Ács Apartman Hévíz

Data protection

Data of the data manager and processor

Veronika Cser-Ács is an individual with a tax number providing private accommodation services (Ács Apartman Hévíz).

(hereinafter: the "Accommodation")

The Hotel is committed to protecting the personal data of its customers and partners, and considers it of utmost importance to respect its customers' right to self-determination of information. The accommodation treats personal data confidentially and takes all security, technical and organizational measures that guarantee data security. The accommodation below describes its data management practices, which are available electronically on the accommodation's official website, and also available on paper at the accommodation.

Its basic data management principles are in accordance with the current legislation on data protection, and in particular with the following:

  1. year CVIII Act on certain issues of electronic commercial services and services related to the information society (Eker. tv.)
  2. year XLVIII Act on the Basic Conditions and Certain Limitations of Economic Advertising Activities (Grt.)
  3. year CXII. Act - on the right to self-determination of information and freedom of information (Infotv.); 5 5

Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) - on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and on the repeal of Regulation 95/46/EC ( general data protection regulation, GDPR);

  1. Act V - on the Civil Code (Ptk.); Act C of 2000 - on accounting (Accounting Act); LIII of 2017 Act - on the prevention and prevention of money laundering and terrorist financing (Pmt.);
  2. year CCXXXVII. Act - on credit institutions and financial enterprises (Hpt.).

This Notice provides general information about data management during the services provided by the Hotel. Due to the diversity of the Guests' needs, the method of data management may occasionally differ from that contained in this Notice, such deviations may be made at the Guest's request, and the Hotel will inform the Guest in advance of the exact method. The Hotel provides information on all data processing that may not be included in this Information Sheet prior to the given data processing.

The Hotel only processes personal data for a predetermined purpose for the time necessary for exercising rights and fulfilling obligations. The Hotel only manages personal data that is essential for the realization of the purpose of data management and is suitable for achieving the purpose.

The consent or subsequent approval of the legal representative of the minor under the age of sixteen is required for the validity of the legal statement containing the consent of the affected person.

In any case, if the Hotel uses the provided data for a purpose other than the purpose of the original data collection, it will inform the data subject and ask for their prior, express consent, or provide them with the opportunity to prohibit the use.

During the data management, the personal data obtained by the Accommodation can only be seen by the persons on behalf of the Accommodation, who are responsible for the respective data management.

Explanation of concepts

Data subject: any natural person identified or - directly or indirectly - identified on the basis of personal data;

Personal data: data that can be associated with the data subject - in particular the data subject's name, identification mark, and one or more physical, physiological, mental, economic, cultural or social characteristics of the data subject - as well as the conclusion about the data subject that can be drawn from the data;

Special data: personal data relating to health status;

Consent: the voluntary and decisive declaration of the data subject's will, which is based on adequate information, and with which he/she gives his/her unequivocal consent to the processing of his/her personal data - in full or covering certain operations;

Objection: the statement of the data subject objecting to the processing of their personal data and requesting the termination of the data processing or the deletion of the processed data;

Data controller: a natural or legal person or an organization without legal personality who, independently or jointly with others, determines the purpose of data management, makes and implements decisions regarding data management (including the device used), or implements them with the data processor it has commissioned;

Data management: regardless of the procedure used, any operation performed on the data or the set of operations, including in particular the collection, recording, recording, organization, storage, change, use, query, transmission, disclosure, coordination or connection, locking, deletion and destruction, and preventing further use of the data, taking photographs, audio or video recordings, and recording physical characteristics suitable for identifying the person (e.g. fingerprint or palm print, DNA sample, iris image);

Data transfer: making the data available to a specific third party;

Disclosure: making the data available to anyone;

Data deletion: making data unrecognizable in such a way that their recovery is no longer possible;

Data marking: providing the data with an identification mark for the purpose of distinguishing it;

Data blocking: providing the data with an identification mark for the purpose of limiting its further processing permanently or for a specified period of time;

Data processing: performing technical tasks related to data management operations, regardless of the method and tool used to perform the operations, as well as the place of application, provided that the technical task is performed on the data;

Data processor: a natural or legal person, or an organization without legal personality, who, or which processes data based on the contract concluded with the data controller - including the conclusion of a contract based on the provisions of the law;

Third party: a natural or legal person, or an organization without legal personality, who is or is not the same as the data subject, the data controller or the data processor.

Data management

Use of accommodation services

CLVI of 2016. the law obliges the accommodation service provider to record the legally defined data of the users of the accommodation service in the storage provided by the storage service provider appointed by the Government for the purpose defined by the law.

As part of the provision of services, the management of all data related to the data subject is based on voluntary consent, and its purpose is to ensure the provision of the service and to maintain contact. The personal data contained in this clause, with the exceptions contained in each sub-clause, will be kept by the Accommodation for a period of time in accordance with the current tax law and accounting regulations, and will be deleted after the deadline has passed.

Room reservation

In the case of online, personal (paper-based) or telephone room reservations, the Accommodation requests/may request the following data from the Guest:

  • first name,
  • last name;
  • address (town, postal code, country);
  • e-mail address;
  • mobile phone number

You can get more information on the handling of data related to room reservations by sending a request to the email address a.apartman.5@gmail.com.

Reporting form

When using the services of the Hotel, from September 6, 2021, the official documents of all our dear guests (valid personal identification card or valid driver's license or valid passport) must be scanned into the VENDÉGEM accommodation management program of the National Tourist Information Center. If the document is not scanned during registration, we cannot hand over the accommodation.

The Guest consents to the fact that the Accommodation will process the following mandatory data for the purpose of fulfilling its obligations set out in the relevant legislation (in particular the immigration police and the legislation related to the tourist tax) and for the purpose of proving the fulfillment, as well as for the identification of the Guest, as long as the competent authority can check the fulfillment of the obligations defined in the relevant legislation.

  • family and first name,
  • Home address
  • citizenship (exclusively for statistical purposes, processed data that cannot be traced back to the given person)
  • place and time of birth
  • travel document identification data
  • start and end date of accommodation
  • The handling of the following data on third-country nationals is a legal requirement:
  • visa, residence permit number,
  • time and place of entry

Person with the citizenship of a third country: with the exception of Hungarian citizens, all persons who are not citizens of a member state of the European Economic Area, including stateless persons.

Member States of the EEA:

  • member states of the European Union,
  • Iceland, Liechtenstein and Norway as member states,
  • and Switzerland as a state with equal legal status.

The provision of mandatory data by the Guest is a condition for using the Accommodation service.

By signing the registration form, the guest consents to the fact that the personal data provided by filling out the registration form will be processed and archived by the Hotel within the above-mentioned deadline for the purpose of proving the creation of the contract, the completion and fulfillment of the contract, and the possible assertion of claims.

Data from 3rd parties

Accommodation reservation, Request for quotation

The Accommodation works together with certain websites (e.g. Szállás.hu, szálaskeres.hu, booking.com, etc.). In the case of a request for a quote, based on the User's voluntary consent, the Service Provider receives the personal data of the User requesting the quote (name, email address, telephone number, address, number and age of children, information regarding pet ownership) and comments, as well as the selected payment method, the accommodation offer, and the accommodation offer at the same time as the request for the offer. for the purpose of In the event of an accommodation reservation, the Service Provider forwards the booking User's personal data (name, email address, phone number, information regarding pet ownership) and comments, as well as other booking data (request for discount, surcharge service, chosen payment method, etc.) based on the User's voluntary consent, the accommodation offer to the Accommodation, towards for the purpose of fulfilling the reservation. The Service Provider then forwards the User's data provided during the reservation to the Accommodation.

Duration of data management

Data processed in connection with the use of services

The Service Provider will treat the personal data related to the request for an offer initiated by the User as reservation data if the offer is accepted, and if the offer is rejected, it will be processed until the financial settlement for the period affected by the offer in order to settle the matter with the Accommodation. The Service Provider processes the personal data related to the offer accepted by the User initiated by the accommodation reservation in order to fulfill the accounting and obligations to the Partners for 8 years on the basis of § 169 of Act C of 2000, and for the limitation period specified in Act XCII of 2003 on taxation.

Website visit data

Most Internet browsers automatically accept cookies, but visitors have the option to delete them or refuse them automatically. Since every browser is different, the visitor can set their cookie preferences individually using the browser toolbar. You may not be able to use certain features on our website if you choose not to accept cookies.


It is possible for anyone to contact the hotel via e-mail. The Hotel handles the messages until the specific request/question is resolved/answered, after the request/question is completed, such e-mails are archived and stored for 5 (Five) years.

Data security

The Accommodation treats personal data confidentially and does not provide them to unauthorized persons. It protects personal data in particular against unauthorized access, change, transmission, disclosure, deletion or destruction, as well as against accidental destruction, damage, and loss of access due to changes in the technology used. It takes all security measures to ensure the technical protection of personal data.

We inform our customers that the court, the prosecutor, the investigative authority, the infringement authority, the public administrative authority, the National Data Protection and Freedom of Information Authority, the Hungarian National Bank, or other bodies based on the authorization of the law, provide information, communicate data, transfer documents, or they can contact the data controller to make it available. The Accommodation. to the authorities - if the authority has specified the exact purpose and the scope of the data - it will release personal data only to the extent and to the extent that is absolutely necessary to achieve the purpose of the request.

Rights & Remedies


Upon request sent to the Hotel's email address or to its address (8380, Hévíz, Vajda Ákos u. 9.) within a maximum of 30 days from the date of submission of the request, the Hotel will provide information to the person concerned - with regard to the same data once a year free of charge, in addition for a fee. about the data managed by it or processed by the data processor commissioned by it, its source, the purpose, legal basis, duration of the data processing, the name and address of the data processor and its activities related to data processing, and - in the case of transmission of the data subject's personal data - the legal basis and recipient of the data transmission.

In the event of a possible refusal to provide information, the Hotel informs the data subject in writing on the basis of which provision of the law in which the information was refused and informs the data subject of the legal remedies available.


If the personal data does not correspond to the reality, and the personal data corresponding to the reality is available to the accommodation service, the personal data will be corrected by the accommodation service.

The accommodation service will notify the data subject of the correction, as well as all those to whom the data may have previously been forwarded for the purpose of data management. The notification can be omitted if this does not harm the legitimate interests of the data subject in view of the purpose of the data management.

The corrections to the request, the processing deadline, and the possibility of legal redress are governed by the provisions of the information paragraph.

Deletion and blocking, protest

The provisions of the Data Protection Act apply to the deletion and blocking of personal data and objections to data processing.

Enforcement of judicial law

In the event of a violation of their rights, the data subject can apply to the court against the accommodation service. The court proceedings are governed by the Data Protection Act and other relevant legal regulations.


The accommodation service is obliged to compensate the damage caused to others by the illegal processing of data of the data subject or by violating the requirements of data security. The Accommodation is also liable to the data subject for the damage caused by the data processor. The Hotel is released from liability if it proves that the damage was caused by an unavoidable cause outside the scope of data management. There is no need to compensate the damage if it resulted from the intentional or grossly negligent behavior of the injured party.

Other provisions

Accommodation reserves the right to amend this Information.

The Hotel accepts no responsibility for the correctness of data provided by website visitors or Guests.


Legal remedies and complaints can be made at the National Data Protection and Information Freedom Authority, address: 1024 Budapest, Szilágyi Erzsébet fasor 22/C., website: www.naih.hu 

Hévíz, 11/13/2023