Mera Hotel Budapest, in order to fully comply with Regulation no. 2016/679. of the European Parliament and Council (GDPR) and Act CXII of 2011 on the right to information self-determination and freedom of information hereinafter: (Infotv) provides the following data management information on the processing of data of natural persons.
This Privacy Notice may be amended unilaterally by Mera Hotel Budapest at any time. This Privacy Notice and any amendments thereto will be posted on the Mera Hotel Budapest website (https://merahotel.hu/).
Furthermore, it is important to check frequently for updates of our Privacy Notice. The latest version of the Privacy Notice can always be found at the web address above. Based on the “effective date”, you can easily see when our privacy policy was last updated.
Data of the data controller
Name: Mera Hotel Budapest (hereinafter referred to as ” Mera Hotel Budapest” or “Service Provider”)
E-mail: info@merahotel.hu
Website: merahotel.hu
1. Which of your personal data do we manage? For how long and what do we use it for? What are the legal grounds for our data management?
The legal grounds of our data management can be the following:
Pursuant to Article 6 (1) (a) of the GDPR, voluntary informed consent of the user to the processing of data (hereinafter: “Consent”);
pursuant to Article 6 (1) (b) of the GDPR, the processing of data is necessary for the performance of a contract to which the User, as a concerned individual is a party (hereinafter: Performance of the contract)
pursuant to Article 6 (1) (c) of the GDPR, the processing is necessary for compliance with a legal obligation to which the controller is subject; (such as the fulfillment of an accounting, bookkeeping obligation – hereinafter: Fulfillment of a legal obligation)
purusant to Article 6 (1) (f) of the GDPR, the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (hereinafter: Legitimate interest)
The legal grounds for data management is defined below for each data category and data management purpose, with reference to the above list.
| Service used by the person concerned | Scope of personal data processed | Purpose of data management | Legal basis for data management | Duration of data management |
| Sending electronic direct marketing messages, such as newsletters and advertisements using the direct business acquisition method (e-mail, push message) | E-mail address Name | Identification of the data subject Ensuring communication | Contribution | Until withdrawal of consent. |
| User account and registration | E-mail address Name Billing address Delivery Address | Creating a contract, defining, modifying and fulfilling its content Invoicing of contractual fees Enforcement of claims and rights Identification of the data subject Ensuring communication | Performance of contract Compliance with legal requirements – issue of invoices Legitimate interest | Name – for performance of contract and invoicing: for 8 years from the date of cancellation of the account and the registration by the User (reason: billing data). E-mail address – For performance of the contract and invoicing: for 3 months from the date of cancellation of the account and the registration by the User, as well as for legitimate interest: for a further 6 months thereafter. Billing address – for performance of the contract and invoicing: for 8 years from the date of cancellation of the account and the registration by the User (reason: billing data). |
| User account and registration | Phone number Password Facebook account email address (if different from user account email address) Facebook account name (if different from user account name) Google Account email (if different from user account email) Google Account name (if different from user account name) | Identification of the data subject Ensuring communication | Performance of contract | For performance of the contract and invoicing: for 3 months from the date of cancellation of the account and the registration by the User. |
| Comment | Name E-mail address Website IP address Browser ID string | Identification of the data subject Ensuring communication | Contribution | When you submit a comment, in addition to the information provided in the comment form, the IP address of the commenter and the browser ID string are collected to filter out unwanted content. |
| General purpose use of the website | The ID of the transaction that took place | Creating a contract, defining, modifying and fulfilling its content Invoicing of contractual fees Enforcement of claims and rights | Performance of contract Legitimate interest | For performance of the contract and invoicing: for 3 months from the date of cancellation of the account and the registration by the User. For legitimate interest: for a further 6 months thereafter. |
| General purpose use of the website | Amount of the transaction executed Subject of the transaction (booked apartment, service) Billing name and address (if different from registration) | Creating a contract, defining, modifying and fulfilling its content Invoicing of contractual fees Enforcement of claims and rights | Performance of contract Compliance with legal requirements – issue of invoices Legitimate interest | For performance of the contract and invoicing: for 8 years from the date of cancellation of the account and the registration by the User (reason: billing data). |
| Contact customer service, complaints | Name E-mail address | User identification Communication with the user during the request Performance of contract Responding to a request, arranging it on the merits Enforcement of claims and rights | Legitimate interest | In the case of a complaint, within the general civil law limitation period, ie 5 years from the date of filing the complaint. In case of a request for other purposes: 6 months from the request or 3 months from the date of cancellation of the account and the registration by the User. |
| Contact customer service, complaints | Subject of inquiry, complaint | Responding to a request, arranging it on the merits Enforcement of claims and rights | Legitimate interest | In the case of a complaint, within the general civil limitation period, ie. 5 years from the date of filing the complaint. In case of a request for other purposes: 6 months from the request or 3 months from the date of the cancellation of the account and the registration by the User. |
| System message via email or push message | Name E-mail address For a push message: User account | Send a system message to perform the contract | Performance of contract | For 3 months from the termination of the contract. |
| Sweepstakes, promotional game | Name E-mail address | Participation in promotions and sweepstakes Communication, Notifying the user of the result User identification | Contribution | Until withdrawal of consent. |
| Warranty claims | Name / billing name Address / Billing Address E-mail address Phone number Purchased goods, services Bank account number The ID of the transaction that took place | Beneficiary identification Communication Contract modification, performance Enforcement of claims and rights | Performance of contract Compliance with legal requirements – issue of invoices Legitimate interest | Within the general civil law limitation period, ie. 5 years from the fulfillment or assessment of the claim. |
| Career database | Name E-mail address Other information provided by the user in the CV and letter of motivation | Applicant identification Communication Participation in a selection procedure In case of selection – Creating a contract, defining, modifying and fulfilling its content | Contribution In case of selection – Contract performance | Until the withdrawal of consent, but not more than 1 year from the date of uploading and sending the CV electronically to the system. |
The Service Provider sends system messages to Users with merahotel.hu registration from time to time. System message is any message that contains information related to the operation of the Service Provider’s website, incidental service outages, maintenance, website functions, changes to existing and new functions, new functions, range of services available on the website, the ways the services can be used, the General Terms and Conditions, Data Management information or their updates and modifications, users’ rights, obligations and services related to the website, including confirmation messages, certificates, notifications, confirmations, electronic receipts, invoices sent for each used service.
2. Automatic data collection, why they are necessary and what they entail
How and what data do we collect automatically?
When the user visits the Service Provider’s website and uses the services, small programs, so-called cookies are placed in the User’s browser and their HTML-based e-mails in accordance with this data management information.
Generally, a cookie is a small file that is made up of letters and numbers and it is sent to the User’s device from our server. The cookie allows to recognize when the User last logged in to the website, the main purpose of the cookie is to allow the Service Provider to send personalized offer, advertisements the User to make personalized offers and advertisements available to the User, And all this, in turn, personalze the User experience in the course of using the website and they also express the personal needs of the User.
Purposefulness and usability of cookies.
Security: supporting and enabling security and assisting the Service Provider in detecting infringing behavior.
Preferences, features and services: cookies are able to tell the Service Provider which language the User prefers, what are the User’s communication preferences, and assist and facilitate the User in filling in forms on the website.
Comment: If you write a comment on the website, the name, e-mail and website address you provide will be stored in cookies. The storage of your data is for your own convenience, so at your next visit, this field information does not need to be filled in. If you post a comment, the comment and its metadata will remain in the system indefinitely. The purpose of this is to make any subsequent posts known and approved by us, ie. not included in the list of posts to be moderated.
Advertisement: the Service Provider may use cookies to show the User relevant advertisements on the website and elsewhere. We may also use cookies that indicate whether the Users who have seen an advertisement on the website will later visit the advertiser’s website, too. Similarly, the Service Provider’s business partners may also use cookies to determine whether the Service Provider has displayed their advertisement on the website and how it has performed, and these cookies may also send information to the Service Provider about how the User behaves in relation to the advertisements. The Service Provider may also cooperate with a partner that displays advertisements to the User on or outside the website after the User has visited the partner’s website.
Performance, analytics and research: such cookies help the Service Provider learn how the website performs in different places. The Service Provider may also use cookies that evaluate, improve, research the website, products, functions, services, including events when the User accesses the website from other websites, or devices such as the User’s computer or mobile device.
In connection with the use of cookies, the Data Protection Working Party set up under Article 29 of Directive 95/46/ EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter “the Data Protection Directive”) an independent European advisory body on data protection and privacy issues, whose opinion on EU law will serve as a basis for the interpretation of the national law of all Member States – opinion no. 2012/4. on the exemption from consent to cookies -cookie waiver- (hereinafter Opinion No 4/2012, http://ec.europa.eu/justice/data-protection/article-29/documentation/opinionrecommendation/files/2012/wp194_en.pdf).
On the basis of the grouping in opinion no. 2012/4, it is not necessary to obtain the consent, and it is sufficient to provide information on the use in case of the following types of cookies.
Based on the above, the types of cookies we use are:
A. Cookies required for the operation of the site (Basic cookies):
- User-input cookies: these are session cookies that are based on a session ID (a random temporary identification number) and that expire at the latest at the end of the session when the user exits the browser. They provide user input, ie. they are linked to the user’s activities when exchanging messages with the service provider (eg. filling in a form or clicking a button).
- Multimedia player session cookies: used to store technical data (image quality, network connection speed, and buffering parameters) needed to play video or audio content. These cookies also expire when you exit the browser.
- Social content sharing cookies: allow social network users to share their favorite content with their friends. These cookies are deleted when the user “logs out” of the social networking platform or closes the browser.
B. Cookies Required for “Convenience Services” (Functional Cookies):
Cookies with such purposes are not considered “absolutely necessary” to provide the services specifically requested by the user and therefore require special approval for their use.
- Social Content Sharing Tracking Cookies: If members of social networks have signed up for “tracking” when setting up that social network while logged in, for example to display behavioral ads.
- Own visit analysts: visit analysts use statistical tools to measure website traffic and use cookies. These tools estimate the number of unique visitors, identify the keywords most commonly used by search engines that lead to a particular website, and track certain web navigation issues. They are used exclusively for our own aggregate statistics, to serve visitor needs faster and more accurately.
C. Performance Measurement Cookies (Performance Cookies):
Management of Analytical Cookies (Google Analytics): This website uses the analytics service of Google Inc. (“Google”). Google Analytics (“GA”) uses “files” stored on users ’computers (see above) to analyze user interactions on the Website using text files, meaning that these cookies collect information about your use of the Website, e.g. which page the visitor viewed, where they clicked, how many pages they visited, how long each view lasted, what error messages they encountered, and so on. As part of the use of the GA service, the Service Provider does not collect personal data, does not store your name or address, and the data collected is not suitable for your identification. These cookies cannot – and do not want – to specifically identify visitors (the IP address you are currently using is only partially recorded). Information about your use of the website stored in “cookies” is transmitted to and stored on Google’s servers in the United States.
Google processes the above information on behalf of the site operator to evaluate users’ habits of tomorrow’s visits, to compile reports on the frequency of use of the sites, and to provide additional services to the operator. However, you may at any time choose to disable analytical cookies that monitor anonymous browsing activity on the website.
The storage of cookies can be prevented by setting the browser software correctly. Click on the link for more information on how to disable these cookies:
http://www.google.com/analytics/learn/privacy.html
Visitors who do not wish GA to report on their activities on this website may install GA. disabling the browser extension. This add-on instructs GA not to send visit information to Google. To disable GA’s web activity, visit the Google Analytics Disable page and install the plug-in for your browser. For more information about installing and uninstalling the extension, see the help for your browser.
Please note that the blocking browser plug-in only runs directly on the browser and computer used for the download, do not deactivate or delete the blocking plug-in after downloading, otherwise your browser will recover and the GA application will work again. Data collection can also be prevented through Google Analytics. In this case, an “Opt-Out-Cookie” will be placed on your computer, which will prevent the collection of information about future visits.
D. “Remarketing” cookies (Advertising cookies):
The Service Provider uses the advertising services of Google AdWords, Criteo and Facebook Pixel (so-called remarketing cookies) in order to increase the number of visitors. These can be used to display targeted ads to visitors to the site. Google AdWords is Google’s click-based advertising system, which displays personalized ads based on their search and browsing habits. Facebook Pixel requires cookies to be placed on user devices. You can control and set up this data management activity of Facebook and Google in your Facebook and Google account.
These cookies do not bind the data to a person. Ads are displayed by advertisers based on your additional browsing habits.
Checking and controlling cookies:
Most browsers allow Users to control the use of cookies through settings. However, if the User restricts the website’s use of the cookie, it may degrade the user experience, as it will no longer be personalized for the user. The user can also stop saving personalized settings, such as login information.
If the User does not want the Service Provider to use cookies when visiting the website, the User may cancel the use of certain cookies in the settings menu. In order for the Service Provider to become aware that the user has blocked the use of certain cookies, the Service Provider places a blocking cookie on the User’s device, so the Service Provider will know that it cannot place cookies the next time the User visits the website. If the User does not wish to receive cookies, the User may change the browser settings on his computer. If the User uses the website without changing the browser settings, the Service Provider considers that the User consents to the sending of any cookies on the website. The website does not work properly without cookies.
For more information about cookies, including the type, handling and deletion of cookies, visit www.allaboutcookies.org or www.aboutcookies.org.
Users can also control and enable cookies at the following links: https:// www.aboutads.info/choices and https://www.youronlinechoices.eu.
The http://www.networkadvertising.org/choices/ link also allows you to disable cookies from other third-party providers.
Browser settings:
Internet Explorer Tools> Internet Options> Privacy> Websites
Mozilla Firefox Tools> Options> Privacy
Safari Changes> Settings> Privacy
Google Chrome: Settings> Show advanced settings…> Privacy> Content settings… Preferences area> Advanced> Cookie
3. Who can manage and access your data
The data controller
The data controller of the data specified in Section 1 is the Service Provider (Registration number: Uploading; tax number: Uploading.), and its contact details and company data are as follows:
Name: Mera Hotel Budapest
E-mail: info@merahotel.hu
Website: merahotel.hu
On the part of the Service Provider, the employees of the Service Provider have access to your data in the scope that is inevitably necessary for the performance of their work. Access rights to your personal data are set out in strict internal policies.
Data processors
We use various companies to manage and store your data, and we have concluded a data processing contract with all of them in accordance with the law. The following data processors process your data:
| Name of data processor | Address | Activity |
| Dobos Dániel E.V. (DB Group) | dbgroup.hu | Website operation and system administrator activities |
| Facebook, Inc. (USA) | Palo Alto, California, USA | Profiling, advertising, analytical and measurement services, display of behavioral advertising |
| GOOGLE LLC ( | USA – Google Data Protection Office, 1600 Amphitheatre Pkwy Mountain View, California 94043) | Profiling, advertising, analytical and measurement services, display of behavioral advertising |
Information on data transfer abroad:
Google LLC and its affiliates and Facebook, Inc. are listed in the European Commission’s GDPR Article 45 Compliance Decision and Commission Implementing Decision 2016/1260, as well as in the US-EU Privacy Shield List established thereunder, therefore data transfer to these companies does not constitute a transfer of data outside the European Union to a third country and does not require the specific consent of the data subjects, and the transfer to these companies is permitted under Article 45 of the GDPR. These companies undertook to comply with the GDPR.
4. Rights regarding personal data and ensuring these rights
a. Right of access: you can request information about what data is being used, for what purpose and for how long we are processing it, to whom we are passing it on, what the source of the data we process is.
b. Right of correction: if your data changes or we have recorded it incorrectly, you can request the correction or clarification of your data.
c. Right of deletion: in cases specified by law, you may request your data that we process be deleted.
d. Right to restrict data processing: in the cases specified by law, you may request that data processing be restricted.
e. Right to data portability: you can request the transfer of your data by filling in the data transfer request form in the appendix of this information, by exercising this right, you may request that certain types of your data specified by law be disclosed to you or transferred directly to another service provider designated by you upon special request and authorization.
In case requests described above are submitted, we will act in accordance with the law and we will inform you within one month of the actions we have taken based on your request.
f. Right to withdraw consent: When we process your data on the basis of your consent, you have the right to withdraw your consent at any time, which, however, does not affect the lawfulness of our data processing prior to the withdrawal of consent.
g. Right of complaint: if you have been infringed in connection with our data processing, you have the right to submit a complaint to the competent supervisory authority:
National Authority for Data Protection and Freedom of Information
Website: http://naih.hu
Postal address: 1530 Budapest, Pf.: 5.
E-mail: ugyfelszolgalat@naih.hu
Phone number: +36 (1) 391-1400
(Article 79 GDPR): If you consider that your rights under this regulation have been infringed as a result of the processing of your personal data in non-compliance with this Regulation, you have the right to an effective judicial remedy in non-compliance with this Regulation. Proceedings against the Service Provider shall be brought before the courts of the Member State where the Service Provider has an establishment. Alternatively, such proceedings may be brought before the courts of the Member State where the data subject (You) has his or her habitual residence.
Right to protest:
- If, based on the above, we process your data with data processing based on a legitimate interest, you may separately object to the processing of data based on this legitimate interest.
- You can also object to data processing for profiling purposes.
In case of any objection expressed by you, we will no longer process this personal information.
5. How do we ensure the security of your data?
We have a comprehensive information security policy to ensure the security of the data and information we handle, which is mandatory for all our employees and which is known and applied by all our employees.
We regularly educate and train our employees on data and information security requirements.
5.1. Data security in the IT infrastructure
We store personal data on terrestrial servers, which can only be accessed by a very limited number of personal and employee staff under strict authorization management rules. We test and verify our IT systems from time to time, recurringly and regularly, to establish and maintain data and IT security.
Office workstations are password protected, the use of foreign data media is restricted and is only allowed under secure conditions after verification.
Protection against regular and continuous malicious software covering all systems and system components of the Service Provider is provided.
In the design, development, testing, and operation of programs, applications, and devices, security functions are given priority and separation.
The access keys of the information system (eg. passwords) are stored and transmitted in encrypted form, and the data concerning the security of the system (eg. passwords, rights, logs) are protected when allocating access rights.
5.2. Physical data security
In order to create physical data security, we ensure the proper closing and protection of our doors and windows, and we apply strict visitation and entry regulations for visitors.
The storage rooms are designed to provide adequate security against unauthorized or violent intrusion, fire or natural disaster. Media used for data transfer, backup and archiving can only be stored in a securely enclosed space.
6. Privacy Incident Procedure
In accordance with the law, we report the data protection incident to the supervisory authority within 72 hours of becoming aware of it, and we also keep a record of the data protection incidents. In cases specified by law, we also inform the users concerned.
7. Amendment to this privacy statement
If the scope of the processed data and the other circumstances of the data management change, this data management information will be modified and published on our website within 30 days in accordance with the provisions of the GDPR.
Last modified: 1 Oktober 2021
