Phone: +36 20/354 4444 (from 8:00 to 20:00)

Data protection

Data protection

4 SEASONS Mountainhotel (Imprint) is committed to protecting the personal data and privacy of all those who visit this website. This information and statement are primarily concerned with the confidentiality and protection of personal information of registered members and newsletter subscribers via the Internet, but also includes visitors to the Site. The contents of this page describe what data the owner may collect and use about you and how they may use it. The data will not be passed on to an unauthorized person (s) and will be used in the form provided on this page.

In individual cases in contracts, the purpose of data management may change, which is done under the conditions set out in the given contract.

This information provides you with important information about the protection of your personal data and your rights about it. For data protection issues not mentioned in the prospectus, the general data protection provisions set out in the Legal Conditions apply. The user of the website acknowledges that this prospectus and the Legal Terms and Conditions of the general rules of use of the website have been read and accepted. If the user does not accept these terms, he has the right to stop using the website and not to provide any personal data, to suspend the browsing process.

In developing these rules and principles, the Company has taken into account the CXII. Act CXIX of 1995 on the right to information self-determination and freedom of information (“Infotv.”). Act VI of 1998 on the management of name and address data for research and direct business acquisition; Act XLVIII of 28 January 1981 promulgating the Convention for the Protection of Individuals concerning Automatic Processing of Personal Data, Strasbourg, 28 January 1981; Act on the Basic Conditions and Certain Restrictions of Commercial Advertising. The purpose of this information and statement is to ensure that all users of the services provided by the Data Controller ensure that their rights and fundamental freedoms, in particular the right to privacy, are respected in the automatic processing of their personal data.

Who collects the personal data (the data controller)?

Your data for 4 SEASONS Hegyihotel, hereinafter referred to as Hegyihotel (contacts, further information: Imprint)

What data do I collect and manage?

You may choose to access and browse our websites without providing your personal information, but you must accept the cookie policy to browse and the privacy statement and statement to subscribe to the newsletter.

The term “personal data” means all information relating directly or indirectly to a natural person who has been or can be identified based on an identification number or one or more related data. If the Owner of the Site collects your personal information, this will be done confidentially and transparently.

Personal data concerning you is all information that allows you to identify yourself, such as citizenship, surname and first name, postal address, e-mail address, telephone number (s), and all other personal data specified in section 3 of this prospectus. necessary to achieve those objectives. Your personal data is collected voluntarily by the owner in the manner specified when browsing the site, in each case indicating the data that must be provided to achieve the goal. If you do not wish to provide this information, you will not be able to access certain services and features of the Website. The purpose of collecting non-mandatory additional data is to better understand the needs of users, to determine the future refinement goals of the services and website development plans, so this data is freely provided, you can refuse to provide it, but in this case, you cannot browse the site.

Hegyihotel takes all necessary measures at all times to ensure that the personal data it handles is accurate and, if necessary, up-to-date.

The following personal data is processed:

For what purpose do we collect personal data and for how long do we process it?

The Owner undertakes not to use personal data for purposes other than those specified, express, and lawful and to process them only following those purposes, and to handle only personal data that is adequate, relevant and does not go beyond the purpose of collection.

The purpose of collecting and using your information is to provide you with access to certain features and services offered by the owner on the Website, ensuring that the information about you remains up-to-date, correct, and relevant. Its purpose is to use the data in the following main directions:

  1. a) You can subscribe to the website's newsletter system and manage your subscriptions, such as:
  1. b) Providing an opportunity to express an opinion and comment on the content of the site.

Time of data management

The data will be stored and used until the data subject's request or the ad hoc purpose is reached, in both cases for the maximum period of 60 days currently required by law after becoming aware of the cause. An exception to this is the data provided during registration on the site, which is stored indefinitely. However, we provide the option to cancel the registration on the website.

If you do not request the deletion of your data in writing, then the data processing period is indefinite. In other cases, the deadline for data processing is determined by the date specified in the contract.

Who can get to know personal data (data transfer)?

The Owner has the right to share your personal data with any future external, marketing, or other partners who may use your data only in the manner specified in the agreement between the two parties (or under conditions fixed in advance in writing).

We may use the assistance of subcontractors (all contributors are required to process personal data by our instructions) to handle all or part of the personal data to the extent necessary to perform their contractual service (e.g., website hosting, website services or commercial offers). You can find out more about these in point 7.

Data security

The Owner will do everything possible to protect your personal information. He stores some data in encryption, while He only accesses other data after identification. The data is stored on several independent devices by the Owner and the services of several separate companies and organizations are used for this purpose.

Access to personal data is strictly limited to the person who may be involved in the task, as well as to the trustees and to the extent necessary for their task, who are bound by the obligation of confidentiality and confidentiality. This task and the management of data to third parties are always stipulated in the current contract.

Data processing, data management and persons involved in data management, companies The data is managed by the owner, the 4 SEASONS Mountainhotel. Contract companies' data is also managed and stored by other companies. outside the owner. The processing of the data is performed partially (for accounting and certain financial tasks) by SA-KRAFT Tanácsadó Kft.

Which companies are involved in data management?

In the course of its activities, the Owner has involved the following companies in data management:

Data ownership rights and enforcement

If you do not wish your personal data to be used to communicate commercial offers, you have the right to prohibit this, without stating the reasons for your decision. You must notify the Owner in writing of your cancellation, either in writing, which may be by electronic or paper mail,to the address indicated in the Imprint.

Information on legal remedies: application to the Court of Veszprém (8200 Veszprém, Vár utca 19. or the court competent according to the place of residence) as a court with competence and jurisdiction (§ 21 of the Information Act), and official investigation procedure (Info Act 52). .§). In the latter case, the name and contact details of the authority: National Office for Data Protection and Freedom of Information (NAIH), address: 1125 Budapest, Szilágyi Erzsébet fasor 22 / C., Phone: + 36-1-391-1400, fax: + 36-1-391 -1410, e-mail: customer

Protection of personal data of minors and persons with limited legal capacity

The content of the 4-SEASON Mountainhotel website is generally not intended for minors under 13 years of age. Therefore, we do not collect or process personal data about children under the age of 13 without verifiable and informed parental or guardian (collectively, parental) consent that the child’s parents may request the release and deletion of the child’s data. If the age becomes apparent to the Owner during data processing or data management, the data may be used to obtain parental consent.

The declaration of an incapacitated and incapacitated minor requires the consent of his or her legal representative, except for those parts of the service where the declaration is intended for mass registration in everyday life and does not require special consideration.

Cookies handling

You can find information on the Cookie Management page.

Links to other websites

The 4 SEASONS Mountainhotel can navigate to external, third-party websites using a link. 4 Season Mountainhotel has no control over these websites and cannot be held responsible for their content or personal data management. For the security of your personal information, we encourage you to read the information and statement on the confidentiality and protection of personal information of websites accessed through my website.

More important legislation

All operations with your personal data are carried out in compliance with applicable law. These are currently the following: Owner (data: Imprint) (Act No. 78_17 of 6 January 1978 on Information, as amended), Act CXII of 2011 on the Right to Information Self-Determination and Freedom of Information concerning data management in Hungary. and Act CVIII of 2001 on certain issues of electronic commerce services and information society services. law. The Owner's privacy registration numbers can be found in Section 1. transmission of data.

Transmission of data

The provided personal and non-personal data may be transmitted through several channels, according to different technological standards. The most common of these can be done through Google Drive, email encrypted, and the other party's unencrypted billing program with server settings.

Additional additions

It is possible to post, register, or access or use other data or processes with data stored on an external data controller on the website for certain elements (eg blog posts). This type of external data provider can be Facebook, Google, Twitter, or other company services displayed for a given function.

Amendment of the prospectus, statement

The Owner is entitled to unilaterally amend the Data Management Information and Declaration. If the Owner modifies this page himself or herself or based on legal requirements, he/she will publish it on his / her website - he/she will update it, the modification will take effect from the publication, and will take effect automatically. Therefore, we ask you to read the latest version available on the website.


2011 CXII. according to Section 3 of the Act
2012 data subject: any specific natural person identified based on personal data or, directly or indirectly, identifiable in 2013; "personal data" shall mean data which can be contacted by the data subject, in particular his or her name, identification mark and knowledge of one or more physical, physiological, mental, economic, cultural or social identities, and the conclusion which may be drawn from the data subject;
Special data for 2014:

2015. criminal personal data: personal data incurred during or before criminal proceedings in connection with a criminal offense or criminal proceedings, at bodies authorized to conduct criminal proceedings or to detect criminal offenses, as well as at the data enforcement organization, personal data relating to the data subject and the criminal record;

2016. public data: information or knowledge recorded in any way or form, not covered by the concept of personal data, which is managed by a body or person performing a state or local government task and performing another public task specified by law and related to its activities or performing its public task, regardless of the information on how it is handled, whether independent or aggregate, in particular, information on competence, competence, organizational structure, professional activity, evaluation of its effectiveness, types of data held and legislation governing the operation, as well as information on management and contracts;

2017. public data in the public interest: all data not falling within the concept of data of public interest, the disclosure, acquaintance or making available of which is required by law in the public interest;

2018. consent: a voluntary and firm declaration of the will of the data subject, based on adequate information, giving his or her unambiguous consent to the processing of personal data concerning him or her, in whole or in part;

2019. protest: a statement by the data subject objecting to the processing of his / her data and requesting the termination of the data processing or the deletion of the processed data;

2020. data controller: a natural or legal person or an organization without legal personality who, alone or together with others, determines the purpose of data processing, makes and implements decisions on data processing (including the means used), or with a data processor entrusted by him enforce;

2021. "data management" means any operation or set of operations on data, regardless of the procedure used, in particular their collection, recording, recording, systematization, storage, alteration, use, interrogation, transmission, disclosure, coordination or linking, blocking, deletion and destruction, and to prevent further use of the data, the taking of photographs, sound or images and the recording of physical characteristics capable of identifying the person (eg fingerprints or palm prints, DNA samples, irises);

2022. data transfer: making the data available to a specific third party;

2023. disclosure: making data available to anyone;

2024. data erasure: making data unrecognizable in such a way that it is no longer possible to recover it;

2025. data designation: the identification of data to distinguish it;

2026. data blocking: the identification of data to limit their further processing permanently or for a specified period;

2027. data destruction: complete physical destruction of the data carrier;

2028. "data processing" means the performance of technical tasks related to data management operations, regardless of the method and means used to perform those operations and the place of application, provided that the technical task is performed on the data;

2029. "processor" shall mean any natural or legal person, or any entity without legal personality, who carries out the processing of data based on a contract concluded with a controller, including the conclusion of a contract according to a legal provision;

2030. data controller: the body performing a public task which has produced data of public interest to be compulsorily published electronically or in the course of the operation of which this data has been generated;

2031. informant: a body performing a public task which, if the data controller does not publish the data itself, publishes the data provided to it by the data controller on a website;

2032. data set: the totality of the data managed in one register;

2033. "the third party" means any natural or legal person, or any entity without legal personality, other than the data subject, the controller or the processor;

2034. EEA State: a Member State of the European Union and another State party to the Agreement on the European Economic Area and a State of which the European Union and its Member States and a State not party to the Agreement on the European Economic Area are nationals of Enjoys the same status as a national of a State party to the Agreement on the European Economic Area;

2035. third country: any state that is not an EEA state.

Relevant legislation

The data controller undertakes to carry out its activities in this direction under the legislation in force at any given time.

These are as follows at the time of publishing this document: