Privacy Policy

AQUATICUM DEBRECEN KFT.

1. Name of the Controller

Name of the controller: Aquaticum Debrecen Kft.

Company registry number of the controller: 09-09-002758

Registered seat of the controller: H-4032 Debrecen, Nagyerdei park 1.

E-mail address of the controller: kozpont@aquaticum.hu

Representative of the controller: Dr. Lajos Róbert FAZEKAS (chief executive officer)

The data protection officer of the Debreceni Vagyonkezelő Zrt.: Within the framework of a services agreement, the Euro-Inford Iroda Kft. represented by SZEIFERT Péter (chief executive officer)

2. Data processing rules

Aquaticum Debrecen Kft. (hereinafter referred to as Company) is processing personal data regarding this interface based on its Privacy policy. The scope hereof shall include every process performed by any organisational unit of the Company where the processing of personal data as determined in the paragraph (2) of the section 3 of the Act CXII of 2011 (hereinafter referred to as Info Act) is performed.

Personal data can be processed only to exercise a right or to perform an obligation. The personal data processed by the Company may not be used for private purposes. Data processing shall any time comply with the principle of purpose limitation.

The Company can process personal data only for a specific purpose, to exercise a right and to perform an obligation, in the minimum extent and for the lowest time necessary to achieve the purpose. Data processing shall any time comply with the purpose, and if the purpose of data processing is terminated or data processing is unlawful, the data shall be erased.

The Company may process personal data only based on the prior consent of the data subject, which shall be in writing in case of sensitive data, or based on law or legal authorisation.

Before the recording of data, the Company shall any time disclose the purpose and legal basis of data processing to the data subject.

Any employees performing data processing in the organisational unit of the Company and any employees of the organisations taking part in or performing any step of data processing on commission from the Company shall keep confidential the personal data they have become aware of, as trade secret. Any person processing or having access to personal data shall sign a declaration on confidentiality.

If any person subject hereto becomes aware of that any personal data is incorrect, incomplete or outdated, he/she shall rectify such data or initiate the rectification thereof with the employee liable for the recording of such data.

The data processing obligation of natural or legal persons or organisations without legal personality, which perform data processing activity on commission from the Company shall be enforced via the services agreement concluded with the processor.

Executive Officers of the Company shall, with regards to the characteristics of the Company, establish the organisation of data protection, scopes of responsibility and authority of data protection and related activities, and shall designate a person to oversee data processing.

During their work, the employees of the Company shall ensure that no unauthorised person can have access to personal data and that the personal data shall be stored and located to prevent their unauthorised access, acquisition, alteration or destruction.

The data protection system of the Company shall be supervised by the executive officer via a data protection employee assigned or commissioned by such executive officer.

3. Exercising the rights of data subjects

The data subject may request information about the processing of his/her personal data, may request the rectification of his/her personal data or - with the exceptions of data processing required by law - the erasure or the limitation of his/her personal data via the contacts below of the Company.

The data subject shall have the right to receive the personal data concerning him/her, which he/she has provided to the Controller, in a structured, commonly used and machine-readable format and he/she shall have the right to transmit such data to another controller.

The Company shall, within three days after receipt, transfer the received request or objection to the head of the organisational unit having the scopes of responsibility and authority for data processing.

The head of the organisational unit having the scopes or responsibility and authority shall send, within 25 days, or within 15 days in case of the exercising of his/her right to object, a written response in clear and plain language to the data subject who sent a request regarding the processing of his/her personal data.

This notification shall cover the pieces of information determined in the paragraph (1) of the section 15 of the Info Act if notification of the data subject cannot be denied based on law.

As a general rule, notification shall be free of charge, and fee may be charged only in the cases determined in the paragraph (5) of the section 15 of the Info Act.

The Company can reject a request only due to the reasons determined in the paragraph (1) of the section 9 or the section 19 of the Info Act, and this rejection shall be in writing, with justification and together with the notification determined in the paragraph (2) of the section 16 of the Info Act.

In case of incorrect data, the head of the organisational unit processing such data - if the necessary data and the public document proving such data are available - shall rectify such data, and if the reasons determined in the paragraph (2) of the section 17 of the Info Act apply, shall ensure the erasure of the processed personal data.

For the period necessary to evaluate the objection of the data subject against the processing of his/her personal data (but not longer than for 5 days), the head of the organisational unit processing such data shall suspend data processing, evaluate the grounds of the objection and make a decision, about which the applicant shall be informed pursuant to the paragraph (2) of section 21 of the Info Act.

If objection is reasonable, the head of the organisational unit processing such data shall proceed as determined by the paragraph (3) of the section 21 of the Info Act.

If during the exercising of the rights of the data subject, the adjudication of the case is ambiguous, the head of the organisational unit processing such data may request, by submitting the documents of the case and his/her point of view in the given case, for a resolution from the person responsible for data processing, who shall reply to such request within three days.

The Company shall reimburse any damage it triggered by the unlawful processing of the data of the data subject or it triggered to any third person by violating data security requirements, and it shall pay any compensation in case of the breach of personality rights triggered by it or a processor used by it. The Controller shall be exempt from the liability for the damage or the obligation to pay compensation if it can prove that the damage or the violation of the personality right of the data subject were triggered by an unavoidable cause outside the scope of data processing. The Controller may not reimburse the damage if it was caused by the intentional act or gross negligence of the victim.

Should you have any remark or question regarding data processing, please contact our data protection officer at dpo@euroinford.hu.

The data subject may apply for legal remedy at or submit a complaint to the Hungarian National Authority for Data Protection and Freedom of Information (ugyfelszolgalat@naih.hu, H-1363 Budapest, P. O. Box 9., phone: +36 (1) 391 1400) or to the tribunal having territorial competence in his/her home address or place of residence.

4. Data processing performed during the services and other activities of the Company

Place of data processing:

H-4032 Debrecen, Nagyerdei park 1.

4.1. Data processing of the website

Anyone can access to the website of the Company without revealing his/her identity or providing his/her personal data, and anyone can get information at the website and the sites linked thereto freely, without any restrictions. However, the website is automatically collecting non-personalised data about the visitors, without limitation. However, no personal data can be obtained from these data, therefore, it is not data processing subject to the Info Act.

The website is using the web analytics service of Google Analytics. The Google Analytics uses cookies, i.e. text files on the computer of the user to help analyse the use of the website. Google forwards the data on the use of the website, as generated by the cookies (the IP address of the visitor), to its servers in the USA and stores them there. Google does not link the data generated by the cookies with other data, therefore, it does not perform the processing of personal data based on the effective data protection regulations. By selecting the suitable settings of his/her browser, the visitor may reject the use of cookies. By using the website, the visitor consents to the processing of his/her data in the way and for the purposes detailed above.

The data obtained by Google are used to assess and analyse the use of the website by the data subject, to make reports on the activities performed on the website and to provide services regarding the activities performed on the website and internet use.

Registration number of data processing: NAIH-102184

Purpose of data processing: identification of the visitors of the website, making available the electronic services for them

Processed set of data: starting and finishing date and time of the visit by the visitor and in certain cases - depending on the settings of the device of the user - the type of browser and operating system and other recorded data (cookies)

Legal basis of the data processing: consent of the data subject as determined in the item a) of the paragraph (1) of the section 5 of the Info Act Deadline of data storage: until the achievement of the purpose of data processing, at most for 2 years

Way of data storage: electronically

4.2. Data processing regarding hotel service

During the performance of hotel services, the Company is processing personal data.

Upon checking in the hotel, the data subjects shall complete a registration form. The Company requests the following data in the registration form:

Name
Date of birth
Citizenship
Personal identification card number
Name(s) of child(ren)
Home address
E-mail address
If the guest arrives by car, the license plate number of the car

Registration number of data processing: based on the item a) of the paragraph (3) of the section 65 of the Info Act, the Hungarian National Authority for Data Protection and Freedom of Information shall not keep a register, since it is related to the data of data subject being in customer relationship with the Controller.

Purpose of data processing: ensuring checking in the hotel, assigning rooms to the clients

Processed set of data: name, date of birth, citizenship, personal identification card number, name(s) of child(ren), home address, e-mail address, if the guest arrives by car, the license plate number of the car

Legal basis of the data processing: consent of the data subject as determined in the item a) of the paragraph (1) of the section 5 of the Info Act

Deadline of data storage: until the achievement of the purpose of data processing (upon check-out, the data are erased if the guest does not declare that he/she requests the storage of his/her data to accelerate check-in next time)

Way of data processing: hard copy and electronically

4.3. Data processing regarding the use of thermal bath and therapeutic treatments

The Company provides the use of thermal bath and therapeutic treatments.

In the therapeutic department of the Company, almost 40 different kinds of treatments based on medicinal water and the involvement of specialist physicians facilitate the healing of the patients and the guests.

In addition to the traditional bathing therapy, a broad range of physiotherapy and movement therapy can be used by the guests in the therapeutic centre.

These treatments may be used for medical rehabilitation, either by social security support or without support, against payment as well.

Rheumatological treatments shall be subject to referral which may be requested by the guest from his/her specialist physician, GP or occupational physician.

Upon arrival, after purchasing the ticket, the guests get an armband with entitlements.

The guest may move within the bath with this armband.

Upon the use of thermal bath, the Company performs the processing of personal data.

For the treatment, the following data of the guest are requested:

Name and ZIP code
In case of social security support, the data in the medical treatment card are name, home address, place and date of birth, social security number
In case of a pass from the local government: name and home address at the back of the pass
Upon leaving, if invoiced: name and home address
In case of the loss of the armband or the cabinet key or insolvency, upon recording the report: name, home address, phone number and personal identification card number
Upon the use of the safe deposit locker: name and signature
In case of the care of an injured person: name, home address and age of the first aid provider

Purpose of data processing: ensuring the use of thermal bath and the related therapeutic treatments

Processed set of data: name and ZIP code

In case of social security support, the data in the medical treatment card are name, home address, place and date of birth, social security number

In case of a pass from the local government: name and home address at the back of the pass

If invoiced: name and home address

In case of the loss of the armband or the cabinet key or insolvency, upon recording the report: name, home address, phone number and personal identification card number

Upon the use of the safe deposit locker: name and signature

In case of the care of an injured person: name, home address and age of the first aid provider

Legal basis of the data processing: consent of the data subject as determined in the item a) of the paragraph (1) of the section 5 of the Info Act

Deadline of data storage: until the achievement of the purpose of data processing

Way of data processing: hard copy and electronically

4.4. Data processing regarding the use of pleasure bath

Upon arrival, after purchasing the ticket, the guests get an armband with entitlements.

The guest may move within the bath with this armband.

Upon the use of pleasure bath, the Company performs processing of personal data.

For the treatment, the following data of the guest are requested:

Name and ZIP code
In case of social security support, the data in the medical treatment card are: name, home address, place and date of birth, social security number
In case of a pass from the local government: name and home address at the back of the pass
Upon leaving, if invoiced: name and home address
In case of the loss of the armband or the cabinet key or insolvency, upon recording the report: name, home address, phone number and personal identification card number
Upon the use of the safe deposit locker: name and signature
In case of the care of an injured person: name, home address and age of the first aid provider

Purpose of data processing: ensuring the use of pleasure bath and the related services

Processed set of data: name and ZIP code

In case of social security support, the data in the medical treatment card are name, home address, place and date of birth, social security number

In case of a pass from the local government: name and home address at the back of the pass

Upon leaving, if invoiced: name and home address

In case of the loss of the armband or the cabinet key or insolvency, upon recording the report: name, home address, phone number and personal identification card number

Upon the use of the safe deposit locker: name and signature

In case of the care of an injured person: name, home address and age of the first aid provider

Legal basis of the data processing: consent of the data subject as determined in the item a) of the paragraph (1) of the section 5 of the Info Act

Deadline of data storage: until the achievement of the purpose of data processing

Way of data processing: hard copy and electronically

4.5. Data processing during complaint handling

The Company shall perform complaint handling according to the effective Act on Consumer Protection, while data processing shall comply according to the requirements of the sections 17/A-C of the Act on Consumer Protection.

Complaints may be submitted by the guests:

Verbally:

a) personally at the reception of the bath and the hotel

b) via phone

If the data subject disagrees with the handling of the complaint or the complaint cannot be immediately assessed, a report shall be written about the complaint. A copy of the report shall be handed over by the Company to the guest having the complaint.

The complaint report shall include the followings:

Name of the client
Home address or registered seat of the client, and correspondence address, if relevant;
Place, date and manner of the submission of the complaint;
Detailed description of the complaint of the client by the separate recording of the objections concerned to let each objection in the complaint of the client be fully assessed;
Description of the service subject to complaint;
List of documents and other proofs presented by the client;
Signature of the person drawing up the report and the signature of the client (this latter is necessary in case of a personally submitted verbal complaint);
Place and date of drawing up the report;
E-mail address and phone number of the client.

Non-personal complaint

Non-personal complaint may be submitted via phone or in writing.

a) via phone

b) via post

c) via e-mail to kozpont@aquaticum.hu

Common rules

The Company shall write its point of view and measures regarding the complaint together with justification, and it shall send them to the complainant within 30 days after the receipt of the complaint, unless the guest submits his/her complaint verbally, and the Company immediately complies with the requests therein.

Purpose of data processing: recording, assessment and adjudication of complaints

Processed set of data: name, home address and correspondence address of the client, place and date and manner of the submission of the complaint, detailed description of the complaint of the client, list of documents and other proofs presented by the client, signature of the person drawing up the report and in case of personally and verbally submitted complaint, the signature of the client, place and date of drawing up the report, e-mail address and phone number of the client

Legal basis of the data processing: consent of the data subject as determined in the item a) of the paragraph (1) of the section 5 of the Info Act, with the legal basis determined in the sections 17/A-C of the Act on Consumer Protection

Deadline of data storage: the Company shall store the report on the complaint and the copy of its response for five years [paragraph (7) of the section 17/A and the paragraph (3) of the section 17/B of the Act on Consumer Protection]

Way of data processing: hard copy and electronically

4.6. Data processing regarding photo and video records

Registration number of data processing: NAIH-102183

Purpose of data processing: strengthening the image and the brand of the Company by organising the given event, photo and audio records are processed during launching the event …………………

Processed set of data: voice and image of and other data related to the data subject

Legal basis of the data processing: consent of the data subject as determined in the item a) of the paragraph (1) of the section 5 of the Info Act

Deadline of data storage: until the purpose of the given marketing activity is achieved

Way of data storage: electronically

4.7. Data processing regarding newsletters

The Company makes possible subscription for its newsletter service, based on which one can be notified of information regarding the Company, thermal bath events and other interesting news.

Newsletter is sent twice a month. During this, only the name and the e-mail address of the client are processed. The client may any time unsubscribe from newsletter in any stage of data processing.

Registration number of data processing: NAIH-66484 and NAIH-72406

Purpose of data processing: sending newsletter to subscribers

Processed set of data: user name, e-mail address

Legal basis of the data processing: consent of the data subject as determined in the item a) of the paragraph (1) of the section 5 of the Info Act

Deadline of data storage: until the data subject unsubscribes

Way of data storage: electronically

4.8. Data processing regarding the organisation of prize competition

The Company periodically organises prize competitions.

In the prize competition, anyone may take part without restriction.

The personal data requested for running the prize competition are processed by the Company as follows:

Registration number of data processing: NAIH-102181

Purpose of data processing: running a prize competition

Legal basis of the data processing: consent of the data subject as determined in the item a) of the paragraph (1) of the section 5 of the Info Act

Processed set of data: name, home address, phone number, e-mail address

Period of data processing: until the end of prize draw

4.9. Data processing regarding booking a room

By ensuring online booking at https://booking.aquaticum.hu, the Company processes personal data.

Upon booking a room, the data subjects shall complete a registration form. During booking a room, the following data shall be given:

Last name
First name
Phone number
E-mail address
Date of arrival and departure
Invoicing data
Payment method
Catering

Purpose of data processing: ensuring booking a room, assigning rooms to the clients

Processed set of data: last name, first name, phone number, e-mail address, date of arrival and departure, payment method, catering

Legal basis of the data processing: consent of the data subject as determined in the item a) of the paragraph (1) of the section 5 of the Info Act

Deadline of data storage: until the achievement of the purpose of data processing

Way of data storage: electronically

5. Contacts of data protection officer

Within the framework of a services agreement, the Aquaticum Debrecen Kft. and the Debreceni Vagyonkezelő Zrt. having ownership rights therein uses the data protection officer services of the Euro-Inford Iroda Kft.

Contacts: dpo@euroinford.hu, phone number: +36 (70) 4217 663, correspondence address: H-2151 Fót, P.O. Box: 29.

6. Questions not specified hereunder

Any questions not specified hereunder shall be governed by the Info Act and the Data Protection and Data Security Policy of the Company (available in Hungarian language here).