Purpose of data processing:

The purpose of this Privacy Policy is to set out the data protection and processing principles and the data protection and processing policy of Gasztronómia Klub Étterem Kft. (hereinafter referred to as the “Data Controller”), which is binding on the Data Controller.

The Gastronomy Club Restaurant Kft. reserves the right to change the provisions of this Privacy Policy at any time, which it will inform its Customers and Partners of without delay.

The Gastronomy Club Restaurant Kft. guarantees that it will treat the personal data in its possession confidentially and will take all security, technical and organizational measures to ensure the safe handling and complete security of the data throughout the entire period of Data Management.

Unless otherwise informed, the scope of this Policy does not cover services and data processing related to promotions, sweepstakes, services, other campaigns and content published by third parties other than the operator of the website or the Data Controller, advertising on the Company’s websites or otherwise appearing on them. In the absence of similar information to the contrary, the scope of this Notice does not extend to the services and data processing of websites and service providers to which links are provided on the websites covered by this Notice. Such services are governed by the provisions set out in the third party’s privacy policy and the Data Controller accepts no responsibility for such processing.

The Gastronomy Club Restaurant Kft. processes, stores and transmits personal data in accordance with the laws in force, in particular with the following:

– Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation, GDPR)
– 2011. Act CXII. Act on the Right to Informational Self-Determination and Freedom of Information (Infotv.)
– 2012. Act I of 2007 – Labour Code (Labour Code)
– 2013. Act V of 2007 – on the Civil Code (Civil Code)
– 1997. Act CLV. Law – on Consumer Protection (Fgytv.)
– 1998. Act XIX. Act – on Criminal Procedure (Be.)
– 2000. – Act C – on Accounting (Accounting Act)
– 2001. Act CVIII. – Act CVIII – on certain aspects of electronic commerce services and information society services (Eker.t.)
– 2003. – Act C – on Electronic Communications (Eht.)
– 2005. Act CXXXIII. – Act CXXXIII – on the rules of personal and property protection and private investigation (Act on the protection of persons and property and private investigation)
– 2008. Act XLVIII. Act on certain restrictions on commercial advertising (Grt.)

2. Scope of personal data processed:

2.1. When the User visits the interface of a service, the IP address of the User is automatically recorded by the Controller’s system.

2.2. Based on the User’s choice, the Data Controller may process the following data related to the use of the Services: name, nickname, gender, place of residence, place of stay, postal code, place of birth, date of birth, telephone number, e-mail address, secondary e-mail address, presentation, IP address of last access, date of last access.

2.3. If the User sends an e-mail (e.g. a message, a request for an offer, etc..) for a service, the Data Controller records the User’s e-mail address and processes it to the extent and for the duration necessary for the provision of the service.

2.4. If the User links his/her Facebook account to the Facebook account of the Data Controller by his/her own choice, the Data Controller may also process the following personal data of the User in addition to those referred to above: facebook, profile name, facebook profile URL, facebook profile ID, facebook profile picture, facebook email address, facebook address, facebook gender, birthday, profile, marital status and website url.

2.5. Notwithstanding the above, it is possible that a service provider technically related to the operation of the service may carry out data processing activities on one of the websites without informing the Data Controller. Such and similar activities do not constitute processing by the Data Controller, and the Data Controller will make every effort to prevent and filter such processing.

3. Additional data processed by the controller:

3.1. In order to provide a personalised service, the Data Controller may use the following methods. Places cookies. The purpose of the cookie is to ensure the highest possible quality of the operation of the site, to provide personalised services and to enhance the user experience. The User is able to delete cookies from his/her computer and can also set his/her browser to refuse the use of cookies.

3.2. Data technically recorded during the operation of the system: the data of the User’s computer logging in, which are created during the use of the service and which are recorded by the Data Controller’s system as an automatic result of technical processes. The data that are automatically recorded are automatically logged by the system on log-in and log-out without any special declaration or action by the user.

4. Details of the data processed by the Data Controller:

4.1. Restaurant data management:

4.1.1 Guest data:

Purpose of data processing: the Gastronomy Club Restaurant Kft. making purchases, issuing invoices, registering guests, documenting purchases and payments, fulfilling accounting obligations, maintaining guest relations

Legal basis for processing: processing is necessary for the performance of the contract

Type of personal data processed: name, address, name of the service used, purchase price, method of payment, date of use of the service

Duration of data processing. TV requirements 8 years

In the case of payment by card, the data of the credit card and the card payment transaction are stored by Raiffeisen Bank Zrt. handles. Data transmission: in case of payment by credit card, the payer’s ID, amount, date and time of the transaction to the Bank.

Legal basis for the transfer: processing is necessary for the performance of the contract in accordance with the GDPR.

4.1.2 Events:

The purpose of data processing: the Gastronomy Club Restaurant Kft. by organising, running, coordinating and monitoring events

Legal basis for processing: processing is necessary for the performance of the contract in accordance with the GDPR.

Data processed: booking reference number, date of order and event, name, telephone number, e-mail address of the person placing the order, number of participants, name, age, gender, any special request, food sensitivity data, other data provided during the ordering process

Duration of processing: one month after the event.

The processing is necessary for the performance of the contract.

4.1.3. Handling quality complaints, complaints:

Purpose of data processing: the Gastronomy Club Restaurant Kft. handling quality complaints about the services provided by.

Legal basis for processing: processing is necessary for the performance of the contract

Type of personal data processed: unique identifier number of the complaint, name, address of the consumer, place, time, manner of lodging the complaint, documents, other evidence submitted by the consumer the complaint, the place and time of the recording of the complaint, the name and signature of the recorder,

Duration of data processing: copies of the minutes of the complaint and of the replies to the written complaints and the certificate of dispatch are subject to the provisions of the Fgytv. Based on 5 years

For the retention of duplicate copies of entries in the buyers’ ledger, 2 years.

There is no data transmission.

4.1.4. Extraordinary events:

The purpose of the data management: to manage and record any incidents that occur in restaurants.

Legal basis for processing: the controller. Or the legitimate interests of other persons may require the management of extraordinary events.

Data processed: name, address, telephone number of the injured person, date and time of the accident, description of the injury and accident, description of the action taken, name of the first-aider, name, address, telephone number and contact details of the witness.

Duration of processing: 5 years for the guest accident report.

4.1.5. Handling found objects:

The purpose of data processing: to keep a record of the objects found in the restaurant, to notify the owner or the person who found them.

Legal basis for data processing: according to the Civil Code.

The type of personal data processed: date and time of discovery, details of the person who found the object, the name of the object found, whether the owner was notified, the place of storage, the name of the person who found the object and the names of the receiver and the deliverer, and the signature of the receiver and the deliverer

Duration of data processing: the data will be deleted or destroyed after the owner has received the found object.

4.1.6. Restaurant wifi service:

By connecting to the wifi network, guests agree that Gasztronómia Klub Étterem Kft. monitor the connection based on the unique network identifier of the device.

The wifi traffic of the restaurant is managed by Gastronomy Club Restaurant Kft. not fixed.

4.2. Marketing and market research database:

4.2.1. Marketing database:

The data of those who give their consent to the direct marketing enquiry will be processed by Gastronomy Club Restaurant Kft. handles.

The purpose of the processing is: building a database for business purposes, sending e-mail newsletters containing commercial advertising to the data subjects, making personalised offers using online analytical data, and forwarding offers from the data controller and its partners.

Only persons over the age of 16 may consent to be contacted for direct marketing purposes.

Legal basis for data processing: the data subject’s voluntary consent to the processing of personal data by Grt. As required by.

The data processed: identification number, name, address, e-mail address, telephone number, consent to DM requests, data relating to the sending, delivery and opening of messages and data subjects’ online activity are stored.

Duration of processing: until the withdrawal of the data subject’s consent.

Withdrawal of consent to the transmission of your DM and deletion or modification of your personal data by Gasztronómia Klub Étterem Kft. at the central e-mail address.

4.2.2. Database for market research purposes:

The data of the persons concerned by the market research are collected by Gasztronómia Klub Étterem Kft. handles.

The purpose of data processing: recording and segmenting the data of persons participating in market research, sending research invitations, coordinating and conducting market research.

Legal basis for processing: voluntary consent of the data subject. Only 16 in market research. Anyone over the age of 18 can participate.

Type of data processed: identification number, name, address, e-mail address, telephone number, other data provided.

Duration of processing: until the withdrawal of the data subject’s consent.

4.3. Asset protection:

4.3.1. Electronic monitoring system:

The Gastronomy Club Restaurant Kft. has an electronic surveillance and recording system in place in its restaurant, which includes cameras covering the entire restaurant area. The exact location of the cameras and the names of the monitoring areas are given in the
is displayed in a prominent place in the unit and information is provided to guests when they enter the restaurant.

Personal data controller: a Gastronomy Club Restaurant Kft. competent manager

The purpose of data processing is: to prevent and detect violations of human life, physical integrity and property rights, to catch offenders in the act and to prove violations, to identify unauthorized persons entering the restaurant, to record the fact of entry, to document the activities of unauthorized persons, to investigate the circumstances of any accidents at work and other accidents.

Legal basis for data processing: in the case of guests, the consent of the data subject by entering the restaurant, in the case of employees, the legitimate interest of Gasztronómia Klub Étterem Kft. asset protection.

Type of personal data processed: facial images and other personal data of persons entering the restaurant area, as shown in the images and recorded by the surveillance system.

Duration of data processing: 30 days in the absence of use (SzvMt)

Use of the recordings:

The right to view the current image of the cameras belongs to: the Gastronomy Club Restaurant Kft. eligible employees.

The following are entitled to view the recordings of the cameras: the Gastronomy Club Restaurant Kft. eligible employees.

The cameras are entitled to record on a data carrier: the Gastronomy Club Restaurant Kft. eligible employees.

The Gastronomy Club Restaurant Kft. may only be viewed by persons authorised to do so for the purpose of proving offences against human life, limb or property and identifying the offender.

The data subject whose right or legitimate interest is affected by the recording of the image may request that the controller does not destroy or erase the recording until a court or public authority requests it, but for a maximum of 30 days, by providing evidence of the right or legitimate interest. The person in the recording may request information about the recording made of him or her by the surveillance system, request a copy of the recording or, if the recording includes another person, have access to the recording. The data subject may request the deletion of his or her record, the modification of the data relating to the record, or object to the processing.

The data controller shall keep a record of the fact of access to the recorded data, the name of the person who accessed the data, the reason for access and the time of access.

Transmission of data: in the case of offences or criminal proceedings, to the authorities or courts conducting them.

Scope of the data transmitted: recordings made by the camera system containing relevant information.

The legal basis for the transfer of data is. Sztv.

4.4. www.akademiaklub.hu and www.akademiacatering.hu:

4.4.1. Server logging www.akademiaklub.hu and www.akademiacatering.hu

The data processing by the Gatronomy Club Restaurant Kft. and no user data is recorded by the server when you visit the website.

Data processing by external service providers:

The html code of the portal contains links from and to an external server independent of Gasztronómia Klub Étterem Kft. The server of the external service providers is directly connected to the user’s computer, therefore we would like to draw the users’ attention to the fact that for this reason they are able to collect user data.

The content that may be personalised for users is served by the servers of external service providers, and the relevant data controllers can provide information on the processing of this content. (Google Analytics server).

The service code available at facebook.com has been added to the website.

4.5. Mobile app:

When the data subject uses the mobile application of Gasztronómia Klub Étterem Kft. or otherwise interacts with Gasztronómia Klub Étterem Kft., personal data may be collected from the data subject.

The data collected can be divided into two categories:

– the data provided by the data subject
– data collected by automated means.

Data subjects can provide the following information:

– name, e-mail address, date of birth,
– access password
– disclaimers related to the use of the application

The following information can be collected by automated methods:

– the IP address used by the data subject
– the date of registration of the application
– the date of redemption of offers
– the type of operating system and browser running on the person’s computer or mobile device
– the type, ID and advertisements of the mobile device of the data subject,
– Wi-fi, GPS, Bluetooth usage,
– and your activity and activity related to the use of the application.

The data collected will be used by Gastronomy Club Restaurant Kft. can be used for the following purposes:
– fulfilling the data subject’s requests, processing service settlements
– sending information to the Gastronomy Club Restaurant Kft. about your own and your business partners’ services, offers, promotions or events

We will only share personal data of data subjects with third parties for their direct marketing purposes if the data subject gives their consent.

4.6. Applying for a job advertisement:

The Gastronomy Club Restaurant Kft. you can apply for a job on the website. The controller of the personal data is Gastronomy Club Restaurant Kft.

The employer, as data controller, processes the personal data provided by the data subject during the selection process and for one year thereafter for the purpose of recruitment.

Purpose of data processing: to apply for a vacancy at the Gasztronómia Klub Restaurant Kft., to participate in the selection procedure.

Legal basis for processing: voluntary consent of the data subject

The types of personal data processed are: name, permanent address, residence, telephone number, e-mail address, date and place of birth, as well as uploaded or sent photos, CVs, cover letters.

Deadline for deleting data: one year from the date of submission of the application.

4.7. Other data processing:

We will provide information about data processing not listed in this Notice at the time of collection.

5. Principles and methods of data processing:

5.1. The Data Controller shall process personal data in accordance with the principles of good faith, fairness and transparency, as well as the provisions of applicable law and this Notice.

5.2. The Data Controller uses the personal data necessary for the use of the services on the basis of the consent of the User concerned and only for the purpose for which they are intended.

5.3. The Controller processes personal data only for the purposes set out in this Notice and in the applicable legislation. In all cases where the Data Controller intends to use the personal data for a purpose other than that for which they were originally collected, the Data Controller shall inform the User, obtain his or her prior explicit consent or ensure that he or she is given the opportunity to prohibit such use.

5.4. The Controller does not verify the personal data provided to it.

5.5. The 16. the personal data concerned of a person under the age of 18 may be processed only with the consent of the person who is the legal guardian of the person concerned. The Data Controller is not able to verify the eligibility of the consenting person or the content of his/her declaration, so the User or the person exercising parental control over him/her guarantees that the consent complies with the law.

5.6. The Data Controller does not transfer the personal data it processes to third parties other than the Data Processors specified in this Notice and, in some cases, external service providers.

The Data Controller may in certain cases – in the event of a formal judicial or police request, legal proceedings, copyright, property or other infringements or reasonable suspicion of such infringements, or in the event of prejudice to the interests of the Data Controller, endangering the provision of services, etc. – make available to third parties the personal data of the user concerned.

5.7. The Data Controller’s system may collect data on the activity of users, which cannot be linked to other data provided by users at the time of registration, nor to data generated by other websites or services.

5.8. The Data Controller shall notify the user concerned of the rectification, restriction or deletion of the personal data processed by it, as well as all those to whom it has previously transmitted the personal data for processing. Notification may be omitted if this does not harm the legitimate interests of the data subject having regard to the purposes of the processing.

5.9. The Data Controller shall ensure the security of personal data, take technical and organisational measures and establish procedural rules to ensure that the recorded, stored or processed data are protected and to prevent their accidental loss, unlawful destruction, unauthorised access, unauthorised use, unauthorised alteration or unauthorised disclosure.

6. User rights and how to enforce them:

6.1. The User may request that the Controller inform him/her whether it processes the User’s personal data and, if so, provide access to the personal data processed by the Controller.

6.2. The User may request the correction or modification of his/her personal data processed by the Data Controller.

6.3. The User may request the erasure of personal data processed by the Data Controller.

Deletion may be refused for the purposes of exercising the right to freedom of expression and information, or where the processing of personal data is authorised by law, or for the establishment, exercise or defence of legal claims.

Deletion may be refused for the purposes of exercising the right to freedom of expression and information, or where the processing of personal data is authorised by law, or for the establishment, exercise or defence of legal claims.

The newsletters sent by the Data Controller can be unsubscribed via the unsubscribe link in the newsletter or by sending an e-mail. If you unsubscribe, the data controller will delete your personal data from the newsletter database.

6.4. The User may request the Data Controller to restrict the processing of his/her personal data if the User disputes the accuracy of the data processed. In this case, the restriction applies for the period of time necessary to allow the Controller to verify the accuracy of the personal data.
The User may request the restriction of the processing of his/her personal data if the processing is unlawful, and may also request the restriction if the purpose of the processing has been achieved, but the User requires the processing of his/her personal data by the Controller for the purpose of asserting, enforcing or defending legal claims.

6.5. The User may request the Data Controller to transfer the personal data provided by the User and processed by the User in an automated way to the Data Controller in a structured, commonly used, machine-readable format or to another data controller.

6.6. The User may object to the processing of his or her personal data if the processing of the personal data is necessary solely to comply with a legal obligation to which the Data Controller is subject or to pursue a legitimate interest of the Data Controller, a service provider or a third party.

7.0 Data processing:

7.1. The Data Controller uses Data Processors to carry out its activities.

7.2. Processors do not take independent decisions, they are only entitled to act on the basis of the contract concluded with the Data Controller and the instructions received. After 25.05.2018, the Processors shall record, process and process the personal data transmitted to them by the Controller and processed or handled by them in accordance with the provisions of the GDPR and shall provide a declaration to the Controller to that effect.

7.3. The Data Controller shall monitor the work of the Data Processors.

7.4. Processors may engage additional processors only with the consent of the Data Controller.

8.0. Possibility of data transfer:

8.1. The Data Controller shall be entitled and obliged to transmit to the competent authorities any personal data available to it and stored by it in accordance with the law, which it is required to transmit by law or by a final and binding obligation of a public authority. It cannot be held liable for the consequences thereof.

8.2. In the event that the Data Controller transfers the operation or use of the content service and hosting service on the pages of the Services, in whole or in part, to a third party, it may transfer the personal data processed by it, in whole or in part, to such third party without requesting the User’s specific consent, but with due prior information of the Users, to the new operator, provided that such transfer shall not put the User in a less favourable position than the data processing rules indicated in the Notice.

The Data Controller must provide the User with the possibility to prohibit the transfer of data.

9.0 Amendments to the Privacy Notice:

9.1. The Data Controller reserves the right to modify the Privacy Notice at any time by unilateral decision.

9.2. By entering the Site, the User accepts the provisions of this Policy in force from time to time, without the need to seek the consent of individual Users.

10.0 Enforcement options:

10.1. If you have any questions or comments about data management, please contact the Company’s Data Protection Officer at adatkezeles@eventrend.hu.

10.2. The User may directly contact the National Authority for Data Protection and Freedom of Information (1125. Budapest, Szilágyi Erzsébet fasor 22/C) with a complaint regarding data processing.

10.3. In case of infringement of the User’s rights, the User may take legal action. The tribunal has jurisdiction to hear the case. The action can also be brought before the court of the person’s domicile or residence, at the person’s choice.