“Personal data” means any information collected and logged in a format that allows you to be identified personally, either directly (e.g. name) or indirectly (e.g. telephone number) as a natural person. Before providing us with this information, we recommend that you read this document describing our customer privacy protection policy.
- Information on the data controller:
|Name of the company:||Lebowski Vendéglátóipari Szolgáltató Ltd.|
|Company registry number:||01-09-901187|
|Seat:||H-1071 Budapest Damjanich u. 35. III/17.|
|Data Protection Officer:||not obligatory under Article 37 of GDPR|
|Data processing outside EU:||the data processor does not process data outside the European Union|
- General principles
We will only collect personal data that is necessary to provide our services and to comply with legal duties imposed by law. We will take all reasonable steps to ensure that the personal data we hold is accurate and up to date. When collecting and processing your personal data, we will communicate all information to you and inform you of the purpose and recipients of the data. We ensure the transparency of our data processing policy. We act in good faith and according to the general duty of cooperation to safeguard the privacy of our guests.
- What kind of personal data is collected and controlled?
Our main purpose is to manage your stay with our hostel. We collect and use personal information if you make a booking through our reservation system or check-in at the desk. We generally collect this information directly from you, but in some cases we may receive your information from a third-party, such as when you book through an online travel agency or you use booking sites. Information collected during the course of the reservation and during your stay may include:
- Your name, email address, date and place of birth, home or business address, phone number, nationality, ID number, payment card information; scanned copy of your ID card (passport/ID card/driving license)
- Information made during the course of your reservation such as date of arrival and departure, payment method, your signature, your preferred room type and specific requests to the hostel.
- Our staff has access to our Facebook, Tripadvisor and other accommodation broker accounts, and we track the opinions that our guests leave as an evaluation of our services.
- Our website has a chat service whereby anyone can ask information from our staff. It is not obligatory to provide personal data to use the chat service. However, if our stuff is not available, the visitor of our site can leave his name, e-mail address and message. We use this information to reply the inquiries.
Our company does not collect and process special categories of personal data as specified in Article 9 of the GDPR. This article refers to health data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation; personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data. If this kind of data is collected incidentally, it should be removed immediately to avoid undertaking new obligations for the protection of that data.
- Specific data control
- CCTV: A CCTV system operates within the public areas of the hostel. The areas under 24/7 surveillance include the entrance of the hostels, the reception desk and reception area, the corridors, the luggage office, cleaning depository, and the kitchen. The system delates the recordings after two weeks.
- Homepage: We also collect information from you when you browse our website such as your country information, internet protocol (“IP”) address, media access control address and other characteristics about your system or device may be automatically collected. This information is collected for functional purposes as well as to improve your experience when using these services. This information may also be used for aggregated trend and statistical analysis. The homepage is operated – as data processor – by Lebowski Ltd (H-1071 Budapest Damjanich u. 35. III/17.) and 7Hills IT Ltd. (H-2013 Pomaz, Kandó Kálmán u. 18.) as website operator. Our server is in the Netherlands. Our website uses analytics cookies from other sites in order to monitor usage on the site and optimise functionality.
- Purpose of the use of the data
The primarily purpose of the collection and procession of the data is to perform the contract between you as our customer and us as service provider. We use the information collected from you to fulfil your hotel reservation. This includes: managing the reservation and accommodation requests, monitoring our services, internal management of lists of customers having behaved inappropriately during their stay at the hotel (aggressive and anti-social behavior, non-compliance with the hotel contract, non-compliance with safety regulations, theft, damage and vandalism, or payment incidents). Prior to your stay this may include sending your information to the hotel or sending you pre-stay communications. Following your stay, we may also send you post-stay communications (newsletter) and satisfaction surveys to get feedback on your experience.
Our company has to comply with legal duties under municipal law, such as proper administration of taxation, accounting. The disclosure of the data might be required to comply with a judicial proceeding, court order, subpoena or warrant. (For example in the case of criminal investigation.)
Under the municipal law, we are obliged to send aggravated statistical data on the nationality of our visitors to the National Office of Statistics.
We may use information for purposes of aggregated trend and statistical analysis to evaluate and improve our services. We do not use your information to display targeted advertisements. We do not create profiles by connecting multiple sources of data, such as our reservation system or Tripadvisor and Facebook.
- Legal basis for processing your personal data
We are committed to collecting and using your information in accordance with applicable data protection laws. We will only collect, use and share your information where we are satisfied that we have an appropriate legal basis to do this. The following legal basis are applicable:
- If you have provided your consent to us using the personal information – Article 6.1.(a) of the GDPR
- If the processing of your personal data is necessary to perform our contractual duties and rights in relation the legal relationship – Article 6.1.(b) of the GDPR
- Your information is necessary to meet responsibilities we have to our regulators, tax officials, law enforcement, or otherwise meet our legal responsibilities – Article 6.1.(c) of the GDPR
- Use of your information is in our legitimate interest as a commercial organization, for example to operate and improve our services or ensure our contractual rights – Article 6.1.(f) of the GDPR
- Who has access to your personal data?
In order to offer you the best service, we can share your personal data and give access to authorized personnel from our hostel and company, including: hotel staff, IT departments, commercial partners, legal services if applicable.
Your personal data may be sent to a third party for the purposes of supplying you with services and improving your stay, for example: external service providers (IT sub-contractors, banks, credit card issuers, external lawyers).
We may also be obliged to send your information to local authorities if this is required by law or as part of an inquiry and in accordance with local regulations.
- How we secure your data?
We take appropriate technical and organizational measures, in accordance with applicable legal provisions, to protect your personal data against illicit or accidental destruction, accidental alteration or loss, and unauthorized access or disclosure. To this end, we have taken technical measures and organizational measures (such as a user ID/password system, means of physical protection etc.).
Our websites are not intended for children and we do not intentionally solicit or collect personal information from individuals under the age of 16. If we are notified or otherwise discover that a minor’s personal information has been improperly collected, we will take all commercially reasonable steps to delete that information. Visitors of the age group 16-18 have to submit a parental statement when they check in. We handle this document jointly with the other relevant information to provide our services.
- Your rights under GDPR
You have legal rights under EU data protection laws in relation to your personal information:
- To access personal information: You can ask us to confirm whether or not we have and are using your personal information and for a copy of your information.
- To correct / erase personal information: You can ask us to correct any information about you which is incorrect. We will be happy to rectify such information but would need to verify the accuracy of the information first. You can ask us to erase your information if you think we no longer need to use it for the purpose we collected it from you. You can also ask us to erase your information if you have either withdrawn your consent to us using your information (if we originally asked for your consent to use your information), or exercised your right to object to further legitimate use of your information, or where we have used it unlawfully or where we are subject to a legal obligation to erase your personal information. We may not always be able to comply with your request, for example where we need to keep using your information to comply with our legal obligation or where we need to use your information to establish, exercise or defend legal claims.
- To restrict how we use personal information: You can ask us to restrict our use of your information in certain circumstances, for example: where you think the information is inaccurate and we need to verify it; where our use of your information is not lawful but you do not want us to erase it; where the information is no longer required for the purposes for which it was collected but we need it to establish, exercise or defend legal claims; or where you have objected to our use of your personal information but we still need to verify if we have overriding grounds to use it.
- We can continue to use your information following a request for restriction where we need to use it to establish, exercise or defend legal claims, or we need to use it to protect the rights of another individual or a company or fulfill legal duties imposed by the municipal law.
- To object to how we use your information: You can object to any use of your information which we have justified on the basis of our legitimate interest, if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information. If you raise an objection, we may continue to use your information if we can demonstrate that we have compelling legitimate interests to use the information.
- To ask us to transfer your information to another organization: You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller (e.g. another company). You may only exercise this right where we use your information in order to perform a contract with you, or where we asked for your consent to use your information. This right does not apply to any information which we hold or process that is not held in digital form.
- How to contact us?
For any questions or concerns regarding this Privacy Statement or our data privacy practices, please contact us:
For the purposes of confidentiality and personal data protection, we will need to identify you in order to respond to your request. You will be asked to include a copy of an official piece of identification, such as a driver’s license or passport, along with your request. Our staff will respond within 30 days.
- Legal remedies
You have a right to lodge a complaint with your local data protection supervisory authority at any time. The procedures are regulated by Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information. In the event of any infringement of your rights as data subject, you may submit a complaint with the National Authority for Data Protection and Freedom of Information (www.naih.hu) or launch a court procedure at the Metropolitan Court of Budapest. However, we ask that you please try to resolve any issues with us first before referring your complaint to the supervisory authority.
Effective Date: 25 May 2018