PRIVACY POLICY

For the website and booking system of Barbi Lake Guesthouse

Effective date: 6 May 2026

1. Data Controller Information

Name of the Data Controller: Barbi Lake Guesthouse
Registered address:
6200 Kiskőrös, Középcebe tanya 1.
Postal address
6200 Kiskőrös, Középcebe tanya 1.
E-mail: barbitovendeghaz@gmail.com
Phone number:

Website: www.barbitovendeghaz.hu
Representative: Illés Barbara

2. Purpose of this Privacy Policy

The purpose of this Privacy Policy is to provide detailed information to visitors of the website and individuals initiating bookings regarding the processing of personal data.
During data processing, the Data Controller acts in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), Act CXII of 2011 on Informational Self-Determination and Freedom of Information, Act CVIII of 2001, and all other applicable Hungarian and European Union legislation.

3. Categories of Personal Data Processed

The Data Controller may process the following personal data:
name
email address
phone number
booking details
arrival and departure dates
number of guests
billing information
IP address
technical and log data
cookie identifiers
message content

4. Purpose and Legal Basis of Data Processing

Purpose of data processing:
handling accommodation bookings
communication with guests
providing quotations
confirming reservations
invoicing
compliance with legal obligations
maintaining website security
statistical analysis
Legal basis of data processing:
Article 6(1)(b) GDPR – performance of a contract
Article 6(1)(c) GDPR – compliance with a legal obligation
Article 6(1)(a) GDPR – consent
Article 6(1)(f) GDPR – legitimate interests

5. Booking System

During the use of the booking system on the website, visitors are required to provide personal data.
A booking request does not automatically constitute a confirmed reservation. All bookings become final only after confirmation.
The booking system may send automated email notifications.

6. Cookies and Cookie Management

The website uses cookies.
The purposes of cookies are:
ensuring the proper functioning of the website
statistical analysis
supporting marketing activities
Non-essential cookies are activated only with the user’s prior consent.
The website uses a cookie management system.

7. External Services

The website may use external service providers, such as:
Google Analytics
Google Fonts
Google Maps
YouTube
Meta / Facebook services
Gmail email service
The data processing practices of these service providers are governed by their own privacy policies.

8. Hosting Providers and Data Processors

The Data Controller may use data processors in order to operate the services.
Possible data processors include:
hosting provider
website maintenance provider
booking system provider
invoicing software provider
email service provider
The exact details will be completed upon the launch of the live system.

9. Data Security

The Data Controller applies appropriate technical and organisational measures, including:
SSL encryption
access control and permission management
regular backups
logging systems
antivirus protection
regular system updates
restricted access to personal data
The Data Controller makes every reasonable effort to ensure the security of personal data.

10. Data Retention Period

Personal data is retained only for as long as necessary for the purposes for which it is processed.
Billing data retention period: 8 years
Contact enquiry data: up to 1 year
booking data: for the duration necessary to perform the contract and comply with legal obligations

11. Rights of Data Subjects

The data subject has the right to:
request information
request access to their data
request rectification
request erasure

object to processing
exercise the right to data portability
withdraw consent

12. Data Transfers

The Data Controller transfers personal data to third parties only where required by law or contractual obligation.
In certain cases, data may be transferred outside the EU, in particular when using services provided by Google or Meta.

13. Automated Decision-Making

The Data Controller does not carry out automated decision-making or profiling.

14. Handling of Data Breaches

In the event of a personal data breach, the Data Controller acts in accordance with the GDPR and, where necessary, notifies the competent supervisory authority and the affected data subjects.

15. Legal Remedies

The data subject may lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH).
NAIH
1055 Budapest, Falk Miksa utca 9–11.
www.naih.hu
ugyfelszolgalat@naih.hu
The data subject may also seek judicial remedy.

16. Final Provisions

The Data Controller reserves the right to amend this Privacy Policy.
The amended Privacy Policy shall enter into force upon its publication on the website.
LIST OF REQUIRED INFORMATION TO BE COMPLETED
Before finalising the document, the following information must be completed:
registered address
contact person’s name
email address
phone number
domain name
hosting provider details
booking plugin name
invoicing software name
cookie management system name
exact list of data processors

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by