1. What is the purpose of the information?
2. Data controller details
3. What data processing processes take place on the Website?
4. What rights do Data Subjects have?
5. Notification and action obligation
6. Possible recipients of personal data
7. Cookies
8. Google Analytics
9. Other provisions
Krisztina Keleti (hereinafter: Data Controller) as the operator of the Website operating under the domain https://www.panoramaapartmantenerife.hu, issues this Information in order to provide natural persons (Data Subjects) using the services of the Website with information about the processing of their personal data in a concise, transparent, understandable and easily accessible form and to assist them in exercising their rights.
Legal basis: Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and Act CXII of 2011 on the right to informational self-determination and freedom of information (Infotv.).
Name Krisztina Keleti
Registered office / mailing address : 2310 Szigetszentmiklós, Honfogláság u. 5/b.
Phone: +36 30 585 0649
E-mail: info@panoramaapartmantenerife.hu
In this section, we detail the essential circumstances related to each data processing, which the GDPR and other sectoral legislation expect from all data controllers.
3.1. Data processing related to newsletter subscription
In order to provide Data Subjects with current information related to the use of our services, it is possible to subscribe to a newsletter via the website. The following information applies to the data processing related to this:
3.1.1. Personal data processed and the purpose of data processing
| personal data | purpose of data processing |
| name | by providing this we can identify the Data Subject in our letter |
| e-mail address | by providing this we can learn the Data Subject's electronic contact information, where we can send our newsletter about current events |
3.1.2. Legal basis for data processing
The Data Subject's consent (Article 6 (1) a) of the GDPR, Section 5 (1) a) of the Info Act, and Section 6 (1) of Act XLVIII of 2008 on the basic conditions and certain limitations of commercial advertising activities (Grt.).Grt.) 6. § (1) bekezdése).
3.1.3. Duration of data processing
The Data Controller processes personal data until the consent is withdrawn. You can withdraw your consent at any time by clicking on the "Unsubscribe" button in the sent letter.
3.1.4. Method of data processing
In electronic form.
3.2. Contact via website
You can also contact the Data Controller via the website for any purpose. The details of the related data processing are shown below.
3.2.1. Personal data processed and the purpose of data processing
| personal data | purpose of data processing |
| name | Identification of the Data Subject |
| e-mail address | Contacting and – in case of using the service – maintaining contact with the Data Subject |
| Telephone number | Contacting and – in case of using the service – maintaining contact with the Data Subject |
3.2.2. Legal basis for data processing
If the Data Subject contacts us for the purpose of requesting general information, our data processing is based on the law; subject to Article 6 (1) c) and (2) of the GDPR, Section 5 (1) b) of the Info Act and Act CVIII of 2001 on certain issues of electronic commerce services and services related to the information societyElkertv.) § 13/A. § (1) and (3).
If the contact person acting on behalf of the Data Subject's legal entity, the legal basis for processing the above personal data is the legitimate interest of the Data Controller and the legal entity represented by the Data Subject (GDPR Article 6 (1) f)). It is in the legitimate interest of both parties to ensure that business communication takes place effectively during the performance of the service and to be able to provide information to each other's designated representative about any material circumstances affecting the contract concluded between them. The infringement of the right to informational self-determination of the contact person of the legal entity cannot be established, because it is his/her job or contractual obligation to facilitate communication between the parties and to provide his/her personal data for this purpose.
3.2.3. Duration of data processing
For 1 year after the collection of personal data, or for 2 months from the chosen date of the program.
3.2.4. Method of data processing
In electronic form.
3.4.5. Provision of personal data
Given that we cannot provide our services without knowledge of the personal data included in this section, the provision of personal data is a prerequisite for concluding a contract.
3.3. Data processing related to contact
You can contact us via our website. The following information applies to the data processing related to this:
3.3.1. Personal data processed and the purpose of data processing
| personal data | purpose of data processing |
| name | Identification of the Applicant |
| Telephone number (optional) | Contact and information with the Applicant |
| e-mail address | Contact and information with the Applicant |
3.3.2. Legal basis for data processing
The legal basis for data processing is the performance of a contract to which the Data Controller and the Applicant are parties (GDPR Article 6 (1) b)).
3.3.3. Duration of data processing
For 1 year after the collection of personal data.
3.3.4. Method of data processing
In electronic form, automatically.
3.3.5. Provision of personal data
Given that the Data Controller cannot register applications without knowledge of the personal data included in this point, the provision of personal data is a prerequisite for concluding a contract.
3.4. Data processing related to invoicing
After the provision of the services, the Data Controller issues an accounting document – in accordance with Act C of 2000 on Accounting (hereinafter: Sztv.). The details of the data processing related to this are shown below.
3.4.1. Personal data processed and the purpose of data processing
| personal data | purpose of data processing |
| name | Support for accounting settlement of the provision of the service (economic event) |
| address/in the case of a sole proprietorship, registered office (postal code, city, street name, house number together) | Support for accounting settlement of the provision of the service (economic event) |
3.4.2. Legal basis for data processing
Mandatory data processing based on legislation (subject to Article 6 (1) c) of the GDPR, Section 5 (1) b) of the Info Act and the Information Act. Section 166 (1)-(3).
3.4.3. Duration of data processing
For 8 years after the issuance of the accounting document (subject to Section 166 (6) of the Act, Section 169 (1) and (2) of the Act
3.4.4. Method of data processing
In electronic form, manually.
3.4.5. Provision of personal data
Given that the Data Controller cannot issue an accounting document without knowledge of the personal data included in this point, the provision of personal data is based on legal regulations.
The Data Subject may request free information about the details of the processing of their personal data, and in cases specified by law, request their correction, deletion, blocking or restriction of processing, and may object to the processing of such personal data. The Data Subject may address the request for information and the requests specified in this point to the contact details of the Data Controller specified in point 2.
4.1. Right of access
The Data Subject may receive feedback from the Data Controller about the processing of their personal data and may access these personal data and the details of their processing.
4.2. Right to rectification
At the request of the Data Subject, the Data Controller shall correct inaccurate personal data concerning them without undue delay and shall be entitled to request the completion of incomplete personal data, including by means of a supplementary statement.
4.3. Right to erasure
At the request of the Data Subject, the Data Controller will erase personal data concerning him/her if the Data Controller no longer needs to process them, or if he/she withdraws his/her consent, or if he/she objects to the processing of the data, or if the processing is unlawful.
4.4. Right to be forgotten
The Data Controller shall, if requested, endeavour to notify any data controller who has or may have become aware of the Data Subject’s request for erasure.
4.5. Right to restriction of data processing
The Data Controller shall, at the request of the Data Subject, restrict data processing if the accuracy of the personal data is disputed, or the data processing is unlawful, or the Data Subject objects to the data processing, or if the Data Controller no longer needs the personal data provided.
4.6. Right to data portability
The Data Subject may receive the personal data concerning him or her provided in a structured, commonly used and machine-readable format, or may transmit them to another Data Controller.
4.7. Response to requests
The Data Controller shall examine the request as soon as possible, but no later than 30 days after its submission, or 15 days in the event of an objection, and shall make a decision on its merits, of which the requester shall be informed in writing. If the Data Controller does not comply with the Data Subject's request, it shall communicate the factual and legal reasons for rejecting the request to the Data Subject in its decision.
4.8. Enforcement
The protection of personal data is important to us, and we also respect the right of informational self-determination of the Data Subjects, therefore we strive to respond to all requests in a fair manner and within a deadline. In view of this, we ask the Data Subjects to contact the Data Controller – with the aim of filing a complaint – before resorting to any possible enforcement of claims through authorities or courts, in order to resolve any conflicts that may arise peacefully.
If the request is unsuccessful, the Data Subject may assert his/her rights before a court based on Act V of 2013 on the Civil Code (the lawsuit may also be initiated before the court competent for the Data Subject's place of residence or stay) and, in accordance with the provisions of the Infotv., may contact the National Authority for Data Protection and Freedom of Information (1125 Budapest, Szilágyi Erzsébet fasor 22/c.; https://www.naih.hu/panaszuegyintezes-rendje.html, hereinafter: NAIH) and file a complaint.
5.1. Notification of recipients
In all cases, we will notify the recipients to whom we have disclosed the personal data of the Data Subject about rectification, erasure, or restriction of data processing, unless this proves impossible or requires a disproportionate effort. We will provide information about these recipients upon the Data Subject’s request.
5.2. Method and deadline for notification
We will provide information in electronic form about the measures taken in response to requests related to point 4 within a maximum of one month from the receipt of the request – unless the Data Subject requests otherwise. This deadline may be extended by a further two months if necessary – given the complexity of the request or the number of requests. We will inform the Data Subject about the extension of the deadline, stating the reasons for it, within one month from the receipt of the request.
At the request of the Data Subject, verbal information may also be provided, provided that the Data Subject proves his/her identity in another way.
If we do not act on the request, we will inform the Data Subject of the reasons for this, no later than one month after receipt, and that he/she may file a complaint with the NAIH and exercise his/her right to judicial remedy (Section 4.8).
5.3. Verification
In exceptional cases, if we have reasonable doubts about the identity of the natural person submitting the request, we will request the provision of additional information necessary to confirm the identity. This measure is necessary to promote the confidentiality of data processing, i.e. to prevent unauthorized access to personal data, as defined in Article 5(1)(f) of the GDPR.
5.4. Costs of information and action
We will provide information on requests related to point 4 and the action taken on their basis free of charge.
If the request of the Data Subject is clearly unfounded or excessive, in particular due to its repetitive nature, we will charge a reasonable fee, taking into account the administrative costs of providing the requested information or taking the requested action, or we will refuse to take action on the request.
6.1. In connection with services
If the Data Subject provides personal data for the services available on the Website, the Data Controller’s hosting service provider, as a data processor, is entitled to access these. The data processor’s details are as follows:
Name: Sybell Informatika Kft.
Contact details: https://sybell.hu
During the provision of services, the Data Controller’s employees may access the personal data of the Data Subjects for whom this is part of their job responsibilities.
6.2. In connection with social media platforms
Our Website has several social media platforms (Facebook, Twitter, Google+, Instagram, You Tube); so, for example, if the Data Subject “likes” our page on Facebook or “follows” us on Twitter, we will learn about all personal data belonging to their profile and available to the public. Relevant information about data processing on these sites can be found in the data processing regulations of the given service provider.
6.3. In connection with invoicing
In connection with invoicing, the tax authority is entitled to access the personal data provided by the Data Subjects for this purpose during its activities. Tax authority data:
Name: National Tax and Customs Office
Website, contact details: https://www.nav.gov.hu/nav/kapcsolat
In order for our website to function properly, in some cases we place small data files on the Data Subject's computer device, similar to most modern websites.
7.1. What is a cookie?
A cookie is a small text file that the website places on the Data Subject's computer device (including mobile phones). Thanks to this, the website can "remember" the Data Subject's settings (e.g. language used, font size, display, etc.), so they do not have to be set again each time they visit our website.
List of cookies used on the Website:
7.2. What do we use cookies for?
Cookies are placed on the site primarily for the customer experience, understandable and clear content, and to simplify purchases.
These cookies can be deleted or blocked, but in this case the Website may not function properly.
Cookies are not used to personally identify the Data Subject. These cookies only serve the purposes described above.
7.3. How can cookies be managed?
Cookie files can be deleted (detailed information: www.AllAboutCookies.org), or their placement can be blocked with most modern browsers. However, in this case, certain settings must be made again each time you use our website, and certain services may not work.
Detailed information on deleting and blocking cookies can be found on the website www.AllAboutCookies.org (English) and on the following links for the browser used by the Data Subject:
8.1. The Website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are saved on your computer and help the website operator analyze how you use the website.
8.2. The information generated by the cookies about your use of the website is usually transmitted to and stored on a Google server in the USA. If IP anonymization is activated on the website, Google will first shorten your IP address within the member states of the European Union or in other states party to the Agreement on the European Economic Area.
8.3. The full IP address will only be transmitted to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate how the User uses the website, to compile reports on website activity for the website operator and to provide other services relating to website and internet usage.
8.4. Within the framework of Google Analytics, the IP address transmitted by the User's browser will not be merged with other data held by Google. The User can prevent the storage of cookies by setting their browser accordingly; however, please note that in this case not all functions of this website may be fully usable. You can also prevent Google from collecting and processing the data generated by cookies and relating to your use of the website (including your IP address) by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=hu
9.1. Data collection on activity
The Data Controller may collect data on the activity of the Data Subject, which cannot be linked to other data provided by the Data Subject upon registration, nor to data generated when using other websites or services.
9.2. Data processing for a different purpose
If the Data Controller intends to use the provided data for a purpose other than the purpose of the original data collection, it shall inform the Data Subject thereof and obtain their prior, express consent, or provide them with the opportunity to prohibit the use.
9.3. Data security
The Data Controller undertakes to ensure the security of the data, and shall also take technical measures to ensure that the recorded, stored, and processed data are protected, and shall do everything possible to prevent their destruction, unauthorized use, and unauthorized modification. Taking this into account and the recommendation of the NAIH on the data protection requirements for data processing on party websites, we use the https protocol on the website, which provides a higher level of data security compared to the http protocol.
The details of the SSL certificate provider are as follows:
Name: Websupport Magyarország Kft.
Contact details: https://www.websupport.hu/
9.4. Obligation to keep records
The Controller shall keep records of the data processing activities carried out under its responsibility (records of data processing activities) in accordance with Article 30 of the GDPR.
9.5. Data protection incident
A data protection incident is a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data processed. In the event of a data protection incident, the Controller shall act in accordance with Articles 33 and 34 of the GDPR. The Controller shall keep records of data protection incidents, indicating the facts related to the data protection incident, its effects and the measures taken to remedy it.
9.6. Amendment
The Controller shall be entitled to unilaterally amend this Notice at any time. The Controller shall inform the Data Subjects of the amendments via the Website. The use of the Website after the modification is conditional on the Data Subject expressly accepting them through the Website and in the manner provided there.
Last modified date: 2025. 07. 24.
