Privacy Policy

BookingGood.org Privacy Policy

Table of Contents

1. Introduction
2. Data Controller
3. Legal Basis for Data Processing
4. Scope of Data Processed
   • Creating a User Account
   • Using Services
   • Contact and Communication
   • Technical Data
5. Purposes of Data Processing
6. Duration of Data Processing
7. Data Security
8. Transfer of Data to Third Parties
9. User Rights
   • Right of Access
   • Right to Rectification
   • Right to Erasure
   • Right to Restriction of Processing
   • Right to Data Portability
   • Right to Object
10. Cookie Management
11. Contact Information
12. Data Processors

• Use of Data Processors
• List of Data Processors

13. International Data Transfer

• Data Transfer Outside the EU/EEA
• Data Transfer Mechanisms

14. Processing Children’s Data

• Protection of Children’s Data
• Parental Consent

15. Automated Decision-Making and Profiling

• Automated Decision-Making
• Profiling

16. Legal Remedies

• Filing a Complaint
• Supervisory Authority

17. Miscellaneous Provisions

• Modification of the Privacy Policy
• Jurisdiction

18. Withdrawal of Consent

• How to Withdraw Consent

19. Third-Party Service Providers and Partners

• Use of Third-Party Service Providers
• Partners and Advertisers

20. Data Protection Officer (DPO)

• Appointment of a DPO
• DPO Contact Information

21. Record of Data Processing Activities

• Maintaining Records

22. Correction and Updating of Data

• Correcting Data
• Keeping Data Updated

23. Privacy Audits

• Internal Audits
• External Audits

24. Availability of the Privacy Policy

• Publishing the Policy

25. Principles of Data Processing

• Compliance with Laws
• Purpose Limitation
• Data Minimization
• Accuracy
• Storage Limitation
• Integrity and Confidentiality

26. Handling Data Breaches

• Reporting Breaches
• Notifying Affected Individuals
• Incident Record Keeping

27. Exercising User Rights

• Handling Requests
• Submitting Requests

28. Newsletters and Marketing Communication

• Consent-Based Communication
• Opting Out

29. Data Processing on the Website and Mobile Apps

• Website Use
• Mobile Apps

30. Processing Data in the Partner Program

• Participation in the Partner Program
• Sharing Data

31. Data Retention Periods

• Retention Principles
• Specific Retention Periods

32. Fulfilling Legal Obligations

• Compliance with Laws
• Providing Data to Authorities

33. Customer Service and Complaint Handling

• Customer Service Contact
• Complaint Handling Process

34. Data Protection Training and Awareness

• Employee Training
• Raising Awareness

35. Detailed Cookie Management

• Types of Cookies
• Managing and Setting Cookies
• Purpose of Using Cookies

36. Third-Party Privacy Policies

• Third-Party Service Providers’ Policies
• Third-Party Data Processing

37. Privacy Audits

• Internal Audits
• External Audits

38. Modifying the Privacy Policy

• Right to Modify
• Effective Date of Modifications

39. Data Protection Impact Assessment (DPIA)

• Purpose of DPIA
• DPIA Process

40. Processing Data of Business Partners

• Processing Business Partners’ Data
• Transferring Data to Partners

41. Preventing Data Breaches

• Preventive Measures

42. Monitoring and Reporting

• Monitoring Mechanisms
• Reporting Obligations

43. Notification Procedures

• Notification Methods
• Notification Timelines

44. Data Protection Officers

• Appointing Data Protection Officers
• Responsibilities of Data Protection Officers

45. Handling User Feedback

• Feedback Channels
• Processing Feedback

46. Special Data Processing Situations

• Contracting Processes
• Events and Promotions

47. Informing Data Subjects About Data Sources

• Sources of Data

48. Transferring Data to Third Countries

• Third Countries
• Data Processing Guarantees

49. Processing Anonymized Data

• Anonymization

50. Miscellaneous Provisions

• Interpretation Rules
• Contact Information

51. Updating Contact Information

• Updating Contact Information

52. Data Protection Officer (DPO) Contact Information

• DPO Appointment and Responsibilities
• DPO Contact Information

53. Ensuring Data Accuracy

• Correcting Data
• Keeping Data Updated

54. Processing Data of Minors

• Protection of Minors’ Data
• Obtaining Parental Consent

55. Data Locking

• Possibility of Data Locking

56. Processing Data Internationally

• Transferring Data Outside the EU
• Data Processing Guarantees

57. Monitoring the Privacy Policy

• Reviewing the Policy
• Informing Users

58. Increasing Data Protection Awareness

• Awareness Campaigns
• Data Protection Guides

59. Principles of Data Processing

• Legality, Fairness, and Transparency
• Purpose Limitation
• Data Minimization
• Accuracy
• Storage Limitation
• Integrity and Confidentiality

60. Legal Remedies

• Filing a Complaint with the Supervisory Authority
• Legal Proceedings

---

1. Introduction

BookingGood.org (hereinafter referred to as the “Service Provider”) is committed to protecting users’ personal data. This Privacy Policy aims to provide information on the processing of personal data, the purposes and legal basis of data processing, and users’ rights.

2. Data Controller

The data controller is BookingGood.org:

• Company Name: MyHope Kft.
• Tax Number: 32469488-1-03
• Contact Email: contact@bookinggood.org
• Contact Phone Number: +3630/4926733

3. Legal Basis for Data Processing

The Service Provider processes data in accordance with applicable laws, particularly the European Union’s General Data Protection Regulation (GDPR). The legal basis for data processing may include:

• User consent,
• Performance of a contract,
• Compliance with legal obligations,
• Legitimate interest.

4. Scope of Data Processed

4.1. Creating a User Account

When creating a user account, we process the following data:

• Name
• Email address
• Password
• Phone number
• Billing information

4.2. Using Services

During the use of services, we process the following data:

• User ID
• Service history
• Payment data (via external service provider)

4.3. Contact and Communication

For contact and customer service communication, we process the following data:

• Name
• Email address
• Phone number
• Message content

4.4. Technical Data

Technical data automatically collected during the use of the website:

• IP address
• Browser type
• Device information
• Cookie management

5. Purposes of Data Processing

The purposes of data processing may include:

• Providing and managing services,
• Managing user accounts,
• Providing customer service,
• Performing contracts,
• Complying with legal obligations,
• Marketing and promotional purposes (based on consent),
• Ensuring and improving website functionality.

6. Duration of Data Processing

We process data for the following periods:

• For the duration of the user account and thereafter as required to fulfill legal obligations.
• Until consent is withdrawn, if the data processing is based on consent.
• For the period required to comply with legal obligations.

7. Data Security

The Service Provider takes all reasonable technical and organizational measures to protect personal data against loss, unauthorized access, destruction, or alteration.

8. Transfer of Data to Third Parties

The Service Provider transfers data to third parties only in the following cases:

• To comply with legal obligations,
• To perform contracts (e.g., payment service providers),
• Based on user consent.

9. User Rights

Users have the following rights regarding the processing of their personal data:

9.1. Right of Access

Users have the right to be informed about their personal data that we process.

9.2. Right to Rectification

Users have the right to request the rectification of their personal data if it is inaccurate or incomplete.

9.3. Right to Erasure

Users can request the deletion of their personal data if the processing is unlawful or the data is no longer needed for the purpose it was collected.

9.4. Right to Restriction of Processing

Users can request the restriction of data processing in certain cases, such as when they dispute the accuracy of the data.

9.5. Right to Data Portability

Users have the right to request their personal data in a machine-readable format and to transfer it to another data controller.

9.6. Right to Object

Users have the right to object to the processing of their personal data if the processing is based on the Service Provider’s legitimate interest.

10. Cookie Management

The website uses cookies to improve the user experience. Detailed information on the use and management of cookies is available in the Cookie Policy.

11. Contact Information

If you have any questions or requests regarding data processing, please contact us at:

• Email: support@bookinggood.org
• Postal Address: Hungary  Zip:6000 City: Kecskemét Street: Lóverseny Number: 39.
• Phone: +3630/49-26-733

12. Data Processors

12.1. Use of Data Processors

The Service Provider may use data processors to handle personal data. Data processors must act according to the Service Provider’s instructions and adhere to data security requirements.

12.2. List of Data Processors

A list of data processors used by the Service Provider is available on the website or can be provided upon request.

13. International Data Transfer

13.1. Data Transfer Outside the EU/EEA

If the Service Provider transfers personal data outside the European Union/EEA, it ensures that the transfer complies with the GDPR and that adequate safeguards are in place.

13.2. Data Transfer Mechanisms

Data transfer mechanisms may include the application of the European Commission’s standard contractual clauses or other legal bases.

14. Processing Children’s Data

14.1. Protection of Children’s Data

The Service Provider places special emphasis on protecting children’s personal data. Our services are not intended for children under the age of 16, and we do not knowingly collect data from them.

14.2. Parental Consent

If the processing of personal data of children under the age of 16 is necessary, we will seek parental or guardian consent.

15. Automated Decision-Making and Profiling

15.1. Automated Decision-Making

The Service Provider does not use automated decision-making processes that have legal or similarly significant effects on users.

15.2. Profiling

The Service Provider may use profiling for marketing purposes and to improve the user experience, but this does not have legal effects on users.

16. Legal Remedies

16.1. Filing a Complaint

Users can file a complaint regarding data processing with the Service Provider at the following contact details: [Email Address], [Postal Address], [Phone Number].

16.2. Supervisory Authority

If users are not satisfied with the handling of their complaint, they have the right to file a complaint with the supervisory authority:

• Name: Hungarian National Authority for Data Protection and Freedom of Information (NAIH)
• Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
• Phone: +36 (1) 391-1400
• Email: ugyfelszolgalat@naih.hu

17. Miscellaneous Provisions

17.1. Modification of the Privacy Policy

The Service Provider reserves the right to modify the Privacy Policy. Changes will take effect upon publication on the website.

17.2. Jurisdiction

This Privacy Policy and data processing activities are governed by Hungarian law, and any disputes will be subject to the jurisdiction of Hungarian courts.

18. Withdrawal of Consent

18.1. How to Withdraw Consent

Users can withdraw their consent to data processing at any time if the processing is based on their consent. Withdrawal of consent does not affect the lawfulness of data processing before the withdrawal.

19. Third-Party Service Providers and Partners

19.1. Use of Third-Party Service Providers

The Service Provider may use third-party service providers for the provision of services and data processing. These providers must act according to the Service Provider’s instructions and comply with data protection regulations.

19.2. Partners and Advertisers

The Service Provider may collaborate with partners and advertisers to display personalized offers and advertisements to users. Such collaborations may involve data processing, conducted in compliance with applicable laws.

20. Data Protection Officer (DPO)

20.1. Appointment of a DPO

The Service Provider may appoint a Data Protection Officer (DPO) to assist with data protection matters and ensure compliance with data protection regulations.

20.2. DPO Contact Information

If a DPO is appointed, their contact information will be provided on the website or in this Privacy Policy.

21. Record of Data Processing Activities

21.1. Maintaining Records

The Service Provider maintains records of its data processing activities in accordance with the GDPR. The records include the purposes, legal basis, scope of data processed, recipients of data transfers, and data retention periods.

22. Correction and Updating of Data

22.1. Correcting Data

Users are required to notify the Service Provider of any changes to their personal data. The Service Provider takes all reasonable steps to ensure that processed data is accurate and up-to-date.

23. Privacy Audits

23.1. Internal Audits

The Service Provider conducts regular internal privacy audits to ensure compliance with data protection regulations and continuous improvement of data processing practices.

23.2. External Audits

The Service Provider may also conduct external privacy audits to confirm the adequacy of its data protection practices by independent experts.

24. Availability of the Privacy Policy

24.1. Publishing the Policy

This Privacy Policy is available on the Service Provider’s website. Users will be notified of any changes to the policy and its effective date.

25. Principles of Data Processing

25.1. Compliance with Laws

The Service Provider complies with all relevant data protection laws, particularly the GDPR.

25.2. Purpose Limitation

The Service Provider processes personal data only for specified, explicit, and legitimate purposes and does not further process it in a way incompatible with those purposes.

25.3. Data Minimization

The Service Provider processes only personal data that is adequate, relevant, and necessary for the purposes of data processing.

25.4. Accuracy

The Service Provider takes all reasonable steps to ensure that personal data it processes is accurate and up-to-date.

25.5. Storage Limitation

The Service Provider retains personal data only for as long as necessary for the purposes of processing and regularly reviews data retention periods.

25.6. Integrity and Confidentiality

The Service Provider ensures the appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

26. Handling Data Breaches

26.1. Reporting Breaches

The Service Provider reports any data breaches to the supervisory authority within the GDPR’s required timeframe if the breach is likely to result in a risk to the rights and freedoms of individuals.

26.2. Notifying Affected Individuals

If a data breach is likely to result in a high risk to the rights and freedoms of individuals, the Service Provider will notify affected individuals without undue delay.

26.3. Incident Record Keeping

The Service Provider maintains a record of data breaches, including their circumstances, effects, and the measures taken.

27. Exercising User Rights

27.1. Handling Requests

The Service Provider ensures that requests to exercise user rights are addressed without undue delay, and in any case within one month. This period may be extended by two months if necessary, considering the complexity and number of requests.

27.2. Submitting Requests

Users can submit requests to exercise their rights using the following contact details:

• Email: [Email Address]
• Postal Address: [Postal Address]
• Phone: [Phone Number]

28. Newsletters and Marketing Communication

28.1. Consent-Based Communication

The Service Provider sends newsletters and marketing materials only with the users’ prior, explicit consent.

28.2. Opting Out

Users can opt-out of receiving newsletters and marketing materials at any time by clicking the unsubscribe link in the emails or by contacting us at:

• Email: [Email Address]
• Postal Address: [Postal Address]

29. Data Processing on the Website and Mobile Apps

29.1. Website Use

Data processed during the use of the Service Provider’s website is governed by this Privacy Policy.

29.2. Mobile Apps

Data processed during the use of the Service Provider’s mobile apps is governed by this Privacy Policy, supplemented by app-specific privacy notices.

30. Processing Data in the Partner Program

30.1. Participation in the Partner Program

We process personal data of partners participating in our partner program to operate the program and pay commissions.

30.2. Sharing Data

Data collected as part of the partner program is shared with third parties only to the extent necessary to operate the program.

31. Data Retention Periods

31.1. Retention Principles

The Service Provider determines data retention periods based on the purposes of data processing. After the retention period expires, personal data is deleted or anonymized unless longer retention is required by law.

31.2. Specific Retention Periods

Specific retention periods are as follows:

• User account data: 5 years after account deletion.
• Service usage data: 8 years following the provision of services, in compliance with accounting regulations.
• Customer service communication: 2 years after the last communication.
• Marketing data: Until consent is withdrawn or the purpose is fulfilled.

32. Fulfilling Legal Obligations

32.1. Compliance with Laws

The Service Provider complies with applicable laws, particularly the GDPR and Hungarian data protection laws, as well as accounting and tax laws.

32.2. Providing Data to Authorities

The Service Provider is required to provide data to competent authorities in response to legal obligations, such as court orders or regulatory requests.

33. Customer Service and Complaint Handling

33.1. Customer Service Contact

Users can contact customer service using the following contact details:

• Email: support@bookinggood.org
• Phone: +3630/49-26-733
• Postal Address: Hungary Zip:6000 City: Kecskemét Street: Lóverseny Number: 39

33.2. Complaint Handling Process

The Service Provider investigates all complaints and strives to resolve them promptly and efficiently. Users are informed about the status and outcome of their complaints.

34. Data Protection Training and Awareness

34.1. Employee Training

The Service Provider provides regular data protection training to employees to ensure the proper handling and protection of personal data.

34.2. Raising Awareness

The Service Provider aims to raise data protection awareness at all levels of the organization to ensure all employees understand and comply with data protection requirements.

35. Detailed Cookie Management

35.1. Types of Cookies

The website uses different types of cookies, including:

• Session cookies: Temporary cookies that are deleted when the browser is closed.
• Persistent cookies: Cookies that remain on the user’s device for a specified period or until deleted by the user.
• Third-party cookies: Cookies placed by third-party service providers for analytical or advertising purposes.

35.2. Managing and Setting Cookies

Users can manage cookie preferences through browser settings and the website’s cookie management tool.

35.3. Purpose of Using Cookies

Cookies are used for various purposes, including:

• Ensuring website functionality
• Improving user experience
• Collecting analytical data
• Marketing and advertising

36. Third-Party Privacy Policies

36.1. Third-Party Service Providers’ Policies

Third-party service providers’ privacy policies are available on their respective websites. We recommend users familiarize themselves with these policies.

36.2. Third-Party Data Processing

The Service Provider is not responsible for third-party service providers’ data processing practices but strives to work with partners who comply with GDPR and other data protection regulations.

37. Privacy Audits

37.1. Internal Audits

The Service Provider conducts regular internal privacy audits to ensure compliance with data protection regulations and continuous improvement of data processing practices.

37.2. External Audits

The Service Provider may also conduct external privacy audits to confirm the adequacy of its data protection practices by independent experts.

38. Modifying the Privacy Policy

38.1. Right to Modify

The Service Provider reserves the right to modify the Privacy Policy. The modified policy will be published on the website, and users will be notified of the changes.

38.2. Effective Date of Modifications

The modified Privacy Policy takes effect on the date of publication unless otherwise specified.

39. Data Protection Impact Assessment (DPIA)

39.1. Purpose of DPIA

The purpose of a Data Protection Impact Assessment (DPIA) is to assess the risks of data processing activities and minimize them. DPIAs are conducted before engaging in any data processing activities likely to result in a high risk to the rights and freedoms of users.

39.2. DPIA Process

The DPIA process includes:

• Describing the data processing activity
• Identifying and assessing risks
• Implementing appropriate safeguards
• Documenting the DPIA

40. Processing Data of Business Partners

40.1. Processing Business Partners’ Data

The personal data of business partners is processed solely for maintaining and managing contractual relationships with them.

40.2. Transferring Data to Partners

Only essential data required for providing services is shared with business partners under contractual agreements.

41. Preventing Data Breaches

41.1. Preventive Measures

The Service Provider implements several preventive measures to avoid data breaches, including regular security audits, employee training on data protection, and continuous improvement of security systems.

42. Monitoring and Reporting

42.1. Monitoring Mechanisms

The Service Provider continuously monitors data processing activities and compliance with data protection regulations. Immediate actions are taken in case of any violations.

42.2. Reporting Obligations

Regular reports on data breaches and their handling are prepared for the management to ensure transparency and accountability.

43. Notification Procedures

43.1. Notification Methods

Users are informed about their data processing rights and changes to the Privacy Policy through notifications posted on the website, via email, or other electronic means.

43.2. Notification Timelines

Notifications are sent without undue delay, but within 30 days if there are significant changes to data processing practices.

44. Data Protection Officers

44.1. Appointing Data Protection Officers

The Service Provider may appoint data protection officers to oversee data processing activities and ensure compliance with data protection regulations.

44.2. Responsibilities of Data Protection Officers

Data protection officers are responsible for documenting data processing activities, handling data breaches, and ensuring users’ rights are upheld.

45. Handling User Feedback

45.1. Feedback Channels

The Service Provider offers multiple channels for users to submit feedback and complaints, including a feedback form on the website, email, and customer service hotline.

45.2. Processing Feedback

All feedback and complaints are thoroughly investigated and handled promptly and efficiently.

46. Special Data Processing Situations

46.1. Contracting Processes

Personal data processed during contracting processes is handled securely and retained only for as long as necessary to fulfill the contract.

46.2. Events and Promotions

Personal data collected during events and promotions organized by the Service Provider is used solely for conducting these activities and retained only for the necessary period.

47. Informing Data Subjects About Data Sources

47.1. Sources of Data

Data subjects have the right to be informed about the source of their personal data if it was not collected directly from them.

48. Transferring Data to Third Countries

48.1. Third Countries

Data is transferred to third countries (outside the EU/EEA) only if an adequate level of data protection is ensured and in compliance with GDPR requirements.

48.2. Data Processing Guarantees

Appropriate guarantees are applied during international data transfers, such as binding corporate rules, standard contractual clauses, or approval from the data protection authority in the destination country.

49. Processing Anonymized Data

49.1. Anonymization

Anonymized data is processed in a way that does not identify users. Such data is used for research, statistical, and other analytical purposes.

50. Miscellaneous Provisions

50.1. Interpretation Rules

This Privacy Policy shall be interpreted and applied in accordance with applicable laws.

50.2. Contact Information

For data protection inquiries, users can contact the Service Provider at:

• Email: contact@bookinggood.org
• Postal Address: Hungary Zip:6000 City: Kecskemét Street: Lóverseny Number: 39
• Phone: +3630/49-26-733

51. Updating Contact Information

51.1. Updating Contact Information

Users must notify the Service Provider of any changes to their contact information to ensure they can be reached regarding data protection matters.

52. Data Protection Officer (DPO) Contact Information

52.1. DPO Appointment and Responsibilities

The Service Provider may appoint a Data Protection Officer (DPO) responsible for ensuring compliance with data protection regulations and protecting users’ data rights.

52.2. DPO Contact Information

Users can contact the Data Protection Officer at:

• Email: support@bookinggood.org
• Phone: +3630/49-26-733
• Postal Address: Hungary Zip:6000 City: Kecskemét Street: Lóverseny Number: 39

53. Ensuring Data Accuracy

53.1. Correcting Data

The Service Provider ensures that users can request the correction of their personal data if it is inaccurate or incomplete.

53.2. Keeping Data Updated

The Service Provider regularly reviews the data it processes and takes all necessary measures to keep it up-to-date.

54. Processing Data of Minors

54.1. Protection of Minors’ Data

The Service Provider places special emphasis on protecting minors’ personal data and processes such data only with the consent of their legal guardian.

54.2. Obtaining Parental Consent

For processing minors’ data, the Service Provider always obtains consent from a parent or legal guardian.

55. Data Locking

55.1. Possibility of Data Locking

Users can request the locking of their personal data if they dispute its accuracy or lawfulness, or if the processing purpose has ended but legal obligations require retaining the data.

56. Processing Data Internationally

56.1. Transferring Data Outside the EU

When transferring personal data outside the EU, the Service Provider ensures that the receiving country provides an adequate level of data protection, in compliance with GDPR.

56.2. Data Processing Guarantees

Appropriate guarantees are applied during international data transfers, such as binding corporate rules, standard contractual clauses, or approval from the data protection authority in the destination country.

57. Monitoring the Privacy Policy

57.1. Reviewing the Policy

The Service Provider regularly reviews and updates the Privacy Policy to ensure compliance with legal changes and data processing practices.

57.2. Informing Users

Users are informed about any significant changes to the Privacy Policy and given the opportunity to provide feedback.

58. Increasing Data Protection Awareness

58.1. Awareness Campaigns

The Service Provider regularly launches campaigns to raise data protection awareness among users, helping them understand their rights and data processing practices.

58.2. Data Protection Guides

The Service Provider provides data protection guides and resources to users, explaining data processing practices and their rights in detail.

59. Principles of Data Processing

59.1. Legality, Fairness, and Transparency

All data processing activities are conducted lawfully, fairly, and transparently.

59.2. Purpose Limitation

Data is processed only for specified, explicit, and legitimate purposes.

59.3. Data Minimization

Only data necessary for the processing purposes is processed.

59.4. Accuracy

Data processed by the Service Provider is accurate and up-to-date, with reasonable steps taken to correct inaccuracies.

59.5. Storage Limitation

Data is retained only as long as necessary for the processing purposes, with regular reviews of retention periods.

59.6. Integrity and Confidentiality

The Service Provider ensures appropriate security of personal data, protecting it from unauthorized access, unlawful processing, accidental loss, destruction, or damage.

60. Legal Remedies

60.1. Filing a Complaint with the Supervisory Authority

Users have the right to file a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) if they believe their rights have been violated.

60.2. Legal Proceedings

Users can pursue legal action to enforce their data protection rights and seek compensation if their personal data has been unlawfully processed.

---

This policy is effective from the date of publication and remains in force until further notice. The Service Provider reserves the right to modify the policy. Changes will take effect upon publication on the website.