Kikelet Club HotelPrivacy Policy

Privacy and Data Processing Policy

Protecting your personal data is of utmost importance to us. Accordingly, we continuously ensure the security of your personal information throughout its processing. From now on, we process personal data in accordance with the regulatory framework that is mandatory for all companies operating within the European Economic Area, namely the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council). Your personal data will be processed in accordance with our updated Privacy and Data Processing Policy until you instruct us otherwise.

We hereby inform our valued Guests of the meal charges included in our package offers, should this information not be available on OTA reseller platforms or other online accommodation booking platforms:

  • Buffet breakfast: HUF 3,300 per adult/night, HUF 2,200 per child/night (ages 6–12).
  • Buffet dinner: HUF 6,600 per adult/night, HUF 4,400 per child/night (ages 6–12).

Kikelet Club Hotel – www.kikeletclubhotel.hu –

I. Introduction

Company Name: GOLD PARK Commercial and Service Limited Liability Company

(hereinafter referred to as the „Data Controller”) processes personal data in accordance with this Privacy Policy (hereinafter referred to as the „Policy”). The current version of the Privacy Policy is always available on the website www.kikeletclubhotel.hu.

The Data Controller reserves the right to amend this Policy at any time in order to ensure compliance with changes in applicable legislation and internal regulations.

II. Purpose of the Policy

1. The Data Controller considers it of paramount importance, and is committed to protecting the personal data provided by visitors to the website www.kikeletclubhotel.hu (hereinafter referred to as the „Website”) in connection with the content published on the Website, while respecting their right to informational self-determination. In doing so, the Data Controller fully complies with the applicable legal requirements and contributes to ensuring a safe online browsing experience for visitors.

2. The portal directly accessible from the „Online Booking” section of the Website processes visitors’ personal data confidentially and in accordance with applicable legal requirements. It ensures the security of such data, implements appropriate technical and organizational measures, and establishes internal procedures to guarantee full compliance with the principles of data protection.

3. The purpose of this Policy is to comprehensively regulate the processing of all personal data (hereinafter collectively referred to as „Personal Data”) arising within the operation and content of the Website www.kikeletclubhotel.hu (hereinafter referred to as the „Website”), relating to users, contractual partners of the Data Controller (hereinafter referred to as the „Contractual Partner”), and any information, fact or data falling within the scope of Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (hereinafter referred to as the „Information Act”), Section 2 (1). Furthermore, this Policy is intended to protect such Personal Data against unauthorized acquisition, use, or disclosure by third parties.

4. To ensure the preservation and security of Personal Data, the Data Controller implements and maintains all necessary IT and other security measures related to the storage and processing of data.

5. In addition to the provisions of the Information Act, this Policy has been established with due regard to, and in compliance with, regulations governing online orders, online bookings, and online payment systems, as well as all other data processing activities referred to in Section 1 related to the operation of the Website and the CCTV surveillance system.

III. Basic Definitions

Data Subject: any identified or identifiable natural person who can be identified, directly or indirectly, on the basis of Personal Data.
Personal Data: any information relating to the Data Subject, in particular the Data Subject’s name, identification number, or one or more factors specific to their physical, physiological, mental, economic, cultural or social identity, as well as any conclusion drawn from such information concerning the Data Subject.
Consent: any freely given, specific and informed indication of the Data Subject’s wishes by which they give their unambiguous agreement to the processing of their Personal Data, either in whole or in relation to specific processing operations.
Data Controller: the natural or legal person, or organization without legal personality, which alone or jointly with others determines the purposes and means of the processing of Personal Data, makes and implements decisions concerning data processing (including the means used), or has such decisions implemented by a Data Processor acting on its behalf.
Data Processing: any operation or set of operations performed on Personal Data, regardless of the procedure applied, including but not limited to collection, recording, organization, storage, alteration, use, retrieval, disclosure, transmission, publication, alignment, combination, restriction, deletion or destruction of data, prevention of further use, taking photographs, audio or video recordings, and recording physical characteristics suitable for identifying a person.
Data Transfer: making Personal Data accessible to a specified third party.
Data Processor: a person or organization performing technical tasks related to data processing operations, regardless of the method, means or location of such processing, provided that the technical tasks are carried out on the Personal Data.
Data File: the entirety of data managed within a single filing system.
Third Party: any natural or legal person, or organization without legal personality, other than the Data Subject, the Data Controller or the Data Processor.

IV. The Data Controller

1. The Data Controller is the operator of the Website (hereinafter referred to as the „Operator”):

Company Name: GOLD PARK Ltd.

  • Company Registration No.: 05-09-006687
  • Registered Office: H-3519 Miskolc, Fenyő u. 7.
  • Principal Place of Business: H-3519 Miskolc, Fenyő u. 7.
  • Represented by: Imre Ostorházi, Managing Director
  • Tel.: +36 46/560 160
  • Fax: +36 46/560 161
  • E-mail: recepcio@kikeletclubhotel.hu

2. The Data Controller ensures that all provisions of this Policy are made available to and may be reviewed by the Data Subject. Furthermore, the Data Controller ensures that this Policy remains continuously accessible to the Data Subject. (Principle of Transparency)

3. The Data Controller does not verify the accuracy of the Personal Data provided and accepts no liability for their correctness.

4. The Data Controller shall take all reasonable technical and organizational measures expected of it to protect the Personal Data under its control against unauthorized access, alteration, disclosure, deletion, damage or destruction, and to ensure the necessary conditions for secure data processing.

5. The Data Controller excludes any liability for the lawfulness of data processing activities carried out by Contractual Partners maintaining a legal relationship with the Data Controller.

V. Principles of Data Processing

1. Personal Data may only be processed for a specific purpose, in order to exercise a right or fulfil a legal obligation. Throughout every stage of processing, the processing must comply with its intended purpose, and the collection and processing of Personal Data must be carried out lawfully and fairly.

– Principle of Purpose Limitation –

2. Only Personal Data that is essential for achieving the purpose of the processing and suitable for fulfilling that purpose may be processed. Personal Data may only be processed to the extent and for the duration necessary to achieve the intended purpose.

– Principle of Necessity and Proportionality –

3. Personal Data shall retain its nature as Personal Data for as long as the Data Subject remains identifiable. A Data Subject shall be considered identifiable if the Data Controller possesses the technical means necessary to re-establish the connection between the data and the individual.

4. During data processing, the accuracy, completeness and, where necessary for the purpose of the processing, the up-to-date status of the data must be ensured. Furthermore, the Data Subject may only be identifiable for as long as required to achieve the purpose of the processing.

5. By applying appropriate technical and organizational security measures, the Data Controller shall protect Personal Data stored in automated filing systems against accidental or unlawful destruction, accidental loss, unauthorized access, alteration or disclosure.

6. The provision of Personal Data by the Data Subject is voluntary. The Data Controller processes Personal Data solely on the basis of the Data Subject’s consent.

7. The Data Controller shall transfer Personal Data to third parties only in exceptional cases and shall combine its database with that of another Data Controller only where the Data Subject has given prior consent or where such transfer or combination is permitted by law, provided that the legal requirements for processing each item of Personal Data are fulfilled.

8. The Data Controller shall not transfer Personal Data to a Data Controller or Data Processor located in a third country.

VI. Data Processing Activities and Categories of Personal Data

1. Online Quote Request / Booking:

* Name:
* E-mail address:
* Telephone number:
* City:
* Postal code:
* Street / House number:

2. Newsletter Subscription:

Categories of Personal Data processed:

* Name
* E-mail address

7. CCTV Surveillance System

The premises are monitored by a CCTV surveillance system for the purposes of personal safety and property protection. Visitors are informed of the operation of the CCTV system by means of clearly visible information notices placed throughout the monitored areas.

Fields marked with an * are mandatory.

VII. Storage of Personal Data and Information Security

1. Personal Data may only be processed in connection with the activities specified in Section VI and solely for the purposes for which the data are processed.

2. The purposes of data processing include: establishing and maintaining contact with the Data Subject; processing data required for registration on the Website; enabling the use of related services; maintaining the database used for sending newsletters; carrying out marketing activities; improving the quality of services provided by the Data Controller; conducting market research; and analyzing consumer habits.

3. The legal basis for data processing is the voluntary consent of the Data Subject, provided following prior information supplied by the Data Controller.

4. Personal Data shall be processed for the duration of the customer relationship, until the deletion of the Data Subject’s e-mail address upon request, or until the withdrawal of the Data Subject’s consent to the processing of their Personal Data.

5. Requests for the modification or deletion of Personal Data, the withdrawal of consent, or information regarding the processing of Personal Data may be submitted by sending a notification to: kikelet.hotel@t-online.hu.

6. The Data Subject may unsubscribe from the newsletter at any time.

7. Personal Data shall only be transferred in connection with online bookings, with the Data Subject’s consent, in a confidential manner, without prejudice to the Data Subject’s interests, and through an IT system that fully complies with applicable security requirements. In all other cases, the Data Controller shall not transfer, disclose or make Personal Data available to third parties without the Data Subject’s consent, unless required by law.

8. The Data Controller ensures that the IT environment used for the provision of its services provides an appropriate level of protection for Personal Data by ensuring that:

– Personal Data provided by the Data Subject are not linked with any other Personal Data.
– All modifications to the data are logged together with the date and time of the modification.
– Incorrect data are deleted within 24 hours upon the Data Subject’s request.
– Backup copies of the data are regularly created.

9. During the processing of Personal Data—including, in particular, their storage, correction and deletion—the Data Controller ensures the level of protection reasonably expected when responding to requests for information or objections submitted by the Data Subject.

10. Any information that cannot be linked, either directly or indirectly, to the Data Subject and does not permit identification of the individual (hereinafter referred to as „Anonymous Data”) shall not be considered Personal Data.

11. Visitor registration, login, cookies and website monitoring:

In the course of providing our services, we process Anonymous Data through the use of cookies, authorized third-party cookies, website monitoring tools and/or other technological solutions. We monitor browsing habits and record the use and visits of our Website. The collected information is aggregated and processed exclusively for statistical purposes in a manner that does not allow the identification of individual users.

12. Special provisions relating to the operation of the CCTV surveillance system:

12.1. The CCTV system records video footage.

12.2. The purpose of data processing is the protection of persons and property.

12.3. The recordings are stored at the hotel operated by the Data Controller (hereinafter referred to as the „Operator”), located at H-3519 Miskolc, Fenyő u. 7.

12.4. The legal basis for data processing is the voluntary consent of the Data Subject, granted after being informed by the Operator through information notices displayed on the premises. Consent may also be given through implied conduct. Such implied consent is deemed to be given in particular when the Data Subject enters or remains within areas monitored by the CCTV surveillance system.

12.5. The Operator shall ensure that the Personal Data of the Data Subject, including in particular private information and circumstances relating to the individual’s private life, are protected against unauthorized access.

12.6. Electronic surveillance systems may not be installed in locations where monitoring could violate human dignity, including, but not limited to, changing rooms, showers, washrooms and toilets.

12.7. Unless used as evidence, recorded footage shall be destroyed or permanently deleted no later than fifteen (15) working days after the date of recording. A recording shall be deemed to have been used if it is submitted as evidence in judicial or other official proceedings.

12.8. Any person whose rights or legitimate interests are affected by the recording of video footage or other Personal Data may, within fifteen (15) working days from the date of recording, request that the Data Controller refrain from deleting or destroying the data, provided that such person substantiates their rights or legitimate interests.

12.9. Upon request by a court or other competent authority, the recorded footage and any related Personal Data shall be provided without delay. If no such request is received within thirty (30) days after a request to suspend deletion has been submitted, the recorded footage and related Personal Data shall be destroyed or deleted, unless the time limit referred to in Section 12.8 has not yet expired.

12.10. Recorded footage and any related Personal Data may only be accessed by the person designated by the Operator to manage the recordings, acting on behalf of the Operator, where such access is indispensable for preventing or interrupting unlawful acts. The name of every person accessing the recordings, the reason for access and the date and time of access shall be documented in an official record.

VIII. Legal Remedies

1. The Data Subject may request information regarding the processing of their Personal Data and may request the correction, deletion or restriction of their Personal Data—except where processing is required by law—by contacting the e-mail address specified in Section VII.5 or in accordance with the provisions applicable to the specific data processing activity concerned.

2. Upon request, the Data Controller shall provide the Data Subject with information concerning the Personal Data processed, the purpose, legal basis and duration of the processing, the details of the Data Processor and its activities related to data processing, as well as the recipients or categories of recipients to whom the data have been or will be disclosed and the purpose of such disclosure.

3. The Data Controller shall rectify or erase inaccurate Personal Data where:

a) the processing is unlawful;

b) the Data Subject requests it;

c) the data are incomplete or inaccurate and the deficiency cannot lawfully be remedied, provided that deletion is not excluded by law;

d) the purpose of the processing has ceased to exist or the statutory retention period has expired;

e) the deletion or rectification has been ordered by a court or by the National Authority for Data Protection and Freedom of Information.

4. The Data Controller shall notify the Data Subject and all recipients to whom the Personal Data have previously been disclosed for processing purposes of any rectification or deletion. Such notification may be omitted where this does not prejudice the legitimate interests of the Data Subject in light of the purpose of the processing.

5. The Data Subject may object to the processing of their Personal Data if:

a) the processing or transfer of Personal Data is necessary solely for the enforcement of the legitimate interests of the Data Controller or the data recipient, except where processing is required by law;

b) the Personal Data are used or transferred for the purposes of direct marketing, public opinion polling or scientific research;

c) the right to object is otherwise provided for by law.

6. Upon receipt of an objection, the Data Controller shall suspend the processing of the Personal Data and examine the objection as soon as possible, but no later than fifteen (15) working days from its submission, and shall notify the applicant in writing of the outcome. If the objection is found to be justified, the Data Controller shall terminate the processing—including any further collection or transfer of Personal Data—and shall restrict the processing of the data. Furthermore, the Data Controller shall notify all recipients to whom the affected Personal Data had previously been disclosed of the objection and the measures taken in response, provided that such recipients are required to take action to enforce the Data Subject’s right to object.

7. If the Data Subject disagrees with the decision of the Data Controller or if the Data Controller fails to meet the deadline specified in Section 6, the Data Subject shall be entitled to initiate court proceedings within thirty (30) days of receiving the decision or the expiry of the applicable deadline.

8. Judicial enforcement: In the event of a violation of their rights, the Data Subject may bring legal proceedings before the competent court. The court shall give priority to such proceedings. The burden of proving that the processing complies with the applicable legal requirements rests with the Data Controller.

9. If the Data Subject believes that their right to informational self-determination has been violated, they may submit a complaint to:

9.1. National Authority for Data Protection and Freedom of Information

  • Address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/C
  • Telephone: +36 (1) 391-1400
  • Fax: +36 (1) 391-1410
  • Website: http://www.naih.hu
  • E-mail: ugyfelszolgalat@naih.hu

10. In the event of a violation of rights relating to content harmful to minors, hate speech, discriminatory content, requests for corrections, the rights of deceased persons or the protection of reputation, complaints may be submitted to:

10.1. National Media and Infocommunications Authority

  • Address: H-1015 Budapest, Ostrom u. 23–25.
  • Postal address: H-1525 Budapest, P.O. Box 75
  • Telephone: +36 (1) 457-7100
  • Fax: +36 (1) 356-5520
  • E-mail: info@nmhh.hu

Issued in Miskolc, 25 May 2018.

Imre Ostorházi

Managing Director