Welcome to the Abbazia Club Hotel, in the very heart of Keszthely, capital of the Lake Balaton!

Situated only a few minutes far from the Lake Balaton, and 10 minutes from the thermal lake of Heviz, this resort is a great starting point for any vacation throughout the year.

Best price guaranteed – book your room now!

Hotel name Date of arrival Nights


INFORMATION ON DATA MANAGEMENT

1. Introduction
The Helikon Travel Agency Ltd., here in after referred to as Helicon TA. (Service controller) is as a data controller bound by the contents of this legal notice. It’s committed to ensure all activities related to data management comply with the regulations and requirements set out in the existing legislation.
The Helikon TA. reserves the right to change this prospectus at any time. Of course, the public will be duly notified of any changes (in time).
If our users have any questions, to which the answers are not clear from this bulletin, please email us and our colleagues will answer your question.
The Helikon TA. is committed to the protection of its customers and partners personal data, it prioritises respect for their right to informational. The Helikon TA. will keep all personal data confidential and shall take all safety, technical and organizational measures that guarantee the security of the data.
In the following, Helikon TA describes its privacy principles, and expresses its expectations below are the expectations that were expressed by the controller,. Its data management principles are in line with the current legislation on data protection, in particular the following:
- 2011 CXII. Law - the right of informational self-determination and the right of freedom of information;
- 1959 IV. Law–The Civil Code, (CC).
- 2000 C. Law - Accounting; (tv Accounting Act.).
- 2001 CVIII. Law - certain aspects of electronic commerce services and information society services; (tv Eker.).
- 2003 XCII. Law - the Tax Code; (Art.)
- 2005 CXXXIII. Law – the rules of private security and private investigator activity; (SzVMt.)
- 2008 XLVIII. Law – the conditions of economic advertising and some of its fundamental limitations (GRT.).

2. Definitions
2.1. Concerned: can be identified by any specific personal information - directly or indirectly - identifiable general person;
2.2. Personal data: the data that the concerned can access - particularly their name, identification, and some specific physical, physiological, mental, economic, cultural or social identity - which may be excluded from the conclusions concerning them;
2.3. Contribution: a voluntary and firm proclamation of the wishes of the concerned, which is based on appropriate information, to which an unambiguous consent is given for the personal data to be managed ( for full or certain operations);
2.4. Protestation: Statement of the concerned, for objects for handling of personal data and calls for the elimination of data management and the erasure of managed data;
2.5. Data controller: the general or legal person, or the body without legal personality, who or which alone or jointly with others, determines the purpose of the data, makes decisions on data management (including the used instruments), then enforces them or has them enforced by an accredited data processor;
2.6. Data Management: Regardless of the method used any operation performed on data, in particular collection, recording, organization, storage, alteration, use, polling, transmission, disclosure, coordination, combination, blocking, erasure or destruction, also to prevent further use of the data photographs, and sound or video recordings will be made, and a record of some physical characteristics (such as fingerprints, palm prints, DNA samples and iris images) will be taken.
2.7. Data transmission: making data accessible to a specific third party;
2.8. Disclosure: making the data available to anyone;
2.9. Data erasure: making data unrecognizable in such a way that restoration is no longer possible;
2.10. Data indication: giving data identification markings to make it distinguishable.
2.11. Data blocking: to limit further management of data identification markings finally or for a definite period of time;
2.12. Data destruction: the complete physical destruction of media containing data;
2.13. Data processing: completing technical tasks related to data processing, regardless of the methods or means, as well as the operation site used, provided that all technical tasks are performed on the data;
2.14. Data processor: any general or legal person or entity without legal personality who or which have a contract with the data controller - including the provided lawful contract- processing the data;
2.15. Third party: any general or legal person or entity without legal personality who or which is different from the data subject, the data controller or the data processor;
2.16. Third country: any non-EEA State.

3. Principles of Helikon TA. during data management
Personal data may be processed if:
a) the concerned gives consent, or
b) the law or - based on the law in a defined area - a local government orders it out of public interest (compulsory data management).
Personal data may also be handled if the acquisition of the subject's consent would be impossible or disproportionate costs are needed, and if the processing of personal data is necessary for the data controller to fulfil legal obligations, or if the controller or a third persons legitimate interest requires pursuing, and to enforce the restriction of the right to the protection if personal data is out of proportion.
For the incompetent and those under the age of 16 to make a statement, consent is required by a legal guardian, except for those parts of service, in which the declaration targets data management needed for everyday life, and which does not require any special consideration.
If consent is unable to be given due to incompetence or other unavoidable reasons, then to protect their own or others vital interests, lives, physical integrity or to protect or prevent the immediate danger of their rights, then despite the obstacles blocking the consent, personal data can be managed.
If the inclusion of personal data taking place with consent, the data obtained by the data controller is regarded in the absence of law unless:
a) ensuring compliance with the relevant legal obligations, or
b) the purpose of the data controller or a third person having a legitimate interest pursued, if it is of interest to enforce this restriction of the right to the personal data protection ratio without further specific consent and the consent of the data subject, even after the withdrawal of management.
Personal data may only be handled for specified purposes, like the exercise of rights and the completion of obligation. Each stage of data processing must comply with its purpose, and the collection and management of the data must be righteous.
Personal data is only allowed to be used, when its usage is essential for the realization of the objective of data management and it makes the target reachable, and when it is only used to the extent and duration necessary to achieve that purpose.
Personal data may only be used with consent based on appropriate information.
The person concerned must be notified prior to the commencement of data management, that data management is based on consent or is mandatory. The data subject must be informed - clearly, understandably and in detail - of all the facts regarding the management of data, in particular about its purpose and legal basis, the person authorized to carry out the data management and processing, the duration, if it’s being managed with consent and the data controller is fulfilling their legal obligation or for the purpose of the third party’s legitimate interest, or about who can access the data. The information should include the subject’s rights and remedies in relation to data management.
During data management it must be ensured that the data is accurate, complete, up to date, and that the subject may only be identified during the processing of the data.
Personal data may only be transmitted to data controllers in third world counties, if the subject gives their consent, or if it was mentioned in the data processing conditions, and if the appropriate level of data protection is ensured. Data transmitted to EEA States shall be considered as transmitted within the territory of Hungary.

4. The scope of personal data includes the purpose of data management, its title and duration.
The Helikon TA. Data management activities are based on voluntary consent. However, in some cases, the management of a range of specified data, it’s storage and transmission, are ordered by the law, in these cases the public are separately informed.
Please note (for Helikon UI informants). that if you do not own the given personal information, the informant is obliged to obtain the consent of the data subject.
We inform those who give Helikon TA personal information which is not their own, that they must obtain the consent of the data subject.

4.1. A www.abbaziagroup.com, www.clubdobogomajor.hu, www.hotelkalma.hu, www.petnehazy-clubhotel.hu, www.abbazia-nemesnep.hu, www.abbazia-clubhotel.hu, www.clubhotel-marotta.com websites visitor’s data
The objective of data management: During visiting the site, the operator records the visitors data to verify the operation of the service, to ensure personalized service and to prevent abuse.
The legal basis of data management: 2001 CVIII. Law 13 / A. § (3). the consent of the data subject and certain aspects of informational society services.
The scope of managed data: date, time, IP address, the visited sites address, previously visited sites address, data related to the user's operating system and browser.
Data management Duration: 30 days from the date of the visit of the site.
When analysing log files the Helikon TA does not connect the found data with other information, and doesn’t seek to identify the user.
An IP address is a series of numbers, which allows the users’ computers to be easily identified when connecting to the internet. The IP addresses allow the users to be localised even geographically. The title of pages visited and the date and time are not enough data to identify the data subject on their own, but in combination with other given data (eg. Specified during registration) they help to reach conclusions about the user.
External service providers’ data management:
The portal’s HTML code is separate from Helikon TA, it comes from an external server and contains external links as well. The external service provider's server is connected directly to the user's computer. Please note that due to the direct connection and communication between the users’ browser and the providers of these links, the server is able to collect user data.
More detailed information about the management of data by external service providers can be found below .
www.abbaziagroup.com, www.clubdobogomajor.hu, www.hotelkalma.hu, www.petnehazy-clubhotel.hu, www.abbazia-nemesnep.hu, www.abbazia-clubhotel.hu, www.clubhotel-marotta.com these websites have independent measurement and are audited by an external service provider for website traffic and web analytics data can be found here www.google.com. The management of the measurement data of the data controller can be found here http://www.google.com/analytics/
For easier websites experience visit www.chat4support.hu
For easier websites social service usage visit www.facebook.com

4.2. Guest nights register
The purpose of processing: to provide accommodation services, a guests register, distinguishing them from one another, to provide services, the analysis of habits, more targeted services, to secure reservations, payments, to fulfil accounting obligations and to request direct marketing for the hotel guests.
The basic law of data management: voluntary consent, C of 2000 on Accounting Law § 169 (2) of the Act XLVIII of 2008 on economic advertising activities basic conditions and limitations of each. Law § 6 (5)
The managed data range: identification number, name, address, email address, phone number, date, time, the hostel guest's car plate number, nationality and ID card or passport number, date of birth, information about the services account (eg arrival. departure date, consumer, sports habits), payment information (date, time, description of the items included in the invoice amount), the voucher / coupon / check / coupon number, the data of the holiday from the check (serial number, name, validity, signature), health status data, consent given for special data management, the opening and closing data managed by the card access system and the date and time related to it and the consent given for direct marketing purposes.
Duration of data management:
- for direct marketing purposes the time mentioned in chapter 4.7. of this prospectus and for the postal DM until the withdrawal of consent.
- When using the accommodation service five years after the last night spent there as a guest;
- in respect of the billing data five years.
Data transmission:
- the establishment of the tourist tax and the collection of the name, address, date of birth and the number of nights spent are sent to the local government tax authorities,
- If paid by credit card then the payer’s identification number and the transactions amount, date and time are sent to ERSTE Bank.
The legal basis for the transmission of data: the tourist tax for the Art § 175 (1), in other cases, the subject's consent.
If consent is given by users for direct marketing purposes relevant information is required (name, email address, date, time) and the newsletter of this prospectus found in chapter 4.4. and the database of postal DM found in chapter 4.5. is to be recorded.
To prohibit the transmission of direct marketing messages and the erasure or modification of personal data contact the following addresses:
- via post: Sales and Marketing, Club Dobogómajor, Cserszegtomaj H-8372, Thermal Road.
- Via e-mail reservation@abbaziagroup.com,
- with the help of the links found under the unsubscribe button which is placed at the footer of the posted newsletters.
Data management registration number: NAIH-60578/2012

4.3. Newsletter
The purpose of data management: for those interested in newsletters can be sent via e-mail containing information about the current information and also business advertisements.
The legal basis of data management: the voluntary consent and the XLVIII of 2008 Law § 6 (5) on basic conditions and limitations of economic advertising.
The scope of managed data: identification number, name, email address, IP address, date, time, consent for direct marketing.
Duration of data management: for 2 years after the last time the user was active, and the final data update, for unconfirmed users 24 hours.
If consent is given by users for direct marketing purposes relevant information is required (name, email address, date, time) and the newsletter of this prospectus, found in chapter 4.4. and the database of postal DM, found in chapter 4.5. is to be recorded.
To prohibit the transmission of direct marketing messages and the erasure or modification of personal data contact the following addresses:
- via post: Sales and Marketing, Club Dobogómajor, Cserszegtomaj H-8372, Thermal Road.
- Via e-mail reservation@abbaziagroup.com,
- with the help of the links found below the unsubscribe button which is placed at the footer of the posted newsletters.
Data management registration number: NAIH-60578/2012

4.4. Competitions
The objective of data management: participation in drawing and notifying winners, disclosure, and compliance with accounting requirements organised by Helikon TA
The legal basis of data management: voluntary consent.
The scope of managed data: identification number, name, address, email address, date, time, and different set of data for each competition for which we provide information when announcing the winner.
Deadline for data erasure: Details of the non-winners are immediately deleted after the draw, the winners data is publicly available for 6 months, with accounting issues caused by prizes in accordance with the Accounting Act. tv. § 169, 8 years.
Disclosure: the winner's name, the name of the settlement, ZIP/post code, for six months following the draw.
Data handling registration number: NAIH-60578/2012

4.5.A A clubdobogomajor.hu, www.clubdobogomajor.hu, klubdobogomajor.hu, www.klubdobogomajor.hu, clubdobogomajor.com, www.clubdobogomajor.com, clubdobogomajor.eu, www.clubdobogomajor.eu, petnehazy-clubhotel.hu, www.petnehazy-clubhotel.hu, petnehazy-clubhotel.com, www.petnehazy-clubhotel.com, petnehazy-clubhotel.eu, www.petnehazy-clubhotel.eu, hotelkalma.hu, www.hotelkalma.hu, hotelkalma.com, www.hotelkalma.com, hotelkalma.eu, www.hotelkalma.eu, www.clubhotel-marotta.com, clubhotel-marotta.com, clubhotel-marotta.eu, www.clubhotel-marotta.eu, abbazia-nemesnep.hu, www.abbazia-nemesnep.hu, abbazia-nemesnep.com, www.abbazia-nemesnep.com, abbazia-nemesnep.eu, www.abbazia-nemesnep.eu, abbazia-clubhotel.hu, www.abbazia-clubhotel.hu, www.abbazia-clubhotel.com, www.abbazia-clubhotel.eu, abbazia-clubhotel.com, abbazia-clubhotel.eu, in the following our website users’ data
The purpose of Data Management: During visiting the site the operator records the visitors’ data to verify the operation of the service, to ensure personalized service and to prevent abuse.
The legal basis of data management: the consent of the data subject and Eker. tv. 13/A. § (3)
The scope of managed data: date, time, IP address, the visited sites address, previously visited sites address, data related to the user's operating system and browser, and the geographical location of the user.
The duration of data management: when the user leaves the site the IP address is immediately erased, the rest of the data in one month.
When analysing log files the Helikon TA does not connect the found data with other information, and doesn’t seek to identify the user.
An IP address is a series of numbers, which allows the users’ computers to be easily identified when connecting to the internet. The IP addresses allow the users to be localised even geographically. The title of pages visited and the date and time are not enough data to identify the data subject on their own, but in combination with other given data (eg. Specified during registration) they help to draw conclusions about the user.
External service providers’ data management:
The portal’s HTML code is separate from Helikon TA, it comes from an external server and contains external links as well. The external service provider's server is connected directly to the user's computer. Please note that because of the direct connection and communication between the users’ browser and the providers of these links, the server is able to collect users’ data.
The user’s personalized content is given by the external server. The connection between the external service server and the Helikon TA only covers the recent code inclusion, so neither personal data transmission nor forwarding can take place.
More detail about the management of measurement data can be found below:
www.google-analytics.com
To complete our services small data parcels, cookies are placed on the users’ computer, more information about these can be found at these external servers: : google.com, facebook.com, chat4support.hu, gpe.cz.
To be able to provide personalised services the external servers place small parcels; cookies on the users’ computer, then take them back. If the browser sends back an earlier saved cookie, then the service managing these can connect to the user’s earlier visit, but only in respect of their own content.
More information about cookies found here: http://www.adatvedelmiszakerto.hu/cookie
Cookies can be deleted from one’s computer and can be blocked in the browser. Cookies can be dealt with in the Tools/Settings menu found in the browser, under the Data Protection option.

4.5.B How the site deals with cookies
To be able to provide personalised services the website places small parcels, cookies on the users’ computer, then takes them back. If the browser sends back an earlier saved cookie, then the service managing these can connect to the users earlier visit via the current, but only in respect of their own content.
The purpose of data management: to identify users, to distinguish them from one another, to identify the users current doings, to store the data received, to prevent the loss of data, to identify users, to track them and to offer personalised offers with the use of data collected through visiting the site (__utma, __utmb, __utmc, __utmt, __utmz, PHPSESSID, _C4vId).
The basis of legal data management : the consent of the data subject
The scope of managed data: identification number, date, time.
Duriation of data management:
-until the end of the session (__utmc, PHPSESSID),
-ten minutes (__utmt),
-thirty minutes (__utmb),
-six months (__utmz),
-one year(__C4vID),
-two years (__utma).

More information about cookies found here: http://www.adatvedelmiszakerto.hu/cookie
Cookies can be deleted from one’s computer and can be blocked in the browser. Cookies can be dealt with in the Tools/Settings menu found in the browser, under the Data Protection option.

Graphical measuring points were placed on this site, which test results are recorded in the web server. Based on the graphic measuring points visitors of the website will no longer be identified.

4.6. Lost and found
The purpose of the data processing: the Abbazia Club Hotel, Abbazia Country Club, Petnehazy Club Hotel, Club Dobogómajor, Hotel Kalma, Kalma Villa Abbazia Club Hotel (Marotta, Italy) keep records of found objects, and informs the owner or the finder.
The legal basis of data management: Act IV of 1959 on the Civil Code. § 129 of the Act.
The scope of managed data: date and place of the finding, the name of the finder, contact details, details of the found object.
Data management Duration: one year.

4.7. Helikon TA customer correspondence
If in use of our services any questions and problems are found, in the way given on the website and you can contact the controller.
Any post, fax letters or e-mails submitted to Helikon TA, e-mails received, should enclose the sender's name, address, fax number or e-mail address, as well as with other voluntarily provided personal data, data received will be erased after a maximum of 5 years.

4.8. Other data processing
Any data processing not listed below is provided before recording data.
We inform our clients that the court, the prosecutor, the investigating authority, the misdemeanor authority, the administrative authority, the National Privacy and Information Security Authority, or other organisations can request information, data disclosure and transfer from the controller which will be given under a mandate.
To the Helikon TA authorities - if the authority has indicated the exact purpose and scope of the data - personal data will only be given out to the extent that is essential for achieving the purpose of the request.

5. The method of storage of personal data, data management security
The Helikon TA. computer systems and other data storage locations can be found in the headquarter premises, branches, and at ATW Internet Kft. Headquarters: 1132 Budapest, Victor Hugo u. 11-15.
The Helikon TA. provides service managing personal information with selected IT assets used in ways that:
a) make it available to those authorized to access;
b) the validity and verification is secure (data management credibility);
c) no changes can be justified (data integrity);
d) it’s protected from those unauthorized to access(data confidentiality).
The Helikon TA takes appropriate measures to protect the data from unauthorized access, alteration, disclosure, erasure or destruction, as well as the accidental destruction and damage and from it becoming inaccessible resulting from changes in the techniques used.
The Helikon TA sets corresponding technical solutions in order to protect the various electronically managed data to ensure that data is stored and - unless it is permitted by law – makes sure it can’t be connected directly to the data subject.
The Helikon TA aware of the current technological developments, takes great care with technical, organizational and structural measures to defend the security of data management, that provide an adequate level of protection required with the occurring risks of data management.
During data management the Helikon TA preserves:
a) secrecy: protects the information, so that it is only accessible by authorized persons;
b) integrity: protects the accurate and complete method of information and processing;
c) availability: making sure that when the authorized user needs to, then the desired information, and the tools needed are accessible.
The Helikon TA and their partners' IT systems and networks are protected against- computer assisted fraud, espionage, sabotage, vandalism, fire and flood, as well as computer viruses, computer break-ins and attacks leading to refusal of services. The operator ensures server and application safety.
We inform users that electronic messages forwarded on the Internet, despite the protocol (e-mail, web, ftp, etc) are vulnerable to network threats that lead to dishonest activities or information disclosure, modification and which challenge the contract. So as to protect the data from these threats the data controller takes all the precautions possible. The systems are monitored in order to record any security deviation and to be able to provide proof in case of any security incidences. Monitoring the system also allows the effectiveness of the protection carried out by the employee, to be inspected.

6. The Data Controller’s contact details
Helikon Utazási Iroda Korlátolt Felelősségű Társaság
Shortened name: Helikon Utazási Iroda Kft.
Headquarters: 8360 Keszthely, Erzsébet királyné útja 21.
Registration number: 20-09-060182
Tax number: 10242986-2-20
E-mail: reservation@abbaziagroup.com

7. Remedies
The concerned may request information about the management of their personal data and may request the correction or - with the exception of mandatory data processing - erasure or blocking, this can be done in the manner indicated when the data was collected and should be sent to the data controller. On request of the concerned Helikon TA, as the data controller, provides information that was processed by itself or by an accredited employee, including the source, purpose, basis of copyright and the duration of the data processing, also the processors name, address and any information related to the processing of the data, as well as the legal basis and the recipient in the case of data transmission.
The information will be sent in a comprehensible written form, in the shortest possible time (maximum 30 days) from the day the request was submitted. This information is free of charge, if the person requesting certain information has not yet done so in the current year. In other cases, Helikon TA will enforce reimbursement.
Helikon TA corrects personal data if it does not correspond to reality and if the real data is accessible.
Helikon TA locks personal data if requested by the data subject or on the basis of assumption that the erasure of information could affect the subject’s legitimate interests. The locked personal data is only accessible as long as there is a purpose for data management which excludes its erasure.
Helikon TA will stigmatise the personal data, if the data subject disputes the accuracy of the personal data but the incorrectness or inaccuracy can’t be clearly identified.
Helikon TA deletes personal data, if processing is illicit, requested by the data subject or the managed data is incomplete or false - and this can’t be legally fixed- and providing that the erasure is not illicit, that the purpose of data management has ceased, that the storage time limit has expired and that it was ordered by the court or the National Authority for Data Protection and Freedom of Information.
The data controller has 30 days for the erasure, locking or correction of personal data. In the case that the data controller can’t enforce the request of erasure, locking or correction, the reasons for refusal will be sent in writing within 30 days.
In the case of erasure, locking or correction of personal data Helikon TA informs the data subject and anyone who the data was once transmitted to for the purpose of data management. The notification is left out if when concerning data management the data subject’s legitimate interest isn’t violated.
The data subject can object to the processing of personal data, if:
a) the handling and transmission of personal data is only required to meet the legal obligation of the controller, or to validate the controller’s, the data importer’s or the third party’s legitimate interests, unless the data processing is ordered by law;
b) the use or transmission of personal data is only required for the purpose of direct marketing, public opinion research or scientific research;
c) other cases are specified by the law.
From the day the request for objection is submitted Helikon TA will examine the request as quickly as possible but within a maximum of 15 days, a decision in the question of substantiation will be made and the applicant will be informed in writing. If the substantiation of the data subjects objection is determined, the data management –including the further collection and transmission of data- will be terminated, the data will be locked and of those who were once involved in the data’s management or transmission will be informed, including those required to act in order to enforce the right to object.
If the data subject does not agree with the decision of the data controller, they can turn to the court within 30 days of the being notified.
If data management is ordered by law, Helikon TA cannot delete the data subject’s data. However, the data cannot be transmitted to the recipient, if the data controller agrees with the objection or if it is justified by the court.
In case of the violation of the data subject’s rights, the court can turn against the data controller. The court shall give priority to the case.
Helikon TA will reimburse the damages caused by the illicit handling of data or by the violation of the requirements of data security. The controller is exempted from liability if the damage was caused outside of the scope of data management and was triggered by an unavoidable reason.
The damages will not be reimbursed , if they were caused by the victims intentional or careless behaviour.
For remedies or with complaints turn to the National Authority for Data Protection and Freedom of Information:
Name: Nemzeti Adatvédelmi és Információszabadság Hatóság
Headquarters: 1051 Budapest, Nádor u. 22.
Postal address: 1387 Budapest, Pf.: 40.
Telephone number: 06-1/475-7186, 475-7100
Fax number: 06-1/269-3541
E-mail: http://www.naih.hu/kapcsolat/

Az oldalunkon ún. cookie-kat használunk, a lehető legjobb webes élmény biztosítása érdekében. A továbblépéssel és az oldal használatával, beleértve az oldalon maradást is, Ön beleegyezik a cookie-k használatába. További információkért vagy a cookie-k eltávolításáért, kérjük, olvassa el az Adatvédelmi irányelvek 4.5.A ill. 4.5.B fejezetét.

Tovább