Introduction

We respect your privacy, and we are committed to protecting the privacy, security of the personal data you provide to us or that we collect about you when you use our website. This policy was prepared in compliance with legislation relevant to the General Data Protection Regulation 2016/679 (hereinafter: GDPR) and the Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter: Infotv. Or Privacy Act) 
This privacy policy explains our personal data practices. 
The controller reserves the right to change present policy at anytime unilaterally, any changes to this privacy policy will be posted to our website.
This Privacy Policy is written in the Hungarian language and may be translated into other languages. In the event of any inconsistency between the Hungarian version and the translated version of it, the Hungarian version shall prevail. 
The Hungarian law may require us to include and abide by certain clauses in our Privacy Policy.
If you have any questions about our policy or the cookies used on our website, please contact us at iroda@ikonrestaurant.hu

Controller: IKON Gasztronómia Kft.
Address: 4031 Debrecen, Szotyori Street 82. adószám: 23590461-2-09
Telephone: +36302990374">+36 30 299 0374, email: iroda@ikonrestaurant.hu
Our company does not require a Data Protection Officer to be appointed.

Principles Relating to Processing of Personal Data

1. The personal data must be legally and fairly handled and transparent to the person concerned (lawfulness, fairness and transparency);
2. The personal data are collected for specified, clear and legitimate purposes and are not treated in a manner incompatible with these purposes; in accordance with Article 89 (1), no further data handling (end-use) for purposes of public interest archiving for scientific and historical research purposes or for statistical purposes shall not be considered incompatible with the original purpose;
3.The personal data  must be appropriate and relevant to the purposes of data management and should be limited to the need (saving of the data);
4.The personal data  must be accurate and, if necessary, up-to-date; all reasonable measures must be taken to correct or correct inaccurate personal data for the purposes of data management (accuracy);
5. The personal data  must be stored in a form which permits the identification of the data subjects only for the time needed to manage the personal data; the retention of personal data may only take place if the personal data are processed in accordance with Article 89 (1) for public interest archiving, for scientific and historical research purposes or for statistical purposes, in accordance with the rights and subject to appropriate technical and organizational measures for the protection of their freedoms (storage limitation);
6.The personal data shall be managed in such a way as to ensure adequate security of personal data, including the protection against unauthorized, unlawful, unintentional, loss or destruction of data (integrity and confidentiality) by means of appropriate technical or organizational measures.
The data processor is responsible for the above, and must be able to demonstrate compliance (accountability). 

Definitions

- personal data: any data that can be related to the Customer – especially the name, username of the customer and any knowledge characteristic for one or more physical, physiological, mental, economic, cultural, or social identity of the Customer – and any conclusion related to the Customer drawn from the data; 
- the contributor concerned: a voluntary, specific and appropriate informed and explicit statement of the will of the person concerned by which he or she expresses the statement or confirmation by means of an inadvertent act of affirmation that he or she has consented to the processing of personal data concerning him or her; 
- data management: the totality of any operation or operations carried out in an automated or non-automated manner on personal data or data files, such as collecting, recording, organizing, tagging, storing, modifying or modifying, querying, inspecting, using, communicating, distributing or otherwise making available, aligning or linking, limiting, deleting or destroying; 
- data controller: means any natural or legal person, public authority, agency or any other body that determines the purposes and means of handling personal data individually or with others, where the purposes and means of data management are defined by Union or national law, the data controller or the particular aspects of the designation of the data controller may also be defined by Union or national law; 
- data processor: means any natural or legal person, public authority, agency or any other body that manages personal data on behalf of the data controller; 
- dataprotection incident: a security breach resulting in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise treated.

Data security measures

The data controller and the data processor shall take appropriate technical and organizational measures to take into account the state of science and technology and the costs of implementation, the nature, scope, circumstances and objectives of data management and the risk of varying probability and severity of natural persons' rights and freedoms to guarantee an adequate level of data security 

Cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies that are used by this website are necessary in order for us to improve our website for all the users. Cookies are not shared with any third parties. 

The range of data processed: Unique identification number, dates, times. The following cookies will be set:

- Google Analytics

The Google Analytics uses so called „cookies”, textiles, which are saved on your computer, and they help the analysis of the website usage of the Users. The cookies of the websites are sent and stored on one of the Google’s servers. With the use of cookies the service provider does not manage personal data. The visitors can prevent Google from collecting datas about the website usage habits in the Tools/Settings menu of the browser generally at the menu item Data protection. 

The range of customers: All the people who visiting the website. 
Aim of data management: Identifying users and tracking visitors. 
Term of data management, deadline for deletion of data depends on the type of the cookies.
Type of cookie: Session cookies 
Legal basis for data handling: In accordance with the CVIII Act of 2001 on certain aspects of electronic commerce services and information society services law 13 / A. § (3) 
Duration of data management: The relevant session until the end of a visitor's session 
Treated data: connect.sid 

Details of data management

Lawfulness of Processing

There are six alternative ways in which the lawfulness of a specific case of processing of personal data may be established under the GDPR. (Consent, Performance of a Contract, Legal Obligation, Vital Interests of the Data Subject, Task Carried Out in the Public Interest, Legitimate Interests)
It is possible to initiate, delete, modify or restrict access to personal data, transferability of data, and objection to data processing. If you have question during using some of the services of the data processor, or the customer has some problem you can get in contact with the data processer on the website (on phone, e-mail, etc.).

1. Table reservation
Controller allows guests to make table reservations at the restaurant directly via telephone, electronic mail, and through the Website 
Areas of personal data processed: family and surname, email address, phone number, number of guests, any other information from the guests 
Object of data processing: table reservation on the premises of the Restaurant operated by the Controller 
Claim of data processing: consent of the affected person in accordance with (GDPR 6. (1) a) 
The period for which the personal data will be processed: end of table reservation or the commencement of obligatory erasure (revocation of consent, practicing the right to object or erasure to processing data) 

2. Newsletter
The customer may give consent in advance to the service provider for sending him/her advertisement and other consignment via the addresses given at registration.
Customer can unsubscribe the sending of advertisement by clicking on the link in the message.
The range of customers: All customers subscribing for the newsletter.
The aim of data collection: sending electronic messages
The time period of data management and the deadline of deletion of data: until the withdrawal of the consent, i.e. unsubscribing from the newsletter.

3. Social media plattforms

We provide experiences through social media sites such as Facebook, Twitter, YouTube and other similar social sharing sites. When you interact with us on these social media platforms we may obtain information about you. The information we receive will depend on the privacy preferences you have set on those types of platforms. Refer to each social media site for their Terms of Use and Privacy Policies. 

4. Google Analytics

The website uses the service of Google Analytics, which is the web analyser service of the Google Inc. We can monitor and report on our website usage such as the number of visitors, search phrases used to find us, visited pages and time spent on the site. The statistics gathered are a necessary requirement in order for us to provide and improve our services.

Data processors

Storage-provider: PW Studio Kft. - contact: 4032 Debrecen, Nyek street 97, info@pwstudio.hu, +36 70 3833709
Range of data subjects: Anybody who uses the website. 
Aim of data management: To make access to the website, and the proper actuation. 
The legal basis for data processing: the User's consent 

Rights of the Individual

The data subject also has rights under the GDPR. These consist of:
1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision making and profiling.

Data security measures

The data controller and the data processor shall take appropriate technical and organizational measures to take into account the state of science and technology and the costs of implementation, the nature, scope, circumstances and objectives of data management and the risk of varying probability and severity of natural persons' rights and freedoms to guarantee an adequate level of data security 

Compliant opportunity

If a data subject find out about unauthorized data processing you can also go to court because of the Data Management activities. This procedure falls within the scope of regional courts. The civil procedure may be initiated at the regional court competent. (the list and contact information of the regional courts via the following link: http://birosag.hu/torvenyszekek) It depends on the choice of the data subject. Every data subject is entitled to lodge complaints with a single supervisory authority if the data subject considers that the processing of his or her personal data is in violation of the GDPR. In addition to the official appeals to you, you can also go to court because of the Data Management activities. Apply to the lawsuit the conditions of the GDPR, the Infotv, and the Ptk. and the Pp. The assessment of trial falls under the competence of the tribunal. The lawsuit may be brought before the tribunal of the place of residence of the subject in matter according to his or her choice.

Complaint regarding the possible breaching of the law by the data manager can be made to the Hungarian National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c, email: ugyfelszolgalat@naih.hu, tel: +36 (1) 391-1400, web: www.naih.hu, Online initiation of cases: http://wwwnaih.hu/online-uegyinditas.html )

Privacy incident

If the privacy incident is likely to pose a high risk to the rights and freedoms of natural persons, the data controller shall inform the data subject of the privacy incident without undue delay. 
The data protection incident shall be reported to the supervisory authority under Article 55 without undue delay and, if possible, no later than 72 hours after the data protection incident becomes known, unless the data protection incident is unlikely to pose a risk to the rights of natural persons and freedom. If the notification is not filed within 72 hours, the reasons for proving the delay must also be enclosed. 

If you like more info from us please sign up for our newsletter.