:
| Scope of private data processed | first name, last name, telephone number, e-mail address, best time to call back, message, and any additional information or documents you freely provide.
|
| Purpose of data processing | Contact and communication |
| Lawfulness of processing | – In the case of a contact person who is not a natural person, the legitimate economic interest of the controller in providing its services; this is provided for in Article 6(1)(f) of the GDPR. – In the case of contacting or being contacted by a natural person, the consent of the natural person; this is provided for in Article 6(1)(a) of the GDPR. |
| Duration of processing | The controller processes the personal data for the time necessary to achieve the purpose of the processing or until the obligation to erasure is fulfilled (exercise of the right to erasure or the right to object). In the case of contact based on consent, if no contractual relationship is established, up to 90 days from the last contact. |
| Who has access to private data | – the Data Controller, and – the Web Hosting Provider as data processor |
6.3 Data processing by contract partner contact points
The personal data of employees of third parties involved in the performance of the contract as contact persons, or who have other employment relationships with third parties contracting with the Data Controller, are processed as follows:
| Scope of private data processed | First name, last name, title, telephone number, e-mail, |
| Purpose of data processing | Contact, fulfilment of rights and obligations under the contract. |
| Lawfulness of processing | The data controller’s legitimate economic interest in providing its services, as provided for in Article 6(1)(f) of the GDPR. |
| Duration of processing | During the duration of the contract and personal data relating to the accounting documents, in accordance with the Accounting Act, for 8 years after the termination of the contract, in order to comply with the legal obligation of the controller (Article 6(1)(c) GDPR) During the duration of the contract and personal data relating to the accounting documents, in accordance with the Accounting Act, for 8 years after the termination of the contract, in order to comply with the legal obligation of the controller (Article 6(1)(c) GDPR) |
| Who has access to private data | – the Data Controller, and – the Web Hosting Provider as data processor |
In case you have provided your private information details and consented to receive our newsletter, we will process your personal data as follows:
| Scope of private data processed | Last name, first name, email address, subscriber IP address, date of registration, source, status and date of status |
| Purpose of data processing | Building a direct marketing database, sending economic advertisement to the subscribers of the newsletter, information about our new offers, promotions, sweepstakes, and about news, events, developments related to the content of the website
|
| Lawfulness of processing | Consent of a natural person; this is provided for in Article 6(1)(a) of the GDPR. For data subjects to whom the Controller has previously sold accommodation services, the legitimate interest of the Controller, as provided for in Article 6(1)(f) of the GDPR. |
| Duration of processing | The controller processes the personal data for the time necessary to achieve the purpose of the processing, but not longer than until the obligation to erase is fulfilled (exercise of the right to erasure or the right to object). Newsletters contain an unsubscribe link if the data subject does not wish to receive the newsletter anymore. The data subject may unsubscribe from the newsletter by clicking on this link or by using the contact details of the Data Controller as set out in point 4. |
If you book accommodation through our online booking system on our website, we will process your personal data as described below:
| Scope of private data processed | first name, surname, e-mail address, telephone number, address, arrival and departure times, type of accommodation, message to the campsite, prepayment method, IP address |
| Purpose of data processing | contract creation and performance, invoicing and claims management, and customer relations |
| Lawfulness of processing | The performance of a contract because the processing is necessary for the performance of a contract to which the data subject is a party or the processing is necessary for the purposes of taking steps at the request of the data subject prior to entering into a contract, as provided for in Article 6(1)(b) of the GDPR. Where the contract has been performed, the legal basis for the processing is then the performance of a legal obligation to which the controller is subject; this is provided for in Article 6(1)(c) of the GDPR. |
| Duration of processing | Until cancellation at the request of the data subject, but if the contract has been concluded, 8 years pursuant to Section 169 (2) of Act C of 2000 on Accounting. |
If you book accommodation through our online RFQ system on our website, we will process your personal data as described below:
| Scope of private data processed | first name, surname, e-mail address, telephone number, address, arrival and departure times, type of accommodation, message to the campsite, prepayment method, IP address |
| Purpose of data processing | contract creation and performance, invoicing and claims management, and customer relations |
| Lawfulness of processing | The performance of a contract because the processing is necessary for the performance of a contract to which the data subject is a party or the processing is necessary for the purposes of taking steps at the request of the data subject prior to entering into a contract, as provided for in Article 6(1)(b) of the GDPR. Where the contract has been performed, the legal basis for the processing is then the performance of a legal obligation to which the controller is subject; this is provided for in Article 6(1)(c) of the GDPR. |
| Duration of processing | Until cancellation at the request of the data subject, but if the contract has been concluded, 8 years pursuant to Section 169 (2) of Act C of 2000 on Accounting. |
6.7 Data management on Facebook and Instagram, data management in the Facebook Messenger application
Data subjects can send us messages, post comments on the Facebook and Instagram page during the course of which they might share personal information with us. (https://www.facebook.com/yachtcamping, https://www.instagram.com/yachtcamping)
| Scope of private data processed | Personal data that the data subject voluntarily provides by sending a comment or message, as well as publicly available profile data if the data subject has visited or liked the Facebook/Instagram page. |
| Purpose of data processing | To answer contact communication or other questions, to inform you about news, events, developments related to the content of the website and, if you have visited or liked our Facebook/Instagram page, to share or like our Facebook/Instagram page. |
| Lawfulness of processing | Consent of a natural person; this is provided for in Article 6(1)(a) of the GDPR. |
| Duration of processing | The controller processes the personal data for the time necessary to achieve the purpose of the processing, but not longer than the time necessary to comply with the erasure obligation (exercise of the right to erasure or the right to object). |
Please note that Facebook and Instagram themselves also process personal data. You can find out more about this in the Facebook and Instagram Privacy Policy.
7 Automated decision making and profiling
The data controller does not make decisions based on automated processing and does not carry out profiling or transfer personal data to a country outside the EEA.
The Data Controller shall ensure the protection of the privacy of data subjects when processing personal data. The Data Controller shall protect personal data against unauthorised access, alteration, disclosure, transmission, disclosure, erasure or destruction, accidental destruction or damage, and against inaccessibility resulting from changes in the technology used, by technical and organisational measures.
The Data Controller shall ensure security through network and application-level security procedures. The Controller’s IT system is protected against computer fraud, espionage, fire and flooding, computer viruses and computer intrusions.
Technical measures to ensure the protection of the privacy of data subjects include:
Our website is hosted by an external hosting provider, whereby the hosting provider guarantees the processing of personal data in compliance with the GDPR. The Data Controller’s server is located on a separate dedicated protected and locked server of the hosting provider. We ensure that our IT systems are virus-free through continuous virus protection. We also do our utmost to ensure that our IT tools and software always comply with the trusted technology accepted in the IT market.
These solutions guarantee the IT security of personal data stored on our servers and ensure that you can always check who has access to what personal data, when and how.
The Data Controller stores personal data in its own IT system at its headquarters and at its branch and hosting provider.
In addition, the organisational measure to ensure the protection of the privacy of data subjects is that access to the Data Controller’s IT systems is only possible with an individualised authorisation and that each person with access has access to personal data only to the extent and for the duration necessary for the performance of his or her tasks.
What rights does the data subject have? It depends on the legal basis on which the controller processes the personal data. The table below shows the relationship between the different legal bases and rights:
| Consent | Contract delivery | Fulfilment of legal obligation | Public interest | Legitimate interest | |
| Right of withdrawal | |||||
| Right to prior information | |||||
| Right of access | |||||
| Right to rectification | |||||
| Right to erasure | |||||
| Right to restriction of processing | |||||
| Right to data portability | |||||
| Right to object | |||||
| Right to legal remedy |
This section contains detailed information on the rights of data subjects. The data subject may exercise these rights against the controller at any time. The rights may be exercised orally, in writing or by e-mail.
Please note that, depending on the legal basis of the processing, not all data subjects’ rights may be exercised in all cases.
In the case of processing based on consent, as provided for in Article 6(1) of the GDPR, consent may be withdrawn at any time without giving reasons. In this case, the controller shall no longer process the data concerned but shall erase them. The withdrawal of consent shall not affect the lawfulness of the processing prior to the withdrawal of consent.
The data subject has the right to obtain confirmation as to whether the controller is processing his or her personal data. In this case, the data subject also has the right to request a copy of his or her personal data. The controller shall also provide this copy to the data subject free of charge in a commonly used computer-readable format (PDF or XML) or in paper format in hard copy.
The data subject may request that inaccurate personal data relating to him or her be corrected or that incomplete personal data be completed. The controller may request verification of the inaccuracy or incompleteness. Until such time as the inaccuracy or incompleteness is verified, the controller shall restrict the processing of the personal data concerned and temporarily suspend further processing operations.
The data subject may request the erasure of his or her personal data processed by the controller, except for processing required by law. The controller shall erase the personal data if it is no longer under an obligation to continue to process the personal data.
9.5 Right to restriction of processing
The data subject may request the restriction of the processing of his or her personal data by the controller if:
- the data subject believes that the processing of his or her personal data is not lawful; or
- the controller no longer needs to process the personal data and the data subject requests it for the establishment or exercise or defence of a legal claim.
If the data subject contests the accuracy of the personal data or exercises his or her right to object, the controller shall restrict the processing of the personal data for as long as the personal data can be verified, or it can be established that there are compelling legitimate grounds for continuing to process the personal data.
During the restriction period, the controller shall not process the personal data, except for
- the storage of personal data
- the data subject consent to the continuation of the processing
- the processing is necessary for the establishment, exercise or defence of legal claims, or
- the processing is necessary in order to protect the rights of another natural or legal person.
If processing is carried out in accordance with the above during the restriction period, the controller shall inform the data subject in advance.
The data subject has the right to receive personal data relating to him or her which he or she has provided to a controller in a structured, commonly used, machine-readable format (Pdf or XML) and the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided, where the processing is based on consent or on a contract.
The data subject has the right to object to the processing of his or her personal data at any time, if the legal basis is the legitimate interest of the controller. In such a case, the controller shall no longer process the personal data, unless he or she can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
9.8 Exercising rights after the death of the data subject
Within five years after the death of the data subject, the right to object, the right of rectification, the right of erasure, the right of access and the right to restriction of processing may be exercised by a person authorised by the data subject by means of an administrative act or a declaration in a public or private document having full probative value made towards the controller.
Failing this, the right to object, the right to rectification, the right to erasure and the right to restriction of processing may also be exercised by a close relative of the data subject (spouse, first line relative, adopted, step or foster child, adoptive, step or foster parent and sibling).
The person exercising the rights of the person concerned shall certify the fact and the date of death of the person concerned by means of a death certificate or a court order and shall prove his or her identity and, where applicable, his or her status as a close relative by means of a public document.
If the data subject believes that the controller has processed his or her personal data in a way that is unlawful or in breach of the applicable data protection legislation, he or she may lodge a complaint with the National Authority for Data Protection and Freedom of Information[2] (address: 1055 Budapest, Falk Miksa Street 9-11, postal address: 1363 Budapest, PO Box 9, telephone: +36 (1) 391-1400, fax: +36 (1) 391-1410, e-mail: ugyfelszolgalat@naih.hu, web: www.naih.hu)
In the event of a breach of his/her rights in relation to data processing, the data subject may also bring the matter before the courts, which will rule on the matter out of turn. The competent tribunal will have jurisdiction to rule on the case. The action may – depending on the data subject’s choice – be brought before the municipality court where the data subject resides or is domiciled. You can find the court of the place of residence or stay at www.birosag.hu/birosag-kereso.
11 Validity of the privacy notice
This Privacy Notice is effective from 24 February 2023 until revoked. The controller reserves the right to unilaterally amend this privacy notice.
Balatonalmádi, 24 February 2023.
The legislation applicable to this privacy notice and the processing of personal data
- Act V of 2013 on the Civil Code (Civil Code Act);
- Act CXXX of 2016 on the Code of Civil Procedure (CCP).
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR);
- Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Infotv.);
- Act C of 2003 on electronic communications.
[1] In English: Yacht Camping Limited Liability Company
[2] In Hungarian: Nemzeti Adatvédelmi és Információszabadság Hatóság