2.Introduction
2.1.A Travel4WellBeing Limited Liability Company (hereinafter: Travel4WellBeing, service provider or data controller) is a priority goal for Travel4WellBeing protection of personal data provided by its visitors, ensuring the right of informational self-determination of visitors and customers.
2.2.A Travel4WellBeingis committed to handling the personal data of visitors and customers in a manner that fully complies with the relevant applicable laws and contributes to creating safe internet access opportunities for visitors. The Travel4WellBeing handles the personal data of visitors and customers confidentially, for the purpose of its effective business activities, and uses it to exercise its related rights and fulfill its obligations. It handles it in accordance with the applicable legal requirements. The Travel4WellBeing only processes personal data that is strictly necessary for the achievement of the aforementioned purpose. Travel4WellBeing ensures the accuracy, completeness and up-to-dateness of the data processed during data management.
2.3.It also ensures data security, in particular against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of stored or otherwise processed personal data or any security measure that results in unauthorized access to personal data, and takes the technical and organizational measures and develops the procedural rules necessary to enforce the relevant legal provisions and other recommendations.
2.4.A Travel4WellBeing It also develops internal procedures and creates internal regulations that are formulated by supervisory bodies, relevant legislation and other sector recommendations.
2.5.A Travel4WellBeing provides its activities through and by using the website. In order to provide the services, it processes personal data provided by customers and other data subjects.
2.6.The data controller reserves the right to unilaterally change this information at any time. It will notify its customers, users of the published data, of any changes in due time via the website.
2.7.In this Notice, we declare the principles that determine our policy on the protection of personal data and our daily practices in which we request personal data from our visitors and customers.
2.8.We also state for what purposes and how we use such data, and how we ensure the preservation and protection of personal data.
2.9.Upon request from our visitors and customers, we always provide detailed information about the personal data processed, the purpose, legal basis, duration of data processing, and the activities related to data processing, in accordance with their request.
3. Concepts and interpretations related to personal data
3.1.data controller: the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law;
3.2.data management: any operation or set of operations which is performed on personal data or data sets, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
3.3.data transmission: making the data accessible to a specific third party;
3.4. cross-border processing of personal data:
3.5.data deletion: making data unrecognizable in such a way that its recovery is no longer possible;
3.6.data designation: providing data with an identification mark for the purpose of distinguishing it;
3.7. restriction of data processing: marking stored personal data with the aim of restricting their future processing;
3.8. data destruction: complete physical destruction of the data medium containing the data;
3.9.data processing: the performance of technical tasks related to data processing operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;
special data:
National Authority for Data Protection and Freedom of Information: NAIH, whose legal status and tasks are determined by Section 38 of the Information Act (hereinafter referred to as the Authority);
registration system: a collection of personal data, structured in any way – centralized, decentralized, or functionally or geographically – that is accessible based on specific criteria;
profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal characteristics relating to a natural person, in particular to analyse or predict characteristics relating to performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
personal data: data relating to the data subject – in particular the name, identification number and one or more specific physical, physiological, mental, economic, cultural or social characteristics of the data subject – and any inferences relating to the data subject that can be drawn from the data;
4. Data processing rules
4.1.The validity of this data management policy lasts from 2025.04. 14 until revocation.
4.2.The Regulation states that the processing of personal data must be carried out lawfully and fairly, transparently and traceably for the data subject. The Travel4WellBeing Therefore, in terms of its personal data processing, it only requests the personal data of the data subjects to fulfill legally justified, clearly stated purposes, and with this information it also strives to clearly inform its users. (Principle of lawful, fair and transparent data processing)
4.3.Personal data may only be collected for specified, explicit and legitimate purposes, and shall be adequate, accurate and relevant in relation to the purpose of the data processing, and shall only be processed to the extent necessary to achieve that purpose. The personal data to be provided shall only be used for the purposes stated therein – participation and reimbursement of costs. (Principle of purpose-bound data processing)
4.4. Personal data must be limited to the extent necessary for the purposes of data processing, i.e. Travel4WellBeing processes as much personal data as is strictly necessary for its activities. The Travel4WellBeing strives to request only the personal data that is truly necessary to achieve the purpose and reviews this annually in accordance with the principle of data protection by design. (Data saving)
4.5.A Travel4WellBeing handles personal data accurately and up-to-date and makes every effort to correct and delete inaccurate data. Travel4WellBeing tries to draw the attention of the data subjects through all channels to the fact that in the event of changes to their data, they can request its correction or rectification, and this has also been incorporated into the general terms and conditions. (Principle of accurate data management)
4.6.A Travel4WellBeing When storing data, it strives to retain data for an appropriate period of time, because up-to-date and accurate data facilitates the practice of its activities and compliance with legislation. Travel4WellBeing When storing personal data, it pays special attention to properly determining the retention periods and, if necessary, reviewing them, and strives to delete data that is not of any use. (Principle of limited data processing)
4.7. It processes personal data in a manner that ensures adequate data security. Travel4WellBeing Its IT department continuously monitors data security compliance with a continuous monitoring system. (Principle of integrity and confidential data management)
4.8.A Travel4WellBeing and strives to demonstrate compliance with data management requirements. (For example: Data management information, balancing of interests test, Data security and data management policy, periodic employee training)
4.9.In the case of mandatory data processing (for example, identification to prevent money laundering), the types of data to be processed, the purpose and conditions of data processing, the accessibility of the data, the duration of data processing, and the identity of the data controller are determined by the law or local government decree ordering the data processing.
5.Interpretive notes on the processing of personal data
5.1.When our visitors Travel4WellBeing pages, they may use the site without having to reveal their identity or provide any personal data.
5.2.However, there are cases where the Travel4WellBeing In order to fully utilize the services offered by www.sz.hu, it is necessary for visitors to provide or send certain personal data.
5.3.Personally identifiable information means personal data relating to natural persons that can be used to identify someone, establish communication with them, or determine their physical location - including, but not limited to, the following: name, home address, postal address, telephone number, fax number, e-mail address.
5.4.Anonymous information that is collected without personal identification and cannot be linked to a natural person, and therefore cannot be linked to a natural person, is not considered personal data.
5.5.Personal data provided by a third party – based on the necessary consent – refers to the personally identifiable data and information that relate to the person using the service, i.e. the visitor, but which is collected and provided by the service provider in cooperation with a third party in compliance with legal requirements.
5.6.As a general principle, we declare that in all cases where we request personal data from our visitors, they can freely decide whether to provide the requested information after reading and interpreting the necessary information text.
5.7.However, we should note that if someone does not provide their personal data, they may sometimes be unable to use the service that requires the provision of personal data.
5.8.A Travel4WellBeing does not under any circumstances collect special data relating to racial origin, national, ethnic or religious affiliation, political opinion or party affiliation, religious or other beliefs, health status, pathological passion, sexual life or criminal record.
This Information is not intended for public use, but for the information of visitors. Travel4WellBeing If someone voluntarily discloses their personal data or part of it, such information is not covered by this Privacy Policy.
5.9.We do not supplement or link personal or other data provided by our visitors with data or information from other sources.
5.10. Under no circumstances will we pass on the personal data provided to us by our visitors to third parties without a proper legal basis.
If the authorized authorities request the service provider to provide personal data in the manner prescribed by law (on suspicion of a crime, in an official data seizure decision), the Travel4wellbeing - in compliance with its legal obligation - provides the requested and available information.
Personal data can only be accessed by persons holding relevant positions - subject to the application of high-level access controls.
5.13. If our visitors have any questions about security regulations, please send an email to the company's Privacy Contact at the following address:
Privacy: info@travell4wellbeing.com
6.Scope of personal data, purpose, legal title and duration of data processing
Aa Travel4WellBeing The data processing activities related to the provision of its services are fundamentally based on the prior, informed and voluntary consent of the data subject, on the conclusion of a contract or on the legitimate interest of the data controller.
In certain cases, however, the processing, storage and transmission of a range of data provided is mandatory by law. In certain cases, it may be possible that the Travel4WellBeing also processes data of third parties whose direct consent is only Travel4WellBeing are available to its clients (e.g. death beneficiary, relatives, etc.), so in this case, the duty and responsibility of the data provider is to obtain the prior, informed and voluntary consent of such third party data subject.
6.1. Website visitor data
6.4. Building a newsletter database
A TRAVEL4WELLBEING sends a newsletter to those who subscribe to it regarding its activities. The newsletter is TRAVEL4WELLBEING You can subscribe on our website – or you can request it verbally, by calling our customer service. Unsubscribing from the newsletter does not constitute being placed on the blacklist as defined in Section 1995 of Act CXIX of 21 on the processing of name and address data for the purpose of research and direct marketing.
The person concerned can unsubscribe from the newsletter at any time, free of charge.
You can request the withdrawal of consent to the transmission of direct marketing messages and the deletion or modification of your personal data at the following contact details:
-By email at info@tarvel4wellbeing.com, and
-By post at the above contact details.
6.5. How your data will be shared with other responsible organizations
We may also share your personal information with third parties.
The third party with whom we share your personal data may determine the purposes and means of processing your personal data and will therefore be legally responsible for ensuring that the processing is carried out in compliance with the data protection principles, this privacy statement and applicable law.
For example, we may share your personal information with the following third parties:
With data processors who process your data on our behalf;
With law enforcement agencies, if we are obliged to cooperate for law enforcement purposes
With the client, whose data will only be sent to the job advertiser with your express consent.
6.6.Sharing your data with data and content analysts
7. Other facts related to data processing
To learn about the data, Travel4WellBeing and the employees of any additional data controllers or data processors are authorized to the extent necessary to perform the tasks within their scope of work. Travel4WellBeing takes all security, technical and organizational measures that guarantee data security.
7.1 How long do we store your personal data?
As mentioned in the third-party privacy principles, we will only process your personal data for legitimate purposes and for as long as is necessary to achieve those purposes. When we no longer need your personal data, we will securely destroy it.
However, in order to provide our services, we need up-to-date data, so after the retention period indicated above has expired, we clean and update the stored data, and delete inactive data. The operator deletes the data, and issues a report on this for accountability purposes. We retain the deletion reports for 10 years.
8.Your rights:
It is important to us that you are aware of your data protection rights. To this end, we have listed below, without claiming to be exhaustive, the data protection rights you may exercise in relation to the data you have entrusted to us.
If we have obtained the data from a 3rd party, you have the right to all information related to this.
During the period of restriction, no data processing operations can be performed, only the data can be stored. About lifting the restriction A Travel4WellBeing will inform you in advance.
9. You can seek legal redress or file a complaint with the National Data Protection and Freedom of Information Authority:
9.1. If you have any questions regarding data protection, please write to info@travel4wellbeing.com email address.
9.2.National Data Protection and Freedom of Information Authority
Registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/C
Mailing address: 1530 Budapest, P.O. Box 5
Phone: + 36-1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu
9.3. Judicial enforcement
The controller must prove that the data processing complies with the provisions of the law. The data recipient must prove that the data transfer is lawful. The court is competent to adjudicate the lawsuit. The lawsuit may also be initiated – at the choice of the data subject – before the court of the data subject’s place of residence or residence.
A party to the lawsuit may also be a person who otherwise does not have legal capacity to sue. The Authority may intervene in the lawsuit in order to ensure that the person concerned wins the lawsuit.
If the court grants the request, it obliges the data controller to provide information, correct, block, or delete the data, annul the decision made through automated data processing, take into account the data subject's right to object, and provide the data requested by the data recipient.
If the court rejects the data recipient's request, the data controller is obliged to delete the data subject's personal data within 3 days of the notification of the judgment. The data controller is also obliged to delete the data if the data recipient does not apply to the court within the specified deadline. The court may order the publication of its judgment - by publishing the identification data of the data controller - if this is required by the interests of data protection and the protected rights of a larger number of data subjects.
9.4. Compensation and damages
If the data controller causes damage to another person by unlawfully processing the data subject's data or by violating data security requirements, he or she is obliged to compensate for the damage.
If the data controller violates the data subject's right to privacy by illegally handling the data subject's data or violating data security requirements, the data subject may demand damages from the data controller.
The data controller is liable to the data subject for any damage caused by the data processor, and the data controller is also obliged to pay the data subject any damages due in the event of a personal rights violation caused by the data processor. The data controller is exempt from liability for the damage caused and the damages
from the obligation to pay compensation if it proves that the damage or the infringement of the data subject's personal rights was caused by an unavoidable reason outside the scope of data processing.
No compensation for damage shall be required and no compensation for injury may be claimed if the damage or the infringement of personal rights resulted from the intentional or grossly negligent conduct of the injured party.
Budapest, 2025.05.14. Travel4WellBeing Ltd.
Annex No. 1
In developing the Information, we took into account the relevant applicable laws and important international recommendations, with particular attention to the following: