Privacy Policy of the online business portal of TravelSoft OnLine IT Services Ltd.


  1. Introduction

The TravelSoft OnLine Computer Service Provider Limited Liability Company (Registered Office: 1012 Budapest, Logodi street 34/b 1/1.) – hereinafter referred to as the Service Provider / Data Controller, – acknowledges that it is bound by the contents of this legal notice. You undertake to ensure that the processing of your data in relation to your service complies with the requirements set out in this Policy and the applicable legislation.

The privacy policy related to the online business portal at is permanently available under the “Privacy” section.


The Service Provider reserves the right to change this policy at any time and will notify its audience of any changes in due time.

Although the Data Controller is committed to maintaining the highest quality of service, it shall not be liable for any damages resulting from the use of the system.

The data controller is committed to protecting the personal data of its partners and users, and attaches the utmost importance to respecting the right to information self-determination of its customers. The data controller keeps personal data confidential and takes all security, technical and organisational measures to guarantee the security of the data.

The controller sets out below its data management principles and the expectations it has set for itself as a controller and which it complies with. Its data management principles are in accordance with the applicable legislation on data protection.

2.Definitions of terms

2.1. personal data: any data relating to an identified (identified or identifiable) natural person (data subject), any inference that can be drawn from the data concerning the data subject. Personal data shall retain this quality during processing for as long as the link with the data subject can be established. In particular, a person may be regarded as identifiable where he or she can be identified, directly or indirectly, by reference to a name, an identification mark or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity;

2.2. consent: a voluntary and explicit indication of the data subject’s wishes, based on adequate information, by which he or she gives his or her unambiguous agreement to the processing of personal data concerning him or her, whether in full or in relation to specific operations;

2.3. objection: a statement by the data subject objecting to the processing of his or her personal data and requesting the cessation of the processing or the erasure of the processed data;

2.4. data controller: the natural or legal person or unincorporated body which determines the purposes for which the data are processed, takes and executes decisions concerning the processing (including the means used) or has them executed by a processor on its behalf;

2.5. data processing: any operation or set of operations which is performed upon data, regardless of the procedure used, such as collection, recording, recording, organisation, storage, alteration, use, disclosure, transmission, alignment or combination, blocking, erasure and destruction, and prevention of further use of the data. Processing also includes the taking of photographs, audio or video recordings and the recording of physical characteristics that can be used to identify a person (e.g. fingerprints, palm prints, DNA samples, iris scans);

2.6. transfer: when the data are made available to a specified third party;

2.7. disclosure: where the data are made available to any person;

2.8. erasure: rendering data unrecognisable in such a way that it is no longer possible to recover it;

2.9. data blocking: making it impossible to transmit, access, disclose, transform, alter, destroy, erase, interlink or coordinate and use data permanently or for a specified period of time;

2.10. data destruction: data destruction means the total physical destruction of data or of the medium on which the data are stored;

2.11. ‘data processing’ means the performance of technical tasks related to data processing operations, irrespective of the method and means used to carry out the operations and the place of application;

2.12. ‘processor’ means a natural or legal person or an unincorporated body which carries out the processing of personal data on behalf of the controller;

2.13. ‘third party’ means a natural or legal person or unincorporated body other than the data subject, the controller or the processor;

2.14. third country: any country which is not a member of the European Economic Area.

3.Principles for the processing of personal data by the controller

3.1 Personal data may be processed if the data subject consents or if it is ordered by law or by a local government decree, based on the authority of the law and within the scope specified therein.

The consent of an incapacitated minor or a minor with limited capacity to act does not require the consent of his or her legal representative, since the personal data to be included on the website are intended solely for the purpose of contacting the controller, which is a common activity in everyday life and does not require any special consideration.

3.2. The processing must comply with this purpose at all stages.

3.3 Only personal data which is necessary for the purpose of the processing, which is adequate for the purpose, may be processed to the extent and for the duration necessary for the purpose.

Personal data may only be processed with appropriate informed consent.

3.4 The data subject shall be informed in a clear, plain and detailed manner of all the facts relating to the processing of his or her data, in particular the purposes and legal basis of the processing, the identity of the controller and processor, the duration of the processing and the persons who may access the data. The information shall also cover the rights and remedies of the data subject with regard to the processing.

3.5 The personal data processed must comply with the following requirements:

Their collection and processing must be fair and lawful;

accurate, complete and, where necessary, timely;

They must be accurate, complete, complete, timely, accurate and proportionate, and stored in a way that ensures that the data subject can be identified only for the time necessary for the purposes for which they are stored.

3.6. The use of a generic and uniform personal identification number without restriction is prohibited.

3.7 Personal data may be transferred and different processing operations may be combined only if the data subject has given his or her consent or if permitted by law and if the conditions for processing are fulfilled for each individual personal data. Personal data (including sensitive data) may be transferred from the country to a controller or processor in a third country, irrespective of the data medium or the means of transmission, if the data subject has given his or her explicit consent or if the law so permits and the third country ensures an adequate level of protection for the personal data concerned in the processing of the data transferred. Transfers to Member States of the European Economic Area shall be considered as transfers within the territory of the Republic of Hungary.

Scope of personal data, purpose, legal basis and duration of processing

4.1 With regard to the data of the visitors of the website, the data controller may record the IP address of the users, the time of the visit and the address of the page viewed during the visit of the websites – for technical reasons and for the purpose of compiling statistics on user habits.


4.2. External service providers do not have access to personal data, the data controller only provides access to aggregated data (e.g. Google).


4.5 Newsletter and other notifications. The website does not use so-called “cookies”.

4.6. Contact:


4.6.1 For the purposes of contacting you, the Service Provider processes the following personal data:



electronic contact details (e-mail address);

(e-mail address, telephone number);

4.6.2. Purpose of data processing: to maintain contact with the user;


4.6.3; Legal basis for processing: the data subject’s voluntary consent;


4.6.4. Duration of processing: messages received by e-mail on the website will be used by the data controller only for the intended purpose and will be deleted once the matter has been finally settled.


4.7 Other data processing: information on data processing not listed in this information notice will be provided at the time of data collection. The court, the prosecutor and the investigating authority may request the service provider to provide information, to communicate or transfer data or to make documents available (Section 71 of the Act on the Protection of Personal Data). The data controller shall disclose personal data to public authorities in response to a lawful request, provided that the public authority has indicated the precise purpose and scope of the data, only to the extent and to the extent strictly necessary to achieve the purpose of the request.

  1. How personal data are stored, security of processing

5.1 The data controller shall select and operate the IT tools used to process personal data in the course of providing the service in such a way that the processed data:


is accessible to authorised persons (availability);

its authenticity and authenticity are ensured (authenticity of processing);

its integrity can be verified (data integrity);

is protected against unauthorised access (data confidentiality).

5.2 The controller shall ensure that the security of processing is protected by technical, organisational and organisational measures that provide a level of protection appropriate to the risks associated with the processing.


5.3. The controller shall, during the processing, keep


confidentiality: it protects information so that only those who are authorised to have access to it have access to it;

integrity: to protect the accuracy and integrity of the information and the processing method;

availability: it ensures that when the authorised user needs it, he has effective access to the information and the means to obtain it.

5.4 The data controller’s IT system and network are protected against computer fraud, espionage, sabotage, vandalism, fire and flood, computer viruses, computer intrusions and attacks that could lead to denial of service. The operator ensures security through server-level and application-level protection procedures.


5.5 Electronic messages transmitted over the Internet, regardless of the protocol (e-mail, web, ftp, etc.) are vulnerable to network threats that could lead to fraudulent activity, contract disputes, or information disclosure or modification. To protect against such threats, the provider will take all reasonable precautions. It shall monitor systems in order to record and provide evidence of any security incidents. System monitoring also allows the effectiveness of the precautions taken to be checked.


Data controller details, contact details

Name: TravelSoft OnLine Computer Service Provider Limited Liability Company


Address: 1012 Budapest, Logodi u. 34/b.




Company registration number: 01-09-681940


Tax number: 11894933-2-41


7.1.The data subject may request information about the processing of his or her personal data and may request the rectification or – with the exception of processing required by law – the erasure of his or her personal data.


7.2 At the request of the data subject, the controller, as data controller, shall provide information about the data processed by it or by a processor on its behalf, the purpose, legal basis and duration of the processing, the name, address (registered office) and activities of the processor in relation to the processing, as well as who is receiving or has received the data and for what purposes. The controller shall provide the information in writing in an intelligible form within the shortest possible time from the date of the request, but not later than 30 days. This information shall be provided free of charge if the person requesting the information has not already submitted a request for information to the controller in the current year in the same field. In other cases, the controller shall charge a fee.


7.3 The controller shall erase personal data if its processing is unlawful, if the data subject requests it pursuant to point 4.3, if the purpose of the processing has ceased, or if the statutory time limit for storing the data has expired, or if the court or the Data Protection Commissioner has ordered it.


7.4 The data controller shall notify the data subject of the rectification and erasure, as well as all those to whom the data were previously transmitted for processing. Notification may be omitted if this does not harm the legitimate interests of the data subject having regard to the purposes of the processing.


7.5 The data subject may object to the processing of his or her personal data if

the processing (transfer) of personal data is necessary solely for the purposes of the exercise of a right or legitimate interest pursued by the controller or the recipient, unless the processing is required by law;

the personal data are used or further processed for direct marketing, public opinion polling or scientific research purposes;

the exercise of the right to object is otherwise permitted by law.

7.6 The controller shall examine the objection within the shortest possible period of time from the date of the request, but not later than 15 days, and shall inform the applicant in writing of the outcome of the examination, with the simultaneous suspension of the processing. Where the objection is justified, the controller shall terminate the processing, including further collection and further transmission, and block the data and notify the objection and the action taken on the basis of the objection to all those to whom the personal data concerned by the objection have been previously disclosed and who are obliged to take measures to enforce the right to object. If the data subject disagrees with the controller’s decision, he or she may challenge it in court within 30 days of the notification.


7.7 The controller may not erase the data of the data subject if the processing is ordered by law. However, the data may not be transferred to the data recipient if the controller has consented to the objection or if the court has ruled that the objection is justified.


7.8 The data subject may take legal action against the controller in case of infringement of his or her rights. The court shall rule on the case out of turn.


7.9. The controller shall be exempt from liability if the damage was caused by an unavoidable cause outside the scope of the processing. No compensation shall be payable where the damage resulted from the intentional or grossly negligent conduct of the injured party.


8.10. Complaints concerning data processing may be lodged with the courts or the National Authority for Data Protection and Freedom of Information:


22/c Szilágyi Erzsébet fasor, 1125 Budapest, Hungary.


Postal address: 1534 Budapest, PO Box: 834


Phone: +36 (1) 391-1400


Fax: +36 (1) 391-1410