Booking

Effective from: 01/01/2025

Data Controller Information:

Name: LILLDOR CHAUME Kft
Registered Address: 2161 Csomád, Kossuth Lajos út 47.
Mailing Address: 2161 Csomád, Kossuth Lajos út 47.
Tax Number: 24777436213
Phone Number: +36 (70) 573 2061
Email: info@luxuryreedhouse.hu

Hosting Provider Information:

Name: STOREO Magyarország Kft.
Address: 1063 Budapest, Szinyei Merse utca 21. I. em. 5.
Contact Information: info@storeo.hu

Introduction

Dear Guests,

The website www.luxuryreedhouse.hu provides an online booking system through which you can reserve accommodation at the Luxury Reed House guesthouse.

Please note that for the booking to be successful, you will need to provide certain personal data as detailed below.

In relation to the management of your data, the data controller hereby informs you about the personal data processed on the website, the principles and practices followed in handling personal data, the organizational and technical measures taken to protect personal data, and the means and possibilities of exercising your rights as a data subject. Please note that all personal data provided will be handled confidentially, in accordance with data protection legislation and international recommendations, and as set forth in this notice.

We also inform you that the legal regulation of personal data processing has fundamentally changed from May 25, 2018. From that date, Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons regarding the processing of personal data and on the free movement of such data (General Data Protection Regulation, or GDPR), which repeals Directive 95/46/EC, is mandatory.

By making a booking through the website, you as a user accept the provisions of this Privacy Policy (hereinafter: Privacy Policy).

Definitions

Personal Data: Any information relating to an identified or identifiable natural person (data subject), particularly the person’s name, identification number, and one or more factors specific to their physical, physiological, mental, economic, cultural, or social identity, as well as any conclusions that can be drawn from the data concerning the data subject.

Data Set: The total of data processed in a single registry.

Data Subject: Any natural person who is identified or identifiable, directly or indirectly, by reference to any information.

Data Processing: The performance of technical tasks related to data management operations, regardless of the method or tool used to perform the operations or the place of application, provided that the technical task is performed on the data.

Third Party: Any natural or legal person, or organization without legal personality, who is not the data subject, the data controller, or the data processor.

Data Protection: The combination of technologies and organizational methods that ensure the inviolability, integrity, usability, and confidentiality of collected data assets.

Data Breach: A breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.

Data Processing (Operations): Any operation or set of operations performed on data, regardless of the procedure applied, including in particular collection, recording, organization, structuring, storage, transformation or alteration, use, retrieval, disclosure, transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction, as well as preventing further use of the data, creating photo, audio, or video recordings, and recording physical characteristics suitable for personal identification (e.g., fingerprint, palm print, DNA sample, iris image).

Data Controller: The natural or legal person, or organization without legal personality, who alone or jointly with others determines the purposes and means of data processing and makes and implements decisions regarding data processing (including the tools used), or has them implemented by the data processor.

Data Transfer: Making data available to a specified third party.

Data Deletion: Making data unrecognizable in such a way that its restoration is no longer possible.

Restriction of Data Processing: Marking stored personal data to limit their future processing.

Consent: A voluntary, specific, informed, and unambiguous indication of the data subject’s will by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them, either in full or for specific operations.

Consent is considered given when the data subject checks a corresponding box during browsing the website or finalizing a booking, configures the relevant technical settings, or makes any other statement or action that clearly indicates their consent to the planned processing of their personal data in the given context.

Mandatory Data Processing: When data processing is ordered by law or – based on authorization by law and within the defined scope – by a local government decree in the public interest.

Disclosure: Making data accessible to anyone.

Profiling: Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning job performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

Purpose of Data Processing

The Data Controller processes Guests’ personal data for the following purposes:

  • Primarily, to allow for bookings at the Guesthouse, certain personal data (detailed later) must be provided.
  • We also need your personal data to issue an invoice for the accommodation.
  • Providing your personal data is also important for communication regarding the booking, to ensure we can notify you of any significant changes or events that may affect your stay.

Legal Basis of Data Processing

The Data Controller processes the guests’ personal data based on the following legal grounds:

For the purpose set out in Section III. a), the legal basis is Article 6(1)(b) of the GDPR, i.e., the performance of a contract in which the Guest, as the data subject, is one of the parties.

For the purpose set out in Section III. b), the legal basis is Article 6(1)(c) of the GDPR, i.e., compliance with a legal obligation to which the Data Controller is subject, specifically the obligation to issue accounting records and invoices.

For the purpose set out in Section III. c), data processing is based on Article 6(1)(a) of the GDPR, in order to provide appropriate information regarding essential aspects arising from the contractual relationship.

In the event that data processing is required for any other purpose or based on a different legal basis, the Data Controller is obliged to inform the data subject individually, prior to the commencement of such data processing, about all important information related to the intended data processing and their rights concerning it.

Scope of Processed Data

The use of the online booking interface available on the Data Controller’s website does not require separate registration; however, the following personal data must be provided to complete a booking:

  • Name (surname and given name)
  • Telephone number
  • Email address
  • Billing address

Duration of Data Processing

Data processing of the Guest’s telephone number and email address begins at the time the booking is made and the data is deleted after the Guest’s departure from the Guesthouse

The Guest’s name and billing address are processed for the duration specified in the Accounting Act, which is 8 (eight) years. After this period, the Data Controller will destroy the data.

Data Security

The Data Controller takes all necessary measures to ensure the security of the personal data provided by the Guests, both in terms of network systems and during data storage and retention.

The booking system operating through the Data Controller’s website is hosted by an external secure hosting service provider, and the provider has no access to the data stored on this hosting. The Data Controller performs its work processes on password-protected and antivirus-protected computers.

Rights and Legal Remedies of the Guest

The Guest has the right to receive confirmation from the Data Controller as to whether personal data concerning them is being processed, and if so, to access the data and all relevant information about the processing.

The Guest may request that the Data Controller rectify any inaccurate personal data concerning them without undue delay. Taking into account the purposes of the processing, they may also request the completion of incomplete personal data.

You may request the deletion of your personal data, except where the processing is necessary for the Data Controller to comply with a legal obligation or for the establishment, exercise, or defense of legal claims. The Data Controller will delete personal data without undue delay if the processing is unlawful, the data is incomplete or incorrect, the purpose of the processing no longer exists, the storage period has expired, or if a court or authority orders the deletion, or it is necessary to comply with a legal obligation applicable to the Data Controller.

If the Data Controller processes personal data based on the data subject’s consent, the data subject may withdraw their consent at any time. If there is no other legal basis for processing, the Data Controller will delete the personal data affected by the withdrawn consent.

The Guest has the right to request restriction of data processing by the Data Controller if:

  • the accuracy of the personal data is contested by the Guest – for a period enabling the controller to verify the accuracy of the data;
  • the processing is unlawful, but the Guest opposes the deletion of the data and requests the restriction of their use instead;
  • the Data Controller no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims; or
  • the data subject has objected to processing based on public interest or legitimate interest of the Data Controller or a third party.

During the restriction period, the Data Controller may only store the personal data and use it for no other purpose.

When the Guest exercises their rights, the Data Controller will examine the request and take the necessary measures, and will inform the Guest within one month of receipt of the request about the measures taken or the reasons for not taking action.

Legal Remedies

The Guest may submit any data protection-related request to the Data Controller at the address or email address specified in Section I.

If their rights are violated, the data subject may bring an action before the competent court based on the Data Controller’s registered address or – at their discretion – the court competent for their place of residence or, in the absence thereof, their place of stay.

The Guest may also lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) (1125 Budapest, Szilágyi Erzsébet fasor 22/c.) and may initiate an investigation if they believe that a violation of their rights regarding personal data has occurred or is imminent.

Wake up to birdsong, relax in the jacuzzi, and enjoy the panoramic view of Lake Balaton – every moment here is about recharging.
Facebook
NTAK registration number: EG23060326
Our contacts
Booking
Quick links
Informations

Copyright © 2025 – All rights reserved

Reservation