Information about Data Management

Geotherm Üdülő Kft.
Address: 4200 Hajdúszoboszló, Mátyás király sétány 25.
Postal address: 4200 Hajdúszoboszló, Mátyás király sétány 25.
Phone: +36 52 363 811
Fax: +36 52 362 639
E-mail address:
Company registration number: 09-09-000056
Tax number: 10254808-2-09

Data Controller (hereinafter referred to as: Company or Geotherm Üdülő Kft.)

Geotherm Üdülő Kft. as data controller declares that in the course of data processing, he will act in accordance with the provisions of Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter referred to as "Info Act").

Geotherm Üdülő Kft. respects the personal rights of the Guests and has therefore prepared the following Information about Data Management (hereafter referred to as "Brochure"), which is available on the Company’s official website electronically, or in the hotels on paper.

This Brochure provides general guidance about the data handling during the services provided by the Company. The method of data handling may differ from those contained in this Brochure, however, Geotherm Üdülő Kft. will inform the Guests of such deviations and the exact way of data management in advance. The Company will give information of any data management not included in the Brochure prior to the potential data processing.

Personal data are handled by the Company only for the predetermined purpose and for the necessary time to exercise its rights and obligations. The Company only handles personal data that is essential for the purpose of data management, and is suitable for reaching this goal.

The validity of the legal declaration made by minor children (under sixteen years of age) shall be subject to the consent or subsequent approval of his/her legal representative.

In all the cases when the Company uses the data provided for purposes other than the purpose of the original data recording, the Company will inform the data subject and requests his prior, express consent, or offers him the option to prohibit its use.

The personal data obtained in the course of data processing by the Company should only be disclosed to persons who act on behalf of the Company or to the persons employed by the Company, who have a task in connection with the given data management.

  1. Definitions

Data subject: shall mean any natural person directly or indirectly identifiable by reference to specific personal data;

Personal data: shall mean data relating to the data subject, in particular by reference to the name and identification number of the data subject or one or more factors specific to his physical, physiological, mental, economic, cultural or social identity as well as conclusions drawn from the data in regard to the data subject;

Special data: shall mean personal data revealing racial origin or nationality, political opinions and any affiliation with political parties, religious or philosophical beliefs or trade-union membership, and personal data concerning sex life, and personal data concerning health, pathological addictions, or criminal record;

Consent: shall mean any freely and expressly given specific and informed indication of the will of the data subject by which he signifies his agreement to personal data relating to him being processed fully or to the extent of specific operations;

Objection: shall mean a declaration made by the data subject objecting to the processing of their personal data and requesting the termination of data processing, as well as the deletion of the data processed;

Data controller: shall mean the natural or legal person, or organisation without legal personality which alone or jointly with others determines the purposes and means of the processing of data; makes and executes decisions concerning data processing (including the means used) or have it executed by a data processor;

Data management: shall mean any operation or the totality of operations performed on the data, irrespective of the procedure applied; in particular, collecting, recording, registering, classifying, storing, modifying, using, querying, transferring, disclosing, synchronising or connecting, blocking, deleting and destructing the data, as well as preventing their further use, taking photos, making audio or visual recordings, as well as registering physical characteristics suitable for personal identification (such as fingerprints or palm prints, DNA samples, iris scans);

Data transfer: shall mean ensuring access to the data for a specified third party;

Disclosure: shall mean ensuring open access to the data;

Data deletion: shall mean making data unrecognisable in a way that it can never again be restored;

Tagging data: shall mean marking data with a special ID tag to differentiate it;

Blocking of data: shall mean marking data with a special ID tag to indefinitely or definitely restrict its further processing;

Data processing: shall mean performing technical tasks in connection with data processing operations, irrespective of the method and means used for executing the operations, as well as the place of execution, provided that the technical task is performed on the data;

Data processor: shall mean any natural or legal person or organisation without legal personality processing the data on the grounds of a contract, including contracts concluded pursuant to legislative provisions;

 Third party: any natural or legal person, or organisation without legal personality other

than the data subject, the data controller or the data processor;

 Privacy incident: unauthorized management or processing of personal data, including unauthorized access, alteration, transmission, disclosure, deletion or destruction, and any incidental destruction or damage.

Third-country national: Any citizen other than a Hungarian citizen who is not a national of a member of the European Economic Area, including the stateless persons.

European Economic Area (EEA): the Member States of the European Union, Iceland, Liechtenstein and Norway as party Member States, and Switzerland as a state of identical legal status.

 2. The purposes of data management

2.1. Hotel services

During the provision of services, all data management relating to the data subject is based on voluntary contribution, and its purpose is to provide the service, to maintain contact and to present the services of the Company. The personal data contained in this section will be stored by the Company for the time specified in the relevant tax and accounting regulations, and will be erased after such deadline.

For certain services, it is possible to enter additional information in the comments box, which helps to fully understand the Guest's needs, but it is not a requirement for the reservation of rooms or the use of other services.

2.1.1. Ask for a quotation, Room reservation

For online, personal (paper-based) or telephone inquiries and book reservations, the Company requests / may request the following information from the Guest

 2.1.2. Registration form

When using certain hotel services, the Guest fills in a hotel registration form, and, by handing it to the employees of the Company, gives his consent to the Company to use the following mandatory information in order to satisfy its obligation detailed in the relevant statutory requirements (in particular, the law on alien policing and tourist tax) as long as the competent authority may check its compliance with the obligations set out in the relevant legislation:

Providing the mandatory data by the Guest is the precondition of using the hotel’s services.

By signing and handing over the registration form, the guest agrees to the handling and archiving of the personal information indicated on the registration form for the necessary duration so that the Company can exercise its rights and obligations.

2.1.3. Purchasing gift vouchers

When a gift voucher is purchased, the Buyer provides the following personal information:

For purchase in person:

 When ordering online, through the official website of the Company:

 The purpose of the data management is to maintain contact and to deliver the gift voucher.

The personal data thus obtained will be stored by the Company for the period of time specified by the applicable tax and accounting regulations, and will be erased after such a deadline.

2.1.4. Guest questionnaire

As part of the quality assurance process applied at the Company, the Guests can give their opinion on a paper-based guest questionnaire. When filling in the questionnaire, the Guest may give his personal information as follows:

It is not mandatory to provide such data, they only serve the accurate investigation of the possible complaints or to ensure that the Company gives a response to the guest.

Any such opinions and any related information given by the Guest, which cannot be traced back to the Guest and cannot be linked to the Guest, may be used by the Company for statistical purposes.

The personal data provided by filling in the Guest Questionnaire will be cancelled within 5 (five) business days after the complaint has been investigated. The e-mail address and the username given for the use of the evaluation system will be erased by the company at the request of Guest sent to the address: .

2.2. Camera system

For the personal and financial security of the Guests, surveillance cameras are used in the hotels operated by the Company.

By entering the hotel, the data subject accepts that the Company will take motion pictures of him, and will manage and archive them for the necessary time (168 hours) in order to exercise its rights and meet its obligations.

2.3. Newsletter

The Company sends a newsletter only with the consent of the data subject. The data subject, by subscribing to the newsletter through the websites of the hotels, by e-mail, on paper, on the Facebook or by other means, and by giving his name and email address, accepts that the Company will send electronic newsletters to him to the e-mail address or the Facebook account give by him.

The personal data you have provided will be stored separately from the data provided for other purposes. The Company is entitled to forward the list or the data to a third party so that the recipient can receive full-scale general or personalized information about the Company's latest discounts.

The Company only manages personal data for this purpose until it intends to inform the data subject through the newsletter, or until the data subject does not unsubscribe from the newsletter list. The data subject can unsubscribe from the newsletter at any time at the bottom of the newsletters, or by sending a request to unsubscribe to, or to the Company’s postal address: 4200 Hajdúszoboszló, Mátyás király sétány 25.

2.4. Facebook site

The Company or the hotels etc. operated by the Company are on the Facebook Community portal separately.

The purpose of data management is to share the content found on the Company's websites and any exclusive content not found there. Using the Facebook account, the Guests can book a room, participate in prize games and find information about the latest discounts and promotions.

In the case of reservation, the system automatically redirects the Guest to the Company's website, and in such case, the data is processed as specified in Section 3.1.

You can find information on the data handling on the Facebook site in the privacy policies and regulations of the Facebook at

2.5. Prize game

The Company, on its own, or together with others, starts occasionally a prize game to advertise the services of a particular hotel / hotels.

The participation in the prize game is possible after paper-based registration, or after online registration on the Company's websites, or Facebook sites once the following data is entered:

The purpose of the data management is to maintain contact so that the Company can give the prize to the winner. Data management lasts until the end of the prize game; within 15 working days of the end of the prize game, the so managed data (excluding the winner) will be deleted. The data of the winner will be stored by the Company for a period of time which meets the applicable tax and accounting regulations, and will be erased after the deadline. For the Guests who subscribe to the newsletter and contribute to the promotional offer, the above data will be handled by the Company in accordance with section 3.4 of this Brochure.

2.6. Website visit data

The Company's website may contain links that are not operated by the Company, and are intended only to inform the visitors. The Company has no influence on the content and security of the websites operated by its partner companies, so it does not assume any responsibility for them.

The Company uses so called cookies to track its websites. When visiting the site, the system creates a cookie to record information about the visit (visited sites, time spent on our sites, browsing data, exits, etc.), which cannot be connected to the visitor's person. This tool helps to develop the website so that the Company's websites are user-friendly according to the current needs. The Company does not use the cookies to collect any personal information.

The visitors of the Company’s websites can enable or disable the cookies. Most web browsers automatically enable cookies, however, by modifying the browser settings, they can be disabled or, if set in the browser, the user can receive a warning before the cookie is stored.

However, if cookies are not enabled in the browser, you may not be able to fully use the functions of the Company's websites.

On the website, we use session cookie (small data package) that is valid until the end of the given session, so it is created for the duration of the visit, and will be automatically deleted from the user's computer afterwards. The so-called cookie is required for the website’s security, for the user-friendly solutions and for better user experience.

No personal data is stored using the cookies. The visitor can delete the cookies from his computer / browser device at any time, or the browser can be set to disable the use of cookies without which the webpage is still functional, however, the user acknowledges that his browsing experience will not be complete afterwards.

2.7. E-mail

The Company provides that anyone can contact Geotherm Üdülő Kft. via e-mail.

The Company stores the messages until the questions are answered, and then archives the emails and stores them for 5 years.

3. Data security

The Company manages the personal information confidentially, and does not disclose it to unauthorized persons. It protects the personal data, against, in particular, unauthorized access, change, forwarding, disclosure, deletion or destruction, as well as from inaccessibility cased by accidental destruction, damage and any change in the used technology. The Company shall take all the necessary security measures to ensure the technical protection of the personal data.

The Company’s employees can use the personal data only to the necessary extent, and only for the permitted purpose. To ensure this, they have undertaken a confidentiality obligation, which also applies after the activity is finished.

4. Data transmission

The Company reserves the right to forward the personal data it manages to the competent authorities and courts, in the cases specified by law, without the special consent of the data subject.

The Company, to check the lawfulness of the data transfer and for informing the data subject, maintains a record of data transfer for the purposes of informing the data subject, which includes the date of transfer of the personal data it manages, the legal basis and the addressee of the data transfer, the definition of the scope of the transferred personal data and other data specified in the statutory provisions.

The Company reserves the right to forward the personal data it manages to the competent authorities and courts, in the cases specified by law, without the special consent of the data subject.

5.  Data processors

A specific list of the Company's data processors can be requested by e-mail at, which request will be responded to in writing within 30 (thirty) days.

 6. Legal remedy

6.1. Information

Within 25 days of the day the data subject sends a request to the email address or to the Company's name and address (Geotherm Üdülő Kft., 4200 Hajdúszoboszló, Mátyás király sétány 25), the Company shall notify the data subject about the data subject’s data managed by it or by the data processor he has mandated, their source, the purpose, the legal basis, and the duration of the data processing, the name and address of the data processor, his activity connected to data processing, the circumstances of the privacy incident, its effects, the measures taken to remedy it, and the legal basis and addressee of the legal transfer.

The Company keeps a record of the measures taken in connection with the data protection incident and to inform the data subject, including the scope of the concerned personal data, the scope and number of the persons involved in the data protection incident, the date, the circumstances, the effects and the measures taken for the data protection incident, and other statutory provisions which order the data processing.

In the event of any refusal to provide information, the Company shall inform the data subject in writing of the provisions of the law which allow him to refuse to give information, and informs the data subject of the remedies available to him.

6.2. Correction

If the personal data does not correspond to reality, and the proper personal data is available to the Company, the personal data will be corrected by the Company. The Company shall notify the data subject of the correction, and any person whom it has previously forwarded the data for data processing purposes. The notification may not be necessary if it does not violate the legitimate interests of the data subject in terms of the purposes of data handling. The correction on request, the deadline for action and the remedy options are set out in section 7.1.

6.3. Erasure and blocking, objection

For the erasure and blocking of personal data and for the objections against data processing, the provisions from section 17§ to section 21§ of the shall govern.

6.4. Judicial enforcement

In case of violation of the personality rights of the data subject, he may turn to a court. For the court proceedings, Section 22 of Info. tv, First 2:51 § – 2:54 § of Act V of 2013 on the Civil Code, as well as other relevant legal provisions shall apply.

6.5. Compensation for damages and grievance fee

If the Company causes harm with the unauthorized handling of the data, or by breaching the requirements of data security, or violates the personality rights of the data subject, the data subject may demand grievance fee from the data subject.

The data controller is exempt from the liability for damages and from the payment of the grievance fee if he proves that the damage or the violation of the personality rights of the data subject was caused by an unavoidable cause outside the scope of data processing. The Company is also liable for the damage caused by the data processor to the data subject, and the Company is obliged to pay grievance fee to the data subject in respect of the violation of personal data caused by the data processor. The Company shall be exempt from liability and from the payment of the grievance fee if he proves that the damage or the violation of the personality rights of the data subject was caused by an unavoidable cause outside the scope of data processing. No compensation shall be payable and no damages can be claimed in so far as it was caused by the intentional or gross negligence of the data subject.

7. Other provisions

The Company reserves the right to modify this Brochure, of which it will notify the data subjects. The Company does not assume any responsibility for the accuracy of the information provided by the visitors of the websites, or for the data provided by the Guests.

In data protection issues, you can ask for help from the National Authority for Data Protection and Freedom of Information at any time.

chairman: dr. Péterfalvi Attila
postal address: 1534 Budapest, Pf.: 834
address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Phone: +36 1 391 1400
Fax: +36 1 391 1410