0

SHOP_CART2

SHOP_TOTAL
SHOP_GO_TO_PAYMENT
SHOP_VOUCHERS

Privacy & Data Protection

From time to time, Customers may need to provide personal data to ATICSA Kft. to be able to access and use certain services at www.havanatropicana.com.

This Privacy Policy (the “Policy”) sets out the principles, purposes and other facts that determine the purposes for which, for how long and how personal data may be processed, and the means of enforcement of rights and redress available to our Customers in relation to the processing of personal data.

Definitions:

  • Data Processing: any operation on personal data related to processing operations carried out on behalf of the Controller, irrespective of the method and means used to carry out the processing operation and the place of application, provided that the operation is carried out on the data. Accordingly, processor refers to the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • Processing: Any and all operations performed on data irrespective of the procedure used including, in particular, the collection, recording, reconciliation, storage, alteration, use, querying, transmission, disclosure, coordination or interconnection, blocking, erasure or destruction of data or preventing its further use.
  • Controller: the data provided by the Customer are processed by ATICSA Kereskedelmi, Kulturális és Szolgáltató Korlátolt Felelősségű Társaság (hereinafter referred to as “ATICSA Kft”), is entitled to take and implement any decisions related to the personal data of Customers.

 

      Details of the Controller:

  • Registered office and mailing address: 6045 Ladánybene, Fő utca 38.
  • Company registration number: 03-09-137340 (registered at the Court of Registration of the Kecskeméti Regional Court)
  • Tax number: 32265349-2-03
  • E-mail address: cubapartner@gmail.com
  • Service: services that Customers may use via the Website, in particular: webshop
  • Customer: any natural person who uses the services of ATICSA and whose personal data are processed by the Controller.
  • Personal Data: Any information relating to a Customer by which the Customer is identified or identifiable. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. The Controller collects personal data relating to the Customer separately by each processing purpose specified in this Policy.
  • Computer: any computing device, mobile phone, computer, tablet computer at the disposal of the Customer, which is considered as electronic communications terminal equipment according to Section 188 point 21 of Act C of 2003 on Electronic Communications, and which is capable of receiving cookies (data packets).
  • GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation).
  • Cookie: a file (string of data) that can be created on the Website visitor’s computer by the program that displays the Website and that stores information about the Customer, and the connection between the Customer and the web server. The purpose of the use of cookies is to identify (recognise) the Customer’s computer, to facilitate and monitor browsing, to analyse and evaluate the usage patterns of visitors to the Website and, as a result, to improve the user experience.
  • Website: the havanatropicana.com
  • Data Protection Authority: the Hungarian National Authority for Data Protection and Freedom of Information
  • Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C;
  • E-mail address: ugyfelszolgalat@naih.hu;
  • Website: http://naih.hu;
  • Telephone: +36 (1) 391-1400.

Purposes of the processing, and processes applied

Purchase

During the purchase process and in order to fulfill the purchase, the Data Controller requests personal data from the Customers, which include the following: name, email, phone number, billing address, and any other data necessary for issuing the invoice. The purpose of providing the data by the Customer is to use the Service and to fulfill the contractual service provided by the Data Controller.

Database managed for the purpose of sending newsletters:

The purpose of the Controller is to periodically contact Customers via their e-mail address with information about current events, promotions, program offers and in connection with its services, in accordance with the provisions of Section 6 of Act XLVIII of 2008 on Essential Conditions of and Certain Limitations to Business Advertising (hereinafter referred to as the “Advertising Act”). The legal basis for this processing is based on the explicit and freely given consent of the Customer. Pursuant to Section 6(3) of the Advertising Act, the Controller has the right to process the data until the Customer’s consent is withdrawn. The Customer hereby consents to the Controller sending them text messages or emails in connection with the Restaurant’s Services for the purposes set out in this paragraph. Personal data processed in the context of the general newsletter: name, e-mail address.

The Customer can optionally check whether they would like to subscribe to the newsletter when providing their email address. If the Customer subscribes, their personal data will be stored in the Brevo system by the Data Controller, which is a cloud service provider offering only storage services. Brevo's privacy policy can be accessed via the following link: https://www.brevo.com/legal/privacypolicy/.

The additional data processor is HAMU és GYÉMÁNT Média Korlátolt Felelősségű Társaság (company registration number: 01-09-712316, registered office: 1024 Budapest, Margit körút 5. A building, 3rd floor, door 1)

The Customer has the right to cancel the subscription at any time, without restriction and without giving any reason, free of charge, by clicking on the “Unsubscribe from newsletter” button at the bottom of the newsletter or by sending an e-mail to cubapartner@gmail.com.

 

As set out above, the legal basis for the processing purpose concerned is the Customer’s freely given, explicit and informed consent pursuant to Article 6(1)(a) of the GDPR.

Recording of technical data (cookies)

In addition to the Customer’s personal data, the use of the Website and the Restaurant’s Wi-Fi service technically records the data (cookies) of the Customer’s computer that are generated during the use of the Website and that are recorded (logs) when the Customer visits and leaves the Website (without any special declaration or action by the Customer). The purpose of these data is to compile statistics on the visits and use of the Website and to improve the Website’s IT system in general. These data are not linked by the Controller (except in cases required by law) to the personal data of the Customer and are accessible only to the staff of the Controller and the Administrator. The Customer can delete the cookie from his or her computer at any time (using the appropriate menu options in the browser) or can also set the browser (typically using the “Help” function) to disable the use of cookies. However, by disabling cookies, the User acknowledges that without cookies the use of the Website is not fully functional.

Payment via Bank Transfer

 

Customers have the option to pay for tickets via bank transfer to the following account:

Account holder’s name: ATICSA KFT

Bank name: ERSTE BANK

Account number (IBAN): HU1160000060000000197743124

Important: When making the payment, please include your Order ID in the reference field to ensure we can identify your transfer. Without this information, we will not be able to process your payment, and your tickets cannot be issued.

When choosing bank transfer as the payment method, please ensure the full amount is transferred, taking into account any applicable transfer fees. Transfer fees may vary depending on your bank, and it is the Customer’s responsibility to cover the total amount.

Once we have confirmed receipt of your transfer, your tickets will be sent to the email address provided. 

This payment option will only be valid once the transfer has been successfully received. Tickets are not considered issued until the payment has been credited.

Enforcement and redress

Communication with the Controller

Communication between the Customer and the Controller takes place by telephone, e-mail or post. The Controller’s e-mail address for this purpose: cubapartner@gmail.com; mailing address: 6045 Ladánybene, Fő utca 38. The Customer has the right to request confirmation from the Controller at any time as to whether personal data concerning them are being processed, and, where that is the case, the Customer has the right of access to the processed personal data to the following extent.

In the context of access, the information provided by the Controller in relation to data processing may include in particular:

  1. purposes of the processing;
  2. the personal data processed;
  3. recipients of data transfer;
  4. the expected duration of the processing or, if it is not possible to determine this, the criteria for determining the duration;
  5. the rights exercisable by the Customer;
  6. the right to lodge a complaint with the Authority;
  7. the source and legal basis of the information collected by the Controller.

The Controller shall comply with the above request for information without undue delay, but at the latest within one month of the request for information.

The Controller shall provide a copy of the personal data subject to processing upon the Customer’s request. The Controller may charge a reasonable administrative fee for additional copies requested by the Customer.

  1. The Controller will only examine and reply to an e-mail sent by a Customer in connection with data processing if received from an e-mail address previously provided by the Customer (unless the Customer refers in the message to a change of e-mail address or the Customer’s identity can be clearly verified from the e-mail).
  2. The Controller shall inform the Customer of any action taken with regard to personal data without delay, but no later than one month after the action is taken. If the Controller does not take action on the request of the Customer, the Controller shall inform the Customer without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with the Authority and seeking a judicial remedy.

Rectification

The Customer has the right to notify the Controller of any changes to his or her personal data (by e-mail or postal letter as described above). The Controller will implement the change within 8 days of receipt of the request. The Customer will bear the consequences of the Customer’s failure to notify any change in his or her personal data without delay. If the personal data provided is not accurate and the accurate personal data is available to the Controller, the Controller automatically corrects the personal data.

Erasure of data

The Customer has the right to obtain from the Controller, upon request, the erasure of personal data concerning him/her without undue delay, and the Controller has the obligation to erase personal data relating to the Customer without undue delay, in particular where one of the following grounds applies:

  1. the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  2. the Customer withdraws consent on which the processing is based and there is no other legal ground for the processing;
  3. the Customer objects to the processing based on legitimate interest;
  4. the personal data have been unlawfully processed by the Controller;
  5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

Even in the above cases, the Controller is not obliged to delete the personal data processed, if the processing is necessary:

  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest;
  3. for statistical or archiving purposes or for scientific or historical research purposes, where erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing;
  4. for the establishment, exercise or defence of legal claims.
  5.  

Objection to the processing

The Customer has the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data under this Policy on the basis of legitimate interest (the newsletter service and the processing based on the use of CCTV are based on legitimate interest under this Policy). The Controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Customer or for the establishment, exercise or defence of legal claims.

Right to restriction of processing

The Customer has the right to obtain from the Controller restriction of processing of his or her data, if one of the following conditions is met.

  1. a) the accuracy of the personal data is contested by the Customer, for a period enabling the Controller to verify the accuracy of the personal data;
  2. b) the processing is unlawful and the Customer opposes the erasure of the personal data and requests the restriction of their use instead;
  3. the Controller no longer needs the personal data for the purposes of the processing, but they are required by the Customer for the establishment, exercise or defence of legal claims;
  4. the Customer has objected to processing; pending the verification whether the legitimate grounds of the Controller override those of the Customer.

Where processing is restricted on the basis of the above, such personal data shall, with the exception of storage, only be processed with the Customer’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the restriction of processing is lifted, the Customer requesting the restriction shall be informed of this fact in advance by the Controller.

Right to data portability

With regard to the personal data processed on the basis of the consent of the Customer or for the performance of the contract the Customer has the right to receive the personal data concerning them, which they have provided to the Controller, in a structured, commonly used and machine-readable format and has the right to transfer those data to a third party controller without hindrance from the Controller to which the Customer has provided the personal data. This right may only be exercised in relation to personal data processed on the basis of consent or on the legal basis of the performance of a contract.

Bringing proceedings before the Hungarian National Authority for Data Protection and Freedom of Information

The Customer may file a complaint with the Authority to initiate an investigation on the grounds that a breach of rights in relation to the processing has occurred or is imminent in relation to the processing of personal data. The Authority’s investigation is free of charge and the costs of the investigation are advanced and borne by the Authority. No person shall suffer prejudice as a result of having made a notification to the Authority. The Authority may disclose the identity of the person lodging the complaint only if it would not be possible to carry out the investigation without such disclosure. If the notifier so requests, the Authority may not disclose their identity even if the investigation cannot be carried out without it.

Judicial enforcement of rights

The Customer may bring an action against the Controller in court in the event of an infringement of their rights. As a general rule, the court with competence at the registered office of ATICSA Kft. has jurisdiction, but, at the Customer’s option the lawsuit may also be brought before the court of the Customer’s domicile or residence. The jurisdiction of the court can be checked by using the “Bíróság kereső” (Court Search) application on www.birosag.hu. The court rules on the case summarily.

Compensation and Damages

If by the unlawful processing of the Customer’s personal data or a breach of the data security requirements the Controller:

  1. a) causes damage to the Customer or to another person, the Controller shall compensate the damage (compensation);
  2. b) violates the Customer’s privacy rights, the Customer may claim damages from the Controller.

The Controller shall be exempted from liability for the damage caused and from the obligation to pay damages if it proves that the damage or the infringement of the Customer’s right to privacy was caused by an unavoidable cause outside the scope of the processing. No compensation or damages shall be payable if the damage or injury to the privacy rights was caused by the intentional or grossly negligent conduct of the Customer (the damaged party).

Miscellaneous provisions

  1. The Controller reserves the right to unilaterally amend the Policy at any time.
  2. The Policy is governed by the rules of Hungarian law.
  3. The Policy enters into force on 13 August 2024. The Policy is available on the website havanatropicana.com and is also prominently displayed in the Restaurant.

Budapest, 13th August 2024.