Hotel Lidó
Siófok · Balaton
Back to home

Privacy Policy

Last updated: March 16, 2026

This Privacy Policy is prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).

1Data Controller

Company name: ÁNZA Bt.

Registered address: Tököl 2316, Gárdony Géza u. 14.

Company registration no.: 13 06 071507

Tax number: 25264865-2-13

Representative: Skerlecz Nóra Zsuzsanna

E-mail: [email protected]

Website: www.siofok-hotel.com

Hotel: Hotel Lidó Siófok, 8600 Siófok, Petőfi sétány 11.

2Personal data processed and purpose

Online booking

Data processed:

  • Full name
  • Email address
  • Phone number
  • Address (zip, city, country)
  • Booking details (dates, room, guests)
  • Number and age of children
  • Notes (optional)
  • Payment method

Legal basis:

Contract performance (GDPR Art. 6(1)(b)) – necessary to process the booking.

Retention period:

5 years from booking completion (accounting obligation).

Email communication (confirmations, notifications)

We use your email address and name to send booking confirmations, modification and cancellation notices, and deposit reminders.

Legal basis: Contract performance (GDPR Art. 6(1)(b)).

Online payment (card deposit)

Card payments are processed through Stripe Inc.'s secure payment platform. Hotel Lidó Siófok never stores card details (card number, CVV, expiry date). Stripe is PCI-DSS Level 1 certified.

Legal basis: Contract performance (GDPR Art. 6(1)(b)).

Cookies and web analytics

The website uses the following cookies:

Cookie nameTypePurposeRetention
sessionNecessaryLogin sessionUntil browser close
cookie_consentNecessaryCookie consent storage1 year
langNecessaryLanguage preference1 year

Legal basis: Legitimate interest (for necessary cookies). Consent is requested on first visit.

3Data processors (third parties)

The following third-party providers act as data processors in operating the booking system. All operate within the EU/EEA or in countries with adequate data protection guarantees.

Manus (Beijing Zhiyuan Artificial Intelligence Research Institute)

Privacy policy →

Activity: Web application hosting, database hosting (TiDB)

Data processed: All booking and guest data

Location: USA (under adequacy framework)

DPA: Required – request from Manus

Resend Inc.

Privacy policy →

Activity: Transactional email sending (confirmations, notifications)

Data processed: Guest name, email address, booking details

Location: USA (SCCs)

DPA: Available: resend.com/legal/dpa

Stripe Inc.

Privacy policy →

Activity: Online card payment processing (PCI-DSS Level 1)

Data processed: Payment data (card details NOT seen by the Hotel)

Location: USA/EU (SCCs + adequacy)

DPA: Available: stripe.com/legal/dpa

4Your rights (GDPR Art. 15–22)

👁 Right of access

You can request information about the data we hold about you.

✏️ Right to rectification

You can request correction of inaccurate data.

🗑️ Right to erasure ("right to be forgotten")

You can request deletion of your personal data. Send the request to [email protected]. Deletion may be limited where legal retention obligations apply (e.g. accounting).

⏸️ Right to restriction

You can request restriction of processing while accuracy or legal basis is disputed.

📦 Data portability

You can request your data in a machine-readable format (JSON/CSV).

🚫 Right to object

You can object to processing based on legitimate interest.

Exercising your rights

Send your request to [email protected]. We will respond within 30 days. For complaints, you may contact the National Authority for Data Protection and Freedom of Information (NAIH): www.naih.hu, +36 (1) 391-1400.

5Data security measures

🔒

HTTPS/TLS encryption for all data transfers

🗄️

Database encryption (at-rest encryption)

🔑

JWT-based session management, no password storage

👤

Role-based access control (admin/guest)

💳

No card data stored – Stripe PCI-DSS Level 1

📋

Server-side logging (access logs)

6Submitting a data deletion request

To request deletion of your personal data, please send an email with the following information:

  • Your full name
  • Your booking reference (if available)
  • The email address used for booking
  • Reason for deletion request (optional)
Send deletion request: [email protected]

⚠️ Note: Data related to active or future bookings cannot be deleted until the booking is completed. Financial data must be retained for 5 years due to accounting obligations.

7Supervisory authority

National Authority for Data Protection and Freedom of Information (NAIH)

📍 1125 Budapest, Szilágyi Erzsébet fasor 22/c.

📞 +36 (1) 391-1400

🌐 www.naih.hu

✉️ [email protected]

Date: March 16, 2026 | Next review: March 2027

Data protection inquiries: [email protected]