Data Controller Identification: Data Controller Name: PlaNET Győr Kft.
Data Controller Registered Office: 9026 Győr, Körtöltés u. 11/A.
Data Controller Branch Office: 9500 Celldömölk, Árvalányhaj u. 5.
Data Controller Branch Office: 9500 Celldömölk, Ság hegy 4250 hrsz.
Data Controller Contact Details:
Email: info@deneshegybirtok.hu
Phone: +36 96 331 015
Website: www.deneshegybirtok.hu
Data Processor Identification: Data Processor Name: BARÁTH SZÁMVITELI Kft.
Data Processor Registered Office: 9023 Győr, Körkemence utca 8. 1st floor, 19.
Data Processor Name: Nethely Kft.
Registered Office: 1115 Budapest, Halmi utca 29. Hosting service provider.
Tax ID: 23358005-2-43
EU VAT ID: HU23358005
Bank Account: 11711003-20007085-00000000 (OTP Bank)
Phone: +36-1-800-1500
Email: info@nethely.hu
Website: www.nethely.hu
Purpose of this Privacy Statement: This privacy statement establishes the rules for the protection of personal data processing regarding natural persons connected with the Data Controller, and for ensuring the free movement of personal data. The Data Controller engages an external service provider under a bookkeeping services contract, acting as a Data Processor, to manage the personal data of natural persons in contractual or payment relationships with the Data Controller, for the fulfillment of the Data Controller’s tax and accounting obligations.
Objective of the Privacy Statement: PlaNET Győr Kft, as the operator of Dénes Hegybirtok (hereinafter referred to as the “Data Controller”), processes personal data related to its activities involving the sale and distribution of wine products, and the provision of hospitality services, solely for the purpose of fulfilling its service obligations (such as billing and communication). The Data Controller only processes personal data that is necessary and appropriate for the fulfillment of its objectives and ensures that such data is handled in compliance with the applicable data protection laws, including Regulation (EU) 2016/679 of the European Parliament and the Council.
Key Terms and Definitions:
Principles of Data Processing:
The Data Controller cannot verify the legitimacy of the consent or the content of statements provided by the person with parental authority over minors under 16 years of age. Without such consent, the Data Controller will process the personal data of minors only if required by law or when processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller.
Personal Data Processing: Personal data processing can only take place if the Data Subject provides clear affirmative action, such as a written (including electronic) or verbal statement, voluntarily, specifically, based on information, and unequivocally indicating their consent to the processing of their data. The processing of personal data must be conducted in a way that ensures its security and confidentiality, protecting it from unauthorized access, use, and misuse.
Legality of Data Processing: Personal data processing is lawful only if one of the following applies:
Data Processing Activities:
Data Processing on the Data Controller’s Facebook Page: The Data Controller maintains a Facebook page to promote its products and services. Questions posted on the page are not considered complaints. The Data Controller does not process personal data posted by visitors. In case of illegal or offensive content, the Data Controller may exclude the Data Subject from the group or delete the comment without prior notice. The Data Controller is not responsible for illegal content posted by Facebook visitors or for any issues arising from Facebook’s operations.
Rights Related to Data Processing
Right to Information
Any individual can request information via the provided contact details regarding which personal data the Data Controller processes, the legal basis for processing, the purposes for which the data is processed, the source of the data, and the retention period. The Data Controller must provide a response to the request promptly, and no later than within 25 days, to the contact details provided.
Right to Rectification
Any individual can request the modification of their personal data via the provided contact details. The Data Controller must take action to rectify any inaccuracies promptly, and no later than within 25 days, and provide notification to the contact details provided.
Right to Erasure (Right to be Forgotten)
Any individual can request the deletion of their personal data via the provided contact details. The Data Controller must delete the data without undue delay, and no later than within 30 days, and notify the individual at the provided contact details.
Right to Restriction of Processing
An individual can request the restriction of the processing of their personal data via the provided contact details. The restriction will last as long as necessary to resolve the reason for the restriction. A restriction can be requested in the following cases:
Right to Object
Any individual can object to the processing of their data via the provided contact details. The Data Controller must examine the objection as soon as possible, but no later than 15 days from the submission, make a decision on its validity, and notify the individual at the provided contact details.
Enforcement of Rights Related to Data Processing
The National Authority for Data Protection and Freedom of Information
Postal Address: 1363 Budapest, P.O. Box 9.
Address: 1055 Budapest, Falk Miksa u. 9-11
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
Email: ugyfelszolgalat@naih.hu
URL: https://naih.hu
Official Portal
Short Name: NAIH
KR ID: 429616918
In case of violation of rights, the data subject can also seek legal remedy by taking the issue to court. The court will handle the matter on an expedited basis. The lawsuit can be filed at the court in the data subject’s place of residence or habitual residence.
Data Security
Data must be protected by appropriate measures, particularly against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as accidental destruction or damage, and the unavailability caused by technical changes. In the case of electronically stored data, proper technical solutions must be implemented to ensure that the stored data is not directly identifiable or associated with the data subject. Data security must be designed and applied considering the current state of technological development. Among several possible data processing solutions, the one ensuring higher levels of protection of personal data should be selected unless it would result in disproportionate difficulty for the data controller.
Data Protection Incident
A data protection incident refers to a security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access to personal data being processed. Without appropriate and timely action, a data protection incident may cause physical, material, or non-material damage to individuals, such as the loss of control over their personal data or the limitation of their rights, discrimination, identity theft, or abuse of identity. A data protection incident must be reported to the relevant supervisory authority without undue delay, and no later than within 72 hours, unless the incident can be demonstrated to likely pose no risk to the rights and freedoms of individuals. If the data protection incident is likely to result in a high risk to individuals’ rights and freedoms, the data subject must be informed promptly to take necessary precautions.
Az űrlap teteje
Az űrlap alja
Cookie Usage Information
The Data Controller uses cookies on the website. Cookies are files that store information in the web browser. They are helpful because they allow the website to recognize the user’s device and provide a more efficient, personalized user experience. Cookies do not contain personal data or information and cannot identify an individual user. Cookies often contain a unique identifier—a randomly generated number—that is stored on the user’s device. Cookies are generated by server-side service providers for better display and optimal functioning of the website. The owner of the website, the Data Controller, is only responsible for informing visitors about the cookie usage. Some cookies expire after the website is closed, while others are stored on the user’s device for a longer period.
Main Characteristics of Cookies Used on the Data Controller’s Website:
Cookies can generally be classified into two main types:
(i) Session Cookies: Temporary cookies that are placed on the user’s device for the duration of a session (e.g., online banking security authentication).
(ii) Persistent Cookies: These remain on the computer until deleted by the user (e.g., remembering the website language preference).
In the case of cookies that require the user’s consent, the information may be related to the website’s first visit, if the data processing associated with cookies starts upon visiting the page. It is not necessary for the entire cookie notice text to appear on the website, but it is sufficient to provide a link to the full notice. On the first visit to the Data Controller’s website, a cookie banner will appear. If the user clicks the “Accept” button or continues visiting the site, they accept the website’s cookie usage policy. The Data Controller’s website records and processes the following data about visitors and their browsing devices:
Cookies alone cannot identify the user personally.
Types of Cookies Used on the Data Controller’s Website:
Cookie Management and Deletion
Cookies can be deleted or disabled through the browser settings. Browsers enable cookie placement by default, but this can be turned off, and existing cookies can be deleted. If the user disables cookies in their browser, some website features may not be fully functional.
For more information on deleting cookies, you can visit the following links:
Legal Basis for Data Processing: