Picimfalum 88 Srl.
Privacy and Data Management Information

About the data management activities of the Veronika Guesthouse concerning the guests


The purpose of this data management information (hereinafter: the Information) is to provide information to the guests of Veronika Vendégház operated by Picimfalum 88 Srl. data management activities.

By voluntarily providing their personal data to the Data Controller, the Data Subject consents to the processing of their personal data provided in connection with the use of the accommodation service by the Data Controller as described in this Prospectus.

  1. Name and contact details of the Data Controlle

Name: Picimfalum 88 Srl.

Registered office address: 537250 Gyergyóremete, Alszegi út 58.

Registration authority and registration number: J19/202/2015

Tax number: RO34751428

Represented by: Tünde Ivácson

Phone number: +3630 856 8812

E-mail address: info@picimfalum.hu


  1. Definitions

Data handling:

Any operation or set of operations on personal data, whether automated or non-automated, such as collecting, recording, organizing, segmenting, storing, transforming or altering, retrieving, accessing, using, communicating, transmitting, distributing or otherwise making available, harmonization or interconnection, restriction, deletion or destruction.

Data controller:

With regard to this Prospectus, the Data Controller shall independently determine the purposes and means of the processing of personal data concerning the Data Subjects.

Data processor:

The natural or legal person who processes personal data on behalf of the Data Controller at the request or on behalf of the Data Controller.

Personal data:

Any information about a natural person, the Data Subject, that makes that person identifiable.

Data transmission:

Making the data available to a specific third party.


REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46.


Voluntary and firm expression of the will of the data subjects, based on adequate information and giving their unambiguous consent to the processing of their personal data, whether in full or in part.


  1. Purpose and legal basis of data processing

The purpose of data management:

  • requests for quotations, handling of reservations, provision of accommodation services;
  • fulfillment of the obligation to keep guest records;
  • documentation of the information required to fulfill the tax liability.

The legal basis for data processing: voluntary consent to the processing of personal data, preparation and performance of contracts, fulfillment of legal obligations. (GDPR Article 6 (1) (a), (b) and (c))


  1. Type and scope of data processed

In order to provide all accommodation services provided by the Guesthouse (including requests for quotations, reservations, handling, confirmation; fulfillment of the obligation related to the issuance of an invoice; fulfillment of the obligation to register a guest; keeping a register in the guestbook):

  • Name,
  • Residence,
  • Place and date of birth,
  • Identity card number / passport number,
  • Citizenship.


  1. Duration of data management

The Data Controller manages the data of the Data Subject until the completion and execution of the activity for the provision of the accommodation service, and for the validation of any claims related to the provision of this service. The data controller is obliged to keep the data recorded in the guestbook for 5 years.


  1. Data transmission, data processing

The Data Controller is entitled to transmit the data of the Data Subject within the scope of the operation of the Guesthouse and in order to legally continue and operate the service activities of the accommodation.

In order to fulfill our accounting and tax obligations, the Data Controller is entitled to transfer the data of the Data Subject to an accounting service provider.


  1. Data subjects’ rights in relation to data processing

Right of access: the Data Subject is entitled to receive feedback from the Data Controller as to whether the processing of his / her personal data is in progress and to have access to the personal data and relevant information on data management,

Right of rectification: the Data Subject has the right to have inaccurate personal data concerning him / her corrected or supplemented at his / her request,

Right of cancellation: the Data Subject has the right to have the personal data relating to him or her deleted at his or her request, and the Data Controller is obliged to delete the personal data relating to the Data Subject without undue delay.

Right to restrict (block) data processing: the Data Subject has the right to restrict the data processing at the request of the Data Controller if. – among other things – the Data Subject disputes the accuracy of the personal data, or the Data Controller no longer needs the personal data for the purpose of data processing, but the Data Subject requests them in order to submit, enforce or protect legal claims;

Right to object: the Data Subject has the right to object to the processing of his or her personal data at any time if the processing is based on the public interest or the processing is necessary to protect the legitimate interests of the Data Controller or a third party, and

Right to data portability: the data subject shall have the right to receive the personal data concerning him or her made available in a structured, widely used machine-readable format and to transfer such data to another data controller without being prevented from doing so. the controller to whom the personal data have been made available.


  1. Possibility of enforcement related to data management

The Data Subject is entitled under the GDPR to,

  • lodge a complaint with a supervisory authority, in particular in the Member State in which he has his habitual residence, place of employment or the place of the alleged infringement, if the if the data subject considers that the processing of personal data concerning him or her violates the provisions of the GDPR Regulation;
  • assert his rights before a court (the data subject may, at his or her choice, also institute proceedings before the court having jurisdiction over his or her place of residence or stay).