Privacy Policy
  newsletter loyalty program
Check in
Check out
Nights


1st Room

Adults:
Children:
Number of rooms: 


DANUBIUS BEST PRICE GUARANTEE

When you book directly with Danubius Hotels Group, you can be sure that you are getting
the best publicly available hotel room rates. If you find a lower public rate anywhere else within 24 hours of your booking time, we will match the rate plus give you a EUR 30 Discount which can be used for Food & Beverage and extra services of the hotel during your stay,

subject to our Terms & Conditions.

You can submit your claim by filling out our online form. Claims must be submitted at least 48 hours before the standard check-in time at the applicable hotel.


terms & conditions claim form FAQ

Privacy Policy

I. Data Controller
II. Definitions
III. Data management
III.1. Using hotel services
III.2. Guest Loyalty Programme and Danubius Corporate Programme
III.3. Danubius Gift Card
III.4. Prize drawings
III.5. Guest questionnaire, evaluation system
III.6. Surveillance cameras
III.7. Newsletter
III.8. Facebook page
III.9. Website traffic data
III.10. Contact
III.11. Managing job applicant data
IV. Data security
V. Data transfer
VI. Data processors
VII. Rights and legal remedies
VIII. Miscellaneous provisions
Principles of the personal data protection in the company SLOVENSKÉ LIEČEBNÉ KÚPELE PIEŠŤANY, a.s.

I. Data Controller

Danubius Hotel Operation and Services Private Company Limited by Shares
Seat: 1051 Budapest, Szent István tér 11.
Co. Reg. No.: 01-10-041120
registered by the Registry Court of the Budapest Tribunal
Tax No.: 10219522-2-44  
Phone number: 06/1-8894172
legal associate responsible for data protection: Dr. Helga Sztanó
e-mail: adat@danubiushotels.com
Data Controlling Registration Number: 52139/2012.

(hereinafter: „Company” or „Danubius Co.”)
 
The Company respects the personal rights of its Guests, hence it prepared this Data Protection Guide (hereinafter: Guide), which is available in electronic format at the Company's website as well as in print format in each hotel.

The Company, as data controller, hereby states that it observes the provisions of Act 112 of 2011 (hereinafter: "Data Protection Act") on the rights for information management and freedom of information.

This Guide provides a general overview on how the Company manages data in the course of its services. Due to the wide range of Guests' demands, the manner of data management may occasionally vary from what is described in this Guide. Such variance may occur upon the request by the Guest, and the Company shall inform the Guest about the particular manner in advance. The Company shall provide information about any data management not described in this guide prior to the particular data management process.

The Company shall only manage personal data for pre-determined purposes, for the necessary period of time and in order to exercise its rights and fulfil obligations. The Company shall only manage such personal data that are indispensable and suitable for fulfilling the objective of the particular data management activity.

Legal statements containing the agreement of minors under sixteen years of age shall not be valid unless agreed or subsequently approved by the statutory guardian of such minors.

If the Company uses the received data for any other purpose than the original purpose of data collection, the Company shall inform the data subjects in each case and ask for their specific, prior consent and/or shall provide an opportunity for them to disallow such usage.

Personal data communicated to the Company during the data management process shall only be disclosed to such persons contracted or employed by the Company entrusted with duties in relation to the given data management process.

II. Definitions

Data subject: any specific natural person identified or identifiable (directly or indirectly) based on the personal data;

Personal data: any data that can relate to the data subject - especially the data subject's name, identification number, as well as one or more pieces of information characteristic of their physical, physiological, mental, economical, cultural or social attributes - and any such conclusions regarding the data subject that can be drawn from such data;

Special data: personal data regarding racial origin, nationality, political opinion or party affiliation, religious or other philosophical convictions, advocacy organisation membership and sexual activities, as well as personal data concerning health conditions and addictions, and personal data on prior criminal activity;

Consent: voluntary and specific expression of the data subject's intention, which is based on proper information and by which the data subjects provide a clear and unambiguous consent to managing their personal data comprehensively or for particular operations;

Objection: a statement by the data subjects in which they object to the management of their personal data and request the termination of data management and/or the deletion of the data managed;

Data Controller: the natural or legal persons or organizations not having a legal personality, who or which determine the purpose of data management on its own or together with others, and make and carry out the decision regarding data management (including the equipment used), or have the data processor entrusted by them to carry out such decisions;

Data management: regardless of the procedure applied; any operation or the whole of operations performed on data, specifically including the collection, recording, systematization, storage, modification, application, query, transfer, publication, harmonisation or linking, blockage, deletion and destruction of data, as well as the prevention of the further usage of such data, photographing, audio or visual recording, as well as the recording of physical attributes suitable for the identification of a person (e.g.: finger- or palm prints, DNA samples, iris scans);

Data transfer: rendering data accessible for certain third parties;

Publication: rendering data accessible for the general public;

Data deletion: rendering data unrecognisable in such a manner that their restoration is no longer possible;

Tagging data: applying an identifying mark to the data in order to distinguish them;

Data blocking: applying an identifying mark to the data in order to block their management for a defined period of time or for good;

Data processing: performing any technical tasks related to data management operations, regardless of the method and equipment applied for the performance of such operations as well as of the place of application, provided that the tasks are performed in terms of data;

Data processor: natural or legal persons and/or organizations not having a legal personality, who or which perform data processing activities based on their contract with the data controller - including contracts concluded pursuant to legal provisions;

Third party: natural or legal persons and/or organizations without a legal personality, who or which are not identical with the data subject, the data controller or the data processor.

III. Data management

III.1. Using hotel services

The management of any data related to the data subject and the provision of services are based on voluntary consent, with the purpose of such data management to provide services and/or maintain contact. The Company shall preserve the personal data described in this article (excluding the exceptions defined in the paragraphs) for the period of time defined in the provisions of the relevant tax and accounting laws, and shall delete them after that period.

In the case of particular services, additional data can be provided in the comments section, which allows for a complete assessment of the Guests' needs. Making room reservations and using other services, however, shall not depend upon the provision of such additional data.

Guests may also sign up for the newsletter in the course of using each service. Data management related to the newsletter is provided for in Article III.7.

III.1.1. Room reservations

In the case of online, personal (paper-based) or phone reservations, the Company requests/can request that the Guest makes the following data available:

  • title (not required)
  • first name,
  • last name;
  • address (address, town, post code, country)
  • e-mail address;
  • phone number;
  • mobile phone number (optional)
  • type of credit card / debit card;
  • number of credit card / debit card,
  • name of credit card / debit card holder;
  • expiry date of credit card / debit card;
  • CVC/CVV code of credit card / debit card (in case of MasterCard: Card Validation Code(CVC2), in case of Visa International: Card Verification Value (CVV2) .)

If you have any further questions regarding the management of data related to room reservations, please send your enquiry to reservations@danubiushotels.com.

III.1.2. Danubius Account

To make online reservations, you can create a "Danubius Account." By creating a Danubius account, Guests establish a user account to facilitate future room reservations, as the provided data are recorded in the user account to be available for later use.

In the course of data management related to the Danubius account, the Company manages the data necessary for room reservations (see  III.1.1.).

Guests can request the deletion of their data managed in the guest loyalty programme by sending an e-mail to privacy@danubiushotels.com.

Danubius accounts can only be created if the data subjects consent to the Company managing the personal data they provide.

III.1.3. Hotel registration cards

Upon using hotel services, Guests shall fill in a hotel registration card, in which they give their consent to the Company managing the data they are obliged to provide. The Company shall manage such data in order to fulfil its obligations prescribed in the relevant legal regulations (particularly regarding the laws related to immigration control and tourism tax) as well as to verify the completion of services and/or to identify the Guests for as long as required by the competent authority to manage the fulfilment of obligations as defined in the given laws:

  • first name and surname
  • address
  • citizenship (exclusively for statistical purposes, with the managed data not able to be traced back to the specific person)
  • place and date of birth.

The law prescribes the management of the following data with regard to citizens of third countries:

  • natural personal identification data, and additionally,
  • identification data of the travel document (passport)
  • address of the hotel
  • beginning and ending date of the hotel stay
  • visa number, certificate of registration,
  • time and place of entry into the country.

Citizens of third countries: Apart from Hungarian citizens, all persons who are not citizens of a member state of the European Economic Area, including displaced persons.
Member states of the European Economic Area are:

  • member states of the European Union;
  • Iceland, Liechtenstein and Norway as participating member states,
  • as well as Switzerland, as a state with similar legal status.

Providing the required data by the Guests is a precondition for using hotel services.

By signing the registration card, Guests consent to the Company managing and/or archiving the personal data provided by filling in the registration card in order to verify that the contract was concluded and/or performed, as well as to possibly enforce claims against the deadline specified above.

Guests may also sign up for the Company's newsletter by providing their e-mail address in the registration card. In other matters, the provisions in III.7. shall govern the management of newsletters.

If you require further information concerning the data managed in relation to the registration card, please send your questions to szervezes@danubiushotels.com .

III.1.4. Fitness

In Fitness Centres, the following data must be provided to issue fitness passes:

  • name,
  • address,
  • citizenship,
  • birth date,
  • phone number,
  • e-mail address,
  • photo.

Except for the name and the photo, which are required for identification purposes, the other data are optional and are only managed to maintain contact with the specific prior consent of Guests.

At the www.premierfitness.hu website, Guests can inquire about the prices of fitness services and establish contact with the Company after providing their name, e-mail address, address, post code and phone number. The Company shall first send an e-mail containing the prices of services to the inquiring Guest, then contact them by phone in order to agree on the details and times.

Guests can request the deletion of their data managed in the fitness sub-system by sending an e-mail to info.premier@danubiushotels.com

III.1.5. Wellness-health

Healthcare data required for medical services may only be accessed by doctors. Other persons (e.g. assistants, massage therapists) performing activities related to the treatment of the data subjects may only handle healthcare data according to the instructions of the doctor conducting the treatment and/or to the extent required to perform their tasks.

Recording healthcare data is a normal part of medical treatment. The attending physician shall determine which healthcare data is necessary to be recorded, in accordance with professional rules of conduct. The sharing of medical and personal identification data associated with the medical treatment of the data subject shall - in the absence of any contrary statement - be deemed to be granted. The purpose of data management is to ensure safe and proper treatment.

Healthcare data may only be transferred to other doctors or third parties upon a Guest's request. Furthermore, a Guest's consent is also required to share the recorded data with a doctor who has not treated the Guest before. The Guest's own GP may receive these medical data unless specifically objected to by the Guest.

The Company, the persons representing the Company as well as the data processor shall maintain the confidentiality of medical information.
The Company or its representative shall be exempted from confidentiality, if
a) the data subjects or their legal guardian have consented in writing to transfer healthcare and personal identification data, within the limitations defined therein, and
b) the transfer of healthcare and personal identification data is required by law.

The data subjects have the right to be informed about data management activities related to their medical treatment, to access the healthcare and personal identification data concerning them, to look into their healthcare documentation, and to receive a copy of such documents - at their own expense.

This right is also given to persons entrusted by the data subjects during their treatment in writing, as well as persons authorized by the data subjects in a fully-conclusive private document following treatment.   

The handling of heathcare data by the Company shall be administered in accordance with the relevant provisions of the Data Protection Act, and of Act XLVII of 1997 in regards to the handling and protection of healthcare and other personal data.

For further information on the management of data collected in the course of providing medical services, please send questions to info.premier@danubiushotels.com

III.1.6. Bank card data

For room reservations, the Company can only use the given bank card, credit card and bank account data to such an extent and period of time as necessary for the exercise of rights and fulfilment of obligations. Data is handled by the Company's contractual bank partners. Information about their data handling policies can be found on the websites of the competent Bank (K&H –www.khb.hu, OTP –www.otp.hu, Erste- www.erste.hu, MKB –www.mkb.hu).

Guests can receive further information on the management of bank card data by the company's individual sub-systems upon email request to szervezes@danubiushotels.com


III.2. Guest Loyalty Programme and Danubius Corporate Programme

The Company's Guest Loyalty Programme is an exclusive service provided for Guests of the hotel - natural persons - with the purpose of providing discounts to returning guests.  The Danubius Bubbles Club forms a part of the Frequent Guest Programme, and is intended for children of Guests arriving with their families. Its purpose is to offer unique discounts and children's programmes to returning Guests arriving with their families.
The Company's Corporate Programme is an exclusive service provided for the hotels' corporate partners - legal persons - with the purpose of providing discounts to returning guests.

The participants of the given programme specifically consent to the company managing their personal data handed over for the purpose of operating the Guest Loyalty and the Corporate systems, and/or sending newsletters specifically written for members of the Guest Loyalty Programme. Based on this consent, the personal data handed over shall be managed for as long as the data subjects participate in the given programme. Membership in the Danubius Bubbles Club continues until the child's 18th birthday, according to the information given on the application form, or until participation in the Frequent Guest Programme ends.

In order to facilitate the operation of the given programme, the Company has the right to transfer the provided data to its representatives, subcontractors, data processors and foreign subsidiary companies under the condition that they may not transfer these personal data to any third party except to their data processors. If the recipients of any data transfer deviate from the provisions listed in V., the Company shall provide information identifying such recipients prior to the data handling and the accompanying sharing of information.

Objecting to the transfer of these data by the data subjects shall render their participation in the given programme invalid, thus entailing their cancellation from the programme.

Membership status in the Guest Loyalty Programme shall become inactive within 3 (three) years after the date of the last hotel service used. The Company shall store the members' personal data for the period of time defined in the provisions of the relevant tax and accounting laws, and shall delete them after that period.

Membership status of natural/legal persons in the Corporate Programme shall become inactive within 2 (two) years after the date of the last hotel service used.  The personal data of members shall be stored for the period of time defined in provisions of the relevant tax and accounting laws.

The personal data managed in the programmes are stored to maintain contact. The Company may manage the following personal data in the programmes:

In the case of a natural person:

  • name
  • mailing address
  • address
  • phone number
  • e-mail address
  • date of birth (Minors under eighteen years of age may not participate in the programme.)

For the Danubius Bubbles Club:
Data to be given by a registered parent or guardian in the Frequent Guest Programme:

  • child's name
  • child's birthday (Children under 18 years of age may participate in the Danubius Bubbles Club programme.)

After receiving the child's name and birthday, we will send a personalised birthday surprise to the email address of the parent or guardian.

Personal data managed in the case of a legal person:

  • contact person
  • mailing address
  • phone number
  • e-mail address

For Frequent Guests signing up to the newsletter or contributing to promotional activities, the Company shall further handle the data listed above according to the provisions in Section III.7 in the present Information Guide.

Participation in the programmes may occasionally require the provision of further personal data, in which case the Company may request the given data and inform the data subject about the purpose, manner and duration of data management.

The data of corporate partners participating in the Corporate Programme (not natural persons) may be used by the Company for referrals and/or marketing purposes, but the Company shall inform the data subjects accordingly in each case while also requesting their prior consent.

Data on members in the Guest Loyalty Programme may be used for market research purposes, but the specific Guests must be informed of it in advance and their prior consent shall be required.

Guests can request the deletion of their data managed in the guest loyalty programme by sending an e-mail to dep@danubiushotels.com .

III.3. Danubius Gift Card

When purchasing a Danubius Gift Card (hereinafter: Gift Card), Customer shall provide the following personal data:

In case of a personal purchase:

  • name,
  • billing name and address;

in case of an online order, via the Company's official website:

  • name
  • e-mail address
  • phone number
  • billing name and address
  • delivery name and address

The purpose of data management is to maintain contact with the customer and deliver gift cards.
You can inquire as to the balance and the expiry date of the Gift Card at www.gift-card.hu/index.php/kartyaadatok or at Accepting hotels, Danubius Customer Service, or via the Cardnet Co. Call Center. The Company shall store the personal data received therein for the period of time defined in the provisions of the relevant tax and accounting laws, and shall delete them after that period.

For further details on data management related to gift cards, please send your inquiry to ajandekkartya@danubiushotels.com.

III.4. Prize drawings

On its own, or in cooperation with other members of Danubius Hotels Group, the Company occasionally organizes prize drawings in order to promote the services of the given hotel or hotels. Participants may sign up for a prize drawing through a paper-based or online registration (at the Danubius Hotels website or Facebook page), by providing the following data:

  • name;
  • address;
  • phone number;
  • e-mail address.

The purpose of data management is to maintain contact so that the Company can deliver the prize to the winner. Data management takes place during the prize drawing period, and the data managed therein (except for the winner) shall be deleted within 5 (five) working days after the end of the prize drawing. The Company shall store the personal data of the winner for the period of time defined in the provisions of the relevant tax and accounting laws, and shall delete them after that period.
Data on Guests who have signed up for the newsletter and have agreed to be contacted for promotional purposes shall be managed by the Company in compliance with Article III.7. of this Guide.

For further information on data managed in relation with the prize drawing, please send your questions to marketing@danubiushotels.com

III.5. Guest questionnaire, evaluation system

As part of the quality assurance process applied by the Company, Guests may provide feedback on the services of the hotels of Danubius Hotels Group via an online or paper-based guest questionnaire and/or evaluation system. When filling out the questionnaire, Guests may provide the following personal data:

  • name;
  • date of visit;
  • room number;
  • contact (address, e-mail address, phone number);

Providing these data is not obligatory, and merely serve the purpose of an accurate investigation of possible complaints and/or enable the Company to respond to the guest.

The feedback received in this manner and the data potentially provided by the Guest may not be traced back to the Guest or linked to the name of the Guest, but may be used by the Company for statistical purposes.

Personal data provided along with filling out the Guest Questionnaire shall be deleted by the Company within 5 (five) working days after the complaint was investigated. The Company shall delete the e-mail address and user name provided to use the evaluation system when Guests send such a request to quality.management@danubiushotels.com.

III.6. Surveillance cameras

The Company operates surveillance cameras in the area of the hotels operated by the Company in order to ensure the security of Guests and their property. Camera surveillance is indicated by a pictogram and a warning sign with text.

The purpose of camera surveillance is the protection of property. More specifically, the purpose is to protect equipment with significant value as well as the personal valuables of Guests regarding detecting breaches of the law and catching perpetrators in the act, and the prevention of such criminal acts cannot be done in any other way, and/or there is no other method of presenting evidence.

You can receive more information about data management in relation to the camera system in each hotel.

III.7. Newsletter   

The Company shall not send newsletters to natural persons unless consented to by the data subject. The data subjects consent to the Company sending electronic newsletters to their e-mail address by providing an address in the course of signing up for the newsletter (at the website, via e-mail or in print). By providing their address, the data subjects consent to having promotional material sent to them.

The Company shall store the provided personal data on a special list, separated from data handed over to the Company for other purposes. This list shall only be accessible to the Company's authorized personnel and data processors. The Company shall not disclose the list or data to any third party and/or unauthorized parties, and shall take all security measures to prevent any unauthorized person from viewing them.

The purpose of data management in relation to sending newsletters is to provide comprehensive, general or customized information to the addressee regarding the Company's latest special offers. 

The Company shall only manage the personal data collected for this purpose for as long as the Company wishes to inform the data subjects via the newsletter and/or until the data subjects unsubscribe from the newsletter.

The data subjects may unsubscribe from the newsletter any time at the bottom of the newsletter or at newsletter@danubiushotels.com, or by sending a request to hirlevel@danubiushotels.com

They may also unsubscribe from the newsletter by written request at the following postal address: Danubius Hotel Operation and Services Private Company Limited by Shares, 1051 Budapest, Szent István tér 11.

The Company reviews the newsletter list every five years and requests a confirmation of consent to the newsletter after five years. Within 30 (Thirty) days after the delivery of such e-mails, the Company shall delete the data of all data subjects that have not confirmed their consent to the newsletter.

The Company shall request another consent to send the newsletter to all persons who have not opened any newsletters within one year. If the data subjects do not re-consent to sending the newsletter, their personal data shall be transferred to the Prohibited List within 30 (thirty) days after the delivery of the e-mail requesting re-consent.

Guests may subscribe to the newsfeed posted on the Facebook wall by clicking "like" and can also unsubscribe there by clicking "dislike" and/or can delete the undesired newsfeed from their walls with the help of wall settings.

The Company may send promotional materials by mail without the prior consent of the data subjects as long as the Company provides an opportunity to prohibit further promotional materials.

III.8. Facebook page

The Company and the hotels/restaurants/fitness clubs/etc. can also be contacted individually via Facebook.

The purpose of data management is to share the contents of the website of Danubius Hotels Group. Guests may reserve rooms, participate in prize drawings and learn about the latest special offers via the Facebook page.

By clicking "like" on the Company's Facebook page, the data subjects consent to the Company posting its news and offers on the data subjects' wall.

The provisions of Article III.7. apply to the newsletter.

Data management shall be conducted in compliance with Article III.4. in the course of using Facebook applications and prize drawings.

In the case of room reservations, the system automatically redirects the Guest to the Company's website. Data management shall be conducted in compliance with Article III.1.

The Company also publishes photos/videos about various events/hotels/fitness clubs/restaurants etc. on its Facebook page. Unless it is a photo of a group of people, the Company shall always request the prior written consent of the data subjects before publication.

You can find further information about the data management of the Facebook page in the data protection guidelines and rules at www.facebook.com

III.9. Website traffic data

III.9.1. References and links
The Company's website may contain links that are not operated by the Company, and are only there to inform visitors. The Company has no influence whatsoever on the content and security of the websites operated by partner companies, and therefore it is not responsible for them either. Before providing your data in any form at the given site, please review the data protection statements and data management guidelines of the websites you visit.

III.9.2. Analytics, cookies
In order to monitor its websites, the Company uses an analytical tool which prepares a data string and tracks how the visitors use the Internet pages. When a page is viewed, the system generates a cookie in order to record the information related to the visit (pages visited, time spent on our pages, browsing data, exits, etc) but these data cannot be linked to the visitor's person. This tool is instrumental in improving the ergonomic design of the website, creating a user-friendly website and enhancing the online experience for visitors. The Company does not use the analytical systems to collect personal information. Most Internet browsers accept cookies, but visitors have the option of deleting or automatically rejecting them. Since all browsers are different, visitors can set their cookie preferences individually with the help of the browser toolbar. You might not be able to use certain features on our website if you decide not to accept cookies. 

III.9.3. Remarketing codes
We use remarketing codes to log when users view specific pages, allowing us to provide targeted advertising in the future. Visitors to the website may disable cookies that provide remarketing codes through the appropriate settings on the specific browser used.
  

III.10. Contact
The Company can be contacted via e-mail. The Company shall manage the messages until the given request/question is fulfiled/answered, then, after the request/question is closed, it archives such e-mails and stores them for 5 (five) years.

III.11. Managing job applicant data
In the case of CVs transferred to the Company in any format for job seeking purposes, it is presumed that the data subject has consented to management of the personal data contained therein. The purpose of data management is to select appropriate applicants for open positions.

If the data subject explicitly forbids the management of such personal data, the Company shall delete such data.  If the applicant does not request the deletion of his/her data, then the data, the CV and any data appearing therein – provided that the person has not applied for a specific job position – shall be automatically deleted within 1 year from the date it was sent. CVs from applicants for a specific job position shall be deleted immediately following the selection of a person to fulfil the position. 

The Company may transfer an applicant's CV and/or any personal data appearing therein to a third party only with the express prior permission of the applicant.

If you need further information about the Company's management of job applicant data, please send an email to  danubius.hr@danubiushotels.com.

IV. Data security

IV. 1. SSL system
The Company uses SSL cryptography on its websites for online reservations. Any information shared by the data subject with the Company shall be encrypted automatically and be protected when transferred through the network. When the information is received by our server, it is decoded by using an individual private key. SSL enables the browser to connect to the website and establish a secure communication channel in a transparent manner. SSL is the most widely used and most successful cryptographic system. In order to use the system, the data subjects simply need to verify their browsers' compatibility.

IV. 2. Other security-related activities
The Company shall ensure transparency to control and establish how and what personal data are transferred by applying data transferring devices, who and when entered which data into the system, and shall also make sure that the system can be restored in the case of a failure. Reports are generated with regard to errors occurring in the course of automated processing.

The Company shall manage personal data confidentially, and shall not disclose them to unauthorized persons. The Company shall particularly protect personal data from unauthorized access, modification, transfer, publication, deletion or destruction as well as from accidental destruction, harm and inaccessibility due to modification of the applied technology. The Company shall take all security measures in order to ensure the technical protection of personal data.


V. Data transfer

The Company has the right to transfer personal data handed over to the Company to hotel operating corporations belonging to the Danubius Hotels Group hotel chain but not operated by Danubius Co., as well as to business partners participating in the organization of the given prize drawing. These entities shall manage the provided data in the manner defined in this Guide. Such data transfer may only take place if the data subjects have been informed in advance accordingly, upon using the given service or participating in the prize drawing or guest loyalty programme.

In order to verify the legality of data transfer and inform the data subjects, the Company shall keep a data transfer log containing the time of transfer of the managed personal data, the legal basis and addressee of data transfer as well as the definition of the scope of the transferred personal data, and any data defined in the rule of law prescribing data management.

The Company reserves the right to hand over the managed personal data without the specific consent of the data subject to the competent authorities and courts in cases defined in the law, upon request from the authorities and courts.

In compliance with the principle of binding data to function and in order to operate the Group's joint Guest Loyalty Programme, online room reservation system and newsletter system, the data detailed in the following Articles of this Guide: Room reservation (III.1.1.), Danubius Account (III.1.2.), Bank card data (III.1.6), Guest Loyalty Programme (III.2.) and Newsletter (III.7.), shall be transferred to the following companies in the European Union:
 
CP Regents Park Two Ltd.
Seat: CP House, Otterspool Way,
Watford WD25 7JP, England
Co. Reg. No.: 5307946
EU VAT No.: GB 848957555

Slovenske liecebne kupele Piešťany, a.s./Slovak Health Spa Piešťany, Inc.

Abbreviated name: SLKP, a.s.
Seat: Winterova 29, 921 29 Piešťany, Slovakia
Co. Reg. No.:: Obch. reg. KS Trnava, odd. Sa, vlozka č. 181/T
EU VAT No: SK2020389668

SC Balneoclimaterica SA Sovata
Seat: Str, Trandafirilor nr. 99, Cod.545500, Romania
EU VAT No: RO1245068
Co. Reg. No.:: J26/266/1991

Léčebné lázně Mariánské Lázně a.s.
Seat: Masarykova 22, 353 29 Mariánské Lázně, Czech Republic
Co. Reg. No.:: B 196
EU VAT No: CZ45359113

In the cases above, the sources of data are the information technology sub-systems owned by the Company (Danubius Co.)

In other issues, the companies' data management policies shall be governed by the data controlling regulations of each country.

VI. Data processors

You can request the specific list of the Company's data processors by sending an e-mail to adat@danubiushotels.com or by contacting the company's employee responsible for data protection via their contacts specified in Article I. Such requests shall be fulfiled in writing by the Company within 30 (Thirty) days.

VII. Rights and legal remedies

VII.1. Providing information

Upon requests sent by the data subjects to the e-mail addresses in each chapter or addressed to the Company (Danubius Zrt. 1051 Budapest, Szent István tér 11.), the Company shall provide information regarding the particular subject's data managed by the Company and/or processed by the data processors entrusted by the Company; the source of such data; the purpose, legal basis and duration of the data management; the names and addresses of data processors as well as their activities related to data management; and (in the case of a transfer of the data subject's personal data) the legal basis and recipient of data transfer. Such information shall be provided within 30 (Thirty) days, free of charge once a year for identical data, and for a fee for all additional requests.

If the provision of information is denied, the Company shall inform the data subject in writing as to which provision of which law was the legal basis to deny the information, and also inform the data subject regarding options for legal remedy.

VII.2. Corrections

If the personal data are incorrect, and the correct data are available to the Company, it shall correct such personal data.

The Company shall inform the data subject regarding the correction as well as all parties that may potentially have received the data from the Company for data management purposes. Such notice is omissible if the rightful interest of the data subject is not violated in terms of the purpose of data management.

Corrections upon request, deadline for administration and legal remedy are governed by Article VII.1.

VII.3. Deletion and blocking, objection

Cases of deletion and blocking of personal data and objections against data management are governed by the relevant provisions of the Data Protection Act in Sections 17 - 21.

The company shall provide information on the legal regulations laid out in this paragraph upon requests sent to adat@danubiushotels.com

VII.4. Judicial redress

If their privacy rights are breached, data subjects may file a lawsuit against the Company. The court procedure shall be governed by provisions in Section 22 of the Data Protection Act, and the First Book, Chapter Three, Title XII (Sections 2:51 - 2:54) of Act V of 2013 concerning the Civil Code, and other relevant legal provisions.

The company shall provide information on the legal regulations laid out in this paragraph upon requests sent to adat@danubiushotels.com
 
VII.5.Compensation and injury claims

If the Company causes injury or violates the subject's privacy rights through handling the subject's data in an unlawful manner or through violating its data security requirements, then the affected party may demand an injury claim from the Company.

The data controller shall be exempt from liability for the damage caused and from its obligation to compensate an injury claim, if it can prove that the damage or violation of the privacy rights of the affected party was caused by an unavoidable force falling outside the scope of data management.

The Company shall be exempted from liability and its obligation to compensate an injury claim, if it can prove that the damage or violation of the privacy rights of the affected party was caused by an unavoidable force outside the scope of data management. The damage may not be compensated and an injury claim may not be demanded, if it was due to the wilful or grossly negligent misconduct of the damaged party.

VIII. Miscellaneous provisions

The Company reserves the right to modify this Guide, of which it will notify the affected data subjects.

The Company shall not assume liability for the accuracy of data provided by website visitors or Guests.

With regard to data protection issues, you can request the assistance of the local Office for personal data protection

Czeck Republik - The Office for personal data protection
Adress: Pplk. Sochora 27, 170 00 Praha 7
Information: +420 234 665 555
Phone: +420 234 665 111
Fax: +420 234 665 444
e-mail: posta@uoou.cz
Tax number: 70837627
ID data box: qkbaa2n

Hungary - Hungarian National Authority for Data Protection and Freedom of Information
President: Dr. Attila Péterfalvi
Mailing address: 1534 Budapest, Pf.: 834
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
www: www.naih.hu
e-mail: ugyfelszolgalat@naih.hu


Latest update: 29 April 2014.




Principles of the personal data protection in the company SLOVENSKÉ LIEČEBNÉ KÚPELE PIEŠŤANY, a.s.

The company SLOVENSKÉ LIEČEBNÉ KÚPELE PIEŠŤANY, a.s., with its seat at Winterova 29, 921 29 Piešťany, the company identification number: 34 144 790 (herein after only as „the Company“) has set up a task to protect the personal data of all its clients in accordance with the European Union (hereinafter only as „EU) standards and the Act No.   122/2013 Coll. on protection of personal data and on amending and supplementing of certain laws (hereinafter only „Act on Personal Data Protection“). The company has adopted relevant technical, organisational and personal measures in accordance with the EU regulations and other relevant legal regulations of the Slovak Republic, including the Act on personal data protection, relating to data protection. The objective of adoption of those measures is to secure personal data protection of its clients against the unlawful forms of processing. The basic principles in personal data protection of our company are, in particular:
  • Access to your personal data only by authorized persons of our society; the personal data are further provided only in the scope of the special laws, in particular to the public authorities and judicial authorities, if required by the applicable law, or in our good faith that such action is necessary to comply with the statutory procedures, if it is in the response to legal claims or lawsuits.
  • Monitoring of the restricted area and company premises by CCTV.
  • Use and maintenance of the most advanced security mechanisms of information and communication technology, and adoption of measures to prevent the disclosure of personal data which we obtain and process.
  • Processing of personal data only for purposes to fulfil contractual obligations arising from the implementation of our services which you have voluntarily provided to our company or which you have to provide in accordance with special laws.
  • Not sharing of personal data with any company that intends to use them for direct marketing purposes, unless you give us an express consent.
  • To save and store in our databases personal information you provided to us as long as it is reasonably necessary in the light of our need to provide you with quality services (hotel or spa services and related supplementary services), answers to your questions or to solve problems, provision of improved and new services and to comply with relevant statutory regulations. This means that your personal data will be kept for a reasonable period after you stop using the services of our company. After that time, your personal data will be destroyed from all the systems of the company in accordance with the Act on Personal Data Protection
Our company processes only those personal data, processing of which  is based on special legislation necessary for provision of our services, particularly in relation to the provision of accommodation or spa services and related supplementary services, or which you would like to voluntarily provide to us based on your consent and particularly in relation to:
  • obtaining feedback regarding the level of services provided by us,
  • marketing activities. You can invoke the defence against our marketing activities pursuant to § 28. paragraph 3 of the Act on Personal Data Protection.
Further rights of you as the person concerned related to processing of your personal data are governed by the provisions of § 28 of the Act on Personal Data Protection, in particular:
1.    On the basis of a written request, the person concerned has the right to require from the company
   1.1    Confirmation, if his/her personal data are processed or not,
   1.2    In generally understandable form to receive information about personal data processing in the information system of the company in the range: identification data of the company, identification data of the mediator, purpose of the personal data processing, list or range of the processed personal data, additional information: instruction about the voluntary nature or obligation to provide personal data, legal basis of personal data processing, the third parties, group of recipients, form of publishing, third countries); in taking a decision in accordance with the point 4, the person is entitled to learn about the process of processing and evaluating the operations,
   1.3    In generally understandable form to receive accurate information about the source from which the company received personal data which are subject to processing,
   1.4    In generally understandable form to receive copy of his/her personal data which are subject to processing,
   1.5    Correction of inaccurate, incomplete or outdated personal data which are subject to processing,,
    1.6    Destruction of his/her personal data if the purpose of their processing was fulfilled; if the subject of processing are official documents containing personal data, he/she may request their return,
   1.7    Destruction of his/her personal data which are subject to processing in case of violation of the law,
   1.8    Blocking of personal data due to withdrawal of the consent before the expiry date of its validity if the company processes personal data on the basis of the consent of the person concerned.
2.    The right of the person concerned under the point 1.5 and 1.6 may only be restricted if such restriction results from a special Act or its application would undermine the protection of the person concerned, or would infringe the rights and freedoms of other persons.
3.    At any time, the person concerned has the right upon written request or in person when the matter is urgent, to object to the company against the processing of personal data for purposes other than those provided by special law.
4.    The person concerned has the right, on the basis of a written request or in person if the matter is urgent, any time to object at the company and not to submit to the decision of the company that would have for him/her legal affect or important impact, if such decision is issued solely on the basis of acts of automated processing of his/her personal data.  The person concerned has the right to ask the company to review the issued decision by other than automated method of processing, and the company is obliged to satisfy the request of the person concerned so that the decisive role during the revision of the decision will have the authorised person; the company informs the person concerned about the way of revision and the findings not later than 30 days since the request delivery date.  The person concerned does not have this right only in case if it is provided in a separate law, in which are measures for ensuring the legitimate interest of the person concerned, or if the company in the framework of the pre-contractual relations or during the contractual relations has issued a decision, which has satisfied the person concerned, or if the company based upon a contract has taken other appropriate measures to ensure the legitimate interest of the person concerned.
5.    The person concerned may exercise his/her rights:
   5.1.    In writing -  from the contents of the application shall be clear that he/she exercises his/her right; a request made by e-mail or fax must be delivered in writing to the person concerned within three days from the date of its dispatch,
    5.2.     Personally in an oral form -  include in the minutes, from which it must be clear who has exercised the right which he/she claims and when and who shall keep minutes, his/her signature and signature of the person concerned; the company is obliged to hand over a copy of the minutes to the person concerned,
    5.3.    At the intermediary - in accordance with paragraph 5.1 or 5.2 of this point.
6.    If the person concerned suspects that his/her personal data are processed without authorisation, he/she can file a reference for a preliminary ruling concerning personal data protection to the Office for Personal Data Protection of the Slovak Republic.
7.    If the person concerned does not have legal capacity to his/her full extend, his/her rights may be exercised by his/her legal representative.
8.    If the person concerned does not live anymore, his/her rights which he/she had according to the Act on Personal Data Protection may be applied by a close person.

If you have any questions regarding the processing of your personal data or the terms and conditions related to the processing, you can contact us at the address: SLOVENSKÉ LIEČEBNÉ KÚPELE PIEŠŤANY, a.s., Winterova 29, 921 29 Piešťany or via the e-mail osobneudaje@spapiestany.sk  


Danubius Hotels Group
Facebook Google+ Youtube Twitter Flickr Instagram
Last
visited
item
 
X