Check-in / Check-out policy
Check-in is possible between 2:00 PM and 6:00 PM.
Payment Policy
No defined policy
Pet policy
Pets are not allowed.
General policy
Purposes of Data Processing and Categories of Personal Data
1. Processing of Data Provided by the Data Subject
Purpose of processing:
Room reservation.
The data processing ensures that room reservations made via the Website are recorded, the accommodation services are prepared, and, if necessary, we can contact the guest initiating the reservation.
Legal basis for processing:
Article 6(1)(b) of the GDPR, as the data is processed for the purpose of preparing the contract for accommodation services resulting from the reservation.
Scope of collected and processed personal data:
Name of the person booking the room
Address
Telephone number
Email address
Billing details
Duration of data processing:
Data is retained for 5 years after the fulfillment of the contract based on the reservation, in accordance with the general limitation period for civil claims.
If the contract is not concluded (e.g. the person does not check in), the data will be deleted 6 months after the reservation date.
Access to data and data transfers:
Only our staff responsible for handling reservations have access to the personal data. For data processing, we use the following Data Processor:
thePass Kft. (Address: 1075 Budapest, Madách Imre út 13-14.), which develops and operates our reservation system.
Newsletter Subscription Data Processing
Purpose of processing:
To send useful information and promotional offers via newsletter to subscribers through the Website. Subscribing to the newsletter is not a prerequisite for using any other service.
Legal basis for processing:
Article 6(1)(a) of the GDPR and Sections 6(1) and 6(2) of the Hungarian Act on Electronic Communications (Grt.), based on the data subject's consent. Consent is given by clicking the confirmation link sent to the provided email address.
Scope of collected and processed personal data:
Name
Email address
Date of birth
Duration of data processing:
Data is retained until the data subject withdraws their consent, after which it is deleted from our database.
Access to data and data transfers:
Only our marketing team members have access to the personal data.
We use the services of Wix.com LTD (Address: 40 Namal Tel Aviv, 6350671 Israel) as our Data Processor for sending newsletters.
2. Responding to Messages Received via Contact Options
Purpose of processing:
To identify the sender and respond to messages received through contact forms or other means.
Legal basis for processing:
The data subject’s consent [Article 6(1)(a) of the GDPR].
Scope of personal data:
All personal data voluntarily provided by the sender via the contact form.
Duration of data processing:
Data is processed until the sender withdraws their consent.
Access to data:
Only the authorized employees of the Data Controller can access personal data. This typically includes staff operating the website and, depending on the content of the message, employees from sales, marketing, finance, or accounting.
2. Processing of Data Automatically Collected Through the Website
Cookies
The Website uses so-called "cookies" to collect information about its visitors, as outlined below.
(Cookies are small text files that contain letters and numbers. They serve as a tool for data exchange between the web server and your browser. These files do not contain spyware or viruses and cannot access data stored on your computer, such as the contents of your hard drive.)
Cookies serve various purposes — for example, session-support cookies identify user sessions, and others make using the website more convenient. Their main goal is to record browser settings and user habits to facilitate navigation and enhance the website experience.
Some browsers allow you to configure or disable cookies. However, because cookies help the website function correctly and conveniently, disabling them may affect your ability to use all features, and the Website might not operate as intended. (For more detailed instructions, refer to your browser's support page.)
If you use an ad blocker, the cookie consent banner may not display correctly. In such cases, we recommend disabling your ad blocker to properly manage cookie settings.
In addition, the Website uses widely adopted third-party cookies, including:
Google Analytics – Link
Google Remarketing – Link
Facebook Pixel – Link
Google Conversion Tracking – Link
Purpose of processing: Identifying users of the Website and tracking visitors.
Legal basis: The user’s consent [GDPR Article 6(1)(a)], provided by clicking the cookie consent button on the Website.
Duration of processing: Until the end of the user’s session, but no more than 30 days.
Access to data: Only authorized staff of the Data Controller and website operators have access.
Server Logging
Like most websites, upon accessing this Website, certain internet-related activity information is automatically recorded via so-called "server log files." These include:
IP address
Date and time of the website visit
Duration of visit
Pages viewed
Referring website/server
Browser type (e.g., Internet Explorer)
Operating system (e.g., Windows 7)
Internet service provider domain and address (e.g., Tin.it)
If cookies are used (see above), the server may also log data related to them.
The purpose of server logs is to analyze traffic and optimize the service, enabling regular monitoring of website performance and visit frequency. In case of misuse, the information may be used in cooperation with the internet service provider and/or local authorities to trace the source of the issue.
Use of IP Addresses
Our website monitors IP addresses, which are unique identifiers assigned by the user’s internet service provider. Individuals may be indirectly identified through devices, software, or protocols that reveal online identifiers like cookies, IP addresses, or radio-frequency tags. These identifiers can be combined with other server data to create user profiles and potentially identify specific users. In cases of abuse, the IP address, usage location, and time may be used to attempt to identify the visitor.
Data Security Measures
We have implemented appropriate technical and organizational measures to protect personal data in compliance with the GDPR and the Hungarian Info Act (Act CXII of 2011 on Informational Self-Determination and Freedom of Information).
Measures include protection against:
Unauthorized access or disclosure
Unauthorized alteration
Deletion or accidental/unauthorized destruction
Damage or loss
Personal data is stored on servers physically located in Hungary, protected with 24/7 on-site security.
Data Processors
The following data processors are used in connection with data collected via the Website:
Hosting & Web Development
Name: RACKFOREST Kft.
Address: 1132 Budapest, Victor Hugo u. 18-22.
System Administration
Name: InfoComplex Kft.
Address: 7632 Pécs, Béke u. 1.
Website System
Name: Wix.com LTD
Address: 40 Namal Tel Aviv, 6350671 Israel
Personal data collected via the Website is not transferred to third countries as defined under the GDPR.
Rights of Data Subjects
According to the GDPR, you have the following rights concerning your personal data:
Request information about and access to your personal data
Request correction or deletion of your data (unless legal or legitimate interests require retention)
Object to the data processing (note: this may affect the availability of certain services)
Request restriction of data processing, especially if you have a complaint
Request a copy of your personal data and have the right to transfer it to another controller
We will respond in writing to such requests within one month, unless the GDPR provides otherwise.
Legal Remedies
If you have any complaints regarding data processing, we recommend contacting us first, in order to reach a peaceful and quick resolution. You can reach us at:
Email: orfutours@mevid.hu
Phone: +36 30 070 21 77 / +36 30 95 91 590
If you prefer to submit your data protection complaint to the competent authority, you may do so by contacting the Hungarian National Authority for Data Protection and Freedom of Information (“Authority”) at:
Mailing address: 1363 Budapest, Pf. 9
Office address: 1055 Budapest, Falk Miksa utca 9-11
Email: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu
Alternatively, you may also turn to the competent court in case your rights have been violated.
Other Provisions
LIMITATION AND EXCLUSION OF LIABILITY
Visitors acknowledge that the use of the Website for any purpose is done at their own risk. Any use of the information available through or downloaded from the Website is voluntary and entirely at the user’s discretion and responsibility.
Our company and the Website’s developers/operators bear no liability for any errors, disadvantages, or damages related to the use or visit of the Website.
We assume no responsibility for direct or indirect damages, losses, or costs that may arise from the improper operation or malfunction of the Website. This includes issues with the Website content, or with the data and other information available through the site. We especially disclaim any liability regarding the accuracy, timeliness, completeness, validity, suitability for a particular purpose, reliability, or credibility of the information provided.
Our company is not responsible for any damage caused by unauthorized access, destruction, alteration, or disclosure of non-personal data, or for any issues that arise in connection with such unauthorized acts — only the person committing the act can be held responsible.
We reserve the right to modify the content of the Website at any time, using any method, including suspending or terminating individual or all services.
The Website may contain links to other websites. While we monitor these links regularly, we take no responsibility for their content or for any damage resulting from their use. The data protection and security practices of these linked sites may differ; we recommend reviewing those separately via the administrators of the respective sites.
All information on the Website is for general informational purposes only and under no circumstances should be considered legal, medical, or professional advice. No part of the Website's content constitutes a recommendation or should be relied upon to make decisions or take actions, particularly regarding health issues — for which professional medical consultation is always advised.
As the Data Controller, we accept no responsibility for content that has been deleted from the Website but may still appear in search engine caches or archives. Requests for removal must be directed to the search engine operator.
All content on this Website is the exclusive property of our company. Unauthorized use of any part of the Website is a violation of copyright law and will result in legal consequences.
Minors
This Website is not intended for minors and is not designed for them to view. We do not knowingly collect data that could directly or unmistakably identify a minor. Therefore, we do not process personal data of minors.
Modifications to the Privacy Policy
We may update this Privacy Policy from time to time. All changes will be published and made available to visitors of the Website.
Cancellation Policy
No defined policy
