We would like to thank the loyalty of our guests with special discounts.
Return back to us, as gratitude we give you discounts - even from your second visit!
The Kenese Marina-Port Zrt., HU-8174 Balatonkenese, Kikötő u. 2-4., the operator of Hotel Marina-Port**** shall ensure that data processing is lawful and expedient in all cases where it processes personal data. The purpose of this data protection statement is to ensure that guests who make a reservation and give access to their personal data receive appropriate information already at the point of reservation or prior to giving access to their personal data with regards to the duration and under which conditions and guarantees our firm processes their data. Our company shall regard the contents of this data protection statement as mandatory and shall abide by its contents in each instance where it handles personal data.
We reserve the right, however, to change the terms of this unilateral declaration, in which case we will inform the persons concerned in advance. Should you have any questions with regards to the contents of this brochure please write us. Data processing related to our firm’s activities is based on voluntary contribution, or in some cases the data processing is necessary in order to take steps at the request of the data subject prior to entering into a contract;
Our data processing activities comply with applicable laws, in particular to the following:
The firm’s data and contact data are as follows:
We provide the following information regarding individual instances of data processing:
Our company provides an opportunity for online lodging reservation in order that our customers may book a room free of charge in a quick, convenient way in Hotel Marina-Port****.
Personal data processor: Kenese Marina-Port Zrt., HU-8174 Balatonkenese, Kikötő u. 2-4.
The purpose of data processing: to render the reservation of lodgings easier, more efficient and free of charge, contacting the guest with hotel reservation.
Legal basis of data processing: the prior consent of the person who reserves lodging. By accepting this data protection statement, the data subject expressly consents to the processing of his/her personal data according to this section.
The scope of processed personal data: title; surname and given name; address (country, postcode, city, street, street number; phone number; e-mail address; in case of a company name of company and PBB; bank card number; SZÉP card number (identifier, name displayed on card). If filling in an online check-in form, the following information will also be managed by the accommodation: identity document number (identity card, passport or driving license), nationality, place and date of birth, vehicle registration number.
Duration of data processing: two years after the last day of stay as stated in the reservation.
Engagement of data controller: our company uses the services of an information service provider for the online lodging system as follows:
Name of data controller | PPB | Description of data processing task |
---|---|---|
NetHotelBooking Kft. | 8200 Veszprém, Boksa tér 1/A Hungary | Providing an opportunity for online lodging reservation and operating a pre-arrival email module through RESnWEB system. |
By accepting this data protection statement, the data subject gives his express consent that the data controller shall engage further data controllers in order to render its services more convenient and customized as follows:
Name of additional data controller | PPB | Description of data processing task |
---|---|---|
Hostware Kft. | 1149 Budapest, Róna utca 120-122 Hungary | In the event that Hostware Front Office hotel system is used, performance of tasks related to customer management. |
BIG FISH Payment Services Kft. | 1066 Budapest, Nyugati tér 1-2 Hungary | Providing data communications for payment transactions between the vendor’s and the payment provider’s systems, ensuring traceability for the transaction partners. |
OTP Mobil Kft. | 1093 Budapest, Közraktár u. 30-32. Hungary | Providing data communications for payment transactions between the vendor’s and the payment provider’s systems, providing customer service for users, confirming transactions and providing fraud-monitoring to protect the interests of the users. |
Barion Payment Zrt. | 1117 Budapest, Infopark sétány 1. I. épület Hungary | Providing data communications for payment transactions between the vendor’s and the payment provider’s systems, providing customer service for users, confirming transactions and providing fraud-monitoring to protect the interests of the users. |
Creative Management Kft. | 8200 Veszprém, Boksa tér 1. A ép. Hungary | Performance of tasks related to server hosting. |
Wildbit, LLC* | 225 Chestnut St, Philadelphia, PA 19106, USA | The owner of the software which is integrated into the booking system. This software is responsible for sending e-mail confirmations and notifications in the event of booking, requesting and providing proposals, customer satisfaction surveys, pre-arrival information and gift voucher selling. |
D-Edge SAS | 14/16 Boulevard Poissonnière, 75009 Paris, France | D-Edge Channel Manager to manage the rates and availabilities on multiple distribution websites. |
thePass Kft. | 1061 Budapest, Király utca 30-32. A. ép. 105. Hungary |
SabeeApp to perform tasks related to customer management and to manage the rates and availabilities on multiple distribution websites. |
The possible negative consequences of not providing personal data: Providing data is voluntary. It is important to note that filling in the fields marked with * is mandatory, and in case of non-completion, no reservation can be made. Leaving the remaining fields blank does not have such a consequence.
The rights of the data subject: the data subject (the person whose data our company processes)
Other information related to data processing:
Our company provides an opportunity for our guests to request a proposal in an electronic way. The proposal is provided by our company while taking account of actual room availability through an automated system.
Personal data processor: Kenese Marina-Port Zrt., HU-8174 Balatonkenese, Kikötő u. 2-4.
Purpose of data processing: to receive information prior to booking about hotel prices
Legal basis of data processing: the prior consent of person who reserves lodging, Article 6 Section 1 Point a) of the GDPR, or necessary in order to take the steps requested by the data subject prior to the conclusion of a data processing contract - Article 6 Section 1 Point b of the GDPR
Scope of processed personal data: title; surname and given name; phone number; e-mail address; number of guests.
Duration of data processing: two years after the last day of stay as stated in the reservation.
Engagement of data controller: our company uses the services of an information service provider for the online proposal system in accordance with the following:
Name of data controller | PPB | Description of data processing task |
---|---|---|
NetHotelBooking Kft. | 8200 Veszprém, Boksa tér 1/A Hungary | Operating the proposal requesting and sending module |
By accepting this data protection statement, the data subject gives his express consent that the data controller shall engage further data controllers in order to render its services more convenient and customized as follows:
Name of additional data controller | PPB | Description of data processing task |
---|---|---|
Creative Management Kft. | 8200 Veszprém, Boksa tér 1. A ép. Hungary | Performance of tasks related to server hosting. |
Wildbit, LLC*. | 225 Chestnut St, Philadelphia, PA 19106, USA | The owner of the software which is integrated into the booking system. This software is responsible for sending e-mail confirmations and notifications in the event of booking, providing a requesting and providing proposals, customer satisfaction surveys, pre-arrival information and gift voucher selling. |
* Parties are aware that the registered seat of the other data processor specified in point a) is in a third country. For this reason, Data Processor expressly informs Data Controller that Wildbit, LLC has included the standard data protection clauses recommended and adopted by the European Commission in the Data Protection Supplement of its General Terms and Conditions. Therefore, even without the authorisation from a supervisory authority, transfer of data to Wildbit, LLC constitutes a transfer of data provided with appropriate safeguards, and has no legal impediments.
Possible negative consequences of not providing personal data: Providing data is voluntary. It is important to note that filling in the fields marked with * is mandatory, and in case of non-completion, no request for proposal can be made and the hotel cannot provide a proposal. Leaving the remaining fields blank does not have such a consequence.
The rights of the data subject: the data subject (the person whose data our company processes)
Other information related to data processing: our company takes every technological and organisational measure to avoid an eventual personal data breach (for instance, if the files containing personal data are damaged, disappear, or become accessible to unauthorised persons). Should a personal data breach nevertheless take place, we shall keep records in order to supervise the necessary measures as well as to inform the affected data subjects. This record shall contain the scope of affected personal data, the circle and number of data subjects affected by the privacy incident, the date, circumstances, effects of the personal data breach as well as the measures taken to deal with it, as well as other data as defined by the laws regulating data processing.
Our company concluded a data processing agreement for the scope of data processing tasks, in which the NetHotelBooking Kft. undertakes that in the event of the engagement of another data controller it shall apply on a mandatory basis the same data protection and data processing guarantees included in data processing contract with us, thus we ensure the lawful management of personal data in case of data controllers.
Our company maintains contact with its guests via a newsletter, in which it informs its guests about its services, news relating to its operation as well as available discounts.
Personal data processor: Kenese Marina-Port Zrt., HU-8174 Balatonkenese, Kikötő u. 2-4.
Purpose of data processing: maintaining contact with potential guests
Legal basis of data processing: consent of the data subject – Article 6 Section 1 Point a of GDPR.
Description of legitimate interest: maintenance and development of business relationships with partners and guests
Scope of processed personal data: name; e-mail address
Duration of data processing: our company processes e-mail addresses until such date that unsubscription occurs.
Engagement of data controller: our company uses the services of an information service provider for the online lodging system as follows:
Name of data controller | PPB | Description of data processing task |
---|---|---|
NetHotelBooking Kft. | 8200 Veszprém, Boksa tér 1/A | Storage of e-mail marketing database. |
By accepting this data protection statement, the data subject gives his express consent that the data controller shall engage further data controllers in order to render its services more convenient and customized as follows:
Name of additional data controller | PPB | Description of data processing task |
---|---|---|
Creative Management Kft. | 8200 Veszprém, Boksa tér 1/A Hungary | Operation of newsletter sending system. |
MailerLite | 11341 Litvánia, Vilnius, Paupio g. 46 | Operation of newsletter sending system. |
Possible negative consequences of not providing personal data: The data subject will not be able to receive the company’s newsletter.
The rights of the data subject: the data subject (the person whose data our company processes)
You are able to unsubscribe from our company’s newsletter by sending an e-mail to this e-mail address info@hotelmarinaport.hu, or by clicking the icon “Unsubscribe” found in this newsletter. In this case we will immediately delete your e-mail address from our database.
Other information related to data processing: our company takes every technological and organisational measure to avoid an eventual personal data breach (for instance, if the files containing personal data are damaged, disappear, or become accessible to unauthorised persons). Should a personal data breach nevertheless take place, we shall keep records in order to supervise the necessary measures as well as to inform the affected data subjects. This record shall contain the scope of affected personal data, the circle and number of data subjects affected by the privacy incident, the date, circumstances, effects of the personal data breach as well as the measures taken to deal with it, as well as other data as defined by the laws regulating data processing.
Our company concluded a data processing agreement for the scope of data processing tasks, in which the NetHotelBooking Kft. undertakes that in the event of the engagement of another data controller it shall apply on a mandatory basis the same data protection and data processing guarantees included in data processing contract with us, thus we ensure the lawful management of personal data in case of data controllers.
As a hotel it is our goal to provide high-quality services to our guests, therefore we continually request feedback from our guests about their experiences while staying at our hotel.
Personal data processor: Kenese Marina-Port Zrt., HU-8174 Balatonkenese, Kikötő u. 2-4.
Purpose of data processing: requesting feedback from our guests in order to further develop and improve our services.
Legal basis of data processing: the legitimate interest of the hotel operator – Article 6 Section 1 Point f) of GDPR.
Description of legitimate interest: our company has a legitimate interest to receive information related to improvement of its services on the basis of guest feedback.
Scope of processed personal data: name, gender, e-mail address
Duration of data processing: two years after the last day of stay as stated in the reservation.
Engagement of data controller: our company uses the services of an information service provider for the online lodging system as follows:
Name of data controller | PPB | Description of data processing task |
---|---|---|
NetHotelBooking Kft. | 8200 Veszprém, Boksa tér 1/A Hungary | Operating the customer satisfaction module |
By accepting this data protection statement, the data subject gives his express consent that the data controller shall engage further data controllers in order to render its services more convenient and customized as follows:
Name of additional data controller | PPB | Description of data processing task |
---|---|---|
Creative Management Kft. | 8200 Veszprém, Boksa tér 1. A ép. Hungary | Performance of tasks related to server hosting. |
Wildbit, LLC* | 225 Chestnut St, Philadelphia, PA 19106, USA | The owner of the software which is integrated into the booking system. This software is responsible for sending e-mail confirmations and notifications in the event of booking, requesting and providing proposals, customer satisfaction surveys, pre-arrival information and gift voucher selling. |
* Parties are aware that the registered seat of the other data processor specified in point a) is in a third country. For this reason, Data Processor expressly informs Data Controller that Wildbit, LLC has included the standard data protection clauses recommended and adopted by the European Commission in the Data Protection Supplement of its General Terms and Conditions. Therefore, even without the authorisation from a supervisory authority, transfer of data to Wildbit, LLC constitutes a transfer of data provided with appropriate safeguards, and has no legal impediments.
Possible negative consequences of not providing personal data: The affected data subject will not receive our company’s customer satisfaction survey.
The rights of the data subject:the data subject (the person whose data our company processes)
Other information related to data processing: our company takes every technological and organisational measure to avoid an eventual personal data breach (for instance, if the files containing personal data are damaged, disappear, or become accessible to unauthorised persons). Should a personal data breach nevertheless take place, we shall keep records in order to supervise the necessary measures as well as to inform the affected data subjects. This record shall contain the scope of affected personal data, the circle and number of data subjects affected by the privacy incident, the date, circumstances, effects of the personal data breach as well as the measures taken to deal with it, as well as other data as defined by the laws regulating data processing.
Our company concluded a data processing agreement for the scope of data processing tasks, in which the NetHotelBooking Kft. undertakes that in the event of the engagement of another data controller it shall apply on a mandatory basis the same data protection and data processing guarantees included in data processing contract with us, thus we ensure the lawful management of personal data in case of data controllers.
Our company provides the opportunity to purchase gift vouchers electronically. The gift voucher is provided by our company via an automated system on our website.
Personal data processor: Kenese Marina-Port Zrt., HU-8174 Balatonkenese, Kikötő u. 2-4.
Purpose of data processing: gift voucher purchase and delivery
Legal basis of data processing: the prior consent of the person who purchases the gift voucher: by accepting this data protection statement, the data subject consents to the data processing under this clause.
Scope of personal data handled: title; surname and first name; address (country, zip code, city, street, house number); telephone number; email address (both purchaser and beneficiary), ; in case of a company name of company and PBB; bank card number; SZÉP card number (identifier, name displayed on card).
Duration of data processing: two years after the expiration date of the gift voucher.
Engagement of data controller: our company uses the services of an information service provider for the online gift voucher system as follows:
Name of data controller | PPB | Description of data processing task |
---|---|---|
NetHotelBooking Kft. | 8200 Veszprém, Boksa tér 1/A Hungary | Operating the gift voucher selling module |
By accepting this data protection statement, the data subject gives his express consent that the data controller shall engage further data controllers in order to render its services more convenient and customized as follows:
Name of additional data controller | PPB | Description of data processing task |
---|---|---|
Creative Management Kft. | 8200 Veszprém, Boksa tér 1. A ép. Hungary | Performance of tasks related to server hosting. |
BIG FISH Payment Services Kft. | 1066 Budapest, Nyugati tér 1-2 Hungary | Providing data communications for payment transactions between the vendor’s and the payment provider’s systems, ensuring traceability for the transaction partners. |
OTP Mobil Kft. | 1093 Budapest, Közraktár u. 30-32. Hungary | Providing data communications for payment transactions between the vendor’s and the payment provider’s systems, providing customer service for users, confirming transactions and providing fraud-monitoring to protect the interests of the users. |
Barion Payment Zrt. | 1117 Budapest, Infopark sétány 1. I. épület Hungary | Providing data communications for payment transactions between the vendor’s and the payment provider’s systems, providing customer service for users, confirming transactions and providing fraud-monitoring to protect the interests of the users. |
Wildbit, LLC* | 225 Chestnut St, Philadelphia, PA 19106, USA | The owner of the software which is integrated into the booking system. This software is responsible for sending e-mail confirmations and notifications in the event of booking, requesting and providing proposals, customer satisfaction surveys, pre-arrival information and gift voucher selling. |
*Parties are aware that the registered seat of the other data processor specified in point a) is in a third country. For this reason, Data Processor expressly informs Data Controller that Wildbit, LLC has included the standard data protection clauses recommended and adopted by the European Commission in the Data Protection Supplement of its General Terms and Conditions. Therefore, even without the authorisation from a supervisory authority, transfer of data to Wildbit, LLC constitutes a transfer of data provided with appropriate safeguards, and has no legal impediments.
Possible negative consequences of not providing personal data: Providing data is voluntary. It is important to note that filling in the fields marked with * is mandatory, and in case of non-completion, the affected data subject will not be able to purchase gift vouchers. Leaving the remaining fields blank does not have such a consequence.
The rights of the data subject: the data subject (the person whose data our company processes)
Other information related to data processing: our company takes every technological and organisational measure to avoid an eventual personal data breach (for instance, if the files containing personal data are damaged, disappear, or become accessible to unauthorised persons). Should a personal data breach nevertheless take place, we shall keep records in order to supervise the necessary measures as well as to inform the affected data subjects. This record shall contain the scope of affected personal data, the circle and number of data subjects affected by the privacy incident, the date, circumstances, effects of the personal data breach as well as the measures taken to deal with it, as well as other data as defined by the laws regulating data processing.
Our company concluded a data processing agreement for the scope of data processing tasks, in which the NetHotelBooking Kft. undertakes that in the event of the engagement of another data controller it shall apply on a mandatory basis the same data protection and data processing guarantees included in data processing contract with us, thus we ensure the lawful management of personal data in case of data controllers.
In the interest of providing customized service, the data processor places a small data packet or cookie on the customer’s computer and, in case of a subsequent visit, reads it back. If the browser sends back a previously saved cookie, the data processor managing the cookie has the opportunity to connect the user’s previous visits with the current one, however, exclusively in relation to its own content.
The purpose of data processing: identification of users, tracing users, distinguishing users from one another, to identify the workflow of users, to store data provided in the course of workflow, to avoid data loss, web analytics, provision of customized service.
Legal basis of data processing: consent of the data subject.
The scope of processed data: identification number, date, time, and the previously visited webpage.
The duration of data processing: maximum 90 days
Name of data controller | PPB | Description of data processing task |
---|---|---|
NetHotelBooking Kft. | 8200 Veszprém, Boksa tér 1/A Hungary | Identifying users and their workflow and sessions, storing data provided in the course of workflow and sessions, avoiding data loss, web analytics, provision of customized service |
Other information related to data processing: Users are able to delete cookies from their own computers and may disable the use of cookies in their browsers. Users can usually manage cookies in the browser’s Tools/Settings menu under Data Protection/History/Individual Settings menu, under either Cookies or Track options.
Possible negative consequences of not providing personal data: it may become impossible to take advantage of the services provided with regards to services described in points 2-5 above.
When visiting the webpage nethotelbooking.net, the server automatically stores information on the user’s activities in log files.
The purpose of data processing: when a webpage is visited, the service provider supervises the operation of its services, and in order to prevent abuse it records the visitors’ data.
Legal basis of data processing: Article 6 Section 1 Point f) of GDPR. Our company has a legitimate interest in the webpage’s safe operation.
Type of processed personal data: identification number, date, time, the address of the visited page.
Duration of data processing: maximum 90 days
Name of data controller | PPB | Description of data processing task |
---|---|---|
NetHotelBooking Kft. | 8200 Veszprém, Boksa tér 1/A Hungary | Recording of visitors’ data and information necessary for server operation |
Further information: our company does not connect the data that emerges in the course of the protocol analysis with other data, it makes no effort to identify the user. The address of the visited pages, as well as the data relating to date and time are insufficient to identify the affected data subject, however, they may be sufficient in conjunction with other data (for instance, data provided in the course of registration) to reach conclusions about to the user.
Data processing of external service providers in relation to protocols: The portal’s html code contains links independent from our company that are received from external servers and refer to external servers. The server of the external service provider is connected directly to the user’s computer. We would like to call our visitors’ attention to the fact that the service providers of these links are able to collect user data (for instance, IP address, browser, operating system data, movement of the mouse pointer, address of the website visited and date of visit) during direct connection to their servers on account of the direct communication with the user’s browser. An IP address is a series of numbers with which the computers and mobile devices of users can be identified unambiguously.
Through IP addresses it is even possible to identify the geographical location of the visitor using a given computer. The address of the visited pages, as well as the data relating to date and time are insufficient to identify the affected data subject, however, they may be sufficient in conjunction with other data (for instance, data provided in the course of registration) to reach conclusions about to the user.
We provide information in relation to data processing activities not included in this data protection statement when we request such data. We inform our customers that certain authorities, bodies with a public service missions and courts may contact our company for the purpose of disclosing private data. If the body affected designated the precise purpose and scope of data to be turned over, our company provides personal data only to the extent and to the degree which is indispensable for the purpose of the request and if the fulfilment of the request is prescribed by law.
Our company’s computer systems and other data storage devices can be found in the seat of the company and on the servers rented by the data processor. Our company selects and operates the information technology devices used to process personal data in the course of providing its services that
We take special care of data security, furthermore we also take the technical and organisational measures and develop the procedural rules necessary to enforce the GDPR guarantees. We protect the data with appropriate measures against, in particular, unauthorised access, alteration, transmission, public disclosure, erasure or destruction, as well as unavailability due to accidental destruction, damage, and furthermore unavailability on grounds of alteration in the technologies used to access the data.
The computer system and network of our company and its partners are protected against computer fraud, computer viruses, theft via computers, and computer attacks whose purpose is service denial. The operator ensures a high level of safety through taking security measures both on the level of server and application. The daily backup of the data has been resolved. Our company takes every possible measure in order to avoid a personal data breach, and in the event that such personal data breach should take place we shall immediately take action – in accordance with our incident management rules - in order to minimize risk and to control damage.
The data subject has the right to request information about the processing of his/her personal data, and request the rectification of his/her personal data, or – with exception of the mandatory data processing – request the erasure of his/her data or withdraw consent, or make use of his/her right to data portability and contest in the manner specified at the time of data collection, or through the contact details of the data processor mentioned above
Upon request of the data subject we shall provide the data in electronic format without delay, but latest within 30 days, in accordance with our relevant rules. We shall fulfil the requests of the data subjects with regards to the rights below free of charge.
Our company shall take appropriate measures to provide any information referred to in Articles 13 and 14 of the GDPR and any communication under Articles 15 to 22 and 34 of the GDPR relating to processing to the data subjects in a concise, transparent, intelligible and easily accessible form, using clear and plain language while remaining precise at the same time.
The right to information can be exercised in written form, through the contact details provided under Point 1. Upon request of the data subject – following the verification of his/her identity – information may be provided in oral form. We would like to inform our customers that if our company’s employees have doubts with regards to the identity of the data subject, we may request further information necessary to confirm the personal identity of the data subject.
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed. Should his/her personal data be processed, the data subject shall have the right to get access to the personal data, and the following information included in the list below:
In addition to the above, in the event that personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.
According to this right anyone shall have the right to obtain from our company the rectification of inaccurate personal data or the completion of incomplete data concerning him or her.
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay:
The erasure of personal data cannot be initiated, if the data processing is necessary for any of the following purposes:
We shall restrict data processing on the basis of Article 18 of GDPR, that is, where one of the following applies:
Where processing has been restricted, the personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State. The data subject shall be informed by the controller before the restriction of processing is lifted.
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and to transmit those data to another controller. Our company is able to fulfil such a request by the data subject in Word or Excel format.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. The above right cannot be applied, if the data processing
The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
The controller shall provide information on action taken on a request under Articles 15 to 22 to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay.
Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.
If the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.
Any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered. A processor shall be liable for the damage caused by processing only where it has not complied with obligations of this Regulation specifically directed to processors or where it has acted outside or contrary to lawful instructions of the controller. Where more than one controller or processor, or both a controller and a processor, are involved in the same processing and where they are, responsible for any damage caused by processing, each controller or processor shall be held liable for the entire damage.
A controller or processor shall be exempt from liability if it proves that it is not in any way responsible for the event giving rise to the damage.
The data subject may apply to the court in the event that his/her rights have been infringed upon. The court gives the case priority.
Complaints are to be lodged with the Nemzeti Adatvédelmi és Információszabadság Hatóság (National Data Protection and Freedom of Information Authority).