DATA MANAGEMENT AND PRIVACY POLICY
AGB Produkciós Iroda Kft., the operator of SUP Bázis – Lake Tisza (hereinafter referred to as the Data Controller), issues this notice regarding the personal data processing activities affecting the users of the www.supbazis.hu website (hereinafter referred to as the Website), in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation – GDPR), for the purpose of providing prior information to data subjects and facilitating the exercise of their rights.
The data controller operating the www.supbazis.hu website (hereinafter referred to as the Website):
Company name: AGB Produkciós Iroda Kft.
Registered office: 3388 Poroszló, Napsugár út 16., Hungary
Company registration number: 10 09 040969
Registering Court: Eger Regional Court
Tax number: 14519202-2-10
Phone number: +36 30 420 5199
Email address: supbazis@gmail.com
Website: www.supbazis.hu
Represented by: Ildikó Kocsis, Managing Director (hereinafter referred to as the Data Controller)
The Data Controller processes personal data lawfully, fairly and in a transparent manner for the data subjects. Data processing is carried out in all cases for specified, explicit and legitimate purposes only, and exclusively to the extent necessary to achieve those purposes. The Data Controller strives to ensure that the processed personal data is accurate and up to date, stores it only for the period necessary, and applies appropriate technical and organisational measures to ensure the confidentiality, integrity and full enforcement of data subject rights.
On the Website, personal data is processed on the basis of the performance of a contract or the steps necessary prior to entering into a contract, as well as on the basis of the data subject’s voluntary consent.
During contact initiated via the Website, by email or by phone, and during booking-related communication, the Data Controller processes the personal data provided by the data subject for the purposes of responding, providing offers, coordinating bookings, and performing the contract.
On the Website, data subjects may voluntarily subscribe to the newsletter by providing their email address.
Consent may be withdrawn at any time, without justification, by using the unsubscribe link included in the newsletter.
Personal data is transferred exclusively to data processors engaged by the Data Controller.
Data may be transferred to third parties only on the basis of a legal obligation.
In the case of certain service providers (e.g. Google, Meta, Automattic/MailPoet), personal data may be transferred outside the European Union. Such transfers are carried out in accordance with Chapter V of the GDPR, using appropriate safeguards, in particular the standard contractual clauses (SCCs) adopted by the European Commission.
The Website uses cookies to ensure proper operation, perform statistical measurements and for marketing purposes.
Cookie settings can be managed via the cookie management interface displayed on the Website.
Detailed rules regarding cookies are set out in a separate Cookie Policy.
During the technical operation of the Website, the hosting provider may process technical log data (e.g. IP address, access time) for the purpose of maintaining system security.
The processing of log data is based on the legitimate interest of the Data Controller (Article 6(1)(f) GDPR), and the retention period is a maximum of 30 days, unless a longer retention period is justified by the investigation of a security incident.
AURUM PROTECTOR Kft. – hosting services and website operation
Cég-Center Country Kft. – accounting
KBOSS.hu Kft. – invoicing
Automattic A8C Ireland Ltd. (MailPoet) – newsletter distribution
Google Ireland Limited – statistical and analytical services
Facebook Ireland Limited (Meta) – marketing services
The Data Controller protects personal data with appropriate technical and organisational measures, ensuring the confidentiality, integrity and availability of the data.
Copyrights:
All content available on the Website – in particular texts, images, graphic elements, logos, animations and videos – is the exclusive property of AGB Produkciós Iroda Kft. and is protected by copyright law.
Any use, copying, reproduction, distribution or publication of the Website’s content is permitted only with the prior written consent of the Data Controller.
Violation of copyright may result in legal consequences.
1.1 Right of Access and Information
The data subject has the right to obtain confirmation from the Data Controller as to whether or not personal data concerning them is being processed, and if so, to request information in particular about the purpose and legal basis of processing, the scope of processed data, the duration of data processing, and the identity of data processors.
1.2 Right to Rectification
The data subject has the right to request the rectification of inaccurate personal data relating to them without undue delay, and the completion of incomplete personal data.
1.3 Right to Erasure (“Right to be Forgotten”)
The data subject has the right to request the erasure of their personal data where
– the purpose of data processing has ceased,
– the data subject withdraws consent and there is no other legal basis for processing,
– the data processing is unlawful, or
– erasure is required by law.
Erasure shall not apply where processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims.
1.4 Right to Restriction of Processing
The data subject may request the restriction of processing if they contest the accuracy of the data, if the processing is unlawful, or if the purpose of processing has ceased but the data is required for the establishment or defence of legal claims.
1.5 Right to Data Portability
The data subject has the right to receive personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used and machine-readable format, or to request the transmission of those data to another data controller, where the processing is based on consent or on a contract and is carried out by automated means.
1.6 Right to Object
The data subject has the right to object to the processing of their personal data based on legitimate interest. In the event of an objection, data processing shall be terminated unless the Data Controller demonstrates compelling legitimate grounds for the processing.
Requests relating to the exercise of the above rights may be submitted using the following contact details:
The Data Controller shall respond to requests without undue delay and no later than one month from receipt. Where necessary, this period may be extended by a further two months.
The data subject has the right to lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH)
(1125 Budapest, Szilágyi Erzsébet fasor 22/c., www.naih.hu),
and also has the right to bring proceedings before the competent court according to their place of residence or habitual residence.
Poroszló, 2. November, 2025.
