Privacy Policy

Last update: 14-09-2017

Hill & Garden Kft. (2093 Budajenő, Vadvirág utca 5, Hungary), (henceforth Provider), as the operator of (henceforth Web Page), in accordance with relevant laws, hereby publishes its data protection and data management principles.

The Provider performs data management only through the voluntary prior written consent of the parties involved.

In visiting the Web Page, visitors can search freely without providing personal information. Data generated by anonymous online visits will be used by the Provider for statistical purposes only, to optimize its appearance, or increase the security of the system. This recorded data does not contain personal information of any kind.

In order to collect profile data and status data (for example: IP address, browser type, date and time of visit) the Provider uses so-called cookies. This data – at the user’s option – can be deleted from the hard-drive afterwards, or its use can be disabled by the user in the browser.

Access to the Web Page as a user is possible after electronic registration, which requires providing the personal information requested on the registration page (for example, name, email address, etc.). In the course of using the Website, additional personal information may be required in order to use certain services for registered users (e.g. booking) to make it possible to provide the service and for security reasons. The Provider shall use the personal data provided by users until such data processing rights are revoked, depending on the level of agreement by the users, for the purposes below, and will treat and use such data only to the extent necessary to achieve these purposes:

  • To develop services provided by the Provider, to perform an analysis necessary for better meeting the widest possible range of visitors’ needs, and improve the operation of the Provider; providing other important information affecting bookings, keeping contact with customers;
  • Sending direct marketing (e-mail or other online channels) related to the Service Provider’s activities, programs, and the service it provides, in the course of which the Service Provider also allows for the participation of its strategic partners;
  • Arranging sweepstakes and occasional promotions, as well as maintaining the associated contact, providing information, transferring prizes and allowing discounts to be used;
  • Creating a database to track participation in the Provider’s loyalty program, and the use of benefits offered therein, providing the service associated with these, maintaining contact, and providing information.

Other than treating data based on the consent of the user, the Provider will only treat or transfer data where required by law. The Provider shall not transfer personal information the user has provided to any third party, except with the prior written consent of the user. By signing up, the user agrees that prior to the beginning of the programme, the Provider will send the user’s name to the host of the programme.

During the Provider’s events, the programme’s host, the participants in the programme, or third parties acting as agents of the provider, may take photographs. Participants in the programme may appear in these photos. stores these photographs separately from user data, and not connected with it:

  • in the given programme’s photo gallery
  • on social media pages

By signing up for the programme, the users agree to the storage and usage conditions of these photos. The user may request the deletion of the public photos on which the user appears at any time without justification. At the user’s the request, the Provider must delete these photos from the web page and from social media pages without delay, but at the latest within 30 days of the request.

Once the programs are finished, registered users can voluntarily comment on the events, and these comments appear on the given event’s page, which can be viewed by visitors browsing the web page.

The Provider will only supplement the personal information or other data provided by visitors, or associate it with other data sources, with the prior written consent of the users.

The Provider shall apply the highest-level technical protections that can be expected in the course of handling personal data and in order to prevent any possible unauthorized access to it. Its operations meet the highest European Union and international data protection regulations, standards, and contractual obligations to maintain business confidentiality and know-how.

At the user’s request, without delay but at the latest within 30 days after receipt of the request, the Provider shall inform the user about the personal data which it treats, the purpose of handling the personal data, its legal basis, as well as the persons handling the data, and the duration of the data handling.

At the User’s request, without delay but no later than 30 days from receipt of the relevant request, the Provider shall take steps for the correction of personal data, its modification, or deletion. The user can at any time and without justification request the substitution, modification, deletion of their data or a part of their data, or revoke the consent to data handling previously given.

If the user considers the Provider to be treating their data without authorization, the user can object to the handling of their personal data. Provider shall simultaneously suspend handling of the data, investigate the objection without delay but at the latest within 30 days, and inform the user in writing about the results of its investigation.

The Provider accepts questions, comments, and suggestions regarding its data handling, at the e-mail address.