Villa CuvéePrivacy policy

Annex III/c to the “Privacy Policy for internal use”: 

Fundus Invest Kft.

Privacy Notice for the public

(published at the www.villacuvee.hu website) 

The Data Controller, who is Fundus Invest Kft. (legal seat: 4200 Hajdúszoboszló, József Attila u. 5-7. , company registry number: 09-09-019876, VAT No.: 22990136-2-09, phone numbers: Tuba tanya: +36 21/350-0444, +36 30/300-2988; Villa Cuvée: 21/350-0222, Hotel Délibáb: +36 21/350-0777, +36 52/360-366; Mirage restaurant : +36 52/898-151, e-mail addresses: info@tubatanya.hu, info@villacuvee.hu, info@hoteldelibab.hu, info@mirage-etterem.hu, authorised representative: Éva Czene, Managing Director, with sole signatory right), hereby provides the following brief summary information about the data processing activities it carries out.

The Data Controller would like to notify the Data Subjects on the following:

Summary table for data processing activities related to one-off information requests and supply

Purpose

Legitimacy

Data Subjects

Data categories

Duration

Method

Source

to supply proper information to the Data Subject, and the related communica-tion

voluntary consent or compliance with a mandatory obligation, or based on an Agreement, or legitimate interest, or vital interest

any natural person, including those acting on behalf of an organisation, who contacts the Data Controller, and requests/

receives information from the Data Controller

for more details, please check the detailed information/

description related to the given data processing activity

until the purpose is reached, or the request is cancelled,

or for the mandatory duration,

or for the statutory period, or while the legitimate interest exists

electronically and/or in a hard copy format, manually

the Data Subjects

 

Summary table of data processed as part of on-going, regular contact with the Data Subjects

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

liaising with the Data Subject, to reply or resolve any questions, requests, or other inquiries arising

voluntary consent or compliance with a mandatory obligation, or based on an agreement, or legitimate interest, or mandatory obligation, or vital interest

any natural person, including those acting on behalf of an organisation, who has a regular contact with the Data Controller, in addition to a one-off information request filed

for more details, please check the detailed information/

description related to the given data processing activity

until the purpose is reached, or the request is cancelled,

or for the mandatory duration,

or for the statutory period, or while the legitimate interest exists

electronically and/or in a hard copy format, manually

the Data Subjects

 

Summary table of data processing activities related to Requests for Proposals issued by the Data Subject,

and the related Proposal submitted by the Data Controller

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

to submit a proper Proposal to the Data Subject, and the related communi-cation

voluntary consent granted, or Article 6(1), point b) of the GDPR

any natural person, including those acting on behalf of an organisation, who has requested a Proposal from the Data Controller, by supplying his/her personal data

for more details, please check the detailed information/

description related to the given data processing activity

while the Proposal is valid, or if the Proposal was accepted, until the end of the statutory period applicable to the related legal relationship, or if the data processing took place based on a legitimate interest, while such interest exists

electronically and/or in a hard copy format, but mostly electronically, and manually

the Data Subjects

 

Data processing activities carried out in relation to a Request for Proposals issued by the Data Controller,

and the related Proposals received

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

to submit a Proposal for the Data Controller’s Request for Proposals issued, and the related communi-cation

the Data Subject’s voluntary consent granted, or the Data Controller’s legitimate interest, or compliance with a mandatory obligation

for more details, please check the detailed information/

description related to the given data processing activity

for more details, please check the detailed information/

description related to the given data processing activity

if the Proposal is accepted, for a period of 8 years, if the Proposal is not accepted, for the Proposal’s validity period, or for the mandatory duration, or for the duration specified in the Request for Proposals

electronically, in a hard copy format, manually

the Data Subjects

 

Summary table of data processing activities related to entering into Agreements

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

to enter into the Agreement, to fulfil the same, to supervise fulfilment, and the related communi-cation

entering into an Agreement (Article 6(1), point b) of the GDPR),

the processing of the data of the authorised represen-tative and the contact person is based on legitimate interest

any natural person, including those acting on behalf of an organisation, who enters into an Agreement with the Data Controller - by supplying their personal data - in their own name, or acts as an authorised representative or contact person nominated in an Agreement

for more details, please check the detailed information/

description related to the given data processing activity

for the statutory period,

or the duration specified in the Agreement,

or cannot be erased, as this is stipulated by the law

electronically and/or in a hard copy format, manually

the Data Subjects

 

Summary table of data processing activities related to appointment bookings

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

to fulfil an appointment reservation made by the Data Subject, and the related communi-cation

voluntary consent granted

any natural person, including those acting on behalf of or representing an organisation, who makes a reservation, by supplying his/her data

for more details, please check the detailed information/

description related to the given data processing activity

until the specific purpose is reached, or for the general statutory period, or while the legitimate interest lasts

electronically and/or in a hard copy format, manually

the Data Subjects

 

Summary table of data processing activities related to the Data Subjects’ consent granted

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

to be able to evidence the legitimacy of the data processing activities taking place, to provide the consent, and the related communi-cation

voluntary consent granted

any natural person, who grants a consent to the Data Controller to process his/her data for a particular purpose

for more details, please check the detailed information related to the given data processing activity

until the consent granted is revoked/

cancelled,

the consents granted will be erased when the related statutory period set, for after the revocation, has elapsed

electronically and/or in a hard copy format, manually

the Data Subjects

 

Summary table of data processing activities performed in relation to the photos, video footages and sound recording made of the Data Subject, with the Data Subject’s consent granted

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

the specific purpose specified in the Data Subject’s related consent given

voluntary consent granted

any natural person, whom has granted his/her prior consent to the fact that photos, video footages and/or sound recordings are made of him/her

for more details, please check the detailed information related to the given data processing activity

until the recording is deleted, based on the Data Subject’s request

electronically and/or in a hard copy format, manually

the Data Subjects

 

Summary table of complaint handling related data processing activities

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

to identify the Data Subject and the complaint filed, to handle the complaint, and the related communi-cation

starts upon a voluntary consent granted, but also necessary pursuant to section 17/A(7) of Act CLV of 1997 on Consumer protection, in order to comply with the Data Controller’s obligation, in line with Article 6(1), point c) of the GDPR

any natural person, who has filed a complaint with regards to the services rendered, products purchased, and/or the Data Controller’s conduct shown, or activities performed, or a failure to perform something

for more details, please check the detailed information/

description related to the given data processing activity

the Data Controller will process the official Minutes taken of the complaint filed, and the related reply sent, for a period of 5 years upon being taken, in line with the Consumer protection law

electronically and/or in a hard copy format, manually

the Data Subjects

 

Summary table of data processing activities related to the registration system maintained

about the Data Subjects (Clients and Business Partners)

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

to indentify the Data Subject, the related communi-cation, to monitor fulfilment of the related Agreement (if any)

voluntary consent granted,

or based on an Agreement,

or required to comply with a mandatory obligation, or legitimate interest

any natural person, or the authorised representative of a legal entity, who intends to become a Partner/Client or Employee of the Data Controller

for more details, please check the detailed information/

description related to the given data processing activity

erased based on the Data Subject’s request,

or erased due to the mandatory follow-up data verification being unsuccessful,

or erased due to the Data Subject’s death,

or when it is based on the Data Controller’s interest, until such interest persists.

The Data Controller may qualify the related registration system to be of permanent value, therefore the data cannot be erased

electronically (in a hard copy format), manually

the Data Subjects, or a Business Partner

 

Summary table related to the registration system maintained

about the Data Subjects (as regular Guests)

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

to identify the Data Subjects, to grant an authorisation level and later checks, to grant benefits, to inform the Data Subjects about discounts solely provided to regular Customers/

Guests, or about special offers or other, and the related communi-cation

based on voluntary consent,

or based on an Agreement,

or based on legitimate interest (when the Data Subject is stated to be the contact person/

authorised representative in the relevant Agreement signed with the Data Controller)

any natural person, including any natural person acting on behalf of an organisation (authorised representative, contact person), whom managed to meet the pre-conditions to become a regular Guest, and got listed as such in the related registration system

for more details, please check the detailed information/

description related to the given data processing activity

for the time period stipulated in the relevant Regular Guests Policy,

or until erased based on the Data Subject’s request,

or erased due to the mandatory follow-up data verification being unsuccessful,

or erased due to the Data Subject’s death,

or when it is based on the Data Controller’s interest, until such interest persists. The Data Controller may qualify the related registration system to be of permanent value, therefore the data cannot be erased

electronically (in a hard copy format), manually

the Data Subjects

 

Summary table of data processing activities taking place related to taped phone conversations

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

for quality improvement, to monitor the related communi-cation, to document all needs and problems raised by the Data Subjects or users, finding a more efficient resolution

voluntary consent granted

any natural person, including a natural person acting on behalf of, or as a representative of an organisation, who wishes to contact or liaise with the Data Controller via a customer service telephone line, where recording takes place

for more details, please check the detailed information/

description related to the given data processing activity

for a period of 6 months, or if any related complaint is filed, for a period of 5 years, pursuant to Act CLV of 1997

electronically, automated

the Data Subjects

 

Summary table of data disclosure (to third parties)

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

specific purpose

consent granted, to comply with a mandatory obligation, an Agreement, legitimate interest

any natural person, including any natural person acting on behalf of, or as a representative of a legal entity, whose data is disclosed by the Data Controller to any third party

for more details, please check the detailed information/

description related to the given data processing activity

until the specific purpose is reached, or for the statutory period, or for the duration specified by the law, or until the legitimate interest ceases to exist

electronically and/or in a hard copy format, manually, in full compliance with the principles of data security and non-disclosure

the Data Subjects, the Data Processor, any public register

 

Summary table of data processing activities related to bookings (room reservations)

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

to process the booking, to make the room reservation by connecting the given accommo-dation provider and the Data Subject, and the related communi-cation with the Data Subject

voluntary consent granted

any natural person, who makes a booking at any accommo-dation provider facility operated by the Data Controller, by supplying his/her personal data

for more details, please check the detailed information/

description related to the given data processing activity

in case of no show, the data get immediately deleted, otherwise kept for the statutory period

electronically, in a hard copy format, manually

the Data Subjects, or Business Partners (travel agency/tour operator)

Summary table of data processing activities related to check-ins, check-in forms, the guest registration system,

and the tourism administration system

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

to ensure full compliance with the law, to enter into an Agreement for accommo-dation provider services, to be able to evidence its fulfilment, possible claim enforcement, and the related communi-cation with the Data Subject

to comply with a mandatory obligation, legitimate interest, voluntary consent granted, an Agreement entered into

any natural person, who checks in at any of the accommo-dation facilities operated by the Data Controller, by supplying his/her personal details, and fills in the check-in form/guest registration book

please see the check-in form/guest registration book

for more details, please check the detailed information related to the given data processing activity

electronically, in a hard copy format, manually,

the Data Subjects, or Business Partners (travel agency/tour operator)

 

Accommodation booking on behalf of any third party, by the Data Controller

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

to order a taxi for the Data Subject, for a specific place and timing, and the related communi-cation with the Data Subject

voluntary consent granted

any natural person, for whom the Data Controller orders a taxi service

for more details, please check the detailed information related to the given data processing activity

for more details, please check the detailed information related to the given data processing activity

electronically, manually

the Data Subjects, or Business Partners

 

Summary table of data processing activities performed in relation to restaurant table bookings

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

to book a table in a restaurant, to identify the Data Subject, and the related communi-cation

voluntary consent granted

any natural person, who intends to book a restaurant table, by supplying his/her personal data

for more details, please check the detailed information/

description related to the given data processing activity

until the specific purpose is fulfilled

electronically and/or in a hard copy format, manually

the Data Subjects

 

Summary table of data processing activities performed in relation to organised camp programs

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

the specific purpose is to identify the Data Subjects, to establish their entitlement to the given services, to sign the related Agreement, to render the related services, to fulfil the Agreement, and the related communi-cation

voluntary consent granted, or an Agreement being signed (Article 6(1), point b) of the GDPR),

when processing the data of an authorised represen-tative/

contact person, it is a legitimate interest

any natural person, whose personal data is supplied by the Data Subject to the Data Controller in relation to ordering services related to an organised camp program, and to sign the related Agreement, the Data Subjects are particularly being children, and their legal representatives

for more details, please check the detailed information/

description related to the given data processing activity

until the specific purpose is reached, or for a period of 5 years

 

 

electronically, in a hard copy format, manually

the Data Subjects

 

Summary table of data processing activities carried out related to health status

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

to properly provide the services to the Data Subjects, and the related communi-cation

voluntary consent granted

any natural person, who supplies a health related data to the Data Controller

for more details, please check the detailed information related to the given data processing activity

until the primary goal is reached, or

until revoked, 

or for the statutory period

electronically, in a hard copy format, manually

the Data Subjects

 

Summary table of data processing activities related to banking details and bank transfers

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

to facilitate and verify financial payments

to comply with a mandatory obligation and/or based on an Agreement, or voluntary consent granted

any natural person, to whom the Data Controller sends any bank transfer, and any natural person, who wishes to pay the Data Controller via bank transfer

for more details, please check the detailed information/

description related to the given data

for the statutory period, or for any duration specified by the law

electronically, manually or automated

own registration system, the Data Subjects

 

Summary table of invoicing related data processing activities

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

to comply with a mandatory obligation

to comply with a mandatory obligation, pursuant to Act CXXVII of 2007 on the Value Added Tax, and various decrees issued based on an authorisation given by the same law

any natural person, including sole entrepreneurs, whose data is indicated on any invoices (or any equivalent accounting certificate) issued by the Data Controller (even if only in the comments, notes section, etc.)

the specific data categories defined by sections 169-170 and 176 of Act CXXXVII of 2007

for a period of 8 years

in a hard copy format/

electronically, manually

the Data Subjects, occasionally public registration systems

 

Summary table of data processing activities related to invoices received

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

to fully comply with the relevant mandatory obligations, and to properly store the invoices (and other equivalent) documents, pursuant to section 179 of Act CXXVII of 2007

to comply with a mandatory obligation (section 179 of Act CXXVII of 2007)

any natural person, whose data is indicated on any invoice (or any other equivalent accounting certificate) or any attachments to the same, received and accepted by the Data Controller

the specific data categories defined by sections 169-170 and 176 of Act CXXXVII of 2007

for a period of 8 years

in a hard copy format/

electronically, manually

the invoice issuer

 

Summary table of CCTV system operation

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

the specific purposes defined in the related CCTV Policy, such as property security, personal and physical security, etc., to properly identify the Data Subjects

the Data Controller’s legitimate interests

any natural person, who enters or stays in an area under CCTV surveillance

for more details, please check the detailed information/

description related to the given data processing activity

for 8 days upon the recording being made

electronically, automated

the Data Subjects

 

Summary table of the data processing activities related to operating an electronic access card system

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

to identify the Data Subjects, to grant and verify access levels, personal and property safety and security

the Data Controller’s legitimate interests

any natural person, whom is provided with an access tool (e.g. swipe card) by the Data Controller

for more details, please check the detailed information/

description related to the given data processing activity

to be deleted within 180 days upon the regular access authorisation being terminated, or if it was a one-off access authorisation provided (guest card), within 1 day after the person has left the premises

electronically, automated

the Data Subjects

 

Summary table of data processing activities related to sending Newsletters

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

to provide full scope general, or individually tailored and regular information to the recipients about the Data Controller’s latest special offers, events and news

voluntary consent granted

any natural person, who intends to receive news, or updates about the Data Controller’s special offers and benefits granted, therefore signs up to the Newsletter, by supplying his/her personal data 

for more details, please check the detailed information/

description related to the given data processing activity

until  the person unsubscribes

subscription can be made electronically, or in a hard copy format, or manually,

the Newsletters to be sent electronically, automated,

unsubscription is possible electronically, or in a hard copy format, or manually

 

the Data Subjects

 

Summary table of data processing activities related to organising special draws

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

to enable participation, to identify the Data Subjects during the draw, and the related communi-cation

voluntary consent granted

any natural person, who intends to participate in a special draw organised by the Data Controller, by supplying his/her data

for more details, please check the detailed information/

description related to the given data processing activity

until the special purpose is fulfilled, or for the statutory period

the intention to participate can be indicated electronically/in a hard copy format, or manually,

the drawing is done automated or manually (depending on the given type of drawing)

the Data Subjects

 

Summary table of special event organising

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

to carry out all tasks related to organising a special event, and the related communi-cation with the Data Subjects

based on voluntary consent granted, or based on an Agreement, or legitimate interest

any natural person, who attends the special event, or receives any of the special event organising services offered

for more details, please check the detailed information/

description related to the given data processing activity

for the statutory period

electronically and/or in a hard copy format, manually

the Data Subjects

 

Summary table of data processing activities related to gift vouchers (coupons)

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

to enable customers to buy and redeem gift cards/

vouchers for the Data Controller’s services/

products, and the related communi-cation

voluntary consent granted, legitimate interest, or Agreement

any natural person, who intends to buy a gift card/voucher, or redeem the same for any of the Data Controller’s services/

products

for more details, please check the detailed information/

description related to the given data processing activity

as long as it is valid,

if redeemed, for the statutory period,

if an official receipt, for 5 years

electronically and/or in a hard copy format, manually

the Data Subjects

 

Summary table of data processing activities related to customer satisfaction surveys

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

to improve the quality of services, products and the Data Controller’s conduct, to investigate any complaints, and the related communication

the Data Controller’s legitimate interests

any natural person, who participates in any customer satisfaction survey, as part of the Data Controller’s quality assurance process

for more details, please check the detailed information/

description related to the given data processing activity

until the specific purpose is reached, or in case of complaints, for a period of 5 years

electronically and/or in a hard copy format, manually

own in-house registration system about the Data Subjects

 

Summary table of data processing activities performed in relation to social media marketing efforts

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

the Data Controller’s marketing activities

voluntary consent granted

any natural person, who follows, shares or likes the contents displayed on the Data Controller’s social media platforms, on a voluntary basis

for more details, please check the detailed information/

description related to the given data processing activity

until erased based on the Data Subject’s request, or until the legitimate interest ceases to exist

electronically, manually

the Data Subjects

 

Summary table of data processing activities related to the Guest Book

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

to enable the Data Subject to express his/her opinion about the Data Controller’s services rendered, to improve the Data Controller’s service quality, to inform others, and to liaise with the Data Subject, if any complaint arises

voluntary consent granted, in case of complaint

any natural person, who wishes to share his/her personal opinion via a Guest Book entry with the Data Controller and others

for more details, please check the detailed information/

description related to the given data processing activity

until erased based on the Data Subject’s request, or in case of a complaint, for a period of 5 years (pursuant to Act CLV of 1997)

electronically and/or in a paper format, manually

the Data Subjects

 

Summary table of data processing activities performed related to the Job Applicants’ data

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

to enable applications to be made, and the related communi-cation

voluntary consent granted

any natural person, who applies for any job opening advertised by the Data Controller, or sends his/her application without a formal advert placed

for more details, please check the detailed information/

description related to the given data processing activity

for the specific time period defined in the Data Subject’s related consent granted, or until the legitimate interest ceases to exist

electronically and/or in a hard copy format, manually

the Data Subjects

 

Summary table of data processing activities performed in relation to aptitude tests (examinations)

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

to exercise the right established in the regulation applicable to the given legal relationship, to check the professional suitability required to comply with the obligations (competen-cies)

voluntary consent granted, or legitimate interest

any natural person, who participates in an aptitude test

for more details, please check the detailed information/

description related to the given data processing activity

until the Data Subject requested it to be erased, or for the time period specified in the related consent given, or for the statutory period

electronically and/or in a hard copy format, manually

the Data Subjects

 

Summary table of data processing activities related to language skill tests

Purpose

Legitimacy

Data Subjects

Data category

Duration

Method

Source

to determine the applicable language group, for the most optimal language learning practices, for any Data Subject applying

voluntary consent granted

any natural person, who participates in a language skill test

for more details, please check the detailed information related to the given data processing activity

until the specific purpose is reached, or until the data is erased based on the Data Subject’s request, or if the Data Subject is determined to belong to a certain group, based on legitimate interest, the duration is the total duration of the language training provided - due to later comparisons, or confirmation on progress - or for the statutory period

electronically, in a hard copy format, manually

the Data Subjects

Subscribe to our newsletter!

Pictures from our gallery