Allow us to inform you, as a visitor to our website, as well as a customer using our services, about the protection of your personal data.
This information was prepared in accordance with Regulation (EU) No. 2016/679 of the European Parliament and of the Council (General Data Protection Regulation – GDPR).
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, as well as on the repeal of Regulation 95/46/EC (hereinafter: Regulation), stipulates, that the Data Controller takes appropriate measures in order to provide the data subject with all information related to the processing of personal data in a concise, transparent, understandable and easily accessible form, clearly and comprehensibly formulated, and that the Data Controller facilitates the exercise of the rights of the data subject. CXII of 2011. is also required by law.
Ltd., as a data controller, determines the purposes and means of handling personal data independently or together with others, and as a data processor, it manages personal data on behalf of the data controller.
Data management is any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as the collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or otherwise by making available, coordinating or connecting, limiting, deleting or destroying.
The data processing is a technical data management, and does not have the right of disposal or decision over the data.
Any information relating to an identified or identifiable natural person (“data subject”) is considered personal data. A natural person can be identified directly or indirectly, in particular on the basis of an identifier such as a name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person can be identified.
The natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller; (Regulation, Article 4, 8) Using a data processor does not require the prior consent of the data subject, but it is necessary to inform them.
In order to fulfill its tax and accounting obligations, the Ltd. uses an external service provider with an accounting service contract, who also manages the personal data of natural persons in the Ltd.’s contract or payment relationship, for the purpose of fulfilling the tax and accounting obligations of the Ltd.
In the case of payment by bank card, the data will be transferred to the card acceptor in order to fulfill the contract. The data management of our card-accepting partner, as a data manager, is subject to its own data management information and rules, therefore the Kft. is not responsible. Data transmission: In the case of payment by bank card, the payer’s ID, the amount, date and time of the transaction are sent to the data processors.
The data processor may only execute instructions that are recorded in writing.
A written contract must be concluded between the data controller and the data processor, which must contain the data transferred by the data controller to the data processor and the data processor’s activities with them.
Employees dealing with the management of personal data are bound by confidentiality. In order to guarantee data security, the data processor implements organizational and technical measures. The data processor helps the data controller to fulfill its obligations. Based on the decision of the data controller, the data processor returns all personal data to the data controller or deletes or deletes the existing copies, with one exception if national or EU law requires the storage of data. The data processor facilitates and enables audits and on-site inspections carried out by the data controller or with the help of an inspector commissioned by the data controller.
If the data processor uses the help of another data processor, the same obligations apply to her as those originally established by the contract between the data processor and the data controller.
– Ltd. is not obliged to appoint a data protection officer based on Article 37 of the GDPR.
If you have any requests or questions regarding data management, send your request by post to H-1061 Budapest, Liszt Ferenc Square 3. or send it electronically to info@incognito.hu. We will send our answers to the address specified by you without delay, but within 30 days at most.
– no data is transferred abroad
Ltd. performs data management for the following purposes in accordance with the legislation:
The data subject has the right to object, based on which the personal data will no longer be processed, unless the data processing is justified by a compelling reason (e.g. in the case of data that must be processed in connection with an employment relationship)
There is no compelling reason in the case of direct marketing, the data must be deleted in case of objection. (Direct marketing includes advertisements that reach out to potential customers directly. This can be done electronically, by phone call, by post, etc. Special rules apply to each method.
Here, the person concerned will be the recipient of the advertisement, i.e. the person to whom the advertisement reaches or is directed. The personal data of the person concerned, e.g. can be managed by the operator of a website or online store.)
A breach of data security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data.
Ltd. ensures data security corresponding to the degree of risk associated with data management, in the event of a breach of which, without delay, but no later than 72 hours after becoming aware of it, our data protection officer, or failing that, the data manager/data processor or his representative, will notify the supervisory authority and inform the data subject as well.
Ltd., upon becoming aware of the data protection incident, immediately takes the necessary security measures in order to eliminate and restore the damage that is the basis of the data protection incident.
The person concerned will be notified of the measures taken and their results.
In Hungary, the data protection supervisory authority is: National Data Protection and Freedom of Information Authority (hereinafter: NAIH, address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C, e-mail address: ugyfelszolgalat@naih.hu). The data subject may submit a complaint to the NAIH if, in his opinion, the processing of his personal data does not comply with the legal obligations. A judicial review can be initiated against the NAIH’s decision
Ltd. manages and processes data in a legal, transparent and verifiable manner, and in order to achieve these goals, it keeps the following records:
content:
If the scope of the managed data and the other circumstances of the data management change, this data management information will be modified and published on the https://incognito.hu/ website within 30 days in accordance with the provisions of the GDPR.
Dated: Budapest, September 1, 2023.
The Data Controller handles the personal data of visitors to the Data Controller’s website https://incognito.hu/ (hereinafter: website) (hereinafter: Visitor) in accordance with the provisions contained in the information sheet according to this annex.
Recipients: the processed data may be forwarded to the accommodation provider and IT service companies, whose contact details the Data Controller informs the Visitor as follows:
Hosting company:
– Company name: DotRoll Ltd.
– Headquarters: H-1148 Budapest, Fogarasi Road 3-5.
– Phone number: +36 – 1 – 432 – 3232
– E-mail address: support@dotroll.com
– Website: https://dotroll.com
IT provider:
– Entrepreneur: Kovács Ferenc EV
– Registration number: 58435274
– Headquarter: H-1204 Budapest, Wesselényi Street 144.
a) Technically essential cookies: they are also called session cookies or functional cookies. Their essence is that without them the site would simply not work functionally, they provide the minimum conditions necessary for the proper functioning of the website. These are necessary to identify the user, e.g. to manage whether you entered, what you added to the cart, etc. This is typically the storage of a session ID, the rest of the data is stored on the server, which is therefore more secure. Other terminologies call all cookies that are deleted when you exit the browser a session cookie (a session is a browser usage from start to close). The duration of the data management of these cookies applies only to the visitor’s current visit, this type of cookie is automatically deleted from the computer when the session ends or when the browser is closed.
b) Usage-facilitating cookies: these are also called in different ways: analysis, analysis, page development or statistics cookies. These cookies remember the user’s choices, for example in what form the user wants to see the page. These types of cookies essentially mean the setting data stored in the cookie.
c) Cookies providing advertising display and related to social media: these are also called performance cookies, experience cookies, and marketing cookies. They don’t have much to do with “performance”, that’s usually the name given to cookies that collect information about the user’s behavior, time spent, and clicks on the visited website. They are also connected to social media. These are typically third-party applications (e.g. Google Analytics, AdWords). These are suitable for profiling the visitor.
You can find out more about Google Analytics cookies here:
https://developers.google.com…
You can find out more about Google AdWords cookies here:
https://support.google.com…
The following cookies are used on the https://incognito.hu/ website:
Cookie name | Target | Expiration date | Read more |
---|---|---|---|
ls-popup-* | Functionality | End of session | It is hosted by the LayerSlider WordPress plugin. It does not collect data. |
ls-popup-last-displayed | Functionality | 2 years | It is hosted by the LayerSlider WordPress plugin. It does not collect data. |
PHPSESSID | Functionality | End of session | PHP stores the current state of the session here. It is used to distinguish individual visitors to the site. It is recorded whether the visitor is logged in. |
uvc | Social sharing | 1 year | The page can be shared on various social channels. It is placed on the page by the AddThis WordPress plugin. |
loc | Social sharing | 1 year | The page can be shared on various social channels. It is placed on the page by the AddThis WordPress plugin. |
mus | Social sharing | 1 year | The page can be shared on various social channels. It is placed on the page by the AddThis WordPress plugin. |
ouid | Social sharing | 1 year | The page can be shared on various social channels. It is placed on the page by the AddThis WordPress plugin. |
uid | Social sharing | 1 year | The page can be shared on various social channels. It is placed on the page by the AddThis WordPress plugin. |
fr | Marketing | 3 month | It enables the display of customized advertisements via the Facebook website. |
_gid | Marketing | 1 day | It is placed on the page by the Google Analytics measurement code. It serves to distinguish users. |
_gat_UA-101358145-1 | Marketing | 90 days | It is placed on the page by the Google Analytics measurement code. It stores relevant information about the user related to running campaigns. |
_ga | Marketing | 2 years | It is placed on the page by the Google Analytics measurement code. It serves to distinguish users. |
__atuvs | Social sharing | 30 min. | The page can be shared on various social channels. It is placed on the page by the AddThis WordPress plugin. |
__atuvc | Social sharing | 2 years | The page can be shared on various social channels. It is placed on the page by the AddThis WordPress plugin. |
woocommerce_items_in_cart | Functionality | End of session | It is placed on the site by the WooCommerce WordPress plugin. Information about the visitor’s basket is stored in it. No personal data is stored in it. |
woocommerce_cart_hash | Functionality | End of session | It is placed on the site by the WooCommerce WordPress plugin. Information about the visitor’s basket is stored in it. No personal data is stored in it. |
wp_woocommerce_session_* | Functionality | 2 days | It is placed on the site by the WooCommerce WordPress plugin. It records where the products in the visitor’s basket are located in the database. No personal data is stored in it. The code at the end of the cookie is unique for each user. |
euCookie | Functionality | 60 days | It stores the information that the visitor has accepted the cookies. |
Accepting and authorizing the use of cookies is not mandatory. You can reset your browser settings to reject all cookies or to notify you when a cookie is currently being sent. Although most browsers automatically accept cookies by default, they can usually be changed to prevent automatic acceptance and offer a choice each time.
A legnépszerűbb böngészők süti beállításairól az alábbi linkeken tájékozódhat:
• Google Chrome: https://support.google.com/ac…
• Firefox: https://support.mozilla.org…
• Microsoft Internet Explorer 11: http://windows.microsoft.com…
• Microsoft Internet Explorer 10: http://windows.microsoft.com…
• Microsoft Internet Explorer 9: http://windows.microsoft.com…
• Microsoft Internet Explorer 8: http://windows.microsoft.com…
• Microsoft Edge: http://windows.microsoft.com…
• Safari: https://support.apple.com…
However, we would like to point out that certain website functions or services may not function properly without cookies.
Individual websites use cookies with different intensity, it is also possible that a website does not use them because it is not necessary for its operation, or only uses them to a minimal extent.
It is important for the Data Controller that its data management meets the requirements of fairness, legality and transparency. To this end, the Visitor can request information about the management of his personal data, and can request the correction of his personal data or – with the exception of mandatory data management – deletion, he can request the restriction of the management of his personal data, he can withdraw his consent to data management, and he can also use the possibility of carrying his data, his right of access, and his right to protest . In order for the Visitor to be aware of his rights and the conditions for exercising them, we provide the following information to the Visitor.
In the case of data processing based on consent, the Visitor has the right to withdraw his consent at any time without reason. The revocation does not affect the legality of the data management based on consent, carried out prior to the revocation. However, the Data Controller will no longer carry out operations using the Visitor’s personal data and will delete them if there is no other legal basis for the processing of the Visitor’s personal data. The Visitor can withdraw his consent by contacting one of the contact details of the Data Controller listed in point I – and at the same time in the Introductory Part of this appendix.
The Visitor has the right to receive feedback from the Data Controller as to whether her personal data is being processed, and if such data is being processed, she/he is entitled to access the personal data and the following information
At the request of the Visitor, the Data Controller provides access to the Visitor’s personal data in accordance with Article 15 of the GDPR, if:
The Data Controller will provide the Visitor with a copy of their personal data if:
The Visitor has the right to request that the Data Controller correct inaccurate personal data concerning the Visitor without undue delay. Taking into account the purpose of data management, the Visitor has the right to request the completion of incomplete personal data, including by means of a supplementary statement. The Visitor’s right to correct inaccurate data:
The Data Controller corrects the Visitor’s personal data in the following cases:
The Data Controller supplements the Visitor’s personal data, if:
The Visitor is entitled to make an additional statement to the Data Controller. The Data Controller shall notify the recipients of the personal data (if any) of the correction of the Visitor’s personal data. However, the Data Controller will not notify the recipients of the correction of personal data if notification to the recipients proves to be impossible or would require a disproportionately large effort. At the Visitor’s request, the Data Controller informs the Visitor about the recipients.
The Data Controller is obliged to delete the affected data based on the Visitor’s request to delete personal data if the following conditions are met. The Data Controller is obliged to delete the Visitor’s personal data without undue delay if:
According to Article 18 of the GDPR, the Visitor may request the restriction of the processing of her/his personal data if one of the following occurs:
The right of the Visitor to request the restriction of the processing of her/his personal data:
The Data Controller shall notify the recipients of the personal data (if any) of the restrictions on the processing of the Visitor’s personal data. However, the Data Controller will not notify the recipients of such a restriction if notifying the recipients would be impossible or would require a disproportionately large effort. At the request of the Visitor, the Data Controller informs the Visitor about the recipients.
If the Data Controller restricts the processing of the Visitor’s personal data on the basis of the above, he is only entitled to the following:
If the processing of the Visitor’s data has been restricted in accordance with the above, the Data Controller is obliged to inform the applicant in advance of the lifting of the restriction.
If the Data Controller handles the Visitor’s personal data automatically, the Visitor is entitled to receive the personal data relating to the Visitor provided by the Visitor to the Data Controller in a segmented, widely used, machine-readable format, and is entitled to transfer this data to another data controller without the Data Controller hindering this, and is also entitled to request the direct transmission of this data by the Data Controller to another data controller.
The Visitor’s right to data portability:
and covers pseudonymized data that can be clearly linked to the Visitor.
The Data Controller separately informs the Visitor that, in the case of data processed to assert the legitimate interests of the Data Controller or a third party, the Visitor has the right to object to the processing of their personal data based on this legal basis at any time for reasons related to their own situation.
In the event of the Visitor’s objection, the Data Controller may no longer process the personal data, unless the Data Controller proves that the data processing is justified by compelling legitimate reasons which take precedence over the interests, rights and freedoms of the Visitor, or which are necessary for the submission, enforcement or If personal data is processed for scientific and historical research or statistical purposes in accordance with Article 89 (1) of the GDPR, the Visitor has the right to object to the processing of personal data concerning the Visitor for reasons related to their own situation, except , if the data management is necessary for the execution of a task carried out for reasons of public interest.
The Data Controller does not forward the Visitor’s data to recipients in third countries.
The Data Controller is related to Visitor data management – 2.1-2.8. to the request as written in points, and 3.1. 2.1-2.8. you can make your requests according to points in the following way:
The Data Controller is obliged to inform the Visitor without undue delay, but no later than within 1 (one) month from the date of receipt of the request, according to 2.1-2.8. on measures taken as a result of your request according to points. If necessary, taking into account the complexity of the request and the number of requests received by the Data Controller, this deadline can be extended by another 2 (two) months. The Data Controller shall inform the Visitor of the extension of the deadline, indicating the reasons for the delay, within 1 (one) month from the date of receipt of the request. If the Visitor submitted the request electronically, the information must be provided electronically, if possible, unless the Visitor requests otherwise. If the Data Controller does not take measures following the Visitor’s request, it shall inform the Visitor without delay, but at the latest within 1 (one) month of the receipt of the request, of the reasons for not taking action, and of the fact that the Visitor may file a complaint with a supervisory authority and use the also with the right to judicial remedy.
If the Data Controller learns that it no longer needs any personal data for data management purposes, the Data Controller is obliged to inform the affected person in writing (including electronic information):
if you request the limitation of data management, you can request information about the recipients to whom the Data Controller forwarded the relevant data.
If, according to the Visitor’s point of view, the Data Controller, as a Data Controller, handles the Visitor’s personal data in an inappropriate manner, contrary to the law, or if, according to the Visitor’s point of view, the Data Controller, as a Data Controller, did not comply with his request to exercise his rights, or in an inappropriate manner, several legal remedies can also be used by the Visitor.
If, according to the Visitor’s point of view, the Data Controller has not complied with the provisions of the GDPR during its data management activities, the Visitor may apply for legal remedies, including a complaint, to the National Data Protection and Freedom of Information Authority at one of the following contacts:
In addition to the official legal remedy, the Visitor also has the opportunity to go to court if, according to the Visitor’s point of view, the Data Controller did not comply with the provisions of the GDPR during its data management activities, and thus the Data Controller violated the Visitor’s rights contained in the GDPR during the processing of the Visitor’s personal data. . When initiating court proceedings, the Visitor may also decide to initiate the court proceedings before the court of the Member State of the Visitor’s address or place of residence.
Nyitvatartás / Opening: 12.00-24.00 Konyha nyitvatartás / Kitchen operates between: 12.00-23.30