1061 Budapest, Andrássy út 20.   +3613540954  callascafe@gmail.com 

Privacy policy

HU EN

Privacy policy

Rostás és Társa Kft. (headquarters: 1061 Budapest, Király utca 52. I. em. 8.; company registration number: 01 09 382005; tax number: 12295667242; hereinafter: "Company") present data management information (hereinafter: "Information" ) by creating and making available the European Parliament and the Council (EU) No. 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and on the repeal of Regulation 95/46/EC in the General Data Protection Regulation (hereinafter: "GDPR"), and CXII of 2011 on the right to self-determination of information and freedom of information. the realization of the right to inform the data subject as defined in the law (hereinafter: "Infotv").


The material scope of the Information Sheet covers all processes carried out in all organizational units of the Company during which personal data is processed.


The circular is valid until it is withdrawn. The Company reserves the right to amend this Notice, and will provide the relevant notification by publishing the amended Notice on the website.

I. Data controller
• Data controller: Rostás és Társa Kft.
• The registered office of the company: 1061 Budapest, Király utca 52. I. em. 8.
• Company registration number: 01 09 382005
• Tax number: 12295667242
• Phone number: +3613540954 
• Email address: callascafe@gmail.com 

II. General concepts
a) data subject: a natural person identified or identifiable on the basis of any information (a natural person who, directly or indirectly, in particular an identifier such as a name, identification number, location data, online identifier or the natural person's physical, physiological, genetic, mental , identifiable on the basis of one or more factors related to economic, cultural or social identity);
b) personal data: any information relating to an identified or identifiable natural person (data subject) (such data that can be linked to the data subject is in particular the data subject's name, identification mark, and one or more physical, physiological, mental, economic, cultural or social characteristics of the data subject knowledge - as well as the conclusion that can be drawn from the data regarding the data subject);
c) special data: all data belonging to the special categories of personal data, i.e. personal data referring to racial or ethnic origin, political opinion, religious or worldview beliefs or trade union membership, as well as genetic data, biometric data aimed at the unique identification of natural persons, health data and personal data concerning the sex life or sexual orientation of natural persons;
d) data controller: the natural or legal person or organization without legal personality who, within the framework defined by law or a mandatory legal act of the European Union, independently or jointly with others determines the purpose of data management, data management (including the used device) makes and implements relevant decisions, or has them implemented by the data processor;
e) data management: regardless of the procedure used, any operation performed on the data or the set of operations, including in particular the collection, recording, recording, organization, storage, change, use, query, transmission, disclosure, coordination or connection, locking, deletion and destruction , as well as preventing the further use of the data, taking photographs, audio or video recordings, and recording physical characteristics suitable for identifying the person (e.g. fingerprint or palm print, DNA sample, iris image);
f) data processor: a natural or legal person, or an organization without legal personality, who - within the framework and conditions defined by law or a mandatory legal act of the European Union - processes personal data on behalf of or at the direction of the data controller;
g) data protection incident: a breach of data security that results in the accidental or unlawful destruction, loss, modification, unauthorized transmission or disclosure of personal data transmitted, stored or otherwise handled, or unauthorized access to them.


Additional referenced legislation:


• Grt.: XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activity. law
• Szvmt.: CXXXIII of 2005 on the rules for the protection of persons and assets, as well as private investigative activities. law
• Szvt.: Act C of 2000 on accounting


III. The Company's data management

WEBSITE VISIT 
The Company does not need to provide personal data to view the information published for the public on its website https://callascafe.hu. The Company uses Google Analytics cookies to analyze visitor preferences in order to ensure the user-friendliness of the website (e.g. the number of visitors to the website and sub-pages, the duration of the visit, the order in which the pages are viewed, the search terms used to access them, the type of browser, the geographical location of the computer .) The Company does not collect personal data from website visitors. The cookies used on the website only record the anonymous IP address of the visitor's computer, they do not collect any personal data that could be used to identify a person. In connection with this activity, the company does not manage personal data other than the anonymized IP address of the visitor.

REQUEST FOR 
In case of an inquiry or request for a quote on the Company's website, in person, by e-mail or by phone, in addition to the data related to the planned stay, the following personal data must be provided: name, e-mail address or telephone number. The purpose of data management is to contact and maintain contact, as well as to send information and offers. The legal basis for data management is the consent of the data subject [GDPR Article 6 (1) para. point a)], as well as the legitimate interest of the data subject and the Company [GDPR Article 6 (1) para. point (f)]. The duration of data management lasts until the date of the data subject's deletion request or until the data subject's consent is revoked.

RESERVATION
In connection with a reservation on the Company's website, in person, by e-mail or by telephone, the Company stores the following data of the Data Subject:
-    name
- phone number
-    e-mail address


DIRECT MARKETING 
If the data subject subscribes to the Company's newsletter, the Company will send him a newsletter as often as he decides. By subscribing to the newsletter, the person concerned consents to the Company handling the personal data necessary for this. To subscribe to the newsletter, it is necessary to enter your name, address, telephone number and e-mail address so that the messages can be delivered. The Company manages the data as long as the data subject does not request their deletion or withdraw their consent. The option to unsubscribe is provided by a direct link in every newsletter. The purpose of data management is the direct acquisition of business by the Company through direct marketing activities, within the framework of which the data subject is informed about the Company's services. The legal basis for data management is the voluntary consent of the person concerned and the Basic Conditions and Certain Limitations of Economic Advertising Activity Grt. Paragraph (5) of § 6. The duration of data management lasts until the date of the data subject's request for deletion, or until the data subject's consent is revoked.

HANDLING DATA OF JOB APPLICANTS 
The Company manages the personal data included in the CVs and other attached documents received directly or through an employment intermediary. The purpose of the data management is to notify the data subject of job opportunities that best suit his or her education and interests, to arrange an appointment with the data subject and to conduct the selection procedure. The legal basis for data management is the voluntary consent of the data subject [GDPR Article 6 (1) para. point a)], which consent is given by the data subject by sending his/her CV and related documents. The duration of data management in the case of a successful application is the duration of the employment relationship, in the case of an unsuccessful application, the application materials of the unsuccessful applicants will be deleted after the selection.


DATA MANAGEMENT RELATED TO CAMERA OBSERVATION 
The Company operates an electronic monitoring and recording system at its headquarters in areas marked with a camera icon or warning information (observed areas). The camera system monitors the common areas of the hotel. The camera surveillance system records the image and actions of persons entering the monitored area. The camera surveillance system does not record sound. The current image of the cameras and the recordings are available to the employees of the data controllers who are authorized to do so. The company operates the camera system, it does not use a service provider, so only the company is considered a data controller. The purpose of data management is to protect property and the people staying in the building, to protect business secrets, and to prove possible abuses and violations of law. The legal basis for data management is based, on the one hand, on the voluntary consent of the data subject (entering the building) [GDPR Article 6 (1) para. point a)], on the other hand Tht. on the legal possibility provided by § 25. The duration of data management is 15 (fifteen) days from the date of recording, after which the recordings are automatically deleted by Tht. in accordance with § 25.


ARC. The range of persons entitled to access the data

Employees of the Company with access rights related to the relevant data management purpose, as well as persons and organizations performing data processing or outsourced activities for our company on the basis of service contracts, can see the personal data within the scope determined by our company and to the extent necessary for the performance of their activities.

During data processing, the Company uses the services of the following data processors within the framework of service contracts for this purpose.

a) SZI-BA Könyvelés Kft (1188. Budapest, Deák Ferenc utca 35/A, tax number: 32085264-1-43)

The above company provides the Company's accounting and payroll, thus it performs data processing activities with regard to the receipts issued by the Company (and the personal data processed on them), as well as the data processed in connection with the payroll.

b) Marketing Professzorok Kft. (headquarters: 2100 Gödöllő, Kossuth Lajos utca 13. 1st floor 5.; tax number: 25194535213) 
The above company operates the Company's website, within the framework of which it performs electronic data processing activities for the Company.


V. Rights related to data management and their enforcement

5.1. The right to request and access information

The person concerned can request information from the Company in writing so that the Company can inform:
a) what personal data,
b) on what legal basis,
c) for what purpose of data management,
d) from what source,
e) how long it is treated,
f) to whom, when, on the basis of which legislation, to which personal data did the Company provide access or to whom did it transmit its personal data.

The Company fulfills the request of the data subject within a maximum of 15 (fifteen) days, by electronic or postal mail sent to the contact information provided by the data subject.

Before fulfilling the request, the Company may ask the data subject to clarify its content and specify the requested information and data management activities.

If the data subject's right of access in accordance with this section adversely affects the rights and freedoms of others, especially the business secrets or intellectual property of others, the Company is entitled to refuse to fulfill the data subject's request to the necessary and proportionate extent.


In the event that the data subject requests the above information in multiple copies, the data controller is entitled to charge a fee commensurate with the administrative costs of preparing the additional copies and a reasonable amount.

If the Company does not process the personal data specified by the data subject, it is also obliged to inform the data subject in writing.

5.2. Right to rectification

The person concerned may request in writing that the Company amends personal data that is inaccurate, incorrect or incomplete. In this case, the Company clarifies or corrects the indicated personal data immediately, but no later than within 5 (five) days, or, if it is compatible with the purpose of data management, with additional personal data provided by the data subject or with a statement attached to the personal data processed by the data subject complements. The Company notifies the data subject of this by electronic or postal mail sent to the contact information provided by the data subject.


The Company is exempted from the obligation to correct if
a) accurate, correct or complete personal data is not available and the person concerned does not make it available to the Company, or
b) the authenticity of the personal data provided by the data subject cannot be established beyond doubt.

5.3. The right to erasure

The person concerned may request the deletion of his personal data from the Company in writing. The data subject must submit his request for deletion in writing and indicate which personal data he wishes to delete and for what reason.

The Company will reject the deletion request in the event that a law obliges the Company to continue storing personal data. If the Company does not have such an obligation, the Company will fulfill the request of the data subject within a maximum of 15 (fifteen) days and will notify the data subject of this by electronic or postal mail sent to the contact information provided by the data subject.


5.4. Right to block

The person concerned may request in writing that his personal data be blocked by the Company. The blocking lasts as long as the reason specified by the data subject makes it necessary to store the data. The data subject may request the blocking of the data, for example, if he believes that the Company has handled his personal data illegally, however, for the sake of official or judicial proceedings initiated by the data subject, it is necessary that the Company does not delete his personal data. In this case, the Company will continue to store the personal data until the authority or the court requests it, after which it will delete the data and notify the data subject of this by electronic or postal mail sent to the contact information provided by the person concerned.


5.5. The right to restrict data processing

The person concerned may request in writing that the processing of his personal data be restricted by the Company. During the period of the restriction, the Company, or the data processor acting on the basis of the restriction or commissioned by it, may perform other data management operations in addition to storage, solely for the purpose of asserting the legitimate interest of the person concerned or in accordance with the law. The person concerned can request the restriction of data processing when and for as long as
a) if the data subject disputes the accuracy, correctness or completeness of the personal data managed by the Company or the data processor, and the accuracy, correctness or completeness of the processed personal data cannot be established beyond doubt (for the duration of the clarification of the existing doubt),
b) if the data should be deleted, but based on the data subject's written statement or the information available to the Company, it can be reasonably assumed that the data deletion would harm the legitimate interests of the data subject (for the duration of the existence of the legitimate interest justifying the non-deletion),

c) if there is a reason to delete the data, but it is necessary to preserve the data as evidence during procedures carried out by or with the participation of a body performing a public task (until the conclusion of the investigation or procedure).

In case of restriction, personal data may only be processed with the consent of the data subject, with the exception of storage, or for the presentation, enforcement or defense of legal claims, or for the protection of the rights of another natural or legal person, or for the important public interest of the EU or a member state of the European Union.

The Company informs the data subject in advance of the lifting of the limitation of data management.

The Company shall immediately inform the persons to whom the personal data of the data subject has been disclosed, provided that this is not impossible or does not require a disproportionate effort on the part of the Company, after the fulfillment of the request of the data subject to assert his right to restriction. At the request of the person concerned, the Company will inform about these recipients.


5.6. The right to protest

If the processing of the data of the data subjects is based on a legitimate interest, the data subject must be provided with appropriate information and the right to protest in connection with the data processing. This right must be specifically brought to the attention of the data subject during the first contact at the latest.

Based on this, the data subject has the right to object to the processing of his personal data, and in such a case the Company may no longer process the data subject's personal data, unless it can be proven that
a) the data processing is justified by compelling legitimate reasons on the part of the Company that take precedence over the interests, rights and freedoms of the data subject or
b) data management is related to the presentation, enforcement or protection of the Company's legal claims.

If the data subject objects to the processing of data for direct marketing purposes, the Company may no longer process the data of the data subject for this purpose.


5.7. Right to a remedy

5.7.1. Dispute settlement with the company

The data subject can report their objections and requests regarding the processing of their personal data to the Company orally (in person) or in writing (in person or by means of a document handed over by someone else, or by post or electronic mail address) to the contact details indicated in point I, under the name of the Data Controller.

5.7.2. Right to complain

If you have not been able to settle your objections, complaints and requests related to your personal data in a satisfactory manner with the Company, or if you consider at any time that a violation of rights has occurred in connection with the handling of your personal data, or there is an immediate risk of such a violation, you are entitled to file a report with the National Data Protection and Freedom of Information Authority .

Contact details of the National Data Protection and Freedom of Information Authority
Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/c. Mailing address: 1530 Budapest, Pf. 5
Phone: +36(1)3911400
Fax: +36(1)3911410
E-mail: ugyfelszolgalat@naih.hu
Web: naih.hu


5.7.3. The right to go to court (right to bring an action)

Regardless of their right to file a complaint, the data subject may go to court if the GDPR and Infotv have been violated during the processing of their personal data. rights provided by

A lawsuit can be brought against the Company as a data controller with a domestic place of business before a Hungarian court.

The person concerned can also initiate the lawsuit before the court of his place of residence. The contact details of the courts in Hungary can be found at the following link: http://birosag.hu/torvenyszekek.

VI. Other information

6.1. Enforcement of rights related to personal data after the death of the data subject

Within five years after the death of the data subject, the rights of the deceased during his lifetime may be asserted by the person authorized by the data subject with an administrative order or a statement made to the data controller (in a public document or a private document with full evidential force). If the person concerned did not make such a declaration, the rights of the deceased during his lifetime may be asserted by his next of kin according to the Civil Code within five years of the death of the person concerned (in the case of several close relatives, the next of kin who exercises this right first is entitled to assert the above rights) .

6.2. Special provisions for camera recordings

6.2.1. Right to request information

Within 15 (fifteen) days from the date of the recording, the data subject may request information about what can be seen in the recording in relation to the data subject. In the application, it is necessary to indicate where and at what time the recording was made, and how the person concerned can be identified. The Company fulfills the request within 15 (fifteen) days.

6.2.2. Right to block

Within 15 (fifteen) days from the creation of the recording, the data subject may, by proving his right or legitimate interest, request that the data controllers not destroy or delete the data (blocking). In the request, it is necessary to indicate where and at what time the recording was made, what the person concerned can be identified by, and for what reason the blocking is requested. At the same time as the blocking, it is advisable for the person concerned to initiate the necessary official and court proceedings, as the Company releases the recordings only upon official and court requests.


6.2.3. Right of access

Within 15 (fifteen) days from the date of the recording, the data subject may request to view the recordings made of him. In the request, it is necessary to indicate where and at what time the recording was made, what the person concerned can be identified by, and on which day the recording is to be viewed. The Company can provide the opportunity for inspection on working days from Monday to Friday, between 9 a.m. and 3 p.m.
Cookie Accepting