• Check-in from 14:00, Check-out: until 10:00
Facebook-square Instagram Tiktok Youtube
Booking

Privacy Policy

1. Introduction

This privacy policy aims to inform you about how we handle your personal data on our website (hereinafter: “Website”), with particular regard to contact requests, newsletter subscriptions, use of our online booking system, payment processes, and the use of cookies.

2. Data Controller Information

Name: Sparkling Time Apartman
Address: 4200, Hajdúszoboszló, Akácfa utca 27., Hungary
E-mail: sparklingtimeapartman@gmail.com
Website: sparklingtimeapartman.hu

3. What data do we collect?

a) Contact / Booking Inquiry

When a visitor sends a message through the website (e.g., inquiry about accommodation), we may request the following data:

  • Name
  • E-mail address
  • Phone number
  • Message content

We receive the data via email and process it solely for the purpose of maintaining contact.

b) Newsletter Subscription

When subscribing to our newsletter, we process the following data:

  • E-mail address

Subscribers are added to a list, and we use the data solely for sending newsletters. Unsubscription is available at any time at the bottom of every newsletter sent.

c) Online Booking System

When using our online booking system available on our website, we collect and process the following personal data:

Required data:

  • Last name
  • First name
  • E-mail address
  • Phone number
  • Booking start date
  • Booking end date
  • Number of adults
  • Number of children
  • Coupon code (if applicable)
  • Other information provided in the booking form

Technical data:

  • Unique booking identifier (booking ID)
  • Date and time of booking creation
  • Booking status (pending, accepted, rejected, etc.)
  • Customer IP address (for security purposes only)
  • Page identifier where the booking was made

d) Payment Data

During booking, you can choose from the following payment methods:

  • Stripe credit card payment
  • Stripe Apple Pay
  • Stripe Google Pay
  • PayPal

Payment data processing for Stripe payment methods:

  • We use the service of Stripe Inc. (510 Townsend Street, San Francisco, CA 94103, USA) to process payments
  • We transmit payment data (credit card number, expiration date, CVV code) directly to Stripe; we do not store these on our server
  • We store the Stripe Payment Intent identifier in connection with the booking
  • Booking data (name, email, dates) are stored in Stripe metadata for the payment transaction
  • Stripe handles the data according to its own privacy policy: https://stripe.com/privacy
  • Stripe operates in the EU and complies with EU data protection regulations

Payment data processing for PayPal payment method:

  • We use the service of PayPal (Europe) S.à r.l. et Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg)
  • We transmit payment data directly to PayPal; we do not store these on our server
  • We store the PayPal Order identifier in connection with the booking
  • PayPal handles the data according to its own privacy policy: https://www.paypal.com/webapps/mpp/ua/privacy-full

Important note: Credit card data (card number, expiration date, CVV code) are never stored in our system. These are handled directly and securely by the payment service providers (Stripe, PayPal).

Stored payment information:

  • Payment method (Stripe credit card, Stripe Apple Pay, Stripe Google Pay, PayPal)
  • Payment amount
  • Payment date and time
  • Payment status (completed, pending, error)
  • Payment transaction identifier (Payment Intent ID or Order ID)

e) Cookies

The Website uses cookies necessary for the default operation of the WordPress system, as well as optionally statistical and marketing cookies.

Types:

  • Essential cookies: these ensure the basic functions of the website, including the operation of the booking system.
  • Statistical cookies: may collect anonymous information, e.g., about the number of visitors or their behavior (e.g., Google Analytics).
  • Marketing / convenience cookies: operate when, for example, we embed a YouTube video or display advertisements (if any on the site).

The use of cookies – if not only technical – requires the user’s consent, which we request on the first visit to the website.

4. Legal Basis for Data Processing

a) Contact: Your consent (GDPR Article 6(1)(a))
b) Newsletter subscription: Your consent (GDPR Article 6(1)(a))
c) Online booking: Performance of contract (GDPR Article 6(1)(b)) – necessary for the conclusion and performance of the booking contract
d) Payment data: Performance of contract (GDPR Article 6(1)(b)) – necessary for the fulfillment of payment obligations
e) IP address storage: Legitimate interest (GDPR Article 6(1)(f)) – for security and fraud prevention purposes
f) Accounting obligation: Legal obligation (GDPR Article 6(1)(c)) – storage of invoices and billing data

5. Data Storage and Protection

We do not store inquiries and contact requests received via email in a separate database, only in our own email system.
We handle the newsletter list securely and do not share it with third parties.
Booking data is stored in the WordPress database, which is located on a secure server, and only authorized persons have access to it.
Payment data is stored in the Stripe and PayPal systems, which protect payment information in accordance with PCI DSS standards.
We do not use automated decision-making or profiling.

Data transfer to third parties:

  • Stripe Inc. (payment processing) – USA, but with EU compliance
  • PayPal (Europe) S.à r.l. et Cie, S.C.A. (payment processing) – Luxembourg, EU
  • Email service provider (contact, sending notifications)
  • Website hosting provider (data storage)

6. Data Retention Period

  • Contact data: maximum 4 years after the communication is concluded.
  • Newsletter subscribers: until the user unsubscribes.
  • Booking data:
    • Active bookings: 8 years after the completion of the booking (accounting obligation)
    • Deleted/cancelled bookings: 3 years after the deletion/cancellation of the booking
    • Payment data: 8 years after the completion of the payment (accounting obligation)
    • IP address: maximum 1 year (for security purposes)

The above periods are determined based on Hungarian accounting law and the recommendations of the data protection authority.

7. User Rights

Data subjects may exercise the following rights:

a) Right of access: You may request an overview of your personal data, information about what data we process about you.
b) Right to rectification: You may request the correction of incorrect data.
c) Right to erasure (“right to be forgotten”): You may request the deletion of your data if the data processing is not necessary for the performance of the booking contract or the fulfillment of our legal obligations.
d) Right to restriction of processing: You may request the restriction of the processing of your data in certain cases.
e) Right to data portability: You may request the transfer of your data in a structured, commonly used format.
f) Right to object: You may object to the processing of your personal data if the data processing is based on legitimate interest.
g) Withdrawal of consent: If data processing is based on consent, you may withdraw your consent at any time (this does not affect the lawfulness of data processing that occurred before the withdrawal of consent).
h) Filing a complaint: You may file a complaint with the National Authority for Data Protection and Freedom of Information (NAIH) if you believe that the data processing violates data protection rules.

NAIH contact information:
Address: 1055 Budapest, Falk Miksa utca 9-11., Hungary
Phone: +36 1 391-1400
E-mail: ugyfelszolgalat@naih.hu
Website: https://naih.hu

8. Data Protection Incidents

If a data protection incident occurs (e.g., unauthorized access to data), we will notify the data subjects and the supervisory authority in accordance with applicable laws if the incident poses a high risk to the rights and freedoms of the data subjects.

9. Data Processing Security

To protect data, we implement technical and organizational measures:

  • Secure SSL/TLS encryption in communication between the website and payment service providers
  • Access control: only authorized persons have access to the data
  • Regular security backups
  • Payment data is processed directly in the Stripe and PayPal systems and is not stored on our server

10. Contact

For questions, comments, or requests to exercise your rights, please contact us at:
sparklingtimeapartman@gmail.com

Last update of the privacy policy: November 30, 2025.

Agent

Your host

Mariann

Contact
//

Discover

//

Newsletter

© All Copyright 2025 by Sparkling Time Apartman

Facebook-square Instagram Tiktok Youtube