Privacy policy

Privacy Policy

1. Purpose of the Privacy Policy
2. Data of the Data controller
3. Data of the Data controller
4. What are you rights?
5. Measures and notification
6. Possible recipients
7. Cookies
8. Other provisions

1. Purpose of the Privacy Policy

The goal of our Privacy Policy is to provide all necessary information about processing your personal data in a concise, transparent, intelligible and easily accessible form, using clear and plain language, and assist the Data subjects in exercising their rights under Section 4.

The legal basis of our duty to communicate information is Article 12 of Regulation 2016/679 of the European Parliament and Council (hereinafter referred to as: GDPR) and Section 20 of Act CXII of 2011 on the right to self-determination concerning personal information and the freedom of information (hereinafter referred to as: ‘Information Act’).

2. Data of the Data controller
Name: Silverline Cruises Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság
Website: https://budapestdanuberivercruise.com
Registry number: 01-09-973821
Registered seat: 1138 Budapest, Marina part hrsz 25904/1.
Tax number: 23692800-2-41
E-mail: booking@budapestdanuberivercruise.com
Telephone number +36-20-3325364

3. Data processing activities
3.1. Processing concerning offers

You can give offers for the participation on our programs. The details of such processing are described hereunder.

3.1.1. Processed personal data and purpose of processing

personal data purpose of processing
name identification of the tenderer or its representative
phone number connecting the tenderer or its representative and giving information about the offer
e-mail address connecting the tenderer or its representative and giving information about the offer
3.1.2. Legal basis of processing

Processing is necessary to take steps at the request of the data tenderer prior to entering into the contract (section 6 paragraph 1 point b of GDPR).

If the tenderer’s representative provides his or her personal data for these purposes, the legal basis of processing personal data – with regard to the relevant authorial practice – is the legitimate interest of us and the tenderer company (section 6 paragraph 1 point f of GDPR). It is each party’s legitimate interest to maintain an effective business communication and to finalize an appropriate offer. In our view – since it is the part of the representative’s scope of duty – the processing of the mentioned personal data doesn’t restrict disproportionately the privacy and freedom of self determination.

3.1.3. Duration of the processing

1 year after the collection of personal data.

3.1.4. Mode of processing

Personal data are collected automatically, in electronic form.

3.1.5. Provision of processing

Since we cannot take your offer without knowing any information about you, the processing is a requirement necessary to enter into a contract.

3.2. Processing concerning coupons

In order to give preferences to our clients, it is possible to require a beneficial coupon on our website. The details of such processing are described hereunder.

3.2.1. Processed personal data and purpose of processing

personal data purpose of processing
name identification of the Data subject
e-mail address identification of the Data subject
3.2.2. The legal basis of a processing

Processing is necessary for compliance with a legal obligation; with regard to section 6 paragraph 1 point f of GDPR, section 5 article 1 point b of Information Act and section 13/A. § paragraph 1 and 3 of Act CVIII of 2001.

3.2.3. Duration of the processing

1 year after the collection of personal data.

3.2.4. Mode of processing

Personal data are collected automatically, in electronic form.

3.3. Processing concerning connection

It is possible to connect us through the connection form located on the website. The details of such processing are described hereunder.
3.3.1. Processed personal data and purpose of processing

personal data purpose of processing
name identification of the Data subject
phone number connecting the Data subject
e-mail address connecting the Data subject
3.3.2. The legal basis of a processing

Processing is necessary for compliance with a legal obligation; with regard to section 6 paragraph 1 point f of GDPR, section 5 article 1 point b of Information Act and section 13/A. § paragraph 1 and 3 of Act CVIII of 2001.

3.3.3. Duration of the processing

1 year after the collection of personal data.

3.3.4. Mode of processing

Personal data are collected automatically, in electronic form.

3.4. Processing concerning booking

You are free to book any of our events shown in our website. The details of such processing are described hereunder.

3.4.1. Processed personal data and purpose of processing

personal data purpose of processing
name identification of the purchaser or its representative
phone number connecting the purchaser or its representative and giving information about the event
e-mail address connecting the purchaser or its representative and giving information about the event
address notification of the purchaser by post
3.4.2. The legal basis of a processing

If the purchaser is the Data subject, processing is necessary to take steps at the request of the data tenderer prior to entering into the contract (section 6 paragraph 1 point b of GDPR).
If the purchaser’s representative provides his or her personal data for these purposes, the legal basis of processing personal data – with regard to the relevant authorial practice – is the legitimate interest of us and the purchaser company (section 6 paragraph 1 point f of GDPR). It is each party’s legitimate interest to maintain an effective business communication and to finalize the purchase. In our view – since it is the part of the representative’s scope of duty – the processing of the mentioned personal data doesn’t restrict disproportionately the privacy and freedom of self determination.

3.4.3. Duration of the processing

1 year after the collection of personal data or 2 months after the event.

3.4.4. Mode of processing

Personal data are collected automatically, in electronic form.

3.4.5. Provision of processing

Since we cannot perform the booking without knowing any information about you, the processing is a requirement necessary to enter into a contract.

3.5. Processing concerning invoicing

After the performing of the bookings we – with regard to Act C of 2000 on accounting – make out a bill. The details of such processing are described hereunder.

3.5.1. Processed personal data and purpose of processing

personal data purpose of processing
name Processed personal data and purpose of processing
address Processed personal data and purpose of processing
3.5.2. The legal basis of a processing

Processing is necessary for compliance with a legal obligation; with regard to section 6 paragraph 1 point f of GDPR, section 5 article 1 point b of Information Act and section 166 paragraph 1 to 3 of Act C of 2000.

3.5.3. Duration of the processing

8 years after accounting.

3.5.4. Mode of processing

Personal data are collected manually, in electronic form.

3.5.5. Provision of processing

Since we cannot perform our accounting obligations without knowing any information about you, the processing is a statutory requirement.

4. What are your rights?

4.1. Right to access:
You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the information featured in point 3.

4.2. Right to rectification
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

4.3. Right to erasure:
You have the right to obtain from us the erasure of personal data concerning you without undue delay and we shall have the obligation to erase personal data without undue delay if it is mandatory according to Article 17 of GDPR.

4.4. Right to be forgotten:
If we made the personal data public and are obliged to erase your personal data, we inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data

4.5. Right to restriction of processing:
You have the right to obtain from us restriction of processing if is obligatory according to Article 18 of GDPR.

4.6. Right to data portability:
You have the right to receive the personal data concerning you, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us if is possible according to Article 20 of GDPR.

4.7. Right to complain:
You have the right to appeal to the Hungarian courts and to make a complaint to the Hungarian Supervisory Authority (Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; https://www.naih.hu/panaszuegyintezes-rendje.html).

4.8. The nature and purpose of the data processing activity performed by the data processor in the SimplePay Privacy Policy can be found at the following link: http://simplepay.hu/vasarlo-aff

5. Measures and notification

5.1. Informing Data subjects
We communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 of GDPR to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves a disproportionate effort. We also inform the data subject about those recipients if you request it.

5.2. Mode and deadline of notification
We provide information on action taken on a request under Articles 15 to 22 of GDPR to you without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We inform you of any such extension within one month of receipt of the request, together with the reasons for the delay. Where you make the request by electronic form means, we provided the information by electronic means where possible, unless you request it otherwise.
If we do not take action on your request, we inform you without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy (see point 4.7.).

5.3. Monitoring
If we have reasonable doubts concerning the identity of the natural person making the request, we may request the provision of additional information necessary to confirm the identity of the data subject.

5.4. Costs of measures and notifications
We provide you information and take the necessary measures free of charge.
If your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested or we refuse to act on your request.

6. Possible recipients

6.1. During the operation of our website

Our website’s hosting provider (data processor) can have access to the personal data you provide while using the website. The data processor’s data are the following:

Name: Webonic Kft.
Connection: https://www.webonic.hu/kapcsolat

6.2. Social media
Our website has several social media profile so that if you „like” us on Facebook or „follow” us on Twitter, we may learn all the personal data which is public on your profile.

6.3. Accounting
The Hungarian national tax authority is entitled to learn all information concerning accounting.
Name: Nemzeti Adó- és Vámhivatal
Connection: https://www.nav.gov.hu/nav/kapcsolat

7. Cookies

7.1. Cookies in general
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
Cookies can be used by web servers to identify and track users as they navigate different pages on a website and identify users returning to a website.

7.2. Our cookies
The names of the cookies that we use on our website, and the purposes for which they are used, are set out below:
• Google Analytics
• Google Tag Manager
• Google Adwords Re-marketing Tag
• Facebook Pixel Code
• Smartlook Code

7.3. Analytics cookies
We use Google Analytics to analyse the use of our website.
Our analytics service provider generates statistical and other information about website use by means of cookies.
The information generated relating to our website is used to create reports about the use of our website.
Our analytics service provider’s privacy policy is available at: http://www.google.com/policies/privacy/

7.4. Blocking cookies
Most browsers allow you to refuse to accept cookies; for example:
• in Internet Explorer (version 11) you can block cookies using the cookie handling override settings available by clicking “Tools”, “Internet Options”, “Privacy” and then “Advanced”;
• in Firefox (version 39) you can block all cookies by clicking “Tools”, “Options”, “Privacy”, selecting “Use custom settings for history” from the drop-down menu, and unticking “Accept cookies from sites”; and
• in Chrome (version 44), you can block all cookies by accessing the “Customise and control” menu, and clicking “Settings”, “Show advanced settings” and “Content settings”, and then selecting “Block sites from setting any data” under the “Cookies” heading.
Blocking all cookies will have a negative impact upon the usability of many websites.
If you block cookies, you will not be able to use all the features on our website.

8. Other provisions

8.1. Processing for a different purpose
If we intend to further process the personal data for a purpose other than that for which the personal data were collected, we provide you prior to that further processing with information on that other purpose and with any relevant further information.

8.2. Data protection
We secure your personal information from unauthorized access, use or disclosure. We secure the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. When personal information (such as a credit card number) is transmitted to other Web sites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) or HTTPS protocol.
Our SSL servicer’s data are the following:
Name: Cloudflare, Ltd.
Website: https://www.cloudflare.com/

8.3. Record of processing
To comply with section 30 of GDPR, we maintain a record of processing activities under our responsibility.

8.4. Data Breaches
Data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. In case of a data breach, we act according to section 33 and 34 of GDPR.

8.5. Changes to our Privacy Policy
We will occasionally update this Privacy Policy to reflect feedback. We encourage you to periodically review this Policy to be informed of how we are protecting your information.

Effective: 01/01/2020

Silverline Cruises Kft.
Controller