Request a Quote

Privacy Policy

Balatonfüred Congress Centre

I. General Provisions

Holiday & More Kft., as the operator of the Balatonfüred Congress Centre (address: 1022 Budapest, Fillér utca 84/a, website: www.bfcc.hu), shall in all cases ensure the lawfulness and expediency of the data processing regarding the personal data it handles. The purpose of this policy is to ensure that our guests who book accommodation and provide their personal data can receive adequate information, prior to booking or providing their personal data, about the conditions and guarantees under which our company processes their data, and for how long.

Company Details

Name:Holiday & More Kft.
Registered Seat:1022 Budapest, Fillér utca 84/a
Company Registration No.:01-09-410095
Tax ID:32169384-2-41
Phone Number:+36 30 018 7750
Email:info@bfcc.hu
Website:www.bfcc.hu

Our data processing activities comply with the relevant legislation, particularly:

  • Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR")
  • Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information ("Infotv.")
  • Act V of 2013 on the Civil Code
  • Act C of 2000 on Accounting
  • Act CL of 2017 on the Order of Taxation
  • Act CXXXIII of 2005 on the Rules of Personal and Property Protection and Private Detective Activities
  • Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities
  • Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services

II. Data Processing Activities

1. Online Accommodation Booking

Our company provides the option for online accommodation booking to allow guests to book a room quickly, conveniently, and free of charge.

  • Purpose: To facilitate and increase the efficiency of accommodation booking
  • Legal Basis: Prior consent of the person booking [GDPR 6(1) a)]; necessity of taking steps prior to entering into a contract [GDPR 6(1) b)]
  • Data Processed: Salutation, name, address, phone, email, company details, credit card number, SZÉP Card details
  • Duration: Two years following the last day of stay

2. Quotation Requests

Our company provides the option for guests to request a quotation electronically through an automated system.

  • Purpose: Preliminary inquiry about prices
  • Legal Basis: Prior consent [GDPR 6(1) a)]; pre-contractual steps [GDPR 6(1) b)]
  • Data Processed: Salutation, name, phone, email, number of guests, billing details
  • Duration: Two years following the last day of stay

3. Service Provision and Invoicing

Our company processes personal data to fulfil contracts with guests, including payment of fees for services.

  • Purpose: Use of services and invoicing
  • Legal Basis: Contract performance [GDPR 6(1) b)]; legal obligation under Accounting Act [GDPR 6(1) c)]
  • Data Processed: Name, residential address
  • Duration: 5 years from contract performance; 8 years for invoices

4. Cookie Management

To provide personalized service, we place cookies on the user's computer and read them back during subsequent visits.

  • Purpose: User identification, session tracking, web analytics, personalized service
  • Legal Basis: Consent [GDPR 6(1) a)]
  • Data Processed: Date, time, previously visited page
  • Duration: Maximum 30 days

Users can delete cookies and disable their use in browser settings. More information is available in browser-specific policies for Internet Explorer, Firefox, Chrome, and Safari.

5. Website Server Logging

When visiting www.bfcc.hu, the web server automatically logs user activity.

  • Purpose: Check service operation and prevent misuse
  • Legal Basis: Legitimate interest [GDPR 6(1) f)]
  • Data Processed: IP address, identification number, date, time, visited page
  • Duration: Maximum 90 days

6. Other Data Processing

We provide information about data processing not listed in this policy at the time of data collection. Certain authorities may contact us to disclose personal data; we only provide data as strictly necessary and as prescribed by law.

III. Data Storage and Security

Our IT systems are located at our registered seat and on servers rented by Data Processors. We ensure that processed data:

  • Is accessible to authorized persons (availability)
  • Has ensured authenticity and authentication
  • Has verifiable invariance (data integrity)
  • Is protected against unauthorized access (confidentiality)

We protect data with appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion, destruction, and accidental damage. Our IT systems are protected against computer-supported fraud, viruses, break-ins, and denial-of-service attacks. Daily data backup is performed.

IV. Rights of Data Subjects

Data subjects may request information about their data processing, rectification, erasure, withdrawal, and may exercise data portability and objection rights.

Right to Information

We provide all information concerning personal data processing in a concise, transparent, intelligible, and easily accessible form.

Right of Access

Data subjects have the right to obtain confirmation whether their personal data is being processed, and access to purposes, categories, recipients, storage period, and other relevant information.

Right to Rectification

Any person may request rectification of inaccurate personal data and completion of incomplete data.

Right to Erasure ('Right to be Forgotten')

Data subjects may request erasure when:

  • Data is no longer necessary for original purposes
  • Consent is withdrawn and no other legal ground exists
  • Data subject objects and no overriding legitimate grounds exist
  • Data was unlawfully processed
  • Data must be erased for legal compliance

Right to Restriction of Processing

We restrict processing when:

  • Accuracy is contested (during verification period)
  • Processing is unlawful but erasure is opposed
  • Data is no longer needed but required for legal claims
  • Data subject has objected (pending verification)

Right to Data Portability

Data subjects may receive their personal data in a structured, commonly used, machine-readable format (Word or Excel) and have it transmitted to another controller.

Right to Object

Data subjects may object to processing for direct marketing purposes at any time. If objected, data will no longer be processed for such purposes.

Right to Withdrawal

Data subjects may withdraw consent at any time. Withdrawal does not affect lawfulness of prior processing.

Procedural Rules

We inform data subjects within one month of receipt about measures taken. This may be extended by two months for complex requests. We provide information electronically unless otherwise requested.

Compensation

Any person suffering material or non-material damage from GDPR infringement has the right to receive compensation from the Data Controller or Processor.

Legal Remedies

Data subjects may:

  • Lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH)
    • Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
    • Website: www.naih.hu
    • Email: ugyfelszolgalat@naih.hu
    • Phone: +36-1-391-1400
  • Apply to the competent court

V. Miscellaneous Provisions

The Data Controller undertakes that all data processing complies with this policy and applicable legislation. We reserve the right to modify this policy, with changes announced on the website.

For questions regarding this policy, please contact us at info@bfcc.hu.

Last updated: November 2025