PRIVACY POLICY
1. Identity and contact details of the data controller
Continental Travel considers the protection of its Passengers’ data as a priority. Present Privacy Policy describes the data management practices of www.continentaltravel.hu (hereinafter the website) and other services provided by Continental Travel.
In present Privacy Policy, the Website and other services are hereinafter collectively referred to as the „Service”. The data controller is Continental Travel (company registration number: 01-09-882678, seat: 1054 Budapest, Kálmán Imre u. 21.), hereinafter referred to as the „Service Provider” or „Data Controller”.
Contact person for data protection matters: Judit Kanel; contact phone number and email address: +36-1-373-0616, continental.travel@continentaltravel.hu
2. Regulations underlying the data management
– Act CXII of 2011 on the right of informational self-determination and on freedom of information.
– Regulation 2016/679/EU on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
3. Principles of data management
The Service Provider takes appropriate measures to ensure that personal data relating to its Passengers are at all times
- treated lawfully, transparently, fairly and on an appropriate legal basis;
- collected only for specific, clear and legitimate purposes and that those are not handled in a way incompatible with those purposes;
- appropriate and relevant to the purposes of data management and limited to what is necessary;
- as accurate and up-to-date as possible; inaccurate personal data will be deleted or corrected immediately;
- stored in a form, which permits identification of customers only for as long as is necessary to achieve the purposes for which the personal data are processed; the storage of personal data for a longer period should be for statistical purposes only, subject to appropriate technical and organizational measures;
- managed in such a way by appropriate technical or organizational measures as to ensure the adequate security of personal data, including the protection against unauthorized or unlawful handling, accidental loss, destruction or damage to personal data.
4. Purpose, legal basis and duration of data processing
The Service Provider handles the data that is essential for the achievement of the various data management purposes, the identification of the Passenger and the access to the Passenger.
The Service Provider handles the following personal data regarding its Passengers:
- Name
- Telephone number and email address
- Billing name and address to issue the invoice
- Interests within the topic of travel, based on the Passenger’s own communication
Legal basis for data management: contractual data management.
The purpose of data management: establishing a business relationship – sales
5. Passenger Access Rights
The Passenger may request that the Service Provider provide him/her with feedback on whether the Services Provider handles his/her personal data. The Passenger’s right to receive feedback on this extends to personal data concerning him/her, but does not cover anonymous data and the personal data not relating to him/her; however, it includes pseudonymous data that can be clearly linked to the Passenger.
6. The Passenger’s right to rectification
The Passenger is entitled to have his/her personal data corrected. This right does not extend to anonymous data or to personal data not relating to him/her, but to personal data of the Passenger and pseudonymous data that can be clearly linked to the Passenger.
Upon the request of the Passenger, the Service Provider corrects or supplements his/her personal data accordingly. The Service Provider informs the recipients of such personal data (if any) about the correction of the Passenger’s personal data. However, the Service Provider will not inform the recipients about the correction of personal data if informing the recipients proves impossible or would require a disproportionate effort.
7. The Passenger’s right of cancellation
Under certain conditions, the Passenger has the right to have his/her personal data deleted.
The Service Provider is obliged to delete the Customer’s personal data without undue delay, if the Customer/Passenger requests the deletion of his/her personal data or withdraws his/her consent to the storage of his/her personal data.
The Service Provider informs the recipients of such personal data (if any) about the deletion of the Passenger’s personal data. However, the Service Provider will not inform the recipients about the deletion of personal data if informing the recipients would be impossible or would require a disproportionate effort.
8. The Passenger’s right to restrict data processing
The Passenger may request a restriction on the processing of his/her personal data.
The Passenger’s right to request a restriction on the processing of his/her personal data does not extend to anonymous data and personal data not relating to him/her, but to personal data and pseudonymous data that can be clearly linked to the Passenger.
The Service Provider restricts the processing of the Passenger’s personal data to the period during which it checks the accuracy of such data, if the Passenger requests a restriction on the processing of his/her personal data and disputes the accuracy of such data.
The Service Provider restricts the handling of the Passenger’s personal data, if
- the Passenger requests a restriction on the processing of data the processing of which is unlawful and the Passenger objects to the deletion of such data.
- the Passenger requests a restriction on the processing of his/her personal data and the Service Provider no longer needs this data for the purpose of data management and the Passenger requests his/her data in order to submit, enforce or protect a legal claim.
- the Passenger objects to the processing of his/her personal data, which is necessary for the legitimate interests of the Service Provider and the Passenger waits for confirmation that there is a legitimate reason for the Service Providers processing of the Passengers personal data that does not take precedence over the Passenger’s protest.
The Service Provider informs the recipients of such personal data (if any) about the restriction of the processing of the Passenger’s personal data. However, the Service Provider will not inform the recipients of such a restriction, if informing the recipients would be impossible or would require a disproportionate effort.
If the Service Provider restricts the handling of the Customer’s personal data, then
- it may store such personal data,
- it may process such personal data with the consent of the Passenger,
- it may process the personal data in order to submit, enforce or protect its legal claim, or to
protect the rights of a person.
The Service Provider may not use the Passenger’s data for the purpose of direct business acquisition, including profiling or automated decision-making in individual cases.
9. Passenger’s right to data portability
The Passenger is entitled to receive the personal data concerning him/her previously provided and made available to the Data Controller in a readable format to one of the contact details provided by him/her. This provision only applies to data that do not cover anonymous data or data not relate to him/her.
10. Data management related to the Service Provider’s website
Information on the data of visitors from the Service Provider’s website
During visits to the Service Provider’s website, one or more cookies – a small packet of information sent by the server to the browser and then returned by the browser to the server at each request to the server – are sent to the computer of the person visiting the website, by which his/her browser will be uniquely identifiable, provided that the person visiting the website has given his/her express consent by further browsing of the website after having read a clear and unambiguous information on the matter.
Cookies only work to improve the user experience and to automate the login process. The cookies used on the website do not store personally identifiable information, the Service Provider does not process personal data in this regard.
The people concerned are all natural persons, who wish to subscribe to the Service Provider’s newsletter and consent to the processing of their personal data.
The data managed includes name, phone number, email address, billing name and address.
The purpose of data management is to inform the data subject about the services and products of the Service Provider, the changes in those services and products, information about news and events.
The received data can be seen by: the head of the Service Provider, the employee in charge of customer relations, the employees of the data processor in charge of the operation of the Service Provider’s website.
The duration of data management in case of newsletter subscription lasts until the person concerned unsubscribes.
The person concerned can unsubscribe from the newsletter at any time. The newsletter is unsubscribed by clicking on the unsubscribe link in the footer of the e-mails sent to the person concerned.
Webshop related data management
The above provisions apply to the data management activities related to the subscription to the newsletter and to the information of the visitors.
Online, electronic contracts (purchases) on the Service Provider’s website are listed in the CVIII. law from 2001, therefore the purpose of data management in addition to the above, is to prove the fulfillment of the Service Provider’s obligation to provide consumer information required by law, to prove the conclusion of the contract, to create the contract, to determine its content, to modify it, to monitor its fulfillment, the invoicing of the resulting fee(s) and the enforcement of related claims.
In the case of shopping in the web store, the legal basis of data management is the fulfillment of the contract and the fulfillment of a legal obligation.
Categories of data affected by data management: customers’ names, addresses, telephone numbers, bank account numbers.
Categories of persons involved in data management: any natural person, who subscribes to the newsletter of the Service Provider’s website or buys a product or service from the website.
The received data can be seen by: the Head of the Service Provider, the customer relations and sales employees of the Service Provider, the data processing staff performing the operation of the Service Provider’s website, the employees performing the accounting tasks of the Service Provider, the data processing staff performing these tasks and the BIG FISH Payment Gateway service provider assigned by the Service Provider, through whom the payment process takes place.
By accepting this Privacy Policy, the Passenger also accepts the following statement related to the payment process:
„I agree that the following personal data stored by Continental Travel (registered office: 1054 Budapest, Kálmán Imre u. 21.) in the user database of www.continentaltravel.hu will be transferred to BIG FISH Payment Services Kft. (registered office: 1066 Budapest, Nyugati tér 1-2.) as a data processor. The range of data transmitted: name prefix, surname, first name, IP address, billing address, delivery address, telephone number, e-mail address, last four digits of the bank card number. The purpose of the data transfer is to carry out the data communication required for payment transactions between the Service Provider’s and the Payment Service Provider’s system, and to ensure the traceability of the transactions for the Service Provider’s partners.”
The place of data management is the registered office of the Service Provider.
Duration of data management: 5 years from the termination of the contract.
11. Deadline for the administration of the Passenger’s application as a person concerned
The Service Provider will respond to requests for the Passenger’s rights as described above within the following deadlines.
- Right to information: When the data are collected, if the data subject transfers them or within one month, if it’s not the data subject, who transfers them
- Right of access: One month
- Right to rectification: One month
- Right of deletion: Without undue delay
- Right to data portability: One month
- Right to protest: Upon receipt of the protest
- Right to restrict data processing: Without undue delay
12. Right to submit a complaint
If the Passenger believes that his/her rights have been violated, the Service Provider proposes the Passenger to initiate consultations with the Service Provider, so that he/she can contact the contact person indicated in point 1 directly. If such conciliation is unsuccessful, or if the Passenger does not wish to take part in such activities, he/she may apply to the Court or the NAIH (Hungarian National Authority for Data Protection and Freedom of Information). In the event of legal proceedings being instituted, the Passenger may decide to bring the proceedings before the court having jurisdiction over his address or place of residence.
The contact details of NAIH (Hungarian National Authority for Data Protection and Freedom of Information) are as follows:
1125 Budapest, Szilágyi Erzsébet fasor 22/C.
telephone: +36 1 391 1400
fax: +36 1 391 1410
e-mail: ugyfelszolgalat@naih.hu
website: https://www.naih.hu/general-information.html
13. Amendments to Privacy Policy
The Service Provider reserves the right to amend this Privacy Policy at any time, in which case Service Provider will inform the Passengers by letter or e-mail and in all cases in accordance with the relevant legislation.