1. Introduction
Your complete satisfaction and confidence in Giselle Vintage Doubles are absolutely essential to us. In order to meet your expectations, we have set up
a customer privacy protection policy. Giselle Vintage Doubles is operated by Lebowski Ltd. The “Privacy Policy” statement formalizes our commitment
to safeguard your personal data and it describes how Lebowski Ltd. uses your personal data in accordance with the General Data Protection
Regulation of the European Union(hereinafter: GDPR). The present Privacy Policy forms part of the terms and conditions that govern our hotel services.
By accepting these terms and conditions, you expressly accept the provisions of this Charter.
“Personal data” means any information collected and logged in a format that allows you to be identified personally, either directly (e.g. name) or
indirectly (e.g. telephone number) as a natural person. Before providing us with this information, we recommend that you read this document describing
our customer privacy protection policy.
2. Information on the data controller:
Name of the company: Lebowski Vendéglátóipari Szolgáltató Ltd.
Company registry number: 01-09-901187
Seat: H-1071 Budapest Damjanich u. 35. III/17.
Homepage: https://gisellebudapest.com/
E-mail contact: RESERVATION@GISELLEBUDAPEST.COM
Data Protection Officer: not obligatory under Article 37 of GDPR
Data processing outside EU: the data processor does not process data outside the European Union
3. General principles
We will only collect personal data that is necessary to provide our services and to comply with legal duties imposed by law. We will take all reasonable
steps to ensure that the personal data we hold is accurate and up to date. When collecting and processing your personal data, we will communicate all
information to you and inform you of the purpose and recipients of the data. We ensure the transparency of our data processing policy. We act in good
faith and according to the general duty of cooperation to safeguard the privacy of our guests.
4. What kind of personal data is collected and controlled?
Our main purpose is to manage your stay with our hostel. We collect and use personal information if you make a booking through our reservation

system or check-in at the desk. We generally collect this information directly from you, but in some cases we may receive your information from a third-
party, such as when you book through an online travel agency or you use booking sites. Information collected during the course of the reservation and

during your stay may include:
Your name, email address, date and place of birth, home or business address, phone number, nationality, ID number, payment card
information; scanned copy of your ID card (passport/ID card/driving license)
Information made during the course of your reservation such as date of arrival and departure, payment method, your signature, your preferred
room type and specific requests to the hostel.
Our staff has access to our Facebook, Tripadvisor and other accommodation broker accounts, and we track the opinions that our guests leave
as an evaluation of our services.
Our website has a chat service whereby anyone can ask information from our staff. It is not obligatory to provide personal data to use the chat
service. However, if our stuff is not available, the visitor of our site can leave his name, e-mail address and message. We use this information
to reply the inquiries.
Our company does not collect and process special categories of personal data as specified in Article 9 of the GDPR. This article refers to health data,
biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation; personal data revealing racial or ethnic origin,
political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data. If this kind of data is collected
incidentally, it should be removed immediately to avoid undertaking new obligations for the protection of that data.
We generally only keep your information for as long as is reasonably required for the reasons explained in this privacy policy. Data on our guests are
delated from the booking system after 3 years. In some cases we keep transactional records (which may include your information) for longer periods if
necessary to meet legal, regulatory, tax or accounting needs. We will also retain information if we reasonably believe there is a prospect of litigation.
5. Specific data control
1. CCTV: A CCTV system operates within the public areas of the hotel. The areas under 24/7 surveillance include the entrance of the hotel, the
reception desk and reception area, the corridors, the luggage office, cleaning depository, and the kitchen. The system delates the recordings
after two weeks.
2. Homepage: We also collect information from you when you browse our website such as your country information, internet protocol (“IP”)
address, media access control address and other characteristics about your system or device may be automatically collected. This information
is collected for functional purposes as well as to improve your experience when using these services. This information may also be used for
aggregated trend and statistical analysis. The homepage is operated – as data processor – by Lebowski Ltd (H-1071 Budapest Damjanich u.
35. III/17.) and 7Hills IT Ltd. (H-2013 Pomaz, Kandó Kálmán u. 18.) as website operator. Our server is in the Netherlands. Our website uses
analytics cookies from other sites in order to monitor usage on the site and optimise functionality.
6. Purpose of the use of the data
The primarily purpose of the collection and procession of the data is to perform the contract between you as our customer and us as service provider.
We use the information collected from you to fulfil your hotel reservation. This includes: managing the reservation and accommodation requests,

monitoring our services, internal management of lists of customers having behaved inappropriately during their stay at the hotel (aggressive and anti-
social behavior, non-compliance with the hotel contract, non-compliance with safety regulations, theft, damage and vandalism, or payment incidents).

Prior to your stay this may include sending your information to the hotel or sending you pre-stay communications. Following your stay, we may also
send you post-stay communications (newsletter) and satisfaction surveys to get feedback on your experience.
Our company has to comply with legal duties under municipal law, such as proper administration of taxation, accounting. The disclosure of the data
might be required to comply with a judicial proceeding, court order, subpoena or warrant. (For example in the case of criminal investigation.)

Under the municipal law, we are obliged to send aggravated statistical data on the nationality of our visitors to the National Office of Statistics.
We may use information for purposes of aggregated trend and statistical analysis to evaluate and improve our services. We do not use your information
to display targeted advertisements. We do not create profiles by connecting multiple sources of data, such as our reservation system or Tripadvisor and
Facebook.
7. Legal basis for processing your personal data
We are committed to collecting and using your information in accordance with applicable data protection laws. We will only collect, use and share your
information where we are satisfied that we have an appropriate legal basis to do this. The following legal basis are applicable:
6. If you have provided your consent to us using the personal information – Article 6.1.(a) of the GDPR
7. If the processing of your personal data is necessary to perform our contractual duties and rights in relation the legal relationship – Article 6.1.
(b) of the GDPR
8. Your information is necessary to meet responsibilities we have to our regulators, tax officials, law enforcement, or otherwise meet our legal
responsibilities – Article 6.1.(c) of the GDPR
9. Use of your information is in our legitimate interest as a commercial organization, for example to operate and improve our services or ensure
our contractual rights – Article 6.1.(f) of the GDPR
8. Who has access to your personal data?
In order to offer you the best service, we can share your personal data and give access to authorized personnel from our hotel and company, including:
hotel staff, IT departments, commercial partners, legal services if applicable.
Your personal data may be sent to a third party for the purposes of supplying you with services and improving your stay, for example: external service
providers (IT sub-contractors, banks, credit card issuers, external lawyers).
We may also be obliged to send your information to local authorities if this is required by law or as part of an inquiry and in accordance with local
regulations.
9. How we secure your data?
We take appropriate technical and organizational measures, in accordance with applicable legal provisions, to protect your personal data against illicit
or accidental destruction, accidental alteration or loss, and unauthorized access or disclosure. To this end, we have taken technical measures and
organizational measures (such as a user ID/password system, means of physical protection etc.).
10. Children
Our websites are not intended for children and we do not intentionally solicit or collect personal information from individuals under the age of 16. If we
are notified or otherwise discover that a minor’s personal information has been improperly collected, we will take all commercially reasonable steps to
delete that information. Visitors of the age group 16-18 have to submit a parental statement when they check in. We handle this document jointly with
the other relevant information to provide our services.
11. Your rights under GDPR
You have legal rights under EU data protection laws in relation to your personal information:
To access personal information: You can ask us to confirm whether or not we have and are using your personal information and for a copy of
your information.
To correct / erase personal information: You can ask us to correct any information about you which is incorrect. We will be happy to rectify such
information but would need to verify the accuracy of the information first. You can ask us to erase your information if you think we no longer
need to use it for the purpose we collected it from you. You can also ask us to erase your information if you have either withdrawn your
consent to us using your information (if we originally asked for your consent to use your information), or exercised your right to object to further
legitimate use of your information, or where we have used it unlawfully or where we are subject to a legal obligation to erase your personal
information. We may not always be able to comply with your request, for example where we need to keep using your information to comply
with our legal obligation or where we need to use your information to establish, exercise or defend legal claims.
To restrict how we use personal information: You can ask us to restrict our use of your information in certain circumstances, for example: where
you think the information is inaccurate and we need to verify it; where our use of your information is not lawful but you do not want us to erase
it; where the information is no longer required for the purposes for which it was collected but we need it to establish, exercise or defend legal
claims; or where you have objected to our use of your personal information but we still need to verify if we have overriding grounds to use it. We can continue to use your information following a request for restriction where we need to use it to establish, exercise or defend legal claims,
or we need to use it to protect the rights of another individual or a company or fulfill legal duties imposed by the municipal law.
To object to how we use your information: You can object to any use of your information which we have justified on the basis of our legitimate
interest, if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information. If you
raise an objection, we may continue to use your information if we can demonstrate that we have compelling legitimate interests to use the
information.
To ask us to transfer your information to another organization: You can ask us to provide your personal information to you in a structured,
commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller (e.g. another company). You may only exercise this right where we use your information in order to perform a contract with you, or where we asked for your consent to use
your information. This right does not apply to any information which we hold or process that is not held in digital form.
12. How to contact us?
For any questions or concerns regarding this Privacy Statement or our data privacy practices, please contact us:
Homepage: https://gisellebudapest.com/
E-mail contact: RESERVATION@GISELLEBUDAPEST.COM
For the purposes of confidentiality and personal data protection, we will need to identify you in order to respond to your request. You will be asked to
include a copy of an official piece of identification, such as a driver’s license or passport, along with your request. Our staff will respond within 30 days.
13. Legal remedies

You have a right to lodge a complaint with your local data protection supervisory authority at any time. The procedures are regulated by Act CXII of
2011 on the Right of Informational Self-Determination and on Freedom of Information. In the event of any infringement of your rights as data subject,
you may submit a complaint with the National Authority for Data Protection and Freedom of Information (www.naih.hu) or launch a court procedure at
the Metropolitan Court of Budapest. However, we ask that you please try to resolve any issues with us first before referring your complaint to the
supervisory authority.
We reserve the right to change the present Privacy Policy. Any changes will become effective when we post the revised Privacy Polic on our website.
Your use of the services following these changes means that you accept the revised Privacy Statement. If you would like to review the version of the
Privacy Policy that was effective immediately prior to this revision, please contact us.