Privacy Policy

Data protection information

This Privacy Information contains information on the data management of the restaurant operated by Vintage Garden Ltd. to our guests.

Purpose of Privacy Information

This information (“Information”) of Vintage Garden Ltd. (hereinafter referred to as “Vintage Garden”) contains and informs our guests of our obligations and procedures for the protection and processing of personal data of natural persons.

We would like to inform you that our basic obligation is to ensure that persons who are employed with the company and provide us with the service to be provided with other legal relationships should be processed in accordance with the legal provisions of their activities, in particular the protection of natural persons and the free flow of such data, and Council (EU) 2016/679. no. (General Data Protection Regulation; GDPR “) and Act CXII of 2011 on Information Self -Determination and Freedom of Information (hereinafter referred to as “Infotv.”).

Accordingly, employees and persons carrying out the work, commissioning are required to act in accordance with the regulations established by our company and the other regulations referred to and the cited and other acting legislation in their activities that will necessarily be subject to personal data.

General Principles of Data Management

The aim of the legislation and our internal regulations is to ensure that the data processing of the company meets the applicable legal requirements, and that the company is subject to personal data only in the event of the relevant legal conditions, and that the persons concerned can be processed by the Company. Our basic obligation is to ensure that the rights of the persons concerned are not compromised when processing and processing personal data. Our Company, as a data controller, recognizes the requirements of the legislation and internal regulations itself, and takes into account during each process and activities of each data processing process. It undertakes that all data processing related to its activities meet the requirements set out in these Regulations and the national legislation in force and the European Union’s acts.

We will also be informed that your company’s data management employee and agent have a disciplinary, compensation, violation and criminal liability for the legitimate processing of personal data.

The data management information on the restaurant activity of Vintage Garden Kft.

Our company reserves the right to change the right at any time.

Our company manages personal data confidentially and will take any security, technical and organizational measures that guarantee the security of the data.

Vintage Garden Ltd. describes its data management practice below.

I. Laws Related to Data Management

Our company must act in accordance with the following legislation during the data processing:

Regulation of the European Parliament and of the Council (EU) 2016/679 April 27, 2016) on the protection of natural persons regarding the processing of personal data and the free flow of such data and the repeal of Regulation (EC) Regulation (GDPR)

Act CXII of 2011 on Information Self -Determination and Freedom of Information (hereinafter: Infotv.)

Act V of 2013 on the Civil Code (hereinafter referred to as the Civil Code)

Act I of 2012 on the Labor Code (hereinafter referred to as Mt.)

Act CXXXIII of 2005 on Personal and Property Protection and Private Investigation Rules. law

Internal Privacy and Incident Management Regulations.

II. Basic provisions of personal data processing:

Legality, fair procedure and transparency: The processing of personal data must be carried out legally and fairly and in a transparent way to the data subject

Purpose: Personal data should only be collected for a specific, clear and legitimate purpose, and do not handle them in an incompatible way with these goals; Further data processing for archiving of public interest, scientific and historical research or statistical purposes are not considered to be incompatible with the original purpose.

Data Save: The purpose of the processing of personal data should be appropriate and relevant and can only be required.

Accuracy: On personal data

They must be accurate and up to date. Inaccurate personal data must be deleted immediately.

Limited Storage: Personal data should be stored in such a way that you can only identify the stakeholders for time. Personal data can only be stored for a longer period of time if storage is made for archiving of public interest, scientific and historical research or statistical purposes.

Accountability: Personal data must be processed in such a way as to ensure appropriate technical or organizational measures to provide adequate security of personal data, including protection from unauthorized or unlawful processing, accidental loss, destruction or damage.

III. Concepts and definitions related to data protection, data management

In this briefing, concepts used and defined in accordance with GDPR provisions:

GDPR (General Data Protection Regulation) is a new European Union Data Protection Regulation

Data Controller: A natural or legal person, public authority, agency or any other body that defines the goals and tools of processing personal data independently or with others; If the objectives and assets of the data processing are determined by EU or Member States ‘law, the special aspects of the designation of the Data Controller or the Data Controller may be determined by the EU or the Member States’ law.

Data Management: A sum of any operation or operations performed in personal data or data files in an automated or non -automated manner, such as collecting, recording, systematization, articulation, storage, conversion or alteration, query, access, use, communication, transmission, distribution or other way, alignment or connection,

Data processor: the natural or legal person, public authority, agency or any other body that manages personal data on behalf of the Data Controller.

Data Processing: Activity that includes the operation of personal data. This includes the acquisition, use, view, access, recording or storage, listing, articulation, or any other operation or group of operations, including systematization, modification, draw, use, disclosure, deletion or destruction of the data. Data processing also includes the transfer of personal data to third parties.

Personal data: any information relevant to identified or identified as a natural person (concerned); A natural person who, in a direct or indirect way, can be identified in particular by one or more factors related to the physical, physiological, genetic, intellectual, economic, cultural or social identity of a natural person.

Special Personal Data: Within the category of personal data, GDPR also defines a subcategory, namely the category of special personal data, which requires a higher level of protection than general personal data according to GDPR. GDPR defines stricter conditions for data processing related to special personal data.

Personal data of the child: Any information or information about the child under the age of 16. It is possible to identify a child under the age of 16 who, in a direct or indirect way – especially an identifier, e.g. Name, number, location data, online identifier, or one or more factors related to the physical, physiological, genetic, economic, cultural or social identity of the natural person.

Third Party: A natural or legal person, public authority, agency or any other body that is not the same as the Data Controller, the Data Processor or the persons who have been authorized to handle personal data under the direct control of the controller or data processor.

Stakeholder: A natural person identified or identified on any personal data.

Contribution to the data subject: a voluntary, concrete and appropriate expression of the will of the data subject, by which the person concerned, by unequivocally expressing the confirmation, indicates its consent to the processing of personal data affecting it.

Restriction of data management: indicating the personal data stored to restrict their future management.

Pseudonym: Managing Personal Data in a way that will no longer be possible to determine which personal data applies to a specific natural person without the use of further information

It is stored and taken by taking technical and organizational measures that this personal data cannot be connected to identified or identifiable natural persons.

Professional creation: Any form of automated processing of personal data in which personal data is used to analyze or predict characteristics related to certain personal characteristics, in particular workplace performance, economic situation, health, personal preferences, interest, reliability, behavior, or motion.

Data transfer: If the data is made available to a specific third party.

Registration System: Personal data is in any way, centralized, decentralized or functional or geographically, which is available on the basis of specific criteria.

Privacy Incident: An injury to security that results in a accidental or unlawful destruction, loss, alteration, unauthorized communication or unauthorized access to them.

ARC. Liability and powers

The Managing Director of our Company is responsible for issuing this information and keeping up -to -date.

We would like to inform you that our company does not work with a data protection officer, and our company is not required to be a legal obligation to establish such a position.

V. Possible legal basis for data processing

The Company’s data can be processed on the following legislation:

Contribution to the data subject: The data subject may provide a voluntary, concrete, explicit, information -based, and clear consent to a declaration or, through an unmistakable act of confirmation, to handle his or her personal data for one or more specific purposes.

If the data management is based on a consent, the Data Controller must be able to prove that he has contributed to the processing of the personal data of the data subject.

If the data subject’s consent is given in a written statement that applies to other matters at the same time, the application for contribution shall be made clearly distinguished from these other matters, in a clear and easily accessible form, with a clear and simple language. The contribution of the data subject must be well distinguishable for each case.

Any part of the contribution statement that is in contrast to GDPR provisions is invalid. The data subject is entitled to withdraw their consent at any time. The withdrawal of the contribution does not affect the legality of the consent -based data processing before the withdrawal. The data subject shall be informed before the consent is given. The withdrawal of the contribution should be made in the same simple way as it is given.

Completion of the contract: The data processing contract may be made on the basis of a legal basis if the data processing is required for the performance of a contract in which the data subject is required to take the steps at the request of the data subject prior to the conclusion of the contract.

Completion of a legal obligation: Data processing may be fulfilled on the basis of a legal obligation if the data processing is necessary to fulfill the legal obligation for the controller. The legal obligation of the EU or Member States shall be understood as legal obligations.

Legitimate interest: Data management is necessary for the assertion of the legitimate interests of the controller or a third party, unless the interests of the data subject take priority to the interests of the data subject, which require the protection of personal data, especially if the child concerned.

Before determining the data processing of legitimate interest, the so -called. A weighing test, which first identifies the legitimate interest of the Data Controller or third party, the data of the weighting, and the fundamental right of the data subject, and finally, on the basis of weighting, determine whether personal data can be processed.

Personal data may be processed on the basis of a legitimate interest, and thus, on the basis of a weighing of interest, without the specific consent of the data subject and, inter alia, the following conditions are withdrawn: Data processing shall take place on the basis of the legal authorization of the Data Controller; or the data management will be made to enforce the legitimate interest of the Data Controller or third party, provided that it has been established that this interest is enforced for the protection of personal data.

It is a vital interest: Data management takes place in protecting the life of the data subject or the vital interests of another natural person. With reference to the vital interests of other natural persons, personal data management can only take place if the data processing in question cannot be carried out on any other legal basis. (Vital

It can be done with reference to eg. Data management is in the case of humanitarian disasters, including the case in which it is required to monitor epidemics and their spread.)

Public interest management: Data processing can be done on a legal basis of public interest if data processing is necessary to carry out a task of a public interest or a public authority license.

VI. Data management

Our company records only personal data that the data subject voluntarily provides. By providing the personal data of the data subject, it contributes to the data controller’s database in accordance with these Rules.

Our company carries out the following data management:

  1. Fixing table seizures:

In the case of our online desktop seizure system (opentable.co.uk) or in person, our Company manages the following personal information of the affected persons to identify and recording table reservation:

the name of the stakeholder;

the e-mail address concerned;

the telephone number of the data subject;

other personal data provided by the data subject in the “note” box or other way;

Operator of the online table reservation system,

Company name: PG INFO KFT.

Company Full Name: PG Info Service Provider and Commercial Limited Liability Company

Address: 9141 Ikrény, Sport u. 22.

Representative: Szabolcs Póta

Email: suupport@tétékkraszras.com

Website: https://tétékkraszras.com/

Company registration number: 08-09-011910

EU Tax number: HU13208734208

The legal basis of the data management: a) to the personal data set out in paragraph (c) under Article 6 (1) (b) of the GDPR; While in respect of the personal data set out in point (d), the express consent of the data subject pursuant to Article 9 (2) (a) of the GDPR.

The data is required to conclude a contract between our company and you.

The data management for the table reservation is to complete the booking agreement according to the GTC, but lasts at the latest for 90 days after the day affected by the reservation.

2.

If you use the restaurant service, you will issue an invoice on request, with data content:

Legal basis for data management: Our Company manages personal data for the purpose of fulfilling legal obligations under Article 6 (1) (c) of GDPR.

Data management related to the use of the companies of the business association shall take place until the contract between the data subject and the business association shall be concluded until the legal obligations of the business association shall be fulfilled.

The invoice will be forwarded directly to the NAV and to the service provider providing the accounting.

The invoices will be issued using the Samlazz.hu online invoicer supervised by KBoss.hu Ltd. and the Fruitsys program supervised by Fruitsys Zrt.

The data is required to conclude a contract between our company and you.

In our restaurant, we provide a Hellopay or Worldline terminal for cash -free (credit card, mobile, etc.) payment, which do not handle or store personal data.

  1. General contact, event interest

You can contact your restaurant in person or by email, phone or on the form on the website with your request, question and comment.

In connection with data management, our Company manages the following data of the data subject:

Legal basis for data management:

GDPR Article 6 (1). (a) paragraph (contribution);

GDPR Article 6 (1). (b) (data management is required for the performance of a contract in which the data subject is one or both parties);

GDPR Article 6 (1). (f) (the legitimate interest of the controller or third party).

The messages and the personal information thus obtained thus received after answering a given request, question or complaint, max. It will be deleted after one year, except for contact information processed on the company’s websites (www.vintagegarden.hu and Tortakisallitas.hu), which is 2 years retention. However, if, due to the nature of the correspondence, it is necessary for tax or accounting reasons, or possibly the protection of the Company’s or the Requesting Rights and Interests, it will be archived and stored, and, in the case of all cases, necessary.

  1. Complaint management

In connection with data management, our Company manages the following data of the data subject:

-Name, telephone number, address, e-mail address of the data subject.

Possible complaints about the service may be reported by the complaint with the registration in the “Complaint Book” (Book of Customers) or in writing, in other ways.

By making the complaint, the contribution is presumed to handle the data.

If the complainant does not provide or withdraws the contribution to the data process

We cannot communicate or take the necessary measures to investigate or, sometimes to remedy the complaints.

The complaints will be retained for 1 year after the investigation of the complaint, with the fact that if the complaint is subject to an official or court proceedings, the data will be retained until the final completion of these procedures.

The data is not required to enter into a contract between our company and you.

  1. Applying Video Camers with Closed Chain

We would like to inform you that all the restaurants operated by our company have closed -chain cameras. The legal basis for the operation of cameras is Article 6 (1) (f) of the GDPR, according to which the data management of the cameras is to be used to assert the interests of our company.

Our company will find a briefing for the use of a closed -chain camera at the restaurant, the business manager.

The data is not required to enter into a contract between our company and you.

VII. Data transmission, data processing, scope of details

Data processor for accounting, accounting tasks:

Ajustado Kft.

Headquarters: 1142 Budapest, Dévényi út 1.

Phone number: +36 70 214 8562

Development and operation of the website (samlazz.hu) to provide the electronic billing interface:

Name of the data processor: kboss.hu Kft.

Data processor seat: 1031 Budapest, Záhony utca 7.

E-mail address: info@szamlazz.hu

Development and operation of the Fruitsys Catering Software, which provides billing:

Data processor name: Fruitsys Zrt.

Data processor seat: 2072 Zsámbék, Bartók Béla utca 8.

Phone number: +36 20 333 3535

E-mail address: support@fruitsys.hu

Otherwise, the data on the invoice will also be sent to the National Tax and Customs Administration through direct IT contact, as well as the fulfillment of a legal obligation.

Website Maintenance Contractor:

FMarketing Kft.

Address: 4032 Debrecen Lóverseny utca 14/B

Tax number: 25764781-2-09

Phone number: +36 30 4548164

Storage provider:

Rackforest Zrt. (1132 Budapest, Victor Hugo utca 11. 5. B05001.

VIII. Rights related to data management:

Right to access and information

At the request of the data subject, the Data Controller shall provide information on whether the processing of his / her data is under way. If so, the Data Controller shall inform the data subject about the categories of data processed, the purpose of the data processing, the recipients of the data processing, or the category of recipients, the duration of the data, or the determination of the duration, the exercise of the rights, The fact of automated decision -making, including profiling. In the case of transmission of data outside the European Union and the European Economic Area, the data subject will also be informed of the appropriate guarantees provided for the transfer of data.

Rectification

The data subject is entitled to request the data controller to rectify his data in case of inaccuracy.

If the personal data processed by the Data Controller is required, the data subject may request in writing (by mail or via email) to correct the data by indicating the correct data.

The data subject shall notify the Data Controller in writing (by mail or via email) immediately, but not later than 5 days after the change. The Data Controller shall be liable for the loss of damage to the failure or late performance of this notice.

Right to cancel

At the request of the Data Controller, the data subject shall delete the personal data relating to it without undue delay, and the Data Controller shall delete the personal data of the data subject in the cases specified in the GDPR (Article 17) without undue delay.

If the Data Controller has disclosed personal data, that is, transmitted to third parties, the Data Controller shall take the reasonable steps to inform the data controllers who have been transferred to the personal data or

The right to the restriction of data management

The data subject is entitled to make the data controller restrict the data processing if requested

The data subject disputes the accuracy of the personal data;

Data management is unlawful;

Data controllers no longer need personal data for data management but the data subject requires Azo

KAT for the submission, enforcement or protection of legal claims;

The data subject protested against data management.

Media

The data subject is entitled to obtain the personal data provided by the Data Controller in a widely used machine -readable format, and is entitled to transfer this data to another Data Controller without hindering it by the Data Controller if:: If:

Data management is based on contribution; and

Data management is automated in an automated manner.

Protest

The data subject may protest against the processing of his or her personal data for direct business. In this case, personal data may no longer be processed for this purpose.

The data subject is entitled to contact the data controllers regarding the exercise of the rights listed above.

Contact details of the Data Controller:

Name: Vintage Garden Kft.

Headquarters: 1074 Budapest, Dob utca 21.

Company registration number: 01-09-170138

Name of the Registry Court: Metropolitan Court Court of Court

Tax number: 24289360-2-42

Phone number:

Vintage Garden: +36 30 790 6619

E-mail: info@labocca.hu

The possibility of enforcement of data management

National Data Protection and Freedom of Information Authority

Postal address: 1363 Budapest, Pf.: 9.

Address: 1055 Budapest, Falk Miksa utca 9-11.

Phone: +36 (1) 391-1400

Fax: +36 (1) 391-1410

E-mail: ursfelgalat@naih.hu

In the event of a violation of his or her rights, the data subject may go to court against the Data Controller. The court acts in the case. The lawsuit may, at his choice, be initiated before the tribunal responsible for his place of residence or residence.

IX. Data security

The data should be protected by appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and injury, and becoming inaccessible from the change in the technique used.

In order to protect electronically -managed data files in the records, it must be ensured by a suitable technical solution so that the data stored in the records cannot be directly connected and can be assigned to the data subject.

When planning and applying data security, you should take into account the technology at all times. From several possible data management solutions, which ensures a higher level of personal data, unless it is a disproportionate difficulty to the data controller.

X. cookies (cookies)

General Introduction to Cookies and Privacy Requirements

Cookies (cookies) are small data files placed by websites on the user’s device to improve the browsing experience. These allow websites to remember the user’s settings, track the user’s website usage habits, and sometimes provide targeted ads. The European Union General Data Protection Regulation (GDPR) sets strict requirements for the use of cookies. Data controllers (website operators) must inform users of the types and goals of cookies, and users have the right to accept or reject certain cookies.

About the measurements

Our website does not handle or store any personal information that the visitor does not provide independently. Information on visits and interactions is collected and stored exclusively by Webanalitic and Advertising Services (Google, Meta) for statistical purposes. From this data, we do not get personal information and do not connect visiting and interaction data with personal data in any way.

Grouping and explaining cookies

  1. Advertising cookies
  1. Analytical and performance cookies
  1. Functional cookies
  1. Setup and preference cookies

-cmplz_banner-status, cmplz_consent_mode, cmplz_consented_services, cmplz_functional, cmplz_marketing, cmplz_policy_id, cmplz_preferences, cmplz_statistics (vintagegarden.hu): these cookies generated by complianz Your settings are treated, ensuring that the website meets the GDPR requirements.

Customize cookies

Our website is sü

You can accept, reject or customize cookies in your reception window. During customization, you can select which cookies you contribute to, so you can accurately control what type of data you can handle. This ensures that you are fully controlled by your website while using our website, compliant with the European Union’s Data Protection Regulations (GDPR).

XI. Conclusion

This Prospectus enters into force on May 25, 2018, updated 2025.02.01