Privacy Policy

 

This Privacy Policy (“Policy”) provides information regarding the processing of personal data by Harmónia-Palota Kft. (hereinafter: “Data Controller” or “we”) during the operation of its accommodation and event venue services, in accordance with Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation - GDPR).

1. Data Controller and Contact Details

• Company Name: Harmónia-Palota Kft.

• Registered Office: 1088 Budapest, Múzeum utca 9. III. em. 16.

• Postal Address: 1088 Budapest, Múzeum utca 9.

• Tax Number: 23973828-2-42

• Company Registration Number: 01 09 987254

• Email: hello@harmoniapalace.com

• Phone: +36 70 577 0300

• Website: www.harmoniapalota.hu

2. Processing of the Data Subject’s Personal Data

2.1 Categories of Data Subjects

The Data Controller processes the personal data of the following natural persons in relation to accommodation services: guests (hereinafter: “Data Subjects”).

2.2 Categories of Personal Data Processed

The Data Controller processes the following personal data of Data Subjects:

• Full name

• Address

• Nationality

• Date of birth

• Place of birth

• Gender

• Email address

• Phone number

• Arrival date

• Departure date

• Number of rooms

• Number of adults

• Number of children

• Booking codes (e.g., promotion, voucher)

• Passport/ID card number

• Visa number

• Date and place of entry to Hungary

• Guest preferences

• Payment details: card type, number, expiration date, CVV code

• Purpose of travel

• Dietary information (e.g., allergies)

• Contact person’s name, phone, email

• Flight number

• Room number

• Lost and found item with guest name and room number

• Guest feedback

• Invoice date

• Length of stay

• Method of payment

• Amount paid, date of receipt

• Vehicle license plate number

• Name, number of attendees, and setup of the selected event room (in case of event bookings)

Sources of data:

• Booking via website, email, or phone

• Registration form

• Guestbook

• Guest satisfaction surveys

• Booking systems of resellers

2.3 Legal Basis, Purpose, and Duration of Data Processing

2.3.1 Contract Preparation and Fulfilment (Accommodation/Event Services)

Legal basis: Performance and preparation of a contract (Article 6(1)(b) GDPR)
Purpose of processing:

• Booking of apartments and event rooms

• Guest identification during their stay

• Performance of contractual obligations (e.g., cleaning)

• Communication with the guest during their stay

• Handling of invoices and outstanding payments

• Ensuring a smooth departure in case of system-related issues

Duration:

• Until the end of the contract (except registration forms and invoices, which are retained for 6 years on paper)

Note: Data provision is mandatory for the conclusion and performance of the contract. Failure to provide data may result in the refusal of service. Data in the SabeeApp system is not deleted or anonymised automatically after the end of the contract.

2.3.2 Compliance with Legal Obligations

Legal basis: Legal obligation (Article 6(1)(c) GDPR)
Purposes and retention:

• Local tourism tax reporting: 6 years

• Statistical reporting (e.g., to KSH): 6 years

• VAT and other mandatory financial reporting: 6 years

• Invoice correction and archiving: 6 years

Note: Provision of data is mandatory. Refusal may prevent contract conclusion or fulfilment.

2.3.3 Legitimate Interests

Legal basis: Legitimate interest of the Data Controller or a third party (Article 6(1)(f) GDPR)
Purpose:

• Handling complaints

• Improving guest satisfaction

• Providing guest information

• Verifying guest-provided information

Duration: Same as the contract term

2.3.4 Consent of the Data Subject

Legal basis: Consent (Article 6(1)(a) GDPR)
Purpose: Guest feedback, satisfaction surveys, other voluntary data sharing

Consent is voluntary and can be withdrawn at any time without consequences. Withdrawal does not affect the lawfulness of prior processing.

3. Recipients of Personal Data

The Data Controller may share personal data with the following recipients:

• SabeeApp (for software support and billing)

• Fair Team Kft. (accounting firm – invoice data)

• Taxi companies (to provide requested services)

• Police (upon request – e.g., CCTV footage)

4. Rights of the Data Subject

Data Subjects have the following rights under the GDPR:

4.1 Right of Access

Information on:

• Purpose and categories of processing

• Retention period

• Source of data (if not from the Data Subject)

• Rights (correction, erasure, restriction, objection, data portability)

• Automated decision-making (if any)

4.2 Right to Rectification

You may request correction or completion of inaccurate/incomplete personal data.

4.3 Right to Erasure ("Right to be Forgotten")

Under certain conditions (e.g., no longer necessary, consent withdrawn, unlawful processing), you can request data deletion.

4.4 Right to Restriction of Processing

Applicable if you contest accuracy, object to processing, or need the data for legal claims.

4.5 Right to Object

You may object to processing based on legitimate interest or for direct marketing purposes.

4.6 Right to Data Portability

You may request your data in a structured, commonly used, machine-readable format, and transfer it to another controller.

4.7 Legal Remedies

4.7.1 Right to Lodge a Complaint

To the Hungarian Data Protection Authority (NAIH):
Website: http://naih.hu/
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Postal address: 1530 Budapest, Pf.: 5
Phone: +36-1-391-1400
Fax: +36-1-391-1410
Email: ugyfelszolgalat@naih.hu

You may also lodge a complaint with a supervisory authority in your habitual residence within the EU.

4.7.2 Right to Judicial Remedy

You may bring a claim before a Hungarian court or, if you reside in another EU Member State, the competent court in that country.

5. Final Provisions

If the Data Controller has doubts about the identity of the individual submitting a request under sections 4.1–4.6, further identification may be required.