Data Handling Information (GDPR)

 

The BIKE & RELAX Kft. Data Management Principles are in line with existing data protection laws, in particular the following:

Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 (General Data Protection Regulation, GDPR)

 

  1. DATA MANAGER

 

Bike & Relax Kft.

Tax number: 25919345-2-42
Company Registration Number: 01-09-296274
Headquarter: H-1061 Budapest, Andrássy út 7.
Tel .: +36 30 300 8003
E-mail: info @ bike-and-relax.com
Registry authority: Fővárosi Törvényszék Cégbírósága

 

Hosting provider

PlexNET Informatikai Kft.
H-8441 Márkó, Búzavirág u. 9.
E-mail: support @ honlaptarhely.com

Technical error: +36 70 458 4268

 

 

  1. DEFINITIONS USED IN THE DOCUMENT

 

“Personal data” means any information relating to an identified or identifiable natural person (“concerned”); a natural person may be identified, directly or indirectly, based on one or more factors relating to the physical, physiological, genetic, intellectual, economic, cultural or social identity of an identifier such as name, number, positioning data, online identifier or natural person identified.

“Data Management” means any operation or operation in any automated or non-automated way of personal data or data files, such as collecting, capturing, rendering, compiling, storing, modifying, querying, inspecting, using, communicating, distributing or otherwise disclosure, alignment or interconnection, restriction, deletion or destruction.

 “Limitation of data management” means the designation of stored personal data to limit their future management.

“Profiling” means any form of automated processing of personal data where personal data are used to evaluate certain personal characteristics associated with a natural person, in particular work performance, economic status, health status, personal preferences, interest, reliability, behavior, residence or movement related features to analyze or predict.

“Identification” means the processing of personal data in a way that, without the use of additional information, can no longer be ascertained to which specific natural person the personal data is subject, provided that such additional information is stored separately and provided for by technical and organizational measures that this personal data can not be linked to identified or identifiable natural persons.

“Registry system” means the personal data of any person – centralized, decentralized or functional or geographic – that is accessible on the basis of defined criteria.

“Data Controller” means any natural or legal person, public authority, agency or any other body that determines the purposes and means of handling personal data individually or with others; where the purposes and means of data management are defined by Union or Member State law, the data controller or the particular aspects of the designation of the data controller may also be defined by Union or national law.

“Data Processor” means any natural or legal person, public authority, agency or any other body that manages personal data on behalf of the data controller.

“Addressee” means any natural or legal person, public authority, agency or any other body with which personal data are communicated , whether or not it is a third party. Public authorities which have access to personal data in an individual investigation in accordance with Union or national law shall not be considered addressees; the management of such data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of data management.

 “Third Party” means any natural or legal person, public authority, agency or any other body other than the data subject, the data controller, the data processor or any person authorized to manage personal data under the direct control of the data controller or data processor they got.

“Contribution of the party concerned” means a voluntary, concrete and appropriate and informed and explicit statement of the will of the person concerned with which he or she indicates the statement in question or a statement expressing in an ambiguous manner his consent to the processing of personal data concerning him.

 “Privacy incident” means a breach of security that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled.

“Enterprise” means a natural or legal person engaged in an economic activity, regardless of its legal form, including partnerships and associations with regular economic activities.

 

 

  1. RANGE OF COLLECTED DATA

 

E-mail and phone inquiries

  • The purpose of data management: is to inform customers about the current programs, products and events of BIKE & RELAX and to keep the contact with them.
  • Legal Basis for Use: Contribution, Finding BIKE & RELAX by Email.
  • Managed data: name, e-mail address, telephone number, or, if the interested party indicates other personal data, the scope of these data.
  • Data management duration: until withdrawal.

 

Reservations through the website form and by e-mail

  • The purpose of data management: booking BIKE & RELAX programs, products, bookings
  • Legal Basis of Use: Contribution
  • Managed data: name, address, phone number, e-mail address, and other identifying information (eg mother’s name, date of birth, company headquarters, etc.).
  • Data management duration: until withdrawal

 

A copy or photo of an identity document (personal, passport, driving license)

  • Purpose of data management: Identification data for BIKE & RELAX bike rental in case of theft or damage.
  • Legal Basis of Use: Contribution.
  • Managed data: name, address, date of birth, possibly residence.
  • The duration of the data processing: after the tour or after the rental time or until the closure of the police or judicial case or for statistical purposes until the consent is withdrawn.

 

 Emails from websites where tours and bicycle rentals can be booked or paid

  • The purpose of data management: identification data required to book and pay BIKE & RELAX tours and bicycle lending services.
  • Legal Basis of Use: personal contribution to booking the company’s tour and / or rental services and paying the price of the tour or rental service.
  • Managed data: name, address, date of birth, or altitude.
  • Data management duration: until withdrawal.

 

Newsletters

  • The purpose of data management: The purpose of data management is to provide information on the current programs and events of BIKE & RELAX.
  • Managed data: name, e-mail address, phone number.
  • Legal Basis of Use: Contribution.
  • Data management duration: until withdrawal.

 

Photos and videos

  • Purpose of data management: Bike & Relax staff or agent can take photos or videos that can be used for marketing and promotional purposes.
  • Managed data: photos and videos.
  • Legal Basis of Use: contribution.
  • Duration of data management: until withdrawal. If you have any objections to these recordings, please inform your Bike & Relax staff before the tour.

 

Customer data for tour registration and bicycle rental contracts

  • Purpose of data management: Identification data required for the BIKE & RELAX tours and bicycle rental service, for booking and payment.
  • Managed data: name, e-mail address, telephone number, ID number, address, place of residence in Hungary
  • Legal Basis of Use: contribution.
  • The duration of the data processing: after the tour or after the rental time or until the closure of the police or judicial case or for statistical purposes until the consent is withdrawn.

 

Community sites

  • Purpose of Data Management: Sharing, or “liking”, popularize social networking sites, websites or their products and services.
  • Managed data: name and photo of the user registered on social network pages: Facebook / Google + / Twitter / Youtube / Instagram etc.
  • Legal Basis of Use: freiwilliger Beitrag des Kunden zur Verwaltung seiner persönlichen Daten auf Websites sozialer Netzwerke.
  • The duration of data management: about the source of the data, the data handling, the way of transfer and the legal basis the user can be informed on the relevant social networking site. Data management takes place on social networks, so the rules of the respective community site are regarding the duration of the data handling, the manner of deletion and modification of the data.

 

Issuing and receiving invoices

  • Purpose of data management: the invoice is issued and received in order to operate the business processes.
  • Managed data: name, address, e-mail address, telephone number, tax number.
  • The duration of the data processing: eight years from the date of issue of the invoice.
  • The legal basis for data handling: invoices are to be kept for 8 years by law.

 

Payment by credit card

In the case of a credit card payment will be made on the payment platform of the bank or financial institution. Credit card information will not be disclosed to the website. The bank or financial institution send information on the success of the transaction, on its date and amount.

Profiling

BIKE & RELAX Kft. does not make profiling.

 

 

  1. THE LEGISLATION CONCERNED

 

The right to withdraw, cancel or correct

Anyone at any time, without justification, may request in writing to correct, modify or delete a portion of his / her personal data or to revoke his / her consent for data handling. You can delete or modify the data by sending a mail to info @ bike-and-relax.com. Bike & Relax will take immediate, but no later than 15 days after the receipt of the request, correcting, modifying or deleting the data.

Right to data transfer

The data subject have the right, to get her/his personal data from the data manager in a widely used machine-readable format and transmit such data to another data controller. Requesting a data transfer is possible with the letter sent to info @ bike-and-relax.com.

 

The right to protest

In the event of a protest, the data controller may not process the personal data unless it is justified by compelling reasons of lawfulness that prevail over the interests, rights and freedoms of the person concerned, or which relate to the submission, enforcement or defense of legal claims. It is possible to lodge a protest with the letter sent to info @ bike-and-relax.com.

 

Authority procedure

Procedure can be initiated at the Nemzeti Adatvédelmi és Információszabadság Hatóság (National Data Protection and Information Authority): Postal address: 1530 Budapest, Pf .: 5. Telephone: 003613911400, E-mail: ugyfelszolgalat @ naih.hu

 

 Right to Information on the Data Protection Incident

If the privacy incident is likely to pose a high risk to the rights and freedoms of natural persons, the data controller inform the data subject about the data protection incident without undue delay.

 

 

  1. TECHNICAL AND ORGANIZATIONAL MEASURES FOR SAFETY AND STORAGE OF DATA

BIKE & RELAX will ensure that the computer with your personal data is placed in a room with adequate physical protection (harmful effects on the environment, fire) so that the data can not be accessed to an unauthorized person.

  • Paper-based documents are stored in lockable cabinets and lockable rooms.
  • The BIKE & RELAX website uses encryption (https).
  • During the maintenance and repair of IT devices the Data Controller ensures, that the third party manages the personal data as required by the data protection regulation.

Bike & Relax do not disclose or transfer personal data to third-party unless otherwise provided by the competent court.