II. Information on private data management
He person concerned is to be informed about all details and facts of data management in accordance with this Policy. The person concerned is informed about the aim of the data management, legal basis, the people who have the right to manage and process data, the duration of the data management and sharing personal information with third party with the approval of the person concerned. the UNI-HOTEL gives information to the person concerned on who it may share the personal information with. The information covers the rights of the person concerned relating data management and legal remedy. The content of the Information is to be learnt by the staff of the UNI-HOTEL. The UNI-HOTEL will take reasonable measures to protect personal information from unauthorized access, disclosure, alteration or destruction, and keep personal information accurate and up-to-date as appropriate.
III. Legal basis of data management
In case of hotel services the legal basis of data management is Article 6 Paragraph 1 Item b of the Regulation. In case of the places rented by the University of Miskolc, the lessee (guest) shall fill in a form of personal data, when using the services of the hotel the guest shall fill in a registration form, in case of booking for a group the organizer/contracting party shall send the personal data of the members of the group to the UNI-HOTEL. If the data sender gives somebody else’s personal data it is the informant’s duty to let that person know about the data management. The people incapable of acting and people under 16 will need their legal representative’s consent to make a declaration.
IV. Duration of the personal data management
The UNI-HOTEL manages and records the data for 5 years to prove the contract, its completion, and for incidental assertion. Invoices are to be kept for 8 years in accordance with the Act C. of 2000, paragraph 169 on Accountancy.
V. The aim of the personal data management
The UNI-HOTEL manages the data given by its guests, in accordance with the Act Info, with the following purposes:
• To deliver your bookings. When you book with us we will use your information to confirm your booking and any payments you have made and to send a follow up email for your valued feedback.
• To deliver products that you purchase. When you buy from our online stores, we will use your information to deliver your purchases, confirm your order and payments you have made and to send a follow up email for your valued feedback.
• To keep you informed of our products, services, offers and promotions. We may send you marketing communications about our food, drink, hotel rooms, events and unique Fuller’s experiences if you have indicated that you are happy to receive these (e.g. when you opt in to marketing when you book from us).
• We will monitor opens / clicks and offer redemption on marketing emails to assess engagement.
• To personalise and improve your customer experience. We may use your personal data in order to tailor our services to your needs and preferences and to provide you with a personalised customer experience.
• To optimise the performance of our websites. We may also collect information on how you use our websites including the pages that you visit and the search criteria that you perform in order to optimise the performance of the website and personalise content that you see.
• To meet our legal obligations. We are required to keep certain records for legal reasons – for example invoices that we issue. We will keep and use this data in line with our legal requirements.
• We use CCTV to deter and detect crime and civil offences, to support court action and comply with our legal licensing requirements. We also use CCTV to provide a safe environment for our staff and customers. We use CCTV to facilitate entry / exist from buildings and improve customer service.
• For market research and to deliver business insight to help us ensure that our products and services remain relevant.
The UNI-HOTEL determines other purposes in the chapter of OTHER DATA MANAGEMENT.
VIII. The rights of the people concerned and their enforcement
Right to Object or Restrict Processing
The person concerned has the right to protest against managing their personal information any time. In such cases the personal information may not be managed any longer except if the Manager proves that there are imperious righteous reasons taking priority over the interests, rights of the person concerned or linking to submittal, enforcement or protection of legal claims.
The person concerned has the right to ask the UNI-HOTEL to restrict data management in case of any of the followings:
• the person concerned argues about the accuracy of personal data, in the case of which there is a restriction until the UNI-HOTEL checks the data in question;
• the data management is against the law and the person concerned is against the deleting of the data but asks for restriction;
• the UNI-HOTEL do not need the data any more but the person concerned asks for them for submittal, enforcement or protection of legal claims; or
• the person concerned protested against data management, but the legal interest of the data manager may base data management and in this case until it is determined if the UNI-HOTEL has a priority over the person concerned, data management has to be restricted.
If data management is restricted, the data may be managed with the approval of the person concerned or for submittal, enforcement or protection of legal claims or the protection of the rights of other natural person or legal person or for the interest of the European Union or a member of the EU. The UNI-HOTEL shall inform the person concerned about the cancellation of the restriction in due time.
Right of Access to personal data:
The person concerned has the right to get informed about the process of the data management. They are also have the right to get access to personal data and the following information:
- the aims of the data management;
- categories of the personal data concerned;
- categories of the addressees who the personal data have been or will be shared with;
- in certain cases the planned duration of the storage of personal data or the aspects which determine this duration;
- the person concerned may ask the data manager to change, delete or restrict data, and may protest against managing such data;
- the right to make a complaint to authority ;
- if the data has not been collected from the person concerned, all information on their sources;
- information on the importance of data management and its consequences.
The claim may be focused on determining and checking the rightfulness of the data management. In case of asking for information several times, the UNI-HOTEL may charge the person concerned some allowance for giving information.
Right of Correction or Erasure:
If the data collected is inaccurate you have the right to update it. The person concerned has the right to ask the UNI-HOTEL to correct the inaccurate personal data without delay.
Right of Erasure:
The person concerned has the right to ask the UNI-HOTEL to delete all the personal data without delay if any of the following reasons happens:
- the personal data are no longer needed in the purpose they have been collected or they have been managed for other purposes;
- the person concerned cancels the approval and the data management has no other legal claim;
- the person concerned protest against data management and there are no legal reasons with priority or other legal claims for data management;
- the personal data have been misapplied;
- to complete some legal privity in the law of the EU or other member state, the personal data have to be deleted.
If the UNI-HOTEL has made the data public and has to delete them, it has to make the necessary actions to inform the data managers that the person concerned has asked them to delete all the links referring to the personal data or the copies of the personal data.
The personal data will not be deleted if the data management is necessary:
- to practise the right of deliverance and get information;
- for legal reasons to meet the requirements of the EU or a member state
- to practise the right given to the data manager;
- for public interest in connection with public health;
- for scientific and historic research, statistical analysis, to archive data for public utility if the erasure of data made this kind of data management impossible or risked it; or
- for submittal, enforcement or protection of legal claims.
It is also needed to be taken into consideration that if the personal data are related to more than one data managers, their right to get personal data may not be violated. If the data are needed to investigate offence or crime, the personal data will not be deleted.
Right of Legal Remedy:
The person concerned has the right to make a complaint at the Nemzeti Adatvédelmi és Információszabadság Hatóság (Authority of National Data Protection and Freedom of Information) (1125 Budapest, Szilágyi Erzsébet fasor 22/c.; www.naih.hu, Telephone: +36 (1) 391-1400, Telefax: +36 (1) 391-1410, E-mail: ugyfelszolgalat@naih.hu) or in accordance with Act 3 of 1952 on Civil rules and regulations of court, the person concerned has the right to practise their rights at Court of Justice.
IX. Sharing your personal data
The data of people employed by the UNI-HOTEL may be linked in the different modules of the computer system. In the computer system there are personal data in the invoicing modules.
Data sharing beyond the UNI-HOTEL and data linking are possible only if:
- the person concerned has accepted them and given approval,
- the law allows them,
- the terms of data management cover all personal data.
According to Act 19 of 1998 paragraph 71 on Criminal action, the court of justice, a prosecutor and the investigating authority may ask the UNI-HOTEL for data or documents . The UNI-HOTEL shall share the personal data with authorities to the extent it is absolutely necessary for their purpose.
X. Rules concerning the privacy of information of bank cards – PCI – DSS
Other data management by the Uni-Hotel Student’s Hostel:
The PCI DSS (Payment Card Industry Data Security Standards) is a special standard of safety which is created and updated by the PCI Security Standards Council founded by all major bankcards (American Express, Discover, JCB, MasterCard and Visa). The safety requirements of the PCI DSS relate to all the organizations that use, share or store bank card details.
Requirements of the PCI DSS
The PCI DSS has the following security policies:
Security system is to be established and maintained:
- Firewall shall be installed and operated to protect the data of the bankcard owner
- Automatic passwords and other security parameters may not be used
- The data of the bankcard owner shall be protected
- The data of the bankcard owner shall be protected during storage
- The data of the bankcard owner shall be encrypted in case of sharing
- Defect management programme shall be operated
- Regularly updated virus protection system shall be used
- Safe systems and applications shall be developed and operated
- Strong access system shall be developed
- Access to the data of the bankcard owner shall be minimized
- Physical access to the data of the bankcard owner shall be restricted
- The system shall be tested and monitored
- All accesses to the data of the bankcard owner or system resources shall be recorded
- Systems and processes shall be tested regularly
- A system of IT security rules shall be operated
- A system of rules relating to data security shall be set up and maintained.
The UNI-HOTEL will take all reasonable measures to meet these policies.
XII. Data management relating to quality complaints
The aim of data management: the management of quality complaints relating to the services offered by the UNI-HOTEL.
The legal basis of data management: According to the Article 6 of the Regulation, paragraph (1) item b), data management relating to the completion of the contract.
The range of data managed: serial number, guest’s name, address, the service complained about, description of the complaint, the claim of the complainer, the method of compensation.
The duration of data management:
- the records written in the book of customers shall be kept for 2 years
- the copies of the responds to written complaints shall be kept for 3 years
XIII. The electronic card system used at the UNI-HOTEL Student’s Hostel
The legal basis of data management: According to the Regulation paragraph 6 item (1) f), on the rightous interests relating to assets and personal protection of the guests of the UNI-HOTEL.
The aim of data management: The main assets and personal protection aim of the card system to identify everybody entering the area, check the authority of staying there and prevent unauthorized entering.
The range of data managed: card number, validity, date of check-in, photo in case of permanent permission for entering, signature, date of check-out. a
The duration of data management: the UNI-HOTEL ensures safe data storage for a year at most in case of permanent permission for entering. After this duration the data will be deleted automatically.
The data recorded in the card system may only be shared with Jánosik és Társai Kft.
The UNI-HOTEL shall protect the database managing the data recorded with passwords from unauthorized management, change, publication, erasure or destruction. The UNI-HOTEL continually checks the actions relating to protection.
Applied rules:
The UNI-HOTEL and the Jánosik és Társa Kft. will act upon the Act 133 of 2005 (hereinafter: Szvtv.) paragraph 25. § items (1)-(2), paragraph 26. § items (1) a)-c) and e)-f) and paragraph 32. § items (1) on management, storage, record and share of personal data, personal and assets protection and private investigation.
Proof of rightous interest:
Hotel service is an activity where the UNI-HOTEL shall ensure the protection of the assets and personal protection of the people accommodated and may not allow:
- unauthorized people to stay in the area of the student’s hostel,
- if unauthorized person gets to the area of the student’s hostel, the UNI-HOTEL shall have information about it,
if offence or crime has been committed on the are of the student’s hostel, the UNI-HOTEL shall have information about it to protect its guests.
So the UNI-HOTEL has decided:
– to provide stronger protection of person and assets by using video cameras,
– to help the work against offences and crimes with its video cameras.
Interests scaling:
The UNI-HOTEL is aware that assets and personal protection coincides the interest that the personal data of the people concerned appear when applying the entering system. However, the UNI-HOTEL has determined that the interests introduced above are in scale of the aims of such actions and do not restrict the personal rights of the people concerned in such an extent that would not be in scale in the purposes of data management.
XIV. Other Rules
The UNI-HOTEL takes no responsibility for the correctness of the data given by its guests.