During its activities, the Villa7 Vendégház (represented by Kálmán Tromler, hereinafter: Data Controller) takes extra care to protect personal data, comply with mandatory legal provisions, and handle data safely and fairly.

Data of the Data Controller 

Name: Villa7 Vendégház 
Represented by:
 Kálmán Tromler, hereinafter data controller 
Headquarters: 8226 Alsóörs, Táncsics Mihály utca 7. 
Tax number: 79442426-2-39 
Phone: +36303003152 
Email: info@villa7.hu 
Website: www.villa7.hu

The Data Controller handles the personal data made available in all cases in compliance with the applicable Hungarian and European legislation and ethical expectations, and in all cases takes the technical and organizational measures necessary for proper data security management.

These regulations have been developed on the basis of the following legislation currently in effect:

· CXIX of 1995 TV. on the management of name and address data for the purpose of research and direct business acquisition

    · CVIII of 2001 TV. on certain issues of electronic commercial services and services related to the information society

· XLVIII of 2008 TV. about the basic conditions and certain limitations of economic advertising activity

· Act CXII of 2011 on the right to self-determination of information and freedom of information

· Regulation 2016/679/EU (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and on the repeal of Regulation 95/46/EC

The Data Controller undertakes to unilaterally comply with these regulations and requests that its customers also accept the provisions of the regulations. The data controller reserves the right to change the data protection policy, in which case the modified policy will be published publicly.


In our regulations, data protection technical terms have the following meanings:

Personal data : data that can be associated with any specific (identified or identifiable) natural person (hereinafter: data subject), any conclusion about the data subject that can be drawn from the data. During data management, personal data will retain its quality as long as the relationship with the data subject can be restored. A person can be considered identifiable in particular if he can be identified – directly or indirectly – on the basis of a name, identification mark, or one or more factors characteristic of his physical, physiological, mental, economic, cultural or social identity.

Consent : the voluntary and decisive expression of the data subject’s will, which is based on adequate information, and with which he gives his unequivocal consent to the processing of his personal data – in full or covering certain operations.

Objection : the statement of the data subject objecting to the processing of their personal data and requesting the termination of the data processing or the deletion of the processed data.

Data controller : the natural or legal person or organization without legal personality, who independently or together with others, determines the purpose of data management, makes and implements decisions regarding data management (including the device used), or has them implemented with the Data Processor.

Data management : regardless of the procedure used, any operation performed on the data or the set of operations, including, in particular, collection, recording, recording, organization, storage, change, use, query, transmission, disclosure, coordination or connection, locking, deletion and destruction, and preventing further use of the data, taking photographs, audio or video recordings, and recording physical characteristics suitable for identifying the person (e.g. fingerprint or palm print, DNA sample, iris image).

Data transmission : making the data available to a specific third party.

Disclosure : making the data available to anyone.

Data deletion : rendering the data unrecognizable in such a way that its recovery is no longer possible.

Data marking : providing the data with an identification mark in order to distinguish it.

Data blocking : providing the data with an identification mark for the purpose of limiting its further processing permanently or for a specified period of time.

Data destruction : complete physical destruction of the data carrier containing the data.

Data processing : the performance of technical tasks related to data management operations, regardless of the method and tool used to perform the operations, as well as the place of application, provided that the technical task is performed on the data.

Data processor : a natural or legal person, or an organization without legal personality, who processes data on the basis of a contract, including a contract concluded under the provisions of the law.

Data file : the totality of the data managed in a register.

Third party : a natural or legal person, or an organization without legal personality, who is not the same as the data subject, the data controller or the data processor.

EEA state : a member state of the European Union and another state party to the Agreement on the European Economic Area, as well as the state of which the European Union and its member states are citizens, as well as a state that is not a party to the Agreement on the European Economic Area, on the basis of an international treaty concluded between the European Economic Area He enjoys the same legal status as a citizen of a state party to the Territorial Agreement.

Third country : any state that is not an EEA state.

Data protection incident : unlawful handling or processing of personal data, including in particular unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage.


Personal data can be processed if the data subject consents to it, or if it is ordered by law or – based on the authority of the law, within the scope defined therein – by a local government decree.

Personal data may only be processed for a specific purpose, in order to exercise a right and fulfill an obligation. All stages of data management must comply with this purpose.

Only such personal data can be processed that is essential for the realization of the purpose of data management, is suitable for achieving the purpose, and only to the extent and for the time necessary for the realization of the purpose.

Personal data can be transferred, and different data processing can be linked, if the data subject has consented to it, or if the law allows it, and if the conditions for data processing are met for each individual piece of personal data.

Personal data may be transferred from the country to a data controller or data processor in a third country, regardless of the data carrier or the method of data transfer, if the data subject has expressly consented to it, or if it is permitted by law, and during the handling and processing of the transferred data in the third country. an adequate level of protection of personal data is ensured.

In the case of mandatory data management, the purpose and conditions of data management, the scope and accessibility of the data to be managed, the duration of data management, and the person of the data manager are determined by the law or municipal decree ordering the data management.

In the public interest, the law can order the disclosure of personal data by explicitly specifying the scope of the data. In all other cases, disclosure requires the consent of the data subject, or in the case of special data, written consent. In case of doubt, it must be assumed that the data subject did not give his consent.

The data subject’s consent shall be deemed to be given with regard to the data communicated by the data subject during his public appearances or provided by him for the purpose of disclosure.

In the procedure initiated at the request of the data subject, his consent to the processing of his necessary data must be assumed. The attention of the data subject must be drawn to this fact.

The data subject may also give his consent in the framework of a written contract with the Data Controller in order to fulfill the provisions of the contract. In this case, the contract must contain all information that the data subject must know from the point of view of the processing of personal data, in particular the definition of the data to be processed, the duration of the data processing, the purpose of use, the transmission of the data, the use of a data processor. The contract must clearly state that, by signing, the data subject consents to the processing of his/her data as specified in the contract.

The right to the protection of personal data and the personal rights of the data subject cannot be violated by other interests related to data management, including the disclosure of data of public interest, unless the law makes an exception.


In the course of its activities, the Data Controller handles personal data in all cases based on law or voluntary consent. In some cases, data management, in the absence of consent, is based on other legal bases or on Article 6 of the regulation.

The Data Manager does not use the assistance of Data Processors for its activities, and does not forward data to third parties.

Data of website visitors

Website operator: Kálmán Tromler (8226 Alsóörs, Táncsics Mihály utca 7.)

Web hosting service provider: ActiveNet Informatikai Bt. (1036 Budapest, Bécsi út 85. fszt. 5.) 
Company registration number: 01 06 788373

Tax number: 25024487-2-41 
Community tax number: HU25024487 
Bank account number: 11703006-20476384

The Data Controller does not record the user’s IP address or other personal data when visiting the websites it operates.

The html code of the website operated by the Data Controller may contain links to and from an independent external server for the purpose of web analytics measurements. The measurement also covers the tracking of conversions. The web analytics service provider does not handle personal data, only browsing-related data that is not suitable for identifying individuals. Currently, web analytics services are provided by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043), within the framework of the Google Analytics service.

Through the advertising systems of Facebook and Google AdWords, the Data Controller uses the so-called runs remarketing ads. These service providers can collect or receive data from the Data Controller’s website and other internet sites using cookies, web beacons and similar technologies. Using this data, they provide measurement services and target advertisements. Ads targeted in this way may appear on additional websites in the partner network of Facebook and Google. The remarketing lists do not contain the visitor’s personal data and are not suitable for personal identification.

The use of cookies can be deleted from the user’s computer or their use can be prohibited in their browser. Depending on the browser, these options can typically be found in the Settings / Privacy menu.

More information about the data protection policies of Google and Facebook can be found at the following addresses:  http://www.google.com/privacy.html  and htt ps://w ww .face book k.com/about/privacy/

 Send a message

A message can be sent to the Data Controller via the website operated by the Data Controller. To send a message, you must enter your name, phone number, and e-mail address, which is essential for the delivery of messages.

The user is responsible for the authenticity of the personal data provided.


 The Data Controller protects the data, especially against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage. Together with the server operators, the Data Controller ensures the security of the data with technical, organizational and organizational measures that provide a level of protection corresponding to the risks associated with data management.


The data subject can request information about the management of his personal data, as well as request the correction or deletion of his personal data, with the exception of the data management mandated by law, at any contact point of the Data Controller.

At the request of the data subject, the Data Controller provides information about the data it manages, the purpose of the data management, the legal basis, the duration and the activities related to the data management.

The Data Controller is obliged to provide the information free of charge in writing, in an understandable form, as soon as possible after the submission of the request, but no later than within 25 days.

The Data Controller must correct personal data that does not correspond to reality.

Personal data will be deleted by the Data Controller if its processing is illegal, if the data subject requests it, if it is incomplete or incorrect – and this state cannot be legally corrected – provided that the deletion is not precluded by law, if the purpose of data management has ceased, the deadline for data storage is set by law expired or was ordered by the court or the data protection commissioner.

The correction and deletion will be notified to the data subject and to all those to whom the data was previously transmitted for the purpose of data management. The notification can be omitted if this does not harm the legitimate interests of the data subject in view of the purpose of the data management.

The data subject may object to the processing of his/her personal data if the processing (transmission) of the personal data is necessary solely for the enforcement of the rights or legitimate interests of the data controller or the data recipient, unless the data processing is ordered by law, the use or transmission of the personal data is direct business acquisition, public opinion polling or for the purpose of scientific research, the exercise of the right to protest is otherwise permitted by law.

The Data Controller – with the simultaneous suspension of data management – is obliged to examine the protest within the shortest period of time from the submission of the request, but no later than 15 days, and to inform the applicant of the result in writing. If the protest is justified, the data controller is obliged to terminate the data management – including further data collection and transmission – and to block the data, as well as to notify all those to whom the personal data affected by the protest was previously transmitted, and those who are obliged to take measures to enforce the right to protest.

In the event of a violation of their rights, the data subject may appeal to the court or the data protection authority against the data controller. Legal remedies and complaints can be made at the following contacts:

Name:  National Data Protection and Freedom of Information Authority 
Address:  1125 Budapest, Szilágyi Erzsébet fasor 22/c. 
Phone : 06-1-391-1400 
Fax:  06-1-391-1410 
E-mail:  ugyfelszolgalat@naih.hu
Website:  naih.hu