PRIVACY STATEMENT

 

 Livicro Ltd., as the operator of  http://www.gastlandbisztrok.hu/en/and its co-websites is committed to protecting the privacy of its clients' and partner’s personal information and it attaches particular importance to respecting its clients' rights of informational self-determination. Livicro Ltd.treats personal information confidentially and will take any security, technical and organizational measures that guarantee the security of the data. Livicro Ltd.describes its data management practice below:

 

Basic information:

 

Name: Livicro Ltd.

 

Headquarters: (1067 Budapest, Teréz körút 23.

 

Company Registration Number: 01-09-327473

 

hereafter referred to as “Provider” and “Data controller” agrees to the content of this legal notice.The privacy policies relating to the data management of Livicro Ltd.are continuously available at www.gastlandbistrok.hu/adatvedelem .

 

Livicro Ltd.reserves the right to change this information at any time. The public will be notified in due time about any changes.

 

1. THE RANGE OF PERSONAL DATA, THE PURPOSE, TITLE AND DURATION OF DATA MANAGEMENT

 

The data management of Livicro Ltd.is based on a voluntary contribution.

 

We call the attention of those who provide data for Livicro Ltd.that if they do not provide their personal data, the data supplier is obliged to obtain the consent of the person concerned.

 

The data management principles of Livicro Ltd.are consistent with current legislation on data protection, in particular:

 

-        Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repealing of Regulation (EC) No 95/46 (general data protection regulation, GDPR);

-        Act CXII. of 2011 - Law on Information Self-Determination and Freedom of Information (Infotv.)

-        Act V of 2013 - Civil Code (Civil Code)

-        Act CLV. of 1997 - on Consumer Protection (Fgytv.)

-        Act C of 2000 - on Accounting (Accounting)

-        Act CVIII. Of 2001- on Electronic Commerce Services and certain issues relating to Information Society Services (Eker.tv.)

-        Act C of 2003 - on Electronic Communications (Eht.)

-        Act XLVIII of 2008 - on certain limitations of economic advertising activity (Grt.)

-        Act CXXXIII of 2005 - on the rules of personal and property protection and private detective activity (SCM);

 

1.1 Customer data

 

The purpose of data management: purchasing in the restaurants of Gastland Bistros, Gastland Hotels, reservation, invoicing, registering the guests, distinguishing between them, documenting the purchase and payment, fulfillment of accounting obligations, customer relations, analysis of customer habits and more targeted service.

 

Legal basis for data management: data processing required for the performance of the contract [Article 6 (1) GDPR. (b)], the Accounting Act.169. Section (2).

 

Type of data being managed: identification number, date, time, company name, delivery address, name, quantity, price of the purchased products, payment method.

 

Duration of data management: according to the Accounting Act. 169 Section (2), eight years. In the case of a card payment, the data of the bankcard and the card payment transaction are handled by K & H Bank Nyrt. (1095 Budapest, Lechner Ödön fasor 9.).

 

Data transmission:

 

In case of bank card payment, the payer's ID, the amount, date and time of the transaction towards K & H Bank Nyrt. (1095 Budapest, Lechner Ödön fasor 9. ..)

 

The legal basis for the transfer of data: data processing is necessary for the performance of the contract [Article 6 (1) GDPR. (b)].

 

 

 

Data Processors: 

                    

 

 

 LIVICRO LTD. Kft.

 

1122 Budapest, Városmajor utca 15. fszt. 5.

Doing system administrator tasks for the restaurant

 

 

 

Peuker Tibor, Kerszocentrum Z.C.

 

2310 Szigetszentmiklós Bajcsy Zs. u. 43/c

Maintenance of  POS and cash register systems of restaurant

OTP Nyrt.

 1051 Budapest, Nádor utca 16. 

Operation of card reader terminals in restaurant

Across Media Kft.

Budapest, Városligeti fasor 47, 1071    

 

Carrying out site-related tasks

 

 

 

1.2 Reservations, events

 

The aim of data management: arranging online or offline booking, birthday or other events in the restaurants, hotels of the Livicro Ltd.Ltd.

 

Legal basis for data management: data processing required for performance of the contract [Article 6 (1) GDPR.

 

Type of personal data being handled: the date of booking and the event, the name, telephone number, e-mail address of the customer, the number of participants, name of the host/hostess of the event, any special request, food sensitivity data, other information given during the order; the same personal information on ordering online on www.gastlandbisztrok.hu website.

 

Duration of data management: One month after the event, 90 days in  case of online pre-booking.

 

The website related tasks are performed by: Across Media Kft., Budapest, Városligeti fasor 47, 1071    

 

1.3 Handling quality objections

 

The aim of data management: to handle the quality objections raised by the products offered by Livicro Ltd.and the services it provides.

 

Legal basis for data management: data processing required for performance of the contract [Article 6 (1) GDPR. (b)] and the Act. 17 / A. § (7).

 

Type of personal data being handled: unique identifier number of the complaint, name of the customer, address, location, date of the complaint notification, complaint submission, list of documents and other evidence submitted by the customer, description of the complaint, the place and time of recording of the report, the name and signature of the record holder.

 

Duration of data management: five years, regarding the records of complaints and copies of replies to written complaints, based on the the Consumer Protection Act 17 / A. § (7)  2 years, egarding the copies of the entries in the buyer’s book.

 

Legal basis for data management: data processing required for performance of the contract [Article 6 (1) GDPR. (b)].

 

1.4. Exceptional events

 

The purpose of the data management: to handle the extraordinary events in restaurants and hotels, and to record them.

 

The legal basis for data management: the data controller and other persons have a legitimate interest in the handling of extraordinary events [Article 6 (1) GDPR. (f)],

 

Range of data being handled: name, address, phone number, contact details, date of accident, description of accident and damage, description of the restaurant’s measure, name of possible person giving first aid, name, address, telephone number of the witness, the location of the accident.

 

Duration of data management: According to the guest accident protocol rules.

 

 

1.5 Objects found

 

The purpose of the data management: to register the objects found in the restaurants and hotels of the Livicro Ltd.Ltd., to notify the owner and the founder.

 

The legal basis for data processing: 5:54. §-the.

 

Range of personal data being handled: the date and time of finding the object, the name of the person who found the object, the fact whether the owner was notified, the place of storage, the signature of the recipient and the recipient.

 

Duration of data management: The data will be deleted and destroyed in the case of transfer of the found object by the owner or transfer to the settlement notary after delivery, in the case of sales after one year from the date of finding.

 

1.6. Wifi in the restaurant

 

HITELES LTD offers internet access to the guests of the restaurants and hotels the Livicro Ltd.Via wifi connection. (Headquarters: 8788 Sénye, Felsőhegy Street 1).

 

Please note that in our restaurants the use of the free wifi network is subject to a time limit. By joining the wifi network, guests contribute to keeping track of the duration of the connections based on the device's network identifier (MAC) by Livicro Ltd.2 hours after the 30-minute limit has elapsed, the device data will be deleted. The restaurant's wifi traffic is not recorded by Livicro Ltd.Ltd.

 

2. SECURITY

 

Electronic monitoring system

 

In the restaurants and hotels of Livicro Ltd.there is a camera monitoring and recording system as part of which cameras have been placed inside the buildings and in some places in the parking lot. The exact location of the cameras and the names of the observed areas are listed in the Electronic Observation System.

 

The controller of the personal data: Livicro Ltd.Ltd.

 

The aim of data management: the prevention and detection of law violations in order to protect human life, physical safety and the property, the persecution of the perpetrator, proof of the law violations, identification of entrants in the area of the restaurant without authorization, recording of entry, documentation of the activities of unauthorized persons, examination of the circumstances of work and other accidents that may occur.

 

Legal basis for data management: in the case of guests: the consent of the person concerned to enter the area of the restaurant, for employees: Section 11 of Act I of 2012 on the Labor Code of Work (Mt.), and Article 6 (1) of the GDPR (f), since Livicro Ltd.has a legitimate interest in property protection.

 

Types of personal data being managed: the faces of people entering the restaurant area and other personal information recorded by the monitoring system on the recordings.

 

Duration of data management: thirty days in the absence of use [VMT. Article 31 (3) (c)).

 

Data processor: authorized employees of Livicro Ltd.Ltd.

 

Maintenance of the electronic monitoring and recording system, saving the recordings: authorized employees of Livicro Ltd.Ltd.

 

Use of recordings

 

People who are entitled to view the current footage of the cameras: the authorized employees of Livicro Ltd.Ltd.

 People who are entitled to view the recording of cameras: the authorized employees of Livicro Ltd.Ltd.

 People who are entitled to save the recording of cameras on a recording medium: the authorized employees of Livicro Ltd.Ltd.

 The recordings of the monitoring and recording system operated by Livicro Ltd.Ltd.

 shall only be seen by authorized persons for the purpose of proving violations of human life, physical safety, property and identifying the perpetrator.

 

Anyone whose right or legitimate interest is affected by the recording of an image can justify his or her right or legitimate interest for the recording not to be canceled by the controller until the court or the authority is requested, but for a maximum of 30 days. The person on the record may ask for information about the recording of the electronic monitoring system, request a copy, or if there is another person in the recording, can gain insight into the recording. The person concerned may request the deletion of the recording,, modification of the recording data or refusal of data management.

 

The data controller records the insights into the recordings, the name of the person performing it, the reason and the time of getting the data in the report.

 

Data transmission: in the case of an offense or prosecution, to the authorities, courts and tribunals.

 

Range of data transferred: the recordings of the camera system with relevant information.

 

Legal basis for the transfer of data is Be. Section 71 (1), Section 151 (2) a) and Section 171 (2) and Section 75 para. § 1 (a) and 78 (3) of the Act.

 

3. MANAGEMENT OF COOKIES

 

Based on the Act CXII of 2011 on the right to information self-determination and freedom of information (1) of Section 20 of the Act, the followings must be defined in the case of the web site cookie data management:

 

a) the fact of data collection,

b) the circle of data subjects,

c) the purpose of the data collection,

d) the duration of data processing,

e) the people who are authorized to access the data,

f) the description of the rights regarding the data of the data subjects.

 

The fact of data collection, the range of data being handled: unique identification number, dates, appointments.

 

The circle of data subjects: all of the data subjects who visit the website.

 

The purpose of the data management: the identification of users and tracking visitors.

 

Duration of data management, the deadline for data deletion: The duration of the data processing in the case of session cookies lasts until the site visit ends.

 

The people who are authorized to access the data: Personal data can be handled by the data management staff, respecting these principles.

 

The description of the rights regarding the data of the data subjects: the affected person has the option to delete cookies in the Tools / Preferences menu of the browsers, usually under the Privacy menu item.

 

The legal basis of data management: Consent of the person concerned is not required provided that the sole purpose of using cookies is communication via the electronic communications network or the provider needs it necessarily to provide information society service specifically requested by the subscriber or user.

 

4. STORAGE OF PERSONAL DATA, DATA MANAGEMENT

 

Livicro Ltd.and its data processors take appropriate technical and organizational measures taking the state of technology and the costs of implementation, the nature, scope, circumstances and objectives of data management and the risk of varying probabilities and seriousness of natural persons' rights and freedom into consideration, in order to guarantee an adequate level of data security to the degree of risk.

 

Livicro Ltd.Ltd.. selects and operates the IT tools used to manage personal data so that the data treated:

 

-        is available to those entitled to it (availability);

-        Its credibility and authentication is assured (credibility of data management);

-        its integrity can be verified (data integrity);

-        is protected against unauthorized access (confidentiality of data).

 

Livicro Ltd.protects the data by appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as unintentional destruction, damage or inavailability resulting from the technique used.

 

Livicro Ltd.ensures, by means of an appropriate technical solution, that data stored in its various registers cannot be directly linked and assigned to the data subject, unless permitted by law.

 

Livicro Ltd.provides technical, organizational and institutional measures to protect the security of data management in view of the state of the art at all times, providing a level of protection appropriate to the data handling risks.

 

During data management Livicro Ltd. retains its

 

-        secrecy: it protects the information so that it can only be accessed by those who are entitled to it;

-        integrity: it protects the accuracy and completeness of the information and processing method;

-        availability: it ensures that when the entitled user needs it, he/she could have access to the information needed and have the tools available for it.

-         

Livicro Ltd.and the IT system and network of its partners in data management are protected against computer-aided fraud, espionage, sabotage, vandalism, fire and flood, as well as computer viruses, computer burglaries, and attacks leading to service denial. The operator provides security through server-level and application-level security procedures. We inform the users that electronic mails, protocols (email, web, ftp, etc.) transmitted over the Internet are vulnerable to network threats that lead to dishonest activity, controversy or disclosure or modification of information. To protect such threats, the data controller will take all the precautionary measures he or she may have to take. Systems are monitored to capture all security dangers and provide evidence of any security incident. System monitoring also allows checking the effectiveness of the precautions used.

 

Livicro Ltd.as a data controller records any possible privacy incidents, indicating the facts related to the privacy incident, its effects and remedies. Livicro Ltd.reports any possible privacy incident to the National Data Protection and Information Authority without delay and, if possible, at the latest 72 hours after the privacy incident has become known, unless the privacy incident is unlikely to pose a risk to natural persons' rights and freedom.

 

5. OTHER DATA MANAGEMENT

 

Data management not listed in this information is provided when recording the data. We inform our partners that they may contact the data controller for information, communication and transfer of data, or filing of documents on the basis of the court, the prosecutor, the investigating authority, the offender authority, the administrative authority, the National Privacy and Data Protection Authority.

 

Livicro Ltd.issues personal data for the authorities -in case the authority indicates the exact purpose and range of the data - only and to the extent necessary for the purpose of the request.

 

6. REMEDY OPTIONS

 

The person concerned may request information about the management of his/her personal data and may request the rectification of his/her personal data or, with the exception of mandatory data, cancellation, revocation, limitation of data processing and the right to file and protest, as indicated by the data entry or by the data controller's customer service.

 

email: oktogon@gastlandbisztrok.hu

mail: Livicro Ltd.Kft., 1122 Budapest, Városmajor utca 15. fszt. 5.

 

6.1 Right to information:

 

At the request of the person concerned, Livicro Ltd.shall take appropriate measures to ensure that all information relating to the processing of personal data referred to in Articles 13 and 14 of the GDPR, and Article 34, is provided in a concise, clear, comprehensible and easily accessible form, in a clear and unambiguous manner.

 

6.2 Right to access the data subject:

 

The data subject is entitled to receive feedback from the data controller as to whether his or her personal data is being processed and, if such data is being processed, has access to personal data and the following information: the purpose of data management; the categories of personal data concerned; the categories of recipients or recipients with whom or which personal data will be communicated or disclosed, in particular including third-country addressees or international organizations; the intended duration of the storage of personal data; the right of rectification, deletion or restriction of data handling and the right of protest; the right to file a complaint addressed to the supervisory authority; information of data sources; the fact of automated decision making, including profiling, as well as the logic used and the understandable information about the nature of such data management and the likely consequences for the data subject. In the event of the transfer of personal data to a third country or to an international organization, the data subject shall have the right to be informed about the appropriate guarantees of transmission. Livicro Ltd.will provide the data subject a copy of the personal data as the object of data management. For additional copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs.

At the request of the person concerned the information is provided in electronic form by Livicro Ltd.Ltd.

 

At the request of the person concerned, information may be given orally, following the credible identification and identification of his/her identity.

 

6.3 Right to rectification:

 

Livicro Ltd.will correct your personal data if it does not comply with reality and has the correct personal information.

 

6.4 Right of cancellation:

 

In the event of one of the following reasons the person concerned has the right to request Livicro Ltd.to delete any personal data relating to him/her without undue delay:

 

-        personal data is no longer needed for the purpose for which they have been collected or otherwise handled;

-        the person concerned withdraws the consent that is the base of the data management, so there is no longer a legal basis for data management;

-        the person concerned objects to data management and there is no prior legitimate reason for data handling;

-        the personal data was illegally handled;

-        the personal data should be deleted for the legal obligation provided by the law applicable to the data controller in the Union or the Member States;

-        the collection of personal data was made in relation with the provision of information society services.

-         

Deletion of data can not be initiated if data management is required: to exercise the right to freedom of expression and the right of access; the fulfillment of an obligation under EU or Member State law applicable to the data controller for the processing of personal data, or for the public interest or the purpose of carrying out a task in the exercise of public authority by the data controller; in the field of public health or for archival, scientific and historical research purposes or for statistical purposes in the public interest; or for the submission, validation or protection of legal claims.

 

6.5 Right to restrict data management:

 

At the request of the person concerned, Livicro Ltd.limits the data management if one of the following conditions is met:

 

-        the person concerned disputes the accuracy of the personal data; in this case the restriction applies to the period of time that allows the accuracy of personal data to be verified;

-        data management is illegal and the data subject is opposed to the deletion of the data and instead asks to limit their use;

-        the data controller no longer needs personal data for data management purposes but the data subject requires them to submit, enforce, or protect legal claims; or

-        the person concerned objected to data management; in this case the restriction applies to the duration of determining whether the data controller's legitimate reasons prevail over the legitimate grounds of the party concerned.

-         

If data processing is restricted, personal data may be handled only with the consent of the person concerned or with the submission, validation or protection of legal claims or the protection of the rights of a natural or legal person, or in the public interest of the Union or of a Member State.

 

Livicro Ltd.informs the data subject in advance of the discontinuation of the restriction of data handling.

 

6.6 Right to data recording:

 

The data subject shall have the right to receive the personal data that he or she has provided to the data controller in a fragmented, widely used machine-readable format and transmit such data to another data controller.

 

6.7 Right to protest:

 

The person concerned is entitled to protest at any time to the processing of data necessary for the execution of a task performed in the public interest or in the exercise of a public authority license conferred on the data controller for the purposes of his or her own personal situation, or against the treatment needed for the validation of the legitimate interests of the data controller or a third party, including profiling based on these provisions.

 

In the event of a protest, the data controller may not manage personal data unless it is justified by compelling legal reasons that prevail over the interests, rights and freedom of the person concerned, or which are related to the submission, enforcement or defense of legal claims.

 

If the management of personal data is for direct business, the data subject is entitled to protest at any time against the handling of personal data relating to that purpose, including profiling, if it is related to direct business purposes. In the event of a protest against the management of personal data for direct business purposes, the data are not handled by Livicro Ltd.Ltd.

 

6.8 Automated decision-making in individual cases, including profiling:

 

The data subject shall be entitled to exclude the scope of a decision based solely on automated data management, including profiling, which would have a legal or significant effect on him/her. The above entitlement shall not apply if data processing is necessary for the signing or performance of the contract between the data subject and the data controller; is made available to the data controller by Union or national law which also lays down appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; or the explicit consent of the person concerned.

 

6.9 Right of withdrawal:

 

The person concerned has the right to withdraw his consent at any time. Withdrawal of the consent does not affect the legality of the consent based data management prior to the withdrawal.

 

6.10 Procedural rules:

 

The data controller shall inform the person concerned without undue delay, but definitely within one month from the receipt of the request, about measures taken based on the Article GDPR 15–22 . If necessary, taking into account the complexity of the application and the number of applications, this deadline may be extended by two additional months.

 

The controller shall inform the person concerned of the extension of the time limit by indicating the reasons for the delay within one month of the receipt of the application. If the concerned party has filed an electronic application the information will be provided electronically, unless otherwise requested by the person concerned.

 

If the data controller fails to take measures in response to the concerned party’s request, he/she shall inform the data subject without delay and within one month of the receipt of the request about the reasons of failure of taking measures and that the data subject may file a complaint with a supervisory authority and exercise his/her right of judicial redress.

 

Livicro Ltd.provides the requested information and other information free of charge. Where an application for a claim is clearly unfounded or, in particular because of its repeated nature, exaggerated the data controller shall - subject to the provision of requested information or the administrative costs of the requested measure - charge a reasonable fee or refuse to take action in the requested case.

The data controller informs all raddressees of any rectification, deletion or data limitation that he or she has been communicating with, unless this proves impossible or requires disproportionate effort. At the request of the data subject, the data controller shall inform the addressees thereof.

 

The data controller shall provide the data subject with a copy of the personal data subject to data processing. For additional copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs. If the concerned person has submitted the application electronically, the information will be provided in electronic format, unless otherwise requested by him/her.

 

6.11 Compensation and grievance fee:

 

Any person who has suffered material or non-material damage as a result of a violation of the Data Protection Regulation is entitled to compensation for the damage sustained by the data controller or the data processor. The data processor shall only be held liable for damage caused by data processing if he or she has not complied with the statutory obligations specifically imposed on the data processor or if the data controller's legitimate instructions have been disregarded or contravened. If several data controllers or multiple data processors or both the data controller and the data processor are involved in the same data management and are responsible for the damage caused by the data handling, each data controller or data processor is jointly and severally liable for the total damage. The data controller or the data processor shall be exempt from liability if he or she proves that he or she is in no way responsible for the event giving rise to the damage.

 

6.12 Right to a court:

 

In the event of violation of his or her rights, the data subject may turn to the court (according to the choice of the defendant's domicile or domicile). The court proceeds out of court. The charge pertaining to the protection of personal data is tax-free.

 

5.13 Data protection authority procedures:

 

You can turn to National Data Protection and Information Authority with a complaint:

 

National Privacy and Freedom Authority

 

Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22 / C.

 

Exceptional contribution: The User expressly acknowledges and accepts this Policy prior to the first use of the reservation and event reservation service offered by Livicro Ltd. through http://www.gastlandbisztrok.hu/en/and the portal for this purpose and declares that he/she explicitly agrees to manage his/her personal information provided during the reservation.

 

 

 

Budapest 2018.04.24.