GoBeyond as Data Collector processes data collected through its website, contracts and any other channels linked with GoBeyond.
The Privacy Policy applies to the GoBeyond’s website, and all other direct services. GoBeyond is an independent travel design agency.
A data administrator is the one who determines what data is collected, with which tools, and for what purposes.
Data can be any information you give to GoBeyond while using its services. Personal data includes information which can directly or indirectly identify the owner—typically being name and email.
Learn more about this athttps://www.eugdpr.org/glossary-of-terms.html.
Our primary goal is to make sure we offer protection for our visitors and travellers. We pay particular attention to making sure we guarantee the rights of the services we provide to everyone without discrimination of any kind. We want to make sure that we give you your right to privacy when handling personal data in any way.
The Info. (Act CXII. of informational self-determination and freedom of information law in 2011) and the EuropeanGeneral Data Protection Regulation (2016/679 The EU Regulation on the protection of natural persons with regard to the processing of personal data and such free flow of data, hereinafter referred to as „GDPR“), which came into force on May 25th, 2018, also necessitates adequate information for stakeholders.
General terms and conditions of GoBeyond
Each time we collect data it is done with a predefined purpose. We ensure that the information requested is done in a transparent manner.When signing up for any of our trips or sending your contact info though our website, we highlight what we will use the requested information for. Your consent will be asked based on this.
If you have further questions, please contact us at hello@gobeyond.travel.
It depends on which of our services you’d like to use.We make sure that we have your understanding and consent for every different case by providing you with the information you need, then asking for your agreement by ticking checkboxes which express that you have read, understood, and give us permission to handle your data. Otherwise, Processing shall be lawful only if and to the extent that at least one of the following applies:
The following table shows all the possible cases where we may ask for your data:
Your role | Where you enter your data | Data types and Addressees | Purpose(s) of data use and lawfulness | How long your data will be stored | How to take back your consent |
Requesting for more info through our web page (I’m interested) or phone | The ‚Contact us‘ or ‚I’M inteterested‘ subpage of our website | Name, email address
CEO and Ops |
We will send you an email to answer your question (GDPR Article 6. (1) a) | 2 years | You can reply to our email or call and indicate that you want to be removed from our list |
We sign a contract for travel and/or for additional services (contribution to buying plane ticket or insurance) | Personaly or through email | Name, address, birth date and place, passport number, bank account number, email, phone number
CEO, Ops and third parties |
Performance of the contract (GDPR Article 6. (1) b); Invoicing and other legal obligations (GDPR Article 6. (1) c); Consent to data data transfer to third country data processors (GDPR Article 6. (1) a) | 5 years after the termination of the contract and billing data for 8 years after the termination of the contract. | By signing the contract, you authorize us to process your personal information necessary for the performance of the contract, and it is not possible to withdraw the consent. |
You are a contracted customer and you agree to that we take a picture, video and sound recording about you during your journey | In the contract | Photo and video | In addition to our travel service, we will provide you with a video, photo and audio recordings. (GDPR Article 6. (1) a) | Not later than 5 years after the termination of the contract | You can revoke your consent until the beginning of the journey |
You subscribed interested in GoBeyond news | You have subscribed to our newsletter from our website or during registration | Name, email address
CEO, Ops |
We will send you our newsletter through email. (GDPR Article 6. (1) a) | As long as you are a subscriber | You will find the option to unsubscribe at the footer of every newsletter |
You contact us through social media paltforms | Through the given social media | Name, email address
CEO, Ops |
We will only process your data for contact if you wish to learn more about us or to conclude a contract based on your request (GDPR Article 6. (1) a) | 2 years | You can reply to our email or call and indicate that you want to be removed from our list |
Your visit our website | Info collected by cookies | IP address Google | Google analytics collects and manages IP addresses anonymously. Our goal is to improve the usability of our website based on statistics (GDPR Article 6. (1) a) | 5 years | You must provide your consent at the first visit of the website, which can not be withdrawn, so you can delete the installed cookies at any time from your browser. |
You must provide your consent at the first visit of the website, which can not be withdrawn, so you can delete the installed cookies at any time from your browser.
In any case we wish to use your personal data for any other purpose than the original request, we will talk to you first.
In all cases, your data will be processed according to our principles and will be used solely to perform the contract or to fulfill legal obligations. The contracts are stored in closed folders.
Our newsletter is sent to subscribers. The content contains mostly announcements of our trips, offerings, or other marketing invitations. Subscribers‘ personal information (name, email address) is stored in a database until they sign up for our newsletter. Personal information will not be transmitted or sold to third parties in any case and will not be published anywhere.
If you have a question about us or want to download content from our blog, then we will ask for your name and email address so that we can contact you with the resources or support your request. Your name and email address will be stored for two years, which means the operation of an online database that is only accessible to us.In any case, we will not forward or sell your personal data to third parties and it will not be published anywhere. Also, it’s important to know that we do not automatically subscribe you to our newsletter. To unsubscribe you can email us that you do not want to receive more messages from us.
Before requesting data, we ensure to communicate accurate information to you on what the purpose of the data collection is and how it is processed, such as who can access it.
On our webpage, we visibly display an outline that highlight what we will use personal information for.
You are entitled to withdraw your consent for us to manage your data at any time.
If you do not wish to receive news from us, you can unsubscribe at any time by clicking the ‚Unsubscribe‘ button at the bottom of the newsletter. If you do not want to receive any more emails from us, you can easily reply to us by email.
Users have the right to know about the personal information of their given organization and information about the management of the organization, and to inquire about what information is kept by an organization at any time.
Through our contacts you can send this request to GoBeyond.
The data subject shall have the right to receive the personal data that the data controllers have, and if technically possible, able to request the data to be forwarded to another data controller.
Through our contacts you can send this request to GoBeyond.
The data subject may request to correct inaccurate information from data controller without undue delay.
Through our contacts you can send this request to GoBeyond.
The user has the right to request that the data controller stops processing his/her data if:
Through our contacts you can send this request to GoBeyond.
The user has the right to object to the processing of his or her personal data for any reason relating to personal reasons if they are processed in the interest of the data controller or his public authority.
Through our contacts you can send this request to GoBeyond.
The user has the right to request that data controller without delays, delete personal data if:
Deletion means hard delete.
If you receive an email from us through either the newsletter or any of the other ways detailed above and unsubscribe or do not request for more emails, your name and email address will be deleted immediately from our database. (hard delete)
Through our contacts you can send this request to GoBeyond.
If the data controller has disclosed personal data and is obliged to delete it for some reason, he takes technical measures to take into account the available technology and the costs of implementation to inform other data controllers that the person concerned has made such a request.The other data controller is typically a search engine operator who has access to handle the personal data if requested.
GoBeyond does not disclose any personal data but on the basis of the prior consent of the traveller, at the time of the conclusion of the contract, it may publish the image, video and sound recordings made during the journey on its online surfaces or in print. However, GoBeyond does not grant any rights of use to third parties
However, if requested, we will take needed steps to ensure that an unauthorized third-party data handler can delete your personal information from its location.The expected steps are the three consecutive written inquiries, the documentation of the case, and the third data handler’s call for data, image, or any other document from the GoBeyond surfaces.
Through our contacts you can send this request to GoBeyond.
GoBeyond seeks to maximize your rights and prioritize any questions or requests about our data management practices.
Data protection issues are dealt by the Hungarian National Data Protection and Information Freedom Authority, based on paragraph 22 of the GDPR definition.
KBOSS.hu Kft. (Szamlazz.hu)
Seated at: 1031 Budapest, Záhony str. 7.
If you have a contract with us, we use billing information to bill you in an online service, called ‚Szamlazz.hu‘
During our preparation for GDPR, we secured that ‚Szamlazz.hu‘ guarantees the protection of personal data at least at the European level in accordance with the Regulation and has prepared all its products accordingly. You can read more about ‚Szamlazz.hu“s relevant service and the GDPR guarantee by clicking the links below:
https://www.szamlazz.hu/adatvedelem/
E-goodwill Kft.
Seated at: 3842 Halmaj, Dózsa György utca 50
In order to be compliant with national legal obligations, we have to forward the invoices (with personal information on it) to our bookkeeper. We shall forward the contracts, too, if necessary. Our bookkeeper is subject to the ‚Data Processor Agreement‘ established during our preparation for GDPR.
Hubspot Inc.
Headquarters: 25 First Street, 2nd Floor, Cambridge, MA 02141 USA
Hubspot stores the names and email addresses of subscribers who are signing up to the newsletter as well as any other person seeking us.The Hubspot helps us generate our websites.
During our preparation for GDPR, we secured that Hubspot guarantees the protection of personal data at least at the European level in accordance with the Regulation and has prepared all its products accordingly.You can read more about Hubspot’s relevant service and the GDPR guarantee by clicking the links below:
https://www.hubspot.com/data-privacy/gdpr/product-readiness
AGL Group Kft.
Seated at: 1066 Budapest, Jókai Str. 6
With the aim of continually developing the quality and usability of our website, we cooperate with a web designer and developer team who may view personal data. Our bookkeeper is subject to the ‚Data Processor Agreement‘ established during our preparation for GDPR.
Google LLC.
Seated at: Mountain View, Kalifornia, Egyesült államok
During our preparation for GDPR, we secured that Google guarantees the protection of personal data at least at the European level in accordance with the Regulation and has prepared all its products accordingly.You can read more about Google’s relevant service and the GDPR guarantee by clicking the links below:
https://gsuite.google.com/faq/security/
Beyond the above, GoBeyond is entitled to forward the data to third parties acting in the interest of the service in order to achieve the above objectives. Third parties acting in connection with the performance of a travel contract for the purpose of the data controller shall in particular, but not exclusively, the contractor’s contracted tour guide, accommodation, catering, personal transport and other contributor services. The range of recipients varies from one trip to another and is therefore not listed in this Privacy Notice because it would seriously compromise the requirement of transparency, but the data subject may request from the controller a list of data processors by name.
The personal data of the data subjects may also be transferred to data controllers and processors in countries outside the European Economic Area where this is necessary for the performance of the travel contract, the transfer is occasional, and the traveler has given his explicit and informed consent in the light of potential risks (Article 49 GDPR (1))) the).
Possible risks arising from data transfer – due to lack of conformity decision and appropriate guarantees: Data controller for recipients of data processing in the destination country (s) of the travel contract (in particular accommodation and catering service providers, passenger transport, tour guides, other service providers). The Data Controller shall take all possible technical measures to ensure the secure transmission of the data and shall enter into a data processing contract with the data processors including the obligations contained in the GDPR. The data processor is obliged to comply with the contract, but there is no other guarantee that this obligation will be met.
The controller keeps records of the processors.
A cookie is a piece of information that a visited web site sends to a visitor’s browser (in the form of a variable name value) to store it and later to load the same website.
During visits to our website, we send one or more cookies (a small file containing a string of characters) to the visitor’s computer, which will allow its browser to be uniquely identified. These cookies are provided by Google through GoBeyond and Google Analytics.Google Analytics generates cookies through Google AdWords. These cookies will only be sent to the visitor’s computer by visiting certain subpages—only the actual time to visit that subpage will be stored.
Google uses these cookies for statistical purposes when a user has previously visited the advertiser’s websites.
We use Facebook Pixel cookies to track conversions for ads running on Facebook. Facebook Pixel is a code snippet that is placed in the source code of the GoBeyond web site, Facebook gives you the opportunity to track the activities of (Facebook-registered) users on your website.
GoBeyond is available on Facebook and Instagram.
The use of the social networking site, and through contact with GoBeyond, contact, and other activities permitted by the community site is based on voluntary consent.
Stakeholders are natural persons who voluntarily follow, share, like, appreciate, and share the community pages of the data controller or the content appearing on it.
GoBeyond communicates with the people via the social network only so that the purpose of the data being processed becomes relevant when the person is searching through the community site.
The purpose of the presence on the community portals and the related data management is to share and publish the content on the website on the social network, i.e. the marketing of GoBeyond.
The person voluntarily contributes to data management under the terms of the community site, for example by following and favoring the content of GoBeyond.
The Subject may evaluate GoBeyond in a numerical and numerical way, if the community site allows it.
GoBeyond also publishes images / video clips on various events and services on the community site. In the case of non-mass recordings or public recordings (Section 2:48 of the Civil Code), GoBeyond will always seek the consent of the Participant before publishing the images.
You may get information about the data management of the given community site on the given community site.
Duration of data management: at the request of the data subject, until revoke of consent.
The way of data management: electronically, automated.
The source of the data is directly from the person.
Automated Decision Making Profiling: not happening.
GoBeyond draws attention to the fact that an organization operating a community site, such as Data Controller, can perform profiling or other automated data management, but in this case, the controller will be the organization that manages the community site.
Are there any provisions related to age restrictions?
The applied age restrictions are the ones in the Civil Code of Hungary. Nevertheless, we are not obliged to confirm this by requesting any official document.
GoBeyond ensures that the processing of personal data is in accordance with the rights, interests and data protection regulations of those concerned will be supported by the following technical actions and regulations:
All the personal data sent through the subpage ‚I’m interested‘, is transmitted via a https (TLS cryptographic protocol) channel between the user’s browser and the cloud service provider.
Encrypting end-of-life databases is encrypted using security keys (‚Industry standard AES-256 encryption algorithm‘).
GoBeyond maintains a policy and procedure for information security and privacy incidents that include initial response, investigation, notification and/or public disclosure. These guidelines are regularly reviewed and tested annually.
In the event of information security and/or privacy incidents, we will immediately notify the affected users with appropriate security measures and without delay and, if possible, 72 hours after the privacy incident hascome to our attention, to the competent authority. Our procedure is in line with our GDPR obligations and industry standards. We are committed to constantly informing you about issues that are relevant to the security of your account and provide you with all the information you need.
The Privacy Policy may be amended unilaterally by GoBeyond but will notify the users. Any modification is valid only if it complies with applicable legislation.