Data Protection

Data processing statement

The Users can provide data or information about themselves on the relevant platforms of the website The operator of the website is Naposhold Kft (tax number: 11684693243, hereinafter referred to as Data controller)

On our website, that is,,  you can send messages to the hotel and request quotes for the organisation of events and room reservations. It is required to provide the following data for these: surname, first name, e-mail address, phone number and for companies: company name, contact person details.


The Data controller processes the personal data for the following purposes:

1. preparing quotes for the Users
2. communication, the aim of which is providing adequate information to the Users, the effective and quick management of potential technical problems, and sending system notices in relation to the service
3. offering and selling the service of the Data controller or the related services of other service providers
4. newsletters, other new offers, providing information on discounts.

The personal data provided by the User are processed by the Data controller, and they are used for the abovementioned purposes only. The Data controller stores the personal data until the purpose of data processing ceases to exist, or until the User requests the deletion of their data, or until the User withdraws their consent, but for a maximum of one year.

Data processing required for using the services of the Data controller is based on voluntary contribution, to be provided by the Users when requesting a quote on the website.
In certain cases processing, storing and transmitting the data provided may be required by law, and the Data controller informs the data subjects on such a fact in each case separately.
The Users shall provide only their own personal data on the website. If they provide the personal data of someone else, it is the obligation of the submitter to obtain consent from the data subject.

The Data controller and the Data processor(s) who may assist the Data controller are entitled to acquaint themselves with the personal data in accordance with the legislation in force. The Data controller is not entitled to communicate any of the data of the Users to third parties, however, the Data controller is entitled to inform the Users on their other, related services by electronic mail.

The Data controller guarantees that data processing is carried out in accordance with the legislation in force at all times. At the request of the User, the Data controller provides information on the personal data processed by the Data controller, the purpose and legal basis of data processing, the name, address of the data processor, the duration of data processing as well as the activities of the Data controller in relation to data processing in writing (by e-mail) within 30 calendar days following receipt of the request of this kind anytime.
The User is entitled to modify their data provided or currently processed anytime, or request the rectification of their personal data (by indicating the right data). The request of this kind shall be received from the User in writing (by sending an e-mail to The Data controller rectifies the data in their register without delay, and informs the User on this in writing.
In addition to the above, the User can request deletion of their data, partly or completely, anytime in writing, by sending an electronic mail (e-mail) to The Data controller shall ensure that data processing is terminated following receipt of the request for deletion without delay, along with the deletion of the User’s data from the register.
To modify or delete data, the Data controller is entitled to request proof of identity for the purpose of identification, or the Data controller may demand that the User shall request data modification by using the e-mail address(es) which were previously provided as contact details.
The User can object to processing their personal data:
a) if the processing or transmission of personal data is necessary only for fulfilling legal obligation on the part of the Data controller, or processing is necessary for the purposes of the legitimate interests pursued by the Data controller, data importer or by a third party, except for the cases of mandatory data processing;
b) if the personal data is used or transmitted for the purposes of direct marketing, public opinion surveys or scientific research; and
c) in other cases provided for by law.
The Data controller examines the objection within the shortest delay, but within 30 days the latest following submission of the request. The Data controller decides if the objection is well founded and informs the person submitting the request on the decision in writing. If the Data controller concludes that the objection made by the data subject is well founded, data processing, including further data recording and data transmission, shall be terminated, data shall be blocked, and the Data controller shall notify everybody, who the Data controller previously transmitted the personal data related to the objection, and who shall take measures to exercise the right to object, on the objection made as well as the measures taken on grounds of the objection.
If the User does not agree with the decision of the Data controller, or if the Data controller misses the deadline, the User can bring a case before the court within 30 days following communication of the decision or following the last day of the deadline.
In the event of the presumed personal data breach, the injured party can enforce their claims before the courts having jurisdiction in accordance with Act CXII of 2011 on the freedom of information, or they can turn to the National Authority for Data Protection and Freedom of Information.

Data controller undertakes to ensure the security of the data, takes the appropriate technical and organisational measures and develops the procedural rules which guarantee that the recorded, stored and processed data are protected, and the Data controller prevents destruction, unauthorised use and unauthorised change to the data.

Data controller ensures that unauthorised persons can have no access to the processed data, they cannot make them public, they cannot transmit them, and they cannot modify or delete them. It is only the relevant employees of the Data controller who are entitled to acquaint themselves with the processed data, Data controller shall not transmit these data to third parties who are not entitled to acquaint themselves with the data.

Data controller shall use their best endeavours to prevent the data being damaged or destructed. The employees of the Data controller involved in the data processing activity are also required to comply with the above commitment.

Data controller collects under no circumstances special data, that is, data referring to racial origin, membership of a national or ethnic minority, political opinion or party affiliation, religious or other philosophical beliefs, membership of a representative organisation, health status, addictions, sexual activity and criminal record.

This Data processing statement is valid together with the General Terms and Conditions. In case any clause of this Data processing statement is invalid or becomes invalid, it does not affect the invalidity of the other clauses of this statement.
Data controller reserves the right to modify this Data processing statement unilaterally with prior notification of the Users. The User accepts the modified notice by using the service following the entry into force of the changes.
The provisions of Hungarian law, especially those of Act CXII of 2011 on the right to informational self-determination and on the freedom of information shall apply to this Data processing statement.