Privacy Policy

1. Purpose of data processing:

The purpose of this Policy is to set out the data protection and processing principles applied by Spoontheboat Kft. (hereinafter: Data Controller), its data protection and processing policy, in which it acknowledges the obligations laid down in it with binding force.
Spoontheboat Kft. reserves the right to change the contents of this Policy at any time, of which it will inform its Customers and Partners without delay.
Spoontheboat Kft. guarantees that the personal data obtained by it will be treated confidentially, and will take all security, technical and organizational measures that guarantee the safe handling and complete security of the data during the entire period of Data Management.

Unless otherwise noted, the scope of the Policy does not cover those services and data processing that are related to the promotions, sweepstakes, services, other campaigns and content published by third parties other than the operator of the given website or the Data Controller that advertise on the websites of the Company in this Prospectus or otherwise appear on it. Similarly, unless otherwise informed, the scope of the Policy does not cover the services and data processing of websites and service providers to which the link on the websites covered by the Policy leads. Such services are governed by the provisions of the personal data management information of the third party operating the service, and the Data Controller does not take any responsibility for these data processing.

Spoontheboat Kft. handles, stores and transfers personal data in accordance with and in accordance with the applicable legislation, in particular the following:

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR)

CXII of 2011. Act – on informational self-determination and freedom of information (Privacy Act)
Act I of 2012 on the Labour Code (Labour Code)
Act V of 2013 – on the Civil Code (Civil Code)
CLV of 1997. Act – on Consumer Protection (Fgytv.)
XIX of 1998. Act – on criminal procedure (Be.)
Act C of 2000 on Accounting (Szá
CVIII of 2001. Law – on electronic commerce services, as well as on
on certain issues of information society services (Eker.t.)
Act C of 2003 on Electronic Communications (Eht.)
CXXXIII of 2005. Act on the rules of personal and property protection and private investigative activities (SzVMt.)
XLVIII of 2008. Act – on certain restrictions on economic advertising activities (Grt.)

2. Scope of personal data processed:

2.1. If the User visits the interface of a service, the Data Controller’s system automatically records the User’s IP address.

2.2. Based on the User’s decision, the Data Controller may process the following data related to the use of the services: name, nickname, gender, place of residence, place of stay, postal code, place of birth, date of birth, phone number, e-mail address, secondary e-mail address, introduction, IP address of last login, date of last login.

2.3. If the User sends an e-mail (e.g. message, request for an offer, etc.) to a service, the Data Controller records the User’s e-mail address and processes it to the extent and for the duration necessary for the provision of the service.

2.4. If the User chooses to link his/her Facebook account to the Data Controller’s Facebook account, the Data Controller may also process the following personal data of the User in addition to the above: facebook, profile name, facebook profile URL, facebook profile ID, facebook profile picture, facebook e-mail address, address provided on Facebook, gender specified in Facebook, birthday, introduction, marital status and website url.

2.5. Notwithstanding the above, it may happen that the service provider technically connected to the operation of the service, without informing the Data Controller, carries out data processing activities on one of the websites. Such and similar activity does not qualify as data processing by the Data Controller, therefore it tries by all means to prevent and filter out such data processing.

3. Scope of further data processed by the data controller:

3.1. The Data Controller shall provide a customized service. Sets cookies. The purpose of the cookie is to ensure the highest possible quality of operation of the given site, to provide personalized services, and to increase the user experience. The User can delete cookies from his/her own computer, and he/she can also set the prohibition of the use of cookies in his/her browser.

3.2. Data technically recorded during the operation of the system: the data of the User’s login computer that are created during the use of the service and are recorded by the Data Controller’s system as an automatic result of technical processes. The data that is automatically recorded is automatically logged by the system at the time of logging in and logging out without a separate statement or action of the user.

4. Details of the scope of the data processed by the Data Controller:

4.1. Restaurant data processing:

4.1.1 Guest data:
Purpose of data processing: Purchase in the restaurants of Spoontheboat Kft., issuing an invoice, keeping records of the guest, documenting the purchase and payment, fulfilling accounting obligations, guest contact

Legal basis for data processing: data processing is necessary for the performance of the contract
Type of personal data processed: name, address, name of the service used, purchase price, payment method, date of use of the service
Duration of data processing: The Number. TV compliant 8 years
In the case of card payments, the data of the bank card and the card payment transaction are handled by Raiffeisen Bank Zrt. Data transfer: in case of payment by credit card, the payer’s ID, the amount of the transaction, the date and time to the Bank.
Legal basis for data transfer: data processing is necessary for the performance of the contract in accordance with the provisions of the GDPR.

4.1.2 Events:
Purpose of data processing: organization, conduct, coordination and control of events by Spoontheboat Kft.
Legal basis for data processing: data processing is necessary for the performance of a contract in accordance with GDPR regulations.
Scope of processed data: booking identification number, date of order and event, customer’s name, phone number, e-mail address, number of participants, name, age, gender, possible special request, food sensitivity data, other data provided during ordering
Duration of data processing: one month after the event.
Data processing is necessary for the performance of the contract.

4.1.3. Quality objections and complaint handling:

Purpose of data processing: To handle quality objections arising in connection with the services provided by Spoontheboat Kft.

Legal basis for data processing: data processing is necessary for the performance of the contract
Type of personal data processed: unique identification number of the complaint, name, address, place, time and method of complaint reporting, list of documents, other supporting documents submitted by the consumer, description of the complaint, place and time of recording the report, name and signature of the recorder,

Duration of data processing: with regard to the minutes of the complaint and the copies of the responses to the written complaints and the proof of dispatch, the Fgytv. Based on 5 years
With regard to the retention of duplicate entries in the books of purchasers, 2 years.
No data is transferred.

4.1.4. Exceptional occurrences:

The purpose of data processing: to manage extraordinary events in restaurants, to record them.

Legal basis for data processing: the data controller. Or the legitimate interests of other persons require the handling of extraordinary events.

Scope of processed data: name, address, telephone number, date and time of the accident, description of injury and accident, description of the measure, name of first responder, name, address, telephone number of the witness,

Duration of data processing: 5 years for the guest accident report.

4.1.5. Lost and found handling:

The purpose of data processing: registration of the objects found in the restaurant (/ event venue), notification of the owner or the finder.

Legal basis for data processing: according to the Civil Code.

Type of personal data processed: date and time of finding, data of the person who found it, name of the found object, the fact that the owner has been notified of it, the place of storage, the name and signature of the finder and the recipient and transferor
Duration of data processing: the data will be deleted and destroyed after the owner has received the found object.

4.1.6. Restaurant (/Event venue) wifi service:

By connecting to the wifi network, guests agree that Spoontheboat Kft. will monitor the connection based on the unique network identifier of the device.

The wifi traffic of the restaurant (/event venue) is not recorded by Spoontheboat Kft.

4.2. Marketing and market research database:

4.2.1. Marketing database:

The data of those who give their consent to direct marketing requests are handled by Spoontheboat Kft.
The purpose of data processing: to build a database for business purposes, to send newsletters to the data subjects via e-mail containing economic advertising, to prepare personalized offers using online analytical data, and to forward the offers of the data controller and its partners.

Only persons over the age of 16 can consent to direct marketing communications.

Legal basis for data processing: voluntary consent of the data subject in accordance with the provisions of the Grt.
The scope of the processed data: identification number, name, address, e-mail address, phone number, consent to the request for DM purposes, data related to the sending, delivery, opening of messages and the online activity of data subjects are stored in the system.
Duration of data processing: until the withdrawal of the consent of the data subject.
The withdrawal of consent to the transfer of DM plants and the deletion or modification of personal data can be requested at the central e-mail address of Spoontheboat Kft.

4.2.2. Market research database:

The data of the persons involved in the market research are processed by Spoontheboat Kft.
The purpose of data processing: to record and segment the data of persons participating in market research, to send research invitations, to coordinate and conduct market research.
Legal basis for data processing: voluntary consent of the data subject. Only a person over the age of 16 can participate in market research.

Type of data processed: identification number, name, address, e-mail address, phone number, other data provided.
Duration of data processing: until the withdrawal of the consent of the data subject.

4.3. Asset protection:

4.3.1. Electronic surveillance system:

The restaurants of Spoontheboat Kft. have an electronic surveillance and recording system, as part of which cameras have been installed for the entire guest area. The exact location of the cameras and the name of the surveillance areas are recorded in the visible place in the unit, and guests are informed about it when entering the restaurant (/ event venue).

Controller of personal data: the competent manager of Spoontheboat Kft.
The purpose of data processing: to prevent and detect violations, to catch the offender in the act and to prove violations in order to protect human life, physical integrity and property rights, to identify those entering the restaurant (/ event venue) area without permission, to record the fact of entry, to document the activities of unauthorized occupants, to investigate the circumstances of possible workplace and other accidents.

Legal basis for data processing: in the case of guests, the consent of the data subject by entering the restaurant area, in the case of employees, the legitimate interest accepted on the basis of the Labour Code for the protection of the property of Spoontheboat Kft.

Type of personal data processed: facial image and other personal data of persons entering the territory of the restaurant (/ event venue) visible in the image recordings and other personal data recorded by the surveillance system.

Duration of data processing: 30 days in case of use (SzvMt)
Use of recordings:
Authorized to view the current images of the cameras: authorized employees of Spoontheboat Kft.
Authorized to view the footage of the cameras: authorized employees of Spoontheboat Kft.
The recording of the cameras is entitled to be recorded on a data carrier: authorized employees of Spoontheboat Kft.

The stored recordings of the camera surveillance and recording system operated by Spoontheboat Kft. may be viewed by authorized persons only for the purpose of proving violations committed against human life, physical integrity and property, and for the identification of the offender.

Data subjects whose right or legitimate interest is affected by the recording of the image may request, by justifying their right or legitimate interest, that the data controller not destroy or delete the recording until the court or authority requests it, but for a maximum of 30 days. The person in the recording may request information about the recording taken of him by the surveillance system, request a copy, or, if another person is included in the recording, gain insight into the recording. The data subject may request the deletion of the recording of him/her, the modification of the data related to the recording, or he or she may object to the data processing.

The data controller is obliged to record in a protocol the fact of accessing the recorded recordings, the name of the person performing it, the reason and time of access to the data.

Realization of data transfer: in the event of an offence or criminal proceedings, to the authorities and courts conducting them.

Scope of data transferred: recordings made by the camera system containing relevant information.
Legal basis for the transfer: Be. Stv.

4.4. Data processing of

4.4.1. Logging Server

Data processing is carried out by Spoontheboat Kft. and by visiting the website, the server does not record user data.

Data processing by external service providers:
The html code of the portal contains links from and to an external server independent of Spoontheboat Kft. The servers of external service providers are directly connected to the user’s computer, so we draw the attention of users to the fact that for this reason they are able to collect user data.

The content that may be personalized for the users is served by the servers of the external service providers, about which the competent data controllers can provide information about data processing. (Google Analytics server).
The service code available at the address has been placed on the website.

4.5. Mobile application:

When the data subject uses the mobile application of Spoontheboat Kft. or otherwise contacts the Ltd., personal data may be collected about the data subject.

The data collected can be divided into two categories:
data provided by the data subject
information collected through automated means.
The following information may be provided by data subjects:
name, email address, date of birth,
login password
disclaimers regarding the use of the application
The following information can be collected by automated methods:
IP address used by the data subject
the date the app was registered
date of redemption of offers
type of operating system and browser running on the data subject’s computer or mobile device
the type, ID and advertisements of the data subject’s mobile device,
Wifi, GPS, Bluetooth usage,
or your activity and activity related to the use of the application.
The collected data may be used by Spoontheboat Kft. for the following purposes:
fulfillment of requests of the data subject, processing of the settlement of services
sending information about the services, offers, promotions or events of Spoontheboat Kft. and its business partners
We will only share the personal data of data subjects to third parties for the purpose of pursuing their direct marketing purposes if the data subject gives his or her consent.

4.6. Application for a job:

It is possible to apply for a job on the website operated by Spoontheboat Kft. The controller of personal data is Spoontheboat Kft.
The employer, as data controller, processes the personal data provided by the data subject during the selection process and for one year thereafter for recruitment purposes.

The purpose of data processing: to apply for a vacancy at Spoontheboat Kft., to participate in the selection procedure.

Legal basis for data processing: voluntary consent of the data subject
Type of personal data processed: name, permanent address, place of residence, telephone number, e-mail address, place and date of birth, as well as uploaded or sent photo, CV, cover letter.
Deadline for deletion of data: one year from the submission of the application.

4.7. Other data processing:

We provide information on data processing not listed in the Prospectus at the time of data collection.

5. Principles and methods of data processing:

5.1. The Data Controller shall process personal data in accordance with the principles of good faith, fairness and transparency, as well as the provisions of the applicable legislation and the provisions of this Prospectus.

5.2. The Data Controller shall use the personal data strictly necessary for the use of the services on the basis of the consent of the user concerned and exclusively for the purpose.

5.3. The Data Controller processes personal data only for the purposes specified in this Policy or in the relevant legislation. In all cases where the Data Controller intends to use the personal data for a purpose other than the purpose for which the data was originally collected, it shall inform the User thereof, request his/her prior, express consent or provide him or her with the opportunity to prohibit the use.

5.4. The Data Controller does not check the personal data provided to it.

5.5. The personal data of a person under the age of 16 may only be processed with the consent of the adult exercising parental authority over him. The Data Controller is not in a position to verify the authorization of the consenting person or the content of his or her statement, so the User or the person exercising parental control over him or her guarantees that the consent complies with the law.

5.6. The Data Controller shall not transfer the personal data managed by it to third parties other than the Data Processors specified in this Policy and, in some cases, external service providers.

In certain cases, the Data Controller may, in the event of an official court, police request, legal procedure for copyright, property or other infringements or reasonable suspicion thereof, harm to the interests of the Data Controller, jeopardizing the provision of services, etc. – makes available personal data of the user concerned available to third parties.

5.7. The Data Controller’s system may collect data on the activity of users, which cannot be linked to other data provided by users during registration, nor to data generated when using other websites or other services.

5.8. The Data Controller shall notify the user concerned of the rectification, restriction or deletion of the personal data managed by him, as well as all those to whom he previously transmitted the personal data for the purpose of data processing. The notification may be omitted if it does not violate the legitimate interest of the data subject with regard to the purpose of data management.

5.9. The Data Controller shall ensure the security of personal data, take the technical and organizational measures and establish the procedural rules that ensure that the recorded, stored or processed data are protected, and prevent their accidental loss, unlawful destruction, unauthorized access, unauthorized use and unauthorized alteration, unauthorized distribution.

6. User’s rights, how to enforce them:

6.1. The User may request that the Data Controller inform him or her whether he or she is processing the User’s personal data, and if so, grant him access to the personal data processed by him.

6.2. The User may request the rectification or modification of his or her personal data processed by the Data Controller.

6.3. The User may request the deletion of his or her personal data processed by the Data Controller
Deletion may be refused for the purpose of exercising the right to freedom of expression and information, or if the processing of personal data is authorised by law, as well as for the establishment, exercise or defence of legal claims.
In all cases, the Data Controller shall inform the user of the refusal of the deletion request, indicating the reason for the refusal of the deletion.

The newsletters sent by the Data Controller can be cancelled via the unsubscribe link contained therein or by sending an e-mail. In case of unsubscribing, the data controller deletes the user’s personal data from the newsletter database.

6.4. The User may request that the processing of his or her personal data be restricted by the Data Controller if the User disputes the accuracy of the processed data. In this case, the restriction applies to the period that allows the Data Controller to verify the accuracy of the personal data.

The User may request the restriction of the processing of his or her personal data if the data processing is unlawful, and may also request it if the purpose of the data processing has been achieved, but the User requests their processing by the Data Controller for the purpose of making, asserting and defending legal claims.

6.5. The User may request that the Data Controller provide the personal data provided by the User and processed by the User in an automated manner to him or her in a structured, commonly used and machine-readable format and or transmit them to another data controller.

6.6. The User may object to the processing of his or her personal data if the processing of personal data is only necessary for compliance with a legal obligation to which the Data Controller is subject or for the enforcement of the legitimate interest of the Data Controller, the operator of a service or a third party.

7. Joint processing
We would like to draw the attention of our guests to the fact that the group of companies, to which the above-mentioned operating company belongs, also involves the following joint controllers in order to ensure the interoperability of its related services:

Companies belonging to the data controller’s group of companies:
Absolute Occasion Communication Agency Ltd.
And Event Holding Ltd.
BeLive Events Ltd.
Billiards Ltd.
Burg PS Event Organizer Ltd.
CZNL Service Ltd.
CER Ltd.
Concession Holding Ltd.
Csari-Trade Ltd.
Csónakázótó Vendéglátóipari Kft.
EV-BI Catering & Event Organizer Ltd.
Eventrend Global Ltd.
Eventrend Holding Ltd.
Eventrend Project Ltd.
Rowing Operator Ltd.
Five Star Event Ltd.
Farm Hotel Ltd.
Flow Holding Ltd.
Flow Hotels Ltd.
Gala Event Organizer Ltd.
Gastronomy Klub Restaurant Ltd.
GR&C Event and More Ltd.
Spoontheboat Ltd.
Hoteltrend Ltd.
HRM Event Ltd.
Jazz Event Ltd.
KZZM Investment and Asset Management Ltd.
Magna Catering Ltd.
Mokoloko Ltd.
Optima-Team Accounting Services Ltd.
Országalma Restaurant Ltd.
PG Informatics Service Limited Liability Company.
Pre-Go Coffe&Pasta Ltd.
Protocol Event Ltd.
R Hotel Operator Ltd.
Sensation Event&Congress Ltd.
Chef’s Table Restaurant Ltd.
Setup Event Ltd.
Stadion Event Event Organizing Ltd.
Stiritup Communications and Consulting Ltd.
Symbol Operator Ltd.
Main Guard and Riding Hall Operator Ltd.
Touché Event Ltd.
Vásárliget Ltd.
Zichy Park Hotel Ltd.
The joint controllers shall act in accordance with the provisions of this Policy when processing data.

8.0 Data processing:

8.1. The Data Controller uses Data Processors to perform its activities.

8.2. The Data Processors do not make independent decisions, they are only entitled to act on the basis of the contract concluded with the Data Controller and the instructions received. After 25.05.2018, the Data Processors shall record, process, process and make a statement to the Data Controller of the personal data transmitted to them by the Data Controller and managed or processed by them in accordance with the provisions prescribed by the GDPR.

8.3. The Data Controller controls the work of the Data Processors.

8.4. The Data Processors are only entitled to involve another data processor with the consent of the Data Controller.

9.0. Possibility of data transfer:

9.1. The Data Controller is entitled and obliged to transfer to the competent authorities all available and duly stored personal data that it is obliged to transfer by law or by a final official order. It cannot be held responsible for the consequences arising from this.

9.2. If the Data Controller transfers the operation or utilization of the content service and hosting service on the pages of the services, in whole or in part, to a third party, it may transfer the personal data managed by it in whole or in part to this third party without requesting the separate consent of the User, however, with the appropriate prior information of the Users, to the new operator, with the understanding that this data transfer may not bring the User to the To be in a more disadvantaged position than the data processing rules indicated in the prospectus.
The Data Controller must provide the User with the opportunity to prohibit the transfer of data.

10.0 Modification of the Privacy Policy:

10.1. The Data Controller reserves the right to amend the contents of the Privacy Policy at any time by unilateral decision.

10.2. By next login, the User accepts the current provisions of the Prospectus, in addition, it is not necessary to ask for the consent of each User.

11.0 Enforcement Options:

11.1. With questions or comments related to data processing, the Data Protection Officer of the Company can be contacted at the e-mail address.

11.2. The User may submit a complaint related to data processing directly to the National Authority for Data Protection and Freedom of Information (1125. Budapest, Erzsébet Szilágyi fasor 22/C) may turn.
11.3. In case of violation of the rights of the User, he may turn to court. The trial falls within the jurisdiction of the tribunal. The lawsuit may also be brought, at the choice of the data subject, before the court of the place where the data subject is domiciled or stayed.