1. PURPOSE OF THE DATA MANAGEMENT NOTICE
Kosaras-Geiger GnBR (hereinafter, service provider, data manager) recognizes the content of this data management information as binding on itself. It undertakes to ensure that all data processing related to its activities meets the requirements set out in these regulations and in the applicable national legislation, as well as in the legal acts of the European Union.
The data protection guidelines arising in connection with the service provider’s data management are continuously available at https://alta-vista.eu/?page_id=815.
The service provider reserves the right to change this information at any time. Of course, you will notify your audience of any changes in good time.
If you have any questions related to this announcement, please write to us and our colleague will answer your question.
The service provider is committed to protecting the personal data of its customers and partners, and considers it of utmost importance to respect its customers’ right to informational self-determination. The service provider treats personal data confidentially and takes all security, technical and organizational measures that guarantee data security.
The service provider describes its data management practices below.
2. DATA OF THE DATA CONTROLLER
If you would like to contact our Company, you can contact the data controller at +43 6565 22659 and at the email address email@example.com.
The data manager deletes all e-mails received, together with the provided personal data, no later than 1 year after the date of data communication.
Name: Hotel Pension Alta Vista – Kosaras-Geiger GnBR.
Headquarters: Kühnreitgasse 166, A-5741 Neukirchen am Grossvenediger
Tax number: ATU 61129148
Phone number: +43 6565 22659
2.1 DATA PROTECTION OFFICER
Name: László Kosaras
Phone number: +43 6565 22659
SCOPE OF PROCESSED PERSONAL DATA
3.1 PERSONAL DATA TO BE PROVIDED WHEN USING THE CONTACT FORM
Name (required) – required for contact
Email address (required) – required for contact
3.2 TECHNICAL DATA
The data controller selects and operates the IT tools used for the management of personal data during the provision of the service in such a way that the processed data:
accessible to those authorized to do so (availability);
its authenticity and authentication are ensured (authenticity of data management);
its immutability can be verified (data integrity);
protected against unauthorized access (data confidentiality)
The data controller protects the data with appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction.
The data controller ensures the protection of the security of data management with technical, organizational and organizational measures that provide a level of protection corresponding to the risks associated with data management.
The data manager keeps it during the data management
confidentiality: protects the information so that only those authorized to do so can access it;
integrity: protects the accuracy and completeness of the information and the method of processing;
availability: it ensures that when the authorized user needs it, he can really access the desired information and that the related tools are available.
3.3.1 FUNCTION OF COOKIES
collect information about visitors and their devices;
they remember the individual settings of the visitors, which are (may) be used when using online transactions, so they do not have to be typed in again;
facilitate the use of the website;
they provide a quality user experience.
In order to provide customized service, a small data package, so-called it places a cookie and reads it back during the next visit. If the browser returns a previously saved cookie, the cookie management service provider has the opportunity to link the user’s current visit with previous ones, but only with regard to its own content.
3.3.2 ABSOLUTELY NECESSARY SESSION COOKIES
The purpose of these cookies is to enable visitors to fully and smoothly browse the provider’s website, use its functions and the services available there. The validity period of this type of cookie lasts until the end of the session (browsing), when the browser is closed, this type of cookie is automatically deleted from the computer or other device used for browsing.
3.3.3 COOKIES PLACED BY THIRD PARTIES (ANALYTICS)
The service provider also uses third-party cookies from Google Analytics on its website. By using the statistical service Google Analytics, the service provider collects information about how visitors use the website. The data is used for the purpose of developing the website and improving the user experience. These cookies also remain on the visitor’s computer or other device used for browsing, in their browser, until they expire, or until the visitor deletes them.
3.4 DATA RELATED TO ONLINE ORDERS
Online ordering does not work on our website, so we do not ask for data when ordering online.
3.5 DATA RELATED TO ONLINE ADMINISTRATION
Online administration does not work on our website, so we do not request data during online administration.
3.6 DATA RELATED TO NEWSLETTER
Sending a newsletter does not work on our website, so we do not record data when subscribing to a newsletter.
4. PLANNED USE AND STORAGE PERIOD OF MANAGED DATA
When using our website, we only record data for the purpose of maintaining contact, which we store for the duration of the relationship.
5. PURPOSE, METHOD AND LEGAL BASIS OF DATA MANAGEMENT
5.1 GENERAL DATA MANAGEMENT GUIDELINES
The data management of the service provider’s activities is based on voluntary consent and legal authorization. In the case of data processing based on voluntary consent, the data subjects may withdraw their consent at any stage of the data processing.
In some cases, the management, storage, and transmission of a range of the provided data is made mandatory by law, of which we notify our customers separately.
We draw the attention of data informants to the service provider that if they do not provide their own personal data, the data informant is obliged to obtain the consent of the data subject.
Its basic data management principles are in line with the applicable legislation on data protection, and in particular with the following:
year CXII. law – on the right to self-determination of information and freedom of information (Infotv.);
Regulation (EU) 2016/679 of the European Parliament and of the Council (April 2016) – on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and on the repeal of Regulation 95/46/EC (general data protection regulation, GDPR);
Act V – on the Civil Code (Ptk.);
Act C – on accounting (Accounting Act);
year LIII. Act – on the prevention and prevention of money laundering and terrorist financing (Pmt.);
year CCXXXVII. Act – on credit institutions and financial enterprises (Hpt.).
6. PHYSICAL STORAGE PLACES OF DATA
Your personal data (that is, the data that can be linked to you) can be processed by us in the following way: on the one hand, in connection with maintaining the Internet connection, technical data related to the computer, browser program, Internet address, and visited pages are automatically generated in our computer system, on the other hand, you can also provide your name, contact information or other data if you wish to contact us personally when using the website.
Technically recorded data during the operation of the system: the data of the computer of the applicant concerned, which are generated during the voting and which are recorded by the service provider’s system as an automatic result of the technical processes. The data that is recorded automatically is automatically logged by the system upon entry and exit without a separate statement or action by the person concerned. This data cannot be combined with other personal user data, except in cases made mandatory by law. Only the data controller has access to the data.
7. DATA TRANSMISSION, DATA PROCESSING, CIRCLE OF PERSONS KNOWN TO THE DATA
When using our website, we do not pass on any personal data acquired to us to third parties, and they cannot gain insight into the stored data.
8. YOUR RIGHTS AND REMEDIES
The data subject can request information about the management of his personal data, and can request the correction of his personal data, or – with the exception of mandatory data management – deletion or withdrawal, he can exercise his right to data portability and protest as indicated when the data was collected, or at the above contact details of the data controller.
8.1 RIGHT TO INFORMATION
The data controller takes appropriate measures to ensure that the data subjects are provided with all the information referred to in Articles 13 and 14 of the GDPR and Articles 15-22 regarding the processing of personal data. and provide each piece of information according to Article 34 in a concise, transparent, comprehensible and easily accessible form, clearly and comprehensibly worded.
8.2 YOUR RIGHT OF ACCESS
The data subject has the right to receive feedback from the data controller as to whether his personal data is being processed, and if such data processing is in progress, he is entitled to access the personal data and the following information: the purposes of the data processing; categories of personal data concerned; the recipients or categories of recipients to whom or to whom the personal data has been or will be communicated, including in particular recipients in third countries and international organizations; the planned period of storage of personal data; the right to rectification, deletion or limitation of data processing and the right to protest; the right to submit a complaint to the supervisory authority; information about data sources; the fact of automated decision-making, including profiling, as well as comprehensible information about the applied logic and the significance of such data management and the expected consequences for the data subject. The data controller shall provide the information within a maximum of one month from the date of submission of the request.
8.3 RIGHT OF CORRECTION
The data subject may request the correction of inaccurate personal data concerning him/her managed by the data controller and the addition of incomplete data.
8.4 RIGHT TO CANCELLATION
If one of the following reasons exists, the data subject has the right to have the personal data deleted without undue delay upon request by the data controller:
personal data are no longer needed for the purpose for which they were collected or otherwise processed;
the data subject withdraws the consent that forms the basis of the data management, and there is no other legal basis for the data management;
the data subject objects to data processing and there is no overriding legal reason for data processing;
personal data has been processed unlawfully;
the personal data must be deleted in order to fulfill the legal obligation prescribed by the EU or Member State law applicable to the data controller;
personal data was collected in connection with the offering of information society-related services
Data deletion cannot be initiated if data management is necessary: for the purpose of exercising the right to freedom of expression and information; for the purpose of fulfilling the obligation under the EU or Member State law applicable to the data controller requiring the processing of personal data, or for the execution of a task carried out in the public interest or in the context of the exercise of public authority conferred on the data controller; affecting the field of public health, or for archival, scientific and historical research purposes or for statistical purposes, on the basis of public interest; or to submit, assert or defend legal claims.
8.5 THE RIGHT TO LIMIT DATA PROCESSING
At the request of the data subject, the data controller restricts data processing if one of the following conditions is met:
the data subject disputes the accuracy of the personal data, in which case the limitation applies to the period that allows the verification of the accuracy of the personal data;
the data processing is illegal and the data subject opposes the deletion of the data and instead requests the restriction of its use;
the data controller no longer needs the personal data for the purpose of data management, but the data subject requires them to submit, enforce or defend legal claims; obsession
the data subject objected to data processing; in this case, the restriction applies to the period until it is determined whether the legitimate reasons of the data controller take precedence over the legitimate reasons of the data subject
If data management is subject to restrictions, personal data may only be processed with the consent of the data subject, with the exception of storage, or to submit, enforce or defend legal claims, or to protect the rights of another natural or legal person, or in the important public interest of the Union or a member state.
8.6 RIGHT TO DATA PORT
The data subject has the right to receive the personal data concerning him/her provided to the data controller in a segmented, widely used, machine-readable format, and to forward this data to another data controller.
8.7 RIGHT TO OBJECT
The data subject has the right, for reasons related to his own situation, to object at any time to the processing of his personal data necessary for the performance of a task carried out in the public interest or within the framework of the exercise of public authority granted to the data controller, or the processing necessary to enforce the legitimate interests of the data controller or a third party, including profiling based on the aforementioned provisions too. In the event of a protest, the data controller may no longer process the personal data, unless it is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the data subject, or that are related to the presentation, enforcement or defense of legal claims.
8.8 AUTOMATED DECISION-MAKING IN INDIVIDUAL CASES, INCLUDING PROFILING
The data subject has the right not to be covered by the scope of a decision based solely on automated data management, including profiling, which would have legal effects on him or affect him to a similar extent.
8.9 RIGHT OF WITHDRAWAL
The data subject has the right to withdraw his consent at any time.
8.10 RIGHT TO COURT
In the event of a violation of their rights, the data subject may apply to the court against the data controller. The court acts out of sequence in the case.
8.11 DATA PROTECTION AUTHORITY PROCEDURE
Complaints can be lodged with the National Data Protection and Freedom of Information Authority: Name: National Data Protection and Information Freedom Authority
Headquarters: Barichgasse 40-42, 1030 Wien
Phone: +43 152 152 0
9. OTHER PROVISIONS
We provide information on data management not listed in the content of this data management information when the data is collected.
We inform our customers that the court, the prosecutor, the investigative authority, the infringement authority, the public administrative authority, the National Data Protection and Freedom of Information Authority, the Hungarian National Bank, or other bodies based on the authorization of the law, provide information, communicate data, transfer documents, or they can contact the data controller to make it available.
If the authority has indicated the exact purpose and the scope of the data, the data controller will only release personal data to the authorities to the extent and to the extent that is absolutely necessary to achieve the purpose of the request.