Privacy Policy
Unlimited Travel Ltd.
Privacy Policy
The protection of your data is of primary importance to Unlimited Travel Ltd. This document describes the data management practices of https://unlimitedtravel.hu/ and www.unlimited-travel.hu (the “Site”), as well as other services provided by Unlimited Travel Ltd. We refer to the Site and other services collectively as the “Service.”
The data controller is Unlimited TRAVEL LTD. (Registered office: 1054 Budapest Hold utca 6. III.em.2/A; hereinafter: “Unlimited Travel”, “Service Provider”, “Data Controller”, “we”, “us”, or “our”).
- Acceptance of the Privacy Policy
To operate our business and provide our services, we require certain information and data. By accepting the Privacy Policy, you assure us that you have read and understood our data management practices and how we may collect and use your data.
If you do not agree with our Privacy Policy, we must ask you not to use our services!
- INTRODUCTION, GENERAL INFORMATION
1.1.Unlimited Travel Ltd. (1054 Budapest, Hold utca 6. III.em.2/A, company registration number: 01-09-701946) as data controller (hereinafter: Unlimited Travel Ltd., or service provider, or data controller) recognizes the contents of this privacy policy as binding upon itself. Unlimited Travel Ltd. undertakes that its data processing related to its activities complies with the rules and expectations defined in this Privacy Policy (hereinafter: Policy) and in current legislation.
1.2. This Privacy Policy was prepared based on the legal provisions in force at the time of its creation. The Privacy Policy may change in the event of changes to relevant legislation, and Unlimited Travel Ltd. reserves the right to change the Privacy Policy at any time within the framework of current legislation. Unlimited Travel Ltd. shall inform data subjects of any modification to the Policy in all cases appropriately and in accordance with the principle of transparency defined in the GDPR.
1.3. The Privacy Policy and any modifications thereof are continuously available on the https://unlimitedtravel.hu/ and www.unlimited-travel.hu websites, and can be viewed or collected at the company's registered office (1054 Budapest Hold utca 6. III.em.2/A).
1.4.Unlimited Travel Ltd. is committed to protecting the personal data of its users and partners and considers it of paramount importance to respect its customers' right to informational self-determination. Unlimited Travel Ltd. treats personal data confidentially and takes all security, technical, and organizational measures that guarantee the security of the data.
1.5. We inform our customers that the court, the prosecutor, the investigating authority, the infringement authority, the administrative authority, the data protection commissioner, or other bodies based on legal authorization may contact the data controller for the purpose of providing information, disclosing data, transferring data, or making documents available. Unlimited Travel Ltd. shall only release personal data to authorities—provided the authority has indicated the exact purpose and scope of the data—to the extent and in the amount absolutely necessary to achieve the purpose of the request.
1.6.Unlimited Travel Ltd. processes the personal data of customers in connection with its travel agency activities, for the creation of contracts (e.g., requests for proposals, needs assessment), for performance, for marketing purposes, and for the enforcement of claims arising from contracts for the necessary scope and duration. It further transfers data to the extent necessary for the performance of the given service to partners providing the service(s) ordered by the customer, using the IT systems applied (own and external systems: global reservation system, Unlimited Travel Ltd.'s own systems, etc.).
1.7.Unlimited Travel Ltd. outlines its data management principles below and presents the expectations it has formulated for itself as a data controller and adheres to. Its data management principles are in accordance with the current legislation related to data protection, in particular the following:
- REGULATION (EU) 2016/679 OF THE EUROPEAN PARLAMENT AND OF THE COUNCIL (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: "General Data Protection Regulation" or "GDPR")
- Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: "Infotv.")
- Act CXIX of 1995 on the Management of Name and Address Data for the Purpose of Research and Direct Marketing (Katv.)
- Act C of 2000 on Accounting (Számv.tv.)
- Act CVIII of 2001 on certain issues of electronic commerce services and information society services (Eker.tv.)
- Act C of 2003 on Electronic Communications (Eht.)
- Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activity (Grt.)
- Gov. Decree 213/1996. (XII.23.) on Travel Organization and Agency Activities
- Gov. Decree 281/2008. (XI.28.) on Travel Contracts
IMPORTANT: Should any of our users or customers have a question that is not clear based on this Policy, please write to us at one of our contact details provided in Section 2 of the Policy, and we will answer your question.
- CONTACT DETAILS OF THE DATA CONTROLLER
Name: “Unlimited Travel” Utazásszervező és Szolgáltató Korlátolt Felelősségű Társaság
Short name: Unlimited Travel Ltd.
Registered office: 1054 Budapest, Hold utca 6. III.em.2/A
Company registration number: 01-09-701946
Name of registering court: Metropolitan Court as Registry Court
Tax number: 12756124-2-41
Email: unlimited@unlimitedtravel.hu
Phone number: +36 1 302 5501
Data concerning the registered office, premises, and contact details (including email) of the provider hosting the data controller's websites:
Name: Travelmax Magyarország Ltd.
Registered office: 2473 Vál, Vágóhíd utca 22.
Email: travelmax@travelmax.hu
Data management registration number: NAIH-14660/2018.
- CONTACT DETAILS OF THE DATA PROTECTION OFFICER
Name: Erika Edit Paraczkyné Budai
Mailing address: 1054 Budapest Hold u 6. III.2/A
Phone: +36 1 302 5501
Email: unlimited@unlimitedtravel.hu
- DEFINITIONS
data controller: the natural or legal person, public authority, agency, or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (in this Policy, unless otherwise stated, the data controller refers to Unlimited Travel Ltd.);
data processing: any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction;
data processor: a natural or legal person, public authority, agency, or any other body which processes personal data on behalf of the data controller;
recipient: a natural or legal person, public authority, agency, or another body, to which the personal data managed by the data controller is disclosed;
GDPR: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;
data subject: the natural person whose personal data is used by the data controller (performs data processing activities with it; including, but not limited to, customers, passengers, and interested parties);
consent of the data subject: any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
supervisory authority or NAIH: National Authority for Data Protection and Freedom of Information;
addressed advertising mail: a postal item as per the Act on Postal Services, not independently named therein, containing exclusively advertising, business acquisition, or promotional material—sent to at least 500 recipients at once, with identical content except for the recipient's name, address, and data that does not alter the nature of the message;
electronic advertising message (eDM, newsletter): an electronic message containing exclusively advertising, business acquisition, or promotional material, sent by the data controller to several data subjects at once to the email addresses provided by them.
SMS message: a text-based electronic message containing exclusively advertising, business acquisition, or promotional material, sent by the data controller to several data subjects at once to the mobile phone numbers provided by them.
profiling: any form of automated or non-automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements;
personal data: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, online identifier, email address, phone number, postal address, billing address, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;
special categories of personal data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic and biometric data for the purpose of uniquely identifying a natural person, data concerning health, and data concerning a natural person's sex life or sexual orientation;
customer: those inquiring about the data controller's products and services in person, on the website, by telephone, or in any other way, as well as those entering into a travel, service, or other contract or legal relationship with the data controller.
- DESCRIPTION OF INDIVIDUAL DATA PROCESSING ACTIVITIES OF UNLIMITED TRAVEL LTD
5.1. Processing data of visitors to the unlimitedtravel.hu and unlimited-travel.hu websites
5.2. Persons affected by data processing: visitors and registered users of the websites.
Purpose of data collection:
a) In the case of a visitor to the Website: during the visit to the Website, the service provider records visitor data to perform the service, monitor its operation, and prevent abuses.
b) In the case of a registered visitor to the Website: the provider records visitor data to understand the subject's interest in travel and to support the most personalized service possible.
c) In the case of a data subject ordering travel services on the website: the provider records visitor data to understand interest in travel, support personalized service, and for the creation and performance of the subject's contract and the enforcement of claims arising from the contract.
Legal basis for data processing: Section 13/A (1) - (3) of the Eker Act; for registered users, the provision of services ordered or otherwise used and the performance of contracts concluded with them based on Article 6(1)(b) of the GDPR.
- a) Scope of processed data: time and duration of the Website visit, IP address, behavior on the website, interests.
b) For registered users: in addition to the data specified in point a), the data controller collects other data related to the following activities: name, email address, date of birth, gender, billing address, phone number.
c) For data subjects ordering travel services on the website: name of the person placing the order, email address, date of birth, gender, billing address, phone number, names, gender, and date of birth of travel companions.
Mandatory or voluntary nature of data disclosure: the data controller indicates in all cases which data is voluntary for the use of a service (e.g., providing a name and email address is mandatory for registration, providing billing information is mandatory when ordering services).
Duration of data processing: 6 months from viewing the Website, or the period of validity of the data subject's consent.
Recipients of processed data:
Name: Travelmax Magyarország Ltd. Registered office: 2473 Vál, Vágóhíd utca 22. (data processor; description of its data processing activity: website management and development services.)
Rights of data subjects regarding data processing, including the right to lodge a complaint: see Section 8.
5.3. Data Management related to Cookies available on the unlimitedtravel.hu and unlimited-travel.hu websites
5.3.1. General information about cookies
What is a cookie?
Cookies (HTTP cookies) are small data files or data packages that a website operator places on the visitor's computer during and through the use of the website, and which are saved and stored by the visitor's internet browser after being downloaded from the website. During a subsequent visit, the operator can use the cookie to, for example, identify the visitor, distinguish them from other users, or even deliver customized information in the browser window.
How can I prevent cookies from being installed on my computer or delete them?
It is important to know that most internet browsers accept and enable the placement and use of cookies by default. However, through the appropriate browser settings, cookies can be rejected, their use restricted or blocked, and already stored cookies can be deleted. Information regarding the settings necessary for using cookies is provided by the various browser providers, and the necessary information can generally be found under the browser's "Help" menu.
What happens if I delete cookies or do not consent to their installation on my computer?
The user's refusal to use cookies generally does not prevent visiting or browsing the website. However, some cookies are strictly necessary for the proper functioning of certain services; therefore, blocking or rejecting the use of cookies, or deleting already stored cookies, results or may result in the website not functioning fully and certain features not being properly usable by the affected visitor.
Types of cookies
Cookies available on websites can generally be classified into two categories.
The first group includes cookies strictly necessary for the operation of the website (these include, for example, user-input cookies, authentication session cookies, user-centric security cookies, multimedia player session cookies, load-balancing session cookies, and user interface customization session cookies), while the second group includes all other cookies whose purpose or function goes beyond the operation of the website and serves other data management purposes (such as analytical cookies, social media plug-ins, and third-party cookies (e.g., Google) that record data on the user's internet usage and other marketing-purpose cookies). While for cookies in the first group, it is sufficient for the website operator to provide prior information about the cookie(s) installed on the visitor's computer by using the website, for the second group, the visitor's prior consent must be obtained.
5.3.2. What cookies does Unlimited Travel Ltd. install on my computer when visiting the unlimitedtravel.hu and unlimited-travel.hu websites?
5.3.2.1. Cookies strictly necessary for the operation of the websites
COOKIE NAME | DATA MANAGED/USED BY THE COOKIE | COOKIE LIFESPAN | COOKIE FUNCTION, PURPOSE OF DATA PROCESSING |
cookieconsent_dismissed | Does not store personal data; assigns an anonymous identifier; stores the acceptance of the cookie information bar. | 1 year | Enables the anonymous identification of the user. |
5.3.2.2. Other cookies
COOKIE NAME | DATA MANAGED/USED BY THE COOKIE | COOKIE LIFESPAN | COOKIE FUNCTION, PURPOSE OF DATA PROCESSING |
Google Analytics _ga | ID generated by anonymous website usage statistics. | 2 years | Creation of a unique statistical identifier for Google regarding the user's website usage. |
Google Analytics _gid | ID generated by anonymous website usage statistics. | 1 session (minimum 30 minutes) | Creation of a unique statistical identifier for Google regarding the user's website usage. |
Scope of processed data: by placing and reading back cookies, we process data related to visitors' website usage and browsing, related information, as well as demographic and statistical data. For the definition of specific data, see above.
Purpose of data processing with cookie(s): we use cookies on the website to ensure accessibility for visitors (including services and functions available there), simplify browsing, and increase the user experience by recording individual user settings and visit history. Additionally, cookies help us in properly serving visitors, promoting the security of their visit, and developing our services by providing us (and, in the case of third-party cookies, to them) with data, statistics, and other useful information related to website usage. Reading back cookies previously downloaded and saved from the website allows us to link the visitor's current browsing session with data from a previous browsing session. Linking browsing history and analyzing browsing habits helps us provide a unique user experience while maintaining the visitor's anonymity, and to deliver targeted advertising and marketing messages.
Legal basis for data processing: for cookies listed in section 5.3.2.1 (A), the legal basis is Section 13/A (3) of the Eker Act and the legal provisions in Article 5(3) of Directive 2002/58/EC. For cookies listed in section 5.3.2.2 (B), the legal basis is the consent of the data subject pursuant to Section 155(4) of the Ehtv, which we request and record upon the first entry to the websites.
Duration of data processing: for specific details, see the table above. Some cookies we use, which generally prevent data loss in a given session, are temporary and are deleted upon closing the session, i.e., closing the browser. However, we also use persistent cookies that remain on the visitor's computer for a longer period. The persistent cookies we use essentially serve to support repeated visits to the website and are not automatically deleted when the browser is closed. Persistent cookies are stored for a fixed period and are generally deleted or can be deleted after 7 days or by a user action aimed at deletion in the browser settings.
Recipients of processed data:Travelmax Ltd. (data processor; description of its data processing activity: website management and development services).
Additional information regarding cookie(s) placed by third parties: cookies related to the services of third parties (e.g., Google, Facebook) on the website may also result in these third parties collecting further personal data related to the visitor if the user also uses their services. They may manage this as part of the personality profile they have available regarding the user and may use this data for delivering targeted marketing and advertising messages. These third parties are responsible for the legality of such activities. More information about data processing by Google can be found at:
https://www.google.com/policies/technologies/types/ and
google.com.
Option to delete cookie(s) at any time: visitors to the above websites have the option at any time to reject cookies or block their use through the appropriate settings of their internet browser, as well as to delete already stored cookies.
5.5. Registration database, profiling
Scope of data subjects: persons registering in the database of Unlimited Travel Ltd. online, via telephone, or in person.
Purpose of data processing: to facilitate the process of personal, telephone, or online administration, booking, and ordering; communication; the creation and performance of travel contracts; the collection and analysis of purchasing habits and preferences; providing discounts; sending promotional offers and other mailings; and profiling (continuous collection of data available about customers in a database and linking it to a customer profile, categorizing customers into different groups based on their travel habits, interests, activity on Unlimited Travel Ltd.'s websites, etc.) in order to perform and provide the above activities in a more efficient and customized manner, and to display and send personalized messages, content, advertisements, newsletters, etc., provided a proper legal basis exists.
Legal basis for data processing: Section 13/A of the Eker Act; and regarding profiling activities (including the transfer of customers' email addresses for retargeting and remarketing purposes, see the description under recipients of processed data), the legitimate interest of Unlimited Travel Ltd. in conducting personalized direct marketing activities and supporting and promoting its sales activities based on Article 6(1)(f) of the GDPR (Unlimited Travel Ltd. has defined its aforementioned legitimate interest based on a legitimate interest assessment test, determining that the planned data processing is indeed necessary to enforce the defined legitimate interest, and that the interests, fundamental rights, and freedoms of the data subjects do not override the legitimate interest of the data controller; users may request further information about the assessment test and its details via the contact information of the data controller mentioned in Point 2).
Scope of processed data: name, address, email address, phone number, data of phone calls, data of emails, date of birth, gender, data of travel documents necessary for travel (e.g., identification number, expiry date, etc.), travel interests, names, gender, and date of birth of travel companions, special needs (e.g., lifestyle, nutrition, needs arising from physical attributes), direct marketing consent declaration, travel-related data, date, and data provided by customers in connection with contracts concluded with the data controller and during verbal, written, and electronic communication and interactions with the data controller (including data of travel services of interest to the user and ordered or used by them).
Duration of data processing: three years following the last login or customer contact; in the case of profiling, until the user objects.
Recipients of processed data: in certain cases, for the purpose of performing remarketing and retargeting services ordered by Unlimited Travel Ltd. but carried out by third parties (e.g., Google, Facebook, etc.) based on their own privacy policies (e.g., when the data controller wishes to reach its customers on these platforms), the data controller shares the email addresses of its customers in its registration database with these third parties. In such cases, customers' email addresses may also be transferred to third countries (outside the EEA).
Data transfers to third countries: if Unlimited Travel Ltd. transfers the customer's email address to third countries as described above, it ensures appropriate safeguards in accordance with Chapter V of the GDPR in all cases, and:
(a) transfers personal data to countries regarding which the Commission has determined that the third country, a territory or one or more specified sectors within that third country, or the international organization in question ensures an adequate level of protection (click here to view the list);
(b) uses contractual clauses approved by the European Commission during the data transfer (click here to view the clauses); or
(c) during data transfers to the United States, transfers personal data only to persons who have joined the EU-US Privacy Shield, which prescribes a level of data protection consistent with the GDPR (more information about the Privacy Shield can be found here).
Individual customers may inquire about the safeguards for data transfers concerning them at the contact details of the data controller specified in Point 2 above.
Rights of data subjects regarding data processing, including the right to lodge a complaint: see the general information provided in Point 8.
Right to object of data subjects: customers may object at any time to the use of their personal data for profiling purposes in the manner specified below. It is important that if the customer only exercises their right to object against profiling, the data controller will only cease the profiling and the personalized marketing activity based on it (targeting and data use), but may continue to process the customer's other lawfully managed data until the customer objects to/unsubscribes from specific marketing activities (sending postal DM, i.e., addressed advertising mail, conducting telemarketing, and sending newsletters). Similarly, if the customer objects to or unsubscribes from a certain marketing data management, it does not simultaneously and automatically constitute an objection to the profiling activity. In light of the above, Unlimited Travel Ltd. requests its customers to clearly indicate which data processing activities their declaration refers to when exercising their right to object/unsubscribe.
Customers may exercise their right to object to profiling at the following contact details:
(a) by post: via a letter sent to the address of Unlimited Travel Ltd., 1054 Budapest, Hold utca 6. III.em.2/A;
(b) via email: in a message sent to the address unlimited@unlimitedtravel.hu;
(c) by telephone: at the number +3613025501;
(d) in person: at the registered office of Unlimited Travel Ltd.: 1054 Budapest Hold u.6.III. em.2/A.
Decisions based solely on automated data processing: Unlimited Travel Ltd. does not perform data processing based solely on automated data processing—including profiling—that would have legal effects concerning the data subjects or similarly significantly affect them (e.g., Unlimited Travel Ltd. does not disadvantageously distinguish between its customers based on their travel habits, financial possibilities, or other similar characteristics).
Data management registration number: NAIH-14660/2018.
5.6. Unlimited Travel electronic newsletter, SMS, MMS
Scope of data subjects: persons subscribing to the newsletter.
Purpose of data processing: sending general or, in some cases, personalized email newsletters, SMS, or MMS messages containing economic advertisements to interested parties based on the customer's personality profile mentioned in Point 5.4; providing information about current news and offers.
Legal basis for data processing: the voluntary consent of the data subject based on Section 6(1) of the Grt. and Article 6(1)(a) of the GDPR. The data subject may withdraw their consent at any time without justification by unsubscribing from the newsletter, which does not affect the lawfulness of data processing based on consent before its withdrawal.
Scope of processed data: name, gender, date of birth, telephone numbers, email address, travel habits and travel interests, data processing consent, direct marketing consent declaration, date, and in the case of objection to profiling activity, the fact thereof.
Duration of data processing: until the withdrawal of consent.
Recipients of processed data:NEOSOFT Design Ltd. (data processor; description of its data processing activity: database management, organization, and execution of CRM campaigns).
Rights of data subjects regarding data processing, including the right to lodge a complaint: see the general information provided in Point 8. Unsubscribing from newsletters, SMS, and MMS messages can be done by post via a letter sent to the address of Unlimited Travel Ltd., 1054 Budapest, Hold utca 6. III.em.2/A.
Data management registration number: NAIH-14660/2018.
5.7. Complaints
Scope of data subjects: Customers of Unlimited Travel Ltd.
Purpose of data processing: Investigation of customer complaints.
Legal basis for data processing: Pursuant to Article 6(1)(f) of the GDPR, the legitimate interest of Unlimited Travel Ltd. in investigating complaints and protecting its rights (Unlimited Travel Ltd. has defined its aforementioned legitimate interest based on its legitimate interest assessment test, establishing that the planned data processing is indeed necessary for the enforcement of the defined legitimate interest and that the interests, fundamental rights, and freedoms of the data subjects do not override the legitimate interest of the data controller; users may request further information about the assessment test and its details via the contact information of the data controller mentioned in Point 2).
Scope of processed data: Name, names of travel companions, gender, date of birth, travel booking/participation number, detailed description of the complaint, number of persons affected by the complaint, time of receipt of the complaint, destination, date of travel, accommodation code, time and method of response, damage claim (amount and form), and the extent of transferable costs, date, signature.
Duration of data processing: 6 years following the due date of claims related to the contract.
Rights of data subjects regarding data processing, including the right to lodge a complaint: See the general information provided in Point 8.
5.8. Data processing related to prize draws
Unlimited Travel Ltd. does not currently engage in such activities.
5.9. Customer correspondence and inquiries related to the service
If customers of Unlimited Travel Ltd. have questions or problems while using the data controller's services, they may contact the data controller using the methods provided on the website specified in Point 5.1.
During inquiries made via the www.unlimitedtravel.hu and www.unlimited-travel.hu websites, the data provided by the user is not recorded on the server operating the website; the system forwards them to the relevant parties via email.
Unlimited Travel Ltd. deletes received emails, along with the sender's name, email address, and other voluntarily provided personal data, no later than 6 years after the conclusion of the administration.
- METHOD OF STORAGE OF PERSONAL DATA, SECURITY OF DATA PROCESSING
The computer systems and other data storage locations of Unlimited Travel Ltd. are located at its registered office and at the data processor listed under Point 7.
Unlimited Travel Ltd. is aware of and complies with the data security expectations and requirements set out in Article 32 of the GDPR and maintains internal procedures for handling personal data breaches.
Unlimited Travel Ltd. selects and operates the IT tools used for the processing of personal data during the provision of the service in such a way that the processed data:
a) is accessible to those authorized (availability)
b) its authenticity and authentication are ensured (authenticity of data processing)
c) its integrity can be verified (data integrity)
d) is protected against unauthorized access (confidentiality of data).
Unlimited Travel Ltd. ensures the security of data processing through technical, organizational, and structural measures that provide a level of protection appropriate to the risks arising in connection with the data processing.
During data processing, Unlimited Travel Ltd. preserves:
a) confidentiality: it protects the information so that only those authorized can access it
b) integrity: it protects the accuracy and completeness of the information and the method of processing
c) availability: it ensures that when the authorized user needs it, they can actually access the desired information and the related tools are available.
The IT systems and networks of Unlimited Travel Ltd. and its partners are equally protected against computer-aided fraud, espionage, sabotage, vandalism, fire and flood, as well as computer viruses, computer intrusions, and denial-of-service attacks. The operator ensures security through server-level and application-level protection procedures.
We inform users that electronic messages transmitted over the internet, regardless of protocol (email, web, FTP, etc.), are vulnerable to network threats that lead to unfair activity, contract disputes, or the disclosure or modification of information. To protect against such threats, the service provider takes all reasonable precautions. It monitors systems to record all security discrepancies and provide evidence for all security events. Furthermore, system monitoring allows for the verification of the effectiveness of the precautions applied.
- DATA AND CONTACT DETAILS OF OTHER DATA PROCESSORS ENGAGED BY UNLIMITED TRAVEL LTD. DURING ITS DATA PROCESSING
Name: Travelmax Magyarország Ltd.
Registered office: 2473 Vál, Vágóhíd utca 22.
Description of the data processing activity performed by the data processor: Database management, Travel agency-tour operator services.
- RIGHTS OF DATA SUBJECTS, REMEDIES
The specific rights of data subjects regarding individual data processing operations and the method of exercising them are described in Point 5.
Below, we summarize the rights and remedies generally available to data subjects.
You may exercise the rights mentioned below at the contact details of the data controller specified in Point 2.
8.1. Right of access
The data subject may request access to their personal data processed by Unlimited Travel Ltd. at any time.
If the data subject requests feedback from Unlimited Travel Ltd. as to whether it processes their personal data, Unlimited Travel Ltd. is obliged to provide information.
The data subject's right to receive feedback on whether (or not) Unlimited Travel Ltd. processes their personal data:
(a) extends to personal data relating to the data subject;
(b) does not extend to anonymous data; and
(c) includes pseudonymized data that can be clearly linked to the data subject.
At the request of the data subject, Unlimited Travel Ltd. provides access to and a copy of their personal data. If the data subject requests further/repeated copies of their personal data, Unlimited Travel Ltd. may charge a reasonable fee to cover the administrative costs incurred in connection with fulfilling the request, which fee shall be borne by the data subject.
8.2. Right to rectification
The data subject is entitled to the rectification of their personal data processed by Unlimited Travel Ltd. This right:
(a) does not extend to anonymous data;
(b) extends to personal data relating to the data subject; and
(c) includes pseudonymized data that can be clearly linked to the data subject.
Based on the data subject's request, Unlimited Travel Ltd. will appropriately correct or supplement their personal data. Unlimited Travel Ltd. shall inform the recipients of such personal data (if any) of the rectification of the data subject's personal data, unless informing the recipients proves impossible or requires a disproportionately large effort.
Based on the data subject's request, Unlimited Travel Ltd. will appropriately correct or supplement their personal data. Unlimited Travel Ltd. shall inform the recipients of such personal data (if any) of the rectification of the data subject's personal data, unless informing the recipients proves impossible or requires a disproportionately large effort.
8.3. Right to erasure
Under certain conditions, the data subject is entitled to request the erasure of their personal data processed by Unlimited Travel Ltd.Unlimited Travel Ltd. is obliged to erase the data subject's personal data without undue delay if:
(a) Unlimited Travel Ltd. processes these personal data, and
(b) the data subject requests the erasure of their personal data, and
(c) the personal data are no longer necessary for the purposes for which Unlimited Travel Ltd. processes the personal data.
Unlimited Travel Ltd. is obliged to erase the data subject's personal data without undue delay if:
(a) Unlimited Travel Ltd. processes the data subject's personal data, and
(b) the data subject requests the erasure of their personal data, and
(c) the data subject withdraws the consent on which the processing of their data is based, and
(d) there is no other legal basis for the further processing of the data subject's data.
Unlimited Travel Ltd. is obliged to erase the data subject's personal data without undue delay if:
(a) the data processing is necessary for the enforcement of the legitimate interests of Unlimited Travel Ltd. or a third party, and
(b) the data subject objects to Unlimited Travel Ltd. processing their personal data, and
(c) the lawful reason for the processing of such personal data does not take precedence over the data subject's objection.
Unlimited Travel Ltd. is obliged to erase the data subject's personal data without undue delay if:
(a) the data subject requests the erasure of their personal data, and
(b) the processing of such data by Unlimited Travel Ltd. is unlawful, or
(c) erasure is mandatory under applicable laws, or
(d) the data subject's data are collected in connection with the provision of information society services.
Unlimited Travel Ltd. shall inform the recipients of such personal data (if any) of the erasure of the data subject's personal data, unless informing the recipients proves impossible or requires a disproportionately large effort.
8.4. Right to restriction of processing
The data subject may request the restriction of the processing of their personal data.
The data subject's right to request the restriction of processing:
(a) does not extend to anonymous data;
(b) extends to personal data relating to the data subject; and
(c) includes pseudonymized data that can be clearly linked to the data subject.
Unlimited Travel Ltd. shall restrict the processing of the data subject's personal data for the period during which it verifies the accuracy of such data if the data subject requests the restriction of processing and disputes the accuracy of such data.
Unlimited Travel Ltd. shall restrict the processing of the data subject's personal data if the data subject requests the restriction of data processing that is unlawful and the data subject opposes the erasure of such data.
Unlimited Travel Ltd. shall restrict the processing of the data subject's personal data if:
(a) the data subject requests the restriction of the processing of their personal data, and
(b) Unlimited Travel Ltd. no longer needs these data for the purposes of its processing, and
(c) the data subject requires the data for the establishment, exercise, or defense of legal claims.
Unlimited Travel Ltd. shall restrict the processing of the data subject's personal data if:
(a) the data subject objects to the processing of personal data necessary for the legitimate interests of Unlimited Travel Ltd., and
(b) the data subject is waiting for confirmation as to whether there is a lawful reason for the processing of the data subject's personal data by Unlimited Travel Ltd. that does not take precedence over the data subject's objection.
Unlimited Travel Ltd. shall inform the recipients of such personal data of the restriction of the processing of the data subject's personal data, unless informing the recipients proves impossible or requires a disproportionately large effort.
If Unlimited Travel Ltd. restricts the processing of the data subject's personal data, it:
(a) may store such personal data,
(b) may process such personal data based on the data subject's consent, and
(c) may process the personal data for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another person.
8.5. Right to data portability
If the legal basis for data processing is the data subject's consent or the performance of a contract, the data subject is entitled to receive the personal data concerning them, which they have provided to Unlimited Travel Ltd., in a structured, commonly used, machine-readable format, and further has the right to have these data transmitted to another controller.
The data subject's right to data portability:
(a) does not extend to anonymous data;
(b) extends to personal data relating to the data subject; and
(c) does not extend to pseudonymized data that can be clearly linked to the data subject.
8.6. Right to lodge a complaint and to an effective judicial remedy
If the data subject believes that Unlimited Travel Ltd. has processed their personal data unlawfully, Unlimited Travel Ltd. recommends that the data subject contacts us at any of the contact details below for the purpose of clarification and an early, peaceful settlement of the matter. Should this not lead to a result, or if the data subject does not wish to use this option, the data subject has the right—without prejudice to other administrative or judicial remedies—to lodge a complaint with the National Authority for Data Protection and Freedom of Information (NAIH) or another data protection authority competent according to the data subject's habitual residence, place of work, or the place of the alleged infringement. In the event of an infringement, the data subject may also turn to a court (the trial falls under the jurisdiction of the regional court) and may decide to initiate the procedure before the court competent according to their address or place of residence.
The contact details of NAIH are as follows:
Email / Mailing address: ugyfelszolgalat@naih.hu / 1363 Budapest, Pf.: 9.
Phone: +36 (30) 683-5969 / +36 (30) 549-6838 / +36 (1) 391 1400
May 24, 2018.