Privacy Policy
The Service Provider defined in Section 1 carries out online registration and cloud storage activities on the website splashware.hu, aqua-parks.com, splashare.hu, splashare.eu, splashwaregalaxy.com, and kingelmenypark.hu (hereinafter referred to as the “Websites”) to provide supplementary services related to bathing facilities (hereinafter referred to as the “Service”). For information about the Service and to learn about the contractual terms established between the Service Provider and you, please refer to the general privacy policy available here.
In connection with data processing, the Service Provider (hereinafter referred to as the Data Controller) hereby informs you, as a user (customer) of the Service, about the personal data it processes in the course of providing the Service and operating the IT system, the principles and practices it follows in the processing of personal data, the organisational and technical measures taken to protect personal data, and the ways and means by which data subjects may exercise their rights.
The Data Controller processes the data you, as the User, have provided in compliance with the provisions of Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information, Regulation (EU) 2016/679 of the European Parliament and of the Council (27 April 2016) on the protection of natural persons about the processing of personal data and the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation – hereinafter GDPR), and Act CVIII of 2001 on specific issues of electronic commerce services and services related to the information society, as in force from time to time. The data is processed by this privacy policy (hereinafter referred to as the Statement).
By using the Service, you, as the User, accept the provisions of this Statement and declare that you have provided your personal and other data voluntarily and with adequate information. You explicitly consent to the Data Controller using your data for the purposes specified in this Statement.
1. Name and contact details of the Data Controller
Name of the Data Controller: Eleven Kft.
The Data Controller's registered office is: 1037 Budapest, Kösöntyű Street 3.
The Data Controller's email address:info@eleven11.hu
The Data Controller's company registration number: 01-09-066619
Data Controller's tax number: 10346877-2-41
Data Controller's telephone number: +36 (1) 436 9113
2. Information regarding the Data Controller's IT service providers
Hosting provider:
Name: Odoo S.A.
Address: Chaussée de Namur 40, 1367 Ramillies, Belgium.
Email address: info@odoo.com
Website: https://www.odoo.com/
3. Data processing carried out by the Data Controller in the spa area
In order to provide the Service, the Service Provider processes the data of Users using the Service as follows:
| ACTIVITY | REGISTRATION FOR OUR SERVICE |
| Position | Data controller |
| Purpose of data processing | Providing additional services |
| Data source | Registrant |
| Affected | Private person registering |
| Data type | Email address, spa name, date |
| Origin/history | – |
| Legal basis for data processing | Voluntary access |
| Affected contracts | – |
| Start of data processing | Upon confirmation of registration |
| End of data processing | Withdrawal of consent, erasure request |
| Retention time criterion | Withdrawal of consent, request for deletion, or termination of the purpose of data processing |
| Rights of data subjects | access, rectification, erasure, restriction, data portability |
| Way of exercising rights | Email, postal letter, personal procedure |
| Data transmission | – |
| Forwarding position | – |
| Legal basis for transmission | – |
| Affected contracts | – |
| Confirmation of deletion of transferred data | – |
| Criticality classification of data processing | – |
| Information | Before confirming your registration, through this information |
| ACTIVITY | PHOTO/IMAGE STORAGE |
| Position | Data controller |
| Purpose of data processing | Providing additional services |
| Data source | Buyer |
| Affected | Private person seen in photographs |
| Data type | Email address, spa name, date, image |
| Origin/history | Service contract |
| Legal basis for data processing | Contract fulfillment |
| Affected contracts | Spa Terms and Conditions, service contract |
| Start of data processing | When using the service (pairing the identification bracelet provided by the spa with the email address at the spa kiosks) |
| End of data processing | Withdrawal of consent, erasure request |
| Retention time criterion | Withdrawal of consent, deletion request |
| Rights of data subjects | access, rectification, erasure, restriction, data portability |
| Way of exercising rights | Email, postal letter, personal procedure |
| Data transmission | MediaCenter Ltd. |
| Forwarding position | Data processor |
| Legal basis for transmission | Contract fulfillment |
| Affected contracts | Commissioning contract |
| Confirmation of deletion of transferred data | Based on hosting provider's GTC |
| Criticality classification of data processing | Average |
| Information | Before using the service |
| Information location | Recorded according to the ordering channel (website, spa kiosk interface) |
| ACTIVITY | SENDING A NEWSLETTER TO END USERS |
| Position | Data controller |
| Purpose of data processing | Achieving marketing goals |
| Data source | Subscriber |
| Affected | Subscriber individual |
| Data type | Email address |
| Origin/history | – |
| Legal basis for data processing | Voluntary access |
| Affected contracts | – |
| Start of data processing | When giving consent |
| End of data processing | Withdrawal of consent, erasure request |
| Retention time criterion | Withdrawal of consent, request for deletion, or termination of the purpose of data processing |
| Rights of data subjects | rectification, erasure, restriction, access, data portability |
| Way of exercising rights | Email, postal letter, personal procedure |
| Data transmission | Odoo newsletter sender |
| Forwarding position | Data processor |
| Legal basis for transmission | Contract fulfillment |
| Affected contracts | Commissioning contracts |
| Confirmation of deletion of transferred data | Recorded |
| Information | When subscribing to the newsletter, as a separate data processing consent, via the website |
| Information location | Recorded according to the newsletter subscription channel (website, email, in person) |
| Cookie category | Purpose | Examples |
|---|---|---|
|
Session & Security |
User authentication, data protection and service provision, such as maintaining cart content or allowing file uploads Without these cookies, the site will not function properly. |
session_id (Odoo) |
|
Preferences |
Recording the desired look or behavior of the website, such as the chosen language or region. Without these cookies, the user experience may be reduced, but the website can still function. |
frontend_lang (Odoo) |
| Interaction History (optional) |
Collecting information about actions taken by users and pages visited, as well as marketing campaigns that direct visitors to the website. Without these cookies, we may not be able to provide the best services, but the website will still function. |
im_livechat_previous_operator (Odoo) utm_campaign (Odoo) utm_source (Odoo) utm_medium (Odoo) |
|
Advertising & Marketing |
They are used to make advertisements more effective, making them more attractive to users and more valuable to publishers and advertisers, for example, to display more relevant advertisements on other pages or to improve performance reports for advertising campaigns. Please note that some third-party services may install additional cookies in your browser to identify you. You can opt out of third-party cookies by visiting this page: Network Advertising Initiative opt-out pageThe site will still function without these cookies. |
__gads (Google) __gac (Google) |
|
Analytics |
To understand user behavior on our site, through Google Analytics. More about this: Analytics cookies and privacy information. The site will still function without these cookies. |
_ga (Google) _gat (Google) _gid (Google) _gac_* (Google) |
You can set your computer to warn you every time a cookie is being sent, or you can turn off cookies altogether. Each browser is a little different, so you can check the correct cookie settings in your browser's Help menu.
We currently do not support the 'Do Not Track' signal as there is no industry standard for it.
In order to provide the Service, the Data Controller will delete the personal data you have provided from the register upon expiry of the data management period, while recording a report that does not contain personal data.
The Data Controller is not liable for any damages resulting from incorrect or incomplete data provided by the User.
The Data Controller will only disclose your data to the competent authorities or courts upon their request and in cases prescribed by applicable law. In order to protect and securely store your personal data, and to protect them from unauthorized access, use, alteration or unlawful deletion, the Data Controller will do everything in its power, including taking reasonable technical security measures.
You can contact the Data Controller at any time via the service provider contact details specified in point 1. Personal data provided for the purpose of contacting the Data Controller will be deleted when the purpose of the contact is achieved, but no later than 72 hours thereafter, or within 30 days of receipt of your request for deletion of the data.
The Data Controller stores web identifiers for statistical purposes for 1 year, unless you request their deletion earlier. The statistics prepared by the Data Controller are free of personal data.
4. Definitions
1. Personal data: Any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, a number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. Data controller: The natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law.
3. Data processing: Any operation or set of operations which is performed on personal data or data files, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
4. Recipient: The natural or legal person, public authority, agency or any other body to which the personal data are disclosed, whether or not it is a third party. Public authorities which may have access to personal data in the context of an individual investigation in accordance with Union or Member State law shall not be considered recipients; the processing of such data by such public authorities shall comply with the applicable data protection rules in accordance with the purposes of the processing.
5. Data Processor: The natural or legal person, public authority, agency or any other body which processes personal data on behalf of the data controller.
5. Data processing and data transfer
In addition to the IT service provider specified in point 2, the Data Controller uses a newsletter service provider.
We send our newsletters using Odoo.
6. Data security measures
The Data Controller shall take the technical and organizational measures and comply with the procedural rules that are necessary for the enforcement of the provisions of Act CXII of 2011 on the right to information self-determination and freedom of information and Article 32 of the GDPR. The Data Controller shall do everything in its power to protect the User's data against data loss, destruction, distortion, falsification, manipulation, as well as unauthorized access and unauthorized disclosure. The Data Controller's IT systems are located partly at its headquarters (client-side infrastructure), and on the other hand, and in terms of the data storage location, in the server pool of MediaCenter Hungary Zrt., which operates its physical servers (server-side infrastructure).
7. Possibility to modify the data management policy
The Data Controller reserves the right to unilaterally amend this Statement. Any changes shall become effective from the date they are posted on the Website and on the Terminals located in the spa. The Data Controller shall not send a separate notification of the introduced changes, but shall state the date of the last amendment or update in the header of the Statement.
8. Managing cookies
When using the Website, your browser stores cookies on your computer's hard drive. During the order process, the Data Controller stores the data sent to our website by the browser and computer you use in order to ensure that the data provided in the different phases of the order process is not lost when you move to the next page. The Website only installs session cookies and anonymized Google Analytics statistical measurement codes in the User's browser, which are essential for the normal operation of the website and are important for collecting anonymized visitor data. Session cookies are automatically deleted at the end of the session, while Google Analytics measurement codes are stored on your computer for 2 years. You can change the cookie settings at any time and delete them under your browser settings.
9. Users' rights regarding the processing of their personal data, legal remedies
When processing your personal data, you have a number of rights, which you can exercise by sending a request to any of the contact details of Eleven Kft. specified in point 1.
Right to access and rectify personal data
You have the right to access, request a copy, and correct or update your personal data at any time.
Based on the right of access, you are entitled to receive information about the following:
a) the purposes of data processing;
(b) the categories of personal data concerned;
(c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, including in particular recipients in third countries or international organisations;
(d) where applicable, the planned period for which the personal data will be stored;
e) the right of the data subject to request from the controller the rectification, erasure or restriction of processing of personal data concerning him or her and to object to the processing of such personal data;
f) the right to lodge a complaint with a supervisory authority.
We understand the importance of this, so if you wish to exercise these rights, please contact us via one of the contact details specified in point 1.
Right to data portability
Your personal data is portable, so you have the right to receive it in a structured, commonly used and machine-readable format. This means that you will receive the personal data we process about you in a format that is machine-readable and that you can electronically transmit to another person.
If you wish to exercise your right to data portability, please contact us using one of the contact details set out in point 1.
The right to erasure of personal data
You have the right to request the deletion of your data if:
a) your personal data are no longer necessary for the purpose(s) for which they were collected; or
b) there is no legal basis for the data processing; or
c) object to the processing of your personal data;
d) the processing of personal data is not carried out lawfully; or
e) the deletion of your personal data is justified by compliance with legal requirements.
We would like to inform you that in cases where the duration of data processing is determined by law, you are not entitled to request the deletion of your data, as we are required by law to retain it.
The right to restrict data processing
You may restrict the processing of your personal data if:
a) you believe that the personal data held about you is inaccurate; or
b) the processing of personal data is not lawful, but instead of requesting their deletion, you would like to restrict their processing; or
c) we no longer need your personal data for the purpose(s) for which we originally collected them, but you require these data for the purpose of establishing, exercising or defending legal claims, or
d) You have objected to the processing of your personal data and are awaiting confirmation as to whether the interests related to your objection override the legal basis for the processing.
If you wish to restrict the processing of your personal data, please contact us via one of the contact details specified in point 1.
The right to protest
You may object to the processing of your personal data at any time. If you wish to do so, please contact us using one of the contact details provided in point 1.
The Data Controller will respond to your request as soon as possible, but no later than 30 days after receipt of your request.
In case of refusal to exercise a right, or if the data subject is not satisfied with the response of the Data Controller, he/she may assert his/her right to the protection of his/her personal data before a civil court, and may also file a complaint at any time with the National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; postal address: 1530 Budapest, Pf.: 5.; telephone number: +36 (1) 391-1400; email address: ugyfelszolgalat@naih.hu).
In matters not regulated here, the rules of the Info Act, the GDPR, Act V of 2013 on the Civil Code, and Act CVIII of 2001 on certain issues of services related to the information society shall apply.
Last updated: 2025.03.05.