Privacy Policy

Check availability:

Privacy Policy and Data Processing Information

1. Data Controller Information

Company: Neo Hungary Sárvár 2016 Kft.
Headquarters: 9600 Sárvár, Kinizsi Pál u. 27.
Tax Number: 32018532-2-18
Company Registration Number: 18-09-112949

Accommodation: Neo Prémium Apartments****
Address: 9600 Sárvár, Sylveszter János u. 11.
Email: info@npapartments.hu
Website: www.npapartments.hu

Neo Hungary Sárvár 2016 Kft. (the “Data Controller”) places great importance on ensuring that all data processing complies with applicable data protection laws, in particular the EU General Data Protection Regulation (EU) 2016/679 – GDPR and the Hungarian Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information.

The Data Controller is committed to protecting the personal data of Guests, Partners, and Employees and takes all necessary technical, organizational, and administrative measures to ensure data security.

2. Purpose of Data Processing

The Data Controller processes personal data collected in connection with Neo Prémium Apartments** services and related online and offline activities (e.g., booking management, communication, newsletters, promotions, video surveillance, financial administration) solely for specified, clear, and lawful purposes.

Purposes include:

  • Managing and confirming accommodation bookings

  • Identifying and registering guests

  • Fulfilling service contracts

  • Invoicing and payment processing

  • Compliance with legal obligations

  • Complaint handling and customer service

  • Marketing and newsletter activities (with consent)

  • Video surveillance for property protection

  • Website operation and online analytics (cookies)

3. Legal Basis for Data Processing

Data processing is based on the following legal grounds:

  • Article 6(1)(a) GDPR – consent of the data subject

  • Article 6(1)(b) GDPR – performance of a contract

  • Article 6(1)(c) GDPR – compliance with a legal obligation

  • Article 6(1)(f) GDPR – legitimate interest of the Data Controller (e.g., property protection, customer service)

Newsletter and marketing communication is sent only with explicit consent, which can be withdrawn at any time.

4. Principles of Data Processing

The Data Controller adheres to the following principles:

  • Lawfulness, fairness, and transparency – data processing respects the rights of the data subject

  • Purpose limitation – data is used only for specified purposes

  • Data minimization – only data necessary for the purpose is processed

  • Accuracy – data is kept up-to-date and corrected if needed

  • Storage limitation – data is stored only as long as necessary

  • Integrity and confidentiality – technical and organizational measures ensure protection

5. Categories and Scope of Processed Data

5.1. Booking-Related Data

  • Guest name

  • Date of birth, nationality

  • Email, phone number, address

  • ID card or passport number

  • Stay period, room number

  • Payment information, SZÉP card data

  • Other booking-related information (e.g., special requests)

5.2. Online Data Processing

  • IP address, browser data, cookie IDs

  • Data entered in the online booking system

  • Website analytics (Google Analytics, Facebook Pixel, etc.)

5.3. Newsletter and Marketing

  • Name, email address

  • Date and IP of consent

  • Participation in campaigns

5.4. Video Surveillance

  • Camera recordings (with time and location)

  • Retention period: 30 days

6. Data Retention Period

  • Booking data: up to 8 years after the stay for accounting and tax purposes

  • Invoice data: 8 years according to Hungarian Accounting Act

  • Video recordings: 30 days, then automatically deleted

  • Newsletter subscriptions: until withdrawal, maximum 30 days after withdrawal

  • Data for legal claims: as long as required, maximum 5 years statute of limitation

7. Data Sharing and Processing by Third Parties

Personal data is shared with third parties only legally and to the necessary extent, e.g., for contract fulfillment, legal compliance, or in the interest of the guest.

7.1. Data Processors

Name Service Address / Headquarters
Szallas.hu Zrt. Online booking system 3525 Miskolc, Régiposta u. 9.
Booking.com B.V. Online booking platform Herengracht 597, 1017 CE Amsterdam, NL
Google Ireland Ltd. Web analytics (Analytics, Ads) Gordon House, Barrow Street, Dublin 4, IRL
Meta Platforms Ireland Ltd. Social media ads (FB, IG) 4 Grand Canal Square, Dublin 2, IRL
Számlázz.hu (KBOSS.hu Kft.) Electronic invoicing 1031 Budapest, Záhony u. 7.
Websupport Magyarország Kft IT operations, server hosting 1119 Budapest, Fehérvári út 97-99.

Data processors act only on the instructions of the Data Controller and in accordance with contractual data protection requirements.

7.2. Data Sharing with Authorities

The Data Controller may be legally required to provide data to authorities (police, tax authority, immigration office).

Data provision to the VIZA system operated by the Hungarian Tourism Agency is mandatory under Decree 235/2019 (X.15.).

8. Data Security Measures

The Data Controller ensures the protection of personal data through:

  • Confidentiality – only authorized personnel can access data

  • Integrity – data cannot be altered without authorization

  • Availability – data is accessible when needed

Data is stored in password-protected IT systems; paper documents are accessible only to authorized staff.
The website uses SSL encryption.

9. Rights of Data Subjects

Guests have the following rights under GDPR:

  • Right to information

  • Right of access

  • Right to rectification

  • Right to erasure (“right to be forgotten”)

  • Right to restriction of processing

  • Right to data portability

  • Right to object to processing based on legitimate interests

  • Right to withdraw consent

Requests can be submitted in writing:
📧 info@npapartments.hu
📫 Neo Prémium Apartments****, 9600 Sárvár, Sylvester János u. 11.

The Data Controller responds within 30 days.

10. Complaints and Legal Remedies

Data subjects may file a complaint with:

National Authority for Data Protection and Freedom of Information (NAIH)
1055 Budapest, Falk Miksa u. 9-11
P.O. Box: 1363 Budapest, Pf. 9
Phone: +36 (1) 391-1400
Email: ugyfelszolgalat@naih.hu
Website: naih.hu

Alternatively, legal action can be taken at the court of residence or place of stay.

11. Cookies

The website www.npapartments.hu uses cookies to improve user experience, operate the service, and collect statistics.

11.1. Types of Cookies

  • Session cookies: active until browser is closed, necessary for site operation

  • Persistent cookies: store user preferences (language, layout)

  • Analytics cookies: anonymized data on site usage (Google Analytics, FB Pixel)

  • Marketing cookies: show interest-based ads, only with consent

11.2. Managing Cookies

Visitors are informed at first visit and may accept or reject cookies. Cookies can be deleted or blocked in browser settings at any time. Restriction may limit site functionality.

12. Newsletter and Marketing

Newsletters or promotional offers are sent only with prior, voluntary, explicit consent.

12.1. Collected Data

  • Name, email

  • Date and IP of consent

  • Sign-up method (web form, hotel registration)

12.2. Purpose

  • Promotions, discounts, event information

  • Introduction of new services

  • Hotel news

12.3. Withdrawal

Unsubscribe at any time via link in the newsletter or email info@npapartments.hu. Data will be deleted within 30 days.