Book now

Privacy Policy

Information in accordance with Article 13 of the General Data Protection Regulation (GDPR)

  1. Data protection

Capital Invest Ltd. („Capital Invest“, „we“, „us“, „our“) respects your privacy, and is committed to protecting the privacy, confidentiality and security of the personal data you provide to us or that we collect about you when you use our website and other online products and services („Site“), when you contact guest services, or when you otherwise interact with us. We are aware of our resposnsibilities to protect your personal data, to keep it secure and comply with applicable privacy and data protection laws.

This Privacy Policy explains our personal data practices and the choices you can make about the way your personal data is used. You will be asked to consent to the terms of this Privacy Policy when making a reservation or otherwise corresponding with us via the Site or otherwise where required under applicable law /The requested data collection is mandatory according to Order “110/1997. (VI. 25.) Korm. rendelet a magánszálláshelyek idegenforgalmi célú hasznosításáról”/. Otherwise your continued use of the Site will constitute your deemed consent to the terms of this Privacy Policy.

Name and contact details of the company

Capital Invest Ltd.

Email: info@budapestcityapartments.com

If you have any questions about our data processing or if you believe that processing your personal data by Capital Invest Ltd. violates data protection regulations, please contact us at the above address or at  info@budapestcityapartments.com.

This data protection declaration applies (A.) to the website of Capital Invest Ltd. (https://budapestcityapartments.com) and to the personal data collected via this website as well as (B.) to general data processing at Capital Invest Ltd.

For websites of other providers, which are referred to via links, for example, the data protection information and declarations there apply.

A. Data processing on our website

Categories of personal data collected:

  1. Information You Provide to Us

We collect personal data (including where applicable sensitive personal data) you provide directly to us. This includes:

  • your full name and contact information, passport and visa information;
  • guest stay information, including the apartments where you have stayed, date of arrival and departure, goods and services purchased, special requests made, your service preferences;
  • your credit card, mobile payment and other payment details;
  • any information necessary to fulfill special requests (for example, leisure, travel and guest preferences);
  • your reviews, feedback and opinions about our apartments and services; and
  • any other personal data you choose to provide to us.
  1. Information We Collect Automatically When You Use the Site
  • Every time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:
  • Full IP address of the requesting computer;
  • Date and time of access;
  • Internet sites from which the user’s system accesses our website;
  • Name of the requested file;
  • Access status (file transferred, file not found, etc.);
  • Web browser and operating system used;
  • Amount of data transferred;

 3. Information Collected by Cookies and Other Tracking Technologies

  • SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar.

If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

  • Cookies

This website uses cookies.

Cookies make websites more user-friendly and efficient for users. A cookie is a small text file used to save information. When you visit a website, this website can place a cookie on your computer. If at a later point in time you visit the website again, the website can read the information saved in the cookie and find out, for example, whether you have visited the website before and which areas of the website you are particularly interested in.

Changing cookie settings

The web browser settings determine how the web browser deals with cookies and which cookies are or are not allowed. These settings can be changed. How and where these changes can be made depends on the web browser. Use the ‘Help’ function in your web browser to find out more about how to change your cookie settings.

You should be aware that limiting the use of cookies may mean that not all functions on this website can be used to their full capacity.

Or you can easily set cookie preferences through cookie consent dialog by clicking here.

Cookies on our website

Our website uses the following providers:

  • Our website: To save your consent for cookies to be used.
  • Google: To save user data connected to Google’s website statistics software Google Analytics. For more information visit Google Analytics.
  • Facebook: To save user data connected to Facebook Pixel. For more information visit Facebook Developer and read the information on Facebook cookies.
  • Server Log Files

For the purposes of technical monitoring and increased security, this website processes the following personal data in a server log file. This processing is based on the principle of overwhelming interest of the person/company responsible (technical security measures).

  • IP address
  • site from which the file was accessed (“referrer URL”)
  • name of the file
  • date and time the file was accessed (“time stamp”)
  • amount of data transferred
  • access status (file transferred, file not found, etc.)
  • type of web browser used, e.g. Mozilla Firefox, Google Chrome, Microsoft Internet Explorer, Microsoft Edge, Apple Safari, Opera etc.)

These data are saved in personalised form only temporarily for a period of seven days. After that the log files are deleted.

  • Google Analytics

This website uses Google Analytics, a web analysis service operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland („Google”). Google Analytics is based on the legal principle of overriding legitimate interest (analysis of website use). To this end we have concluded an agreement with Google on contracted data processing.

When you visit our website, a piece of software creates a connection to Google servers and data is sent to these servers, some of which are located in the USA. Google Analytics also uses cookies to save information about the website user as well as to analyse how visitors use this website.

This website uses the function „Activation of IP anonymisation”. This means that within Member States of the European Union and countries of the European Economic Area your IP address will be shortened. Only in exceptional circumstances will the full IP address be sent to a Google server in the USA and shortened there

According to Google, this data is used to analyse the use of the website, produce reports on website activity and provide additional services connected to use of the website and the internet.

Google may also transfer this information to third parties if this is legally required or if the third party is tasked with processing the data on behalf of Google.

For detailed information on the use of data by Google Analytics please consult the data protection declaration of Google and Google Analytics.

Google Analytics Remarketing

Our websites use the features of Google Analytics Remarketing combined with the cross-device capabilities of Google AdWords and DoubleClick. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.

This feature makes it possible to link target audiences for promotional marketing created with Google Analytics Remarketing to the cross-device capabilities of Google AdWords and Google DoubleClick. This allows advertising to be displayed based on your personal interests, identified based on your previous usage and surfing behavior on one device (e.g. your mobile phone), on other devices (such as a tablet or computer).

Once you have given your consent, Google will associate your web and app browsing history with your Google Account for this purpose. That way, any device that signs in to your Google Account can use the same personalized promotional messaging.

To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad promotion.

You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising in your Google Account; follow this link.

The aggregation of the data collected in your Google Account data is based solely on your consent, which you may give or withdraw from Google per Art. 6 (1) (a) GDPR. For data collection operations not merged into your Google Account (for example, because you do not have a Google Account or have objected to the merge), the collection of data is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing anonymous user behavior for promotional purposes.

For more information read the Google Privacy Policy.

Deactivating Google Analytics

  • It is possible to prevent our website from collecting your user data by activating the „Do Not Track” function in your web browser. Your web browser will then send a „Do Not Track” signal to all websites, including ours.
  • You can prevent all websites from collecting your user data by downloading the following extension and installing it on your computer: Download Browser Extension.
  • You can prevent only our website from collecting your user data via Google Analytics by clicking on the following link. This places an opt-out cookie on your computer, which prevents data being collected from you if you visit this website again. Deactivate Google Analytics.

Google Analytics Google Signals

We have enabled Google signals in Google Analytics. This updates existing Google Analytics features (advertising reports, remarketing, cross-device reports, and interest and demographic reports) to provide aggregated and anonymized data from you, provided you have allowed personalized ads in your google account.

What makes this special is that it is cross-device tracking. That means your data can be analyzed across devices. By enabling Google signals, data is collected and linked to the Google account. Google can thus recognize, for example, if you view our website via a smartphone and only mare reservation later via a laptop. Thanks to the activation of Google signals, we can launch cross-device remarketing campaigns that would otherwise not be possible in this form. Remarketing means that we can also show you our offer on other websites.

In Google Analytics, Google signals also collect other visitor data such as location, search history, YouTube history and data about your actions on our website. This gives us better advertising reports from Google and more useful information about your interests and demographics. This includes your age, what language you speak, where you live, or what gender you are. Furthermore, social criteria such as your profession, your marital status or your income are also added. All these characteristics help Google Analytics to define groups of people or target groups.

The reports also help us to better assess your behavior, your wishes and interests. This allows us to optimize and adapt our services and products for you. By default, this data expires after 26 months. Please note that this data collection only occurs if you have allowed personalized advertising in your Google account. This is always aggregated and anonymous data and never individual person data. In your Google account, you can manage this data or delete it.

  • Facebook Pixel

This website uses Facebook Pixel, a web analysis service operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland („Facebook”) based on the legal principle of overriding legitimate interest (analysis of website use). We have concluded an agreement with Facebook on contracted data processing. In some cases data will be transferred to the USA. This transfer of data to the USA takes place on the basis of the Privacy Shield.

When you visit our website a piece of software creates a connection to Facebook’s servers and sends data to these servers, some of which are located in the USA. Facebook Pixel also uses cookies to save information about the website user and to analyse how the website user uses the website.

According to Facebook, this data is used to analyse the use of the website, produce reports on website activity and provide additional services connected to use of the website and the internet.

Facebook may also transfer this information to third parties if this is legally required or if the third party is tasked with processing the data on behalf of Facebook.

We use Facebook Custom Audience as well as other tools offered by Facebook to advertise on websites like Facebook. In order to do this we share your data with providers like Facebook and use Cookies and similar technology on our website to analyze how effective our ads are on these third party platforms.

For detailed information on the use of data by Facebook please consult Facebook’s data protection declaration.

Deactivating Facebook Pixel

  • It is possible to prevent our website from collecting your user data by activating the „Do Not Track” function in your web browser. Your web browser will then send a „Do Not Track” signal to all websites, including ours.
  • You can prevent this website from collecting your data via Facebook Pixel by clicking on the following link. This places an opt-out cookie on your computer, which prevents data from being collected from you if you visit this website again. Deactivate Facebook Pixel.
  1. Information We Collect From Other Sources

We may also obtain personal data from our third party service providers (such as information relating to the credit of guests) and from public sources and combine that with information we collect through our Site where we believe that it is necessary to help manage our relationship with you. 

Where you provide personal data of third parties (for example, names and contact details of your family members in connection with bookings or family memberships), you confirm that you have their consent to provide their personal data to us. We recommend you show them this Privacy Policy.

  1. General Data Processing of Capital Invest Ltd.

Categories of personal data collected

Based ont he provisions of the Tourism Act, in order to fulfil the legal obligation, we record and store the following data:

  • Family name and first name of all our guests,
  • Surname and first name at birth,
  • Place and date of birth,
  • Their sex
  • Their mother’s surname and first name at birth,
  • The identification data of their personal ID document or travel document,
  • Their country of citizenship
  • Any visa or entry permit numbers
  • Place and time of their entry into the country. (GDPR Article 6(a) (c)

In order to provide the requested services, e.g. accommodation we also process the following data:

  • Contact details
  • Mode of payment
  • Credit/debit card details
  • Apartment / Room
  • Number of guests

Purpose of the data processing

This data is collected to the extent necessary:

  • Provision of apartment services, including maintaining contact with customers and improving the service.
  • The purpose of recording and storing data specified by the Tourism Act, the Accounting Act and the local council regulation is to ensure legal compliance.
  • After your departure, we will keep the data for the purpose of asserting claims or managing complaints within the limitation period stipulated under civil law.

For our legitimate commercial interests, in order to:

  • understand how our services impact you, provide you with a better, more personalised level of service, and further develop our services, including linking or combining with information we get from others to do so;
  • provide privileges, benefits and services to you, verify and validate your ability to access and use certain services and information, monitor your use of our Site and your bookings, and conduct analysis of the use of our Site in order to operate, evaluate and improve our Site and our services, understand your preferences, display custom content to you on our Site which may be of interest to you and troubleshoot any problems;
  • conduct market analysis, market research, customer satisfaction and quality assurance surveys to improve our apartments and services; and
  • provide for the safety and security of guests.

Your data will be processed on the basis of Art. 6 Para. 1/b GDPR processed.

Use of information based on your consent:

  • facilitsate direct marketing, promotional and customer management purposes, including sending you promotional communications (including without limitation emails and push notifications) or special offers if you have consented to receive the same. Please see section „Direct Marketing” below;
  • we may use special categories of data (e.g. health data). But we will only do so if we have received your consent thereto; and
  • for any other purposes for which we have your consent.

 Disclosures of Your Personal Data

We may share your personal data:

  • with the operator of the apartman which you book, stay or visit;
  • with third-party payment processors, payment service providers, IT and marketing support service providers and other consultants, vendors and service providers who need access to such information to carry out work or provide services on our behalf or who help us to provide the Site to you;
  • with anyone involved in the process of making your travel arrangements (e.g. travel agents, group travel organisers) in order to fulfill contractual obligations;
  • with any law enforcement, courts, Government or regulatory bodies (in whatever jurisdiction), or otherwise in response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law, regulation, court order or legal process;
  • if we believe your actions are inconsistent with our user agreements or policies, or to protect the rights, property and safety of BudapestCityApartments, or others;
  • with our advisors, which includes our accountants, auditors, lawyers, other professional advisors and business contacts for the purpose of assisting us to better manage, support or develop our business and comply with our legal and regulatory obligations;
  • with any other party at your consent or at your direction; and
  • otherwise as permitted or required by applicable laws and regulations.

We may also disclose aggregate or de-identified data that is not personally identifiable with third parties, including our commercial and strategic partners.

 Period of the data processing

  • Where information is needed for issuing an invoice or for other tax records, we have a legal obligation to retain this for 8 years from the end of the calendar year. Thus if we issue you the invoice when you check out on 30 October 2024, we must keep the data until 31 December 2032.
  • The apartment has a legal obligation to report to the local council the details of all guests who check in, disclosing the items of data specified in the relevant local council regulation, and it must also report to the police the details of all guests from outside the EU who check in. We have a legal obligation to keep the data in these reports for 5 years following the year concerned, counted from the day of check-in.
  • After your departure, we will keep the data for the period of limitation stipulated under civil law, i.e. for 5 years following the year concerned.
  • Personal data recorded based on the provisions of the Tourism Act will be stored in the designated central repository until the end of the following year. If you wish to exercise any of your rights referred to in section 1 in relation to the data recorded during check-in, or you wish to contact us for any other reason in connection with data recorded during check-in, please let us know by sending an email to info@budapestcityapartments.com.

Direct Marketing 

From time to time, we would like to use your name, email address, mobile phone number, and other relevant contact information to send you either via emails, SMS messages, telephone calls, push notifications, post, or social media (e.g. Facebook) information that we think may be of interest to you, including about our apartments, and services, satisfaction surveys, offers and promotions, but we can only do so with your consent.

You may opt-out from receiving marketing communications at any time by following the unsubscribe instructions contained in the marketing communications or contacting BudapestCityApartments in accordance with the section „D. Your Rights” below. If you opt out of these communications, we may still send you non-promotional communications, such as those about your reservation, unless we are prohibited from doing so by applicable laws.

Social media platforms (e.g. Facebook, Instagram)

We can also be contacted individually via the social media platforms Facebook and Instagram. By hitting the „like” and „follow” button on the given page, Facebook users can subscribe to the news published on newsfeed; by hitting the „dislike” button they can unsubscribe to it, and by adjusting the newsfeed settings, they can hide the news they do not wish to follow from the newsfeed. We are able to access its „followers” profiles; however, it does not record or process them in its own internal system.

 Purpose of the data processing:

Sharing the contents on the websites of us, sharing other news and offers, maintaining contact.

Legal basis of the data processing:

Your consent [GDPR Article 6(1)(a)], which can be withdrawn at any time by unsubscribing. The withdrawal of consent does not affect the lawful processing that preceded it. In the case of withdrawal, you will not receive notifications on your newsfeed; our news will no longer appear on your newsfeed, though you will still be able to access our newsfeed, since our website is public.

Period of the data processing:

The data processing lasts until you unsubscribe.

Facebook and Instagram are separate data controllers, independent of us. You can find information about the data processing of the site from the data protection guidelines and regulations on the Facebook website, at the following links:

  • https://www.facebook.com/policies/cookies/
  • https://www.facebook.com/about/privacy/update

You can find information on Instagram’s data processing at the following link:

  • instagram.com
  1. Data Security

Website

When visiting our website, we use the highest level of encryption supported by your browser. You can tell whether an individual page of our website is transmitted encrypted by the closed display of the key or lock symbol in the address bar of your browser.

 General data processing

In addition, we generally apply appropriate technical and organizational security measures when processing data to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or against unauthorized access by third parties. Our security measures correspond to the current state of the art. 5.

To protect your personal data, we also require our third party service providers to take reasonable precautions to keep your personal data confidential and to prevent unauthorised or accidental access, processing, erasure, loss or use of personal data, and to act at all times in compliance with applicable data protection laws.

We cannot guarantee that our Site will function faultless and without any interruptions. We shall not be liable for damages that may result from the use of electronic means of communication, including, but not limited to, damages resulting from the failure or delay in delivery of electronic communications, interception or manipulation of electronic communications by third parties or by computer programs used for electronic communications and transmission of viruses.

Children and Minors

Except where required by local laws, we do not knowingly collect personal data from minors. If you are a minor, you may only use our Site and services with the permission of your parent or guardian.

If you are in the EU, our online services are not directed at children under the age of 13. If you believe we have collected information about a child under the age of 13, please contact us so that we may take appropriate steps to delete such information. If you are at least 13 but under the age of 16, please get the consent of your parent or legal guardian before giving us any personal data about yourself.

Third Party Sites

The Site may contain links to other websites, apps, content, services or resources on the internet which are operated by third parties. If you access other websites, apps, content, services or resources using the links provided, please be aware they may have their own privacy policy, and we do not accept any responsibility or liability for these policies or for any personal data which may be collected through these sites. Please check these policies before you submit any personal information to these sites.

  1. Your Rights

According to the EU General Data Protection Regulation, you have the following rights:

i (i) to obtain information about the personal data processed or their categories, the processing purposes, the categories of recipients to whom your data has been or will be disclosed, the intention to transfer data to a third country or an international organization, including suitable guarantees, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a right to complain, the origin of your data, if it was not collected by us, as well as the Existence of automated decision-making, including profiling and, if necessary, meaningful information about its details;

ii (ii) to request the correction, addition, or deletion of your personal data that is incorrect or not processed in accordance with the law;

iii (iii) request that we restrict the processing of your personal data;

iv (iv) in certain circumstances, to object to the processing of your personal data or to withdraw the consent previously given for the processing;

v (v) to receive your personal data that you have provided to us in a structured, common, and machine-readable format or to request that it be transmitted to another controller;

vi (vi) to lodge a complaint with the relevant data protection supervisory authority.

If you would like to exercise your rights, please let us know by email at  info@budapestcityapartments.com or contact us at the address provided.

Changes to the Privacy Policy

We may modify this Privacy Policy from time to time. Any changes to this Privacy Policy will be posted to the Site so that you are always informed of the way we collect and use your personal data, and we encourage you to review this Privacy Policy whenever you access the Site or otherwise interact with us to stay informed about our information practices and the ways you can help protect your privacy. Updated versions of this Privacy Policy will include the date of the revision at the end of this Privacy Policy so that you are able to check when the Privacy Policy was last amended. Any changes to this Privacy Policy will become effective upon posting of the revised Privacy Policy on the Site. Use of the Site following such changes constitutes your acceptance of the revised Privacy Policy then in effect but, to the extent such changes have a material effect on your rights or obligations as regards our handling of your personal data, such changes will only apply to personal data after the changes are applied.

Miscellaneous

This Privacy Policy is governed by and shall be construed in accordance with the laws of Hungary.

This Privacy Policy is written in the English language and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this Privacy Policy, the English version shall prevail.

Updated: 5 November, 2024