Privacy Policy

• Data controller: Dandelion Vendégházak Kft.
• Representative: Ilona Varnagy
• E-mail: hello@dandelionhouse.hu
• Phone: +36 20 773 0807
• Website: dandelionhouse.hu
• Registered office / mailing address: 8284 Kisapati, Kossuth utca 78/5, Hungary

The purpose of this Privacy Policy is to provide guests, enquirers and website visitors with transparent information about what personal data we process, for what purpose, on what legal basis, for how long, and what rights they have.

We process personal data only to the extent necessary for providing accommodation services, managing bookings, communicating with guests, fulfilling legal obligations and operating the website.

• Data processed: name, e-mail address, phone number, message content, requested arrival and departure dates, number of guests and any other information provided voluntarily.
• Purpose: responding to enquiries, sending offers, booking coordination and guest communication.
• Legal basis: steps prior to entering into a contract, and legitimate interest based on the voluntary enquiry of the data subject.
• Retention period: up to 2 years from closing the enquiry, unless the communication results in a booking or a matter subject to legal or accounting obligations.

Bookings may be made directly through the website, by e-mail, by phone or through external sales channels.

• Data processed: name, contact details, booking data, arrival and departure dates, number of guests, selected accommodation, payment information, billing data and notes.
• Purpose: recording, confirming, fulfilling, modifying or cancelling a booking.
• Legal basis: performance of a contract and steps prior to entering into a contract.
• Retention period: for the time necessary to fulfil the booking and according to statutory retention obligations.

The booking and guest management processes of Dandelion Guesthouses may involve the SabeeApp property management and booking system.

• Provider: thePass Kft. / SabeeApp
• Purpose: booking management, recording guest data, supporting confirmations and guest communication.
• Data processed: data necessary for booking, contact, online check-in and accommodation services.

SabeeApp has its own privacy notice, available through the SabeeApp interface.

Occupying the accommodation may require online check-in, during which guest data and identity document data required by law must be recorded.

• Data processed: name, birth data, nationality, address, identity document data, arrival and departure data and other guest data required by law.
• Purpose: statutory guest registration, performance of accommodation services and official data reporting.
• Legal basis: compliance with a legal obligation.

If online check-in is not completed, the entry code or key box code may not be sent because the legal conditions for occupying the accommodation have not been met.

• Data processed: billing name, billing address, payment data, booking identifier, paid amounts and invoice content.
• Purpose: issuing invoices, accounting, tax and bookkeeping obligations.
• Legal basis: compliance with a legal obligation.
• Retention period: accounting documents must be retained for at least 8 years under applicable laws.

During website operation, technical data may be generated, such as IP address, browser type, device data, visit time, viewed pages and error information.

• Purpose: secure website operation, troubleshooting, performance measurement and visitor statistics.
• Legal basis: legitimate interest and, where required, consent.

The website may use cookies necessary for operation, as well as technologies for statistics or measurement. Google Tag Manager is used on the website and may load analytics services.

• Dandelion Guesthouses may use a self-hosted newsletter service for newsletters and marketing communication.
• Data processed: name, e-mail address, subscription time, proof of consent, newsletter open and click data, unsubscribe data and any other data voluntarily provided during subscription.
• Purpose: sending newsletters, offers, seasonal updates, promotions, guesthouse news and marketing content.
• Legal basis: voluntary consent of the data subject.
• Processor: Dandelion newsletter service
• Duration: until consent is withdrawn, i.e. until unsubscribing from the newsletter.
• Unsubscribe: through the link at the bottom of newsletters or by writing to hello@dandelionhouse.hu.

Unsubscribing does not affect the lawfulness of processing carried out before withdrawal.

An electronic camera surveillance system may operate only in certain shared-use areas of Dandelion Guesthouses. Warning notices are displayed before entering shared areas covered by camera surveillance.

Monitored areas may include, in particular, entrances, yards, parking areas, access routes and, at the affected houses, the Panorama Pool area. Cameras are not directed at indoor living areas, bedrooms, bathrooms, toilets or other areas affecting guests' private sphere.

Camera surveillance does not include audio recording.

• Data processed: the data subject's image, physical appearance visible on the recording, and the place and time of the recording.
• Purpose of processing: personal and property protection, protection of guests and the accommodation, prevention of damage and breaches of rules, and clarification of complaints, accidents, damage events or legal infringements.
• Legal basis: the data controller's legitimate interest under Article 6(1)(f) GDPR.
• Retention period: recordings are generally retained for no more than 3 working days. In case of an incident, complaint, damage event or legal claim, the relevant recording may be retained for the period necessary to clarify the matter, conduct official or legal proceedings, or enforce a claim.
• Access: recordings may be accessed only by authorised operator or processor personnel. Recordings may be reviewed only where justified, for example in case of a complaint, accident, damage event, legal infringement or authority request.
• Disclosure: where necessary, a recording may be disclosed to an authority, insurer, legal representative or other entitled body if required for compliance with a legal obligation or enforcement of a legitimate claim.
• Data subject rights: the data subject may request information and access, request restriction or erasure of the recording, and object to processing based on legitimate interest under the applicable legal conditions.

Camera surveillance does not replace personal supervision, adult supervision of children or guests' own duty of care.

External providers may be involved in providing the service and operating the website.

• hosting provider and website operation providers,
• SabeeApp / thePass Kft. as booking and guest management system,
• Google services, such as Google Tag Manager and Google Analytics,
• self-hosted Dandelion newsletter service as newsletter and marketing automation provider,
• technical provider involved in the operation or maintenance of the camera system,
• banking and payment service providers,
• accounting and invoicing providers,
• authorities and official systems acting under law.

External providers may access personal data only to the necessary extent and process it according to their contractual, statutory or processor obligations.

We transfer personal data to third parties only if necessary for fulfilling a booking, complying with legal obligations, official reporting, payment, invoicing or enforcing legitimate claims.

If a booking was made through an external sales channel, the privacy notice of that channel may also apply.

The data controller protects personal data with appropriate technical and organisational measures against unauthorised access, modification, transfer, disclosure, deletion, damage or destruction.

Access is restricted, and data may be handled only by persons who need it for their specific task.

Data subjects may exercise the following rights in relation to data processing:

• request information about data processing,
• access personal data processed,
• request rectification,
• request erasure where the legal conditions apply,
• request restriction of processing,
• object to processing based on legitimate interest,
• data portability where the conditions apply,
• withdraw consent where processing is based on consent.

Requests may be sent to hello@dandelionhouse.hu. We respond without undue delay and within no more than 1 month.

In case of a data protection complaint, please first write to us at hello@dandelionhouse.hu so that we can resolve the issue directly.

The data subject may also lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information.

• Hungarian National Authority for Data Protection and Freedom of Information - NAIH
• Address: 1055 Budapest, Falk Miksa utca 9-11, Hungary
• Mailing address: 1363 Budapest, Pf. 9, Hungary
• E-mail: ugyfelszolgalat@naih.hu
• Phone: +36 1 391 1400
• Web: naih.hu

The data controller reserves the right to amend this notice. Changes take effect when published on the website.