Accomodations
The amendment to Act CLVI of 2016 on State Functions Pertaining to the Development of Tourism Regions entered into effect on 1 January 2021. The amendment requires accommodation providers to store the data specified by law from accommodation service users in the data storage location designated by the Government for the purposes specified in the Act.
The hosting service provider specified by the Government is the Hungarian Tourism Agency (HTA).
The HTA’s hosting tasks introduced in the amendment are performed by the Closed Guest Information Database system (Vendég Információs Zárt Adatbázis, VIZA).
By 1 September 2021 at the latest, all accommodation providers must have Property Management System (PMS) and ID scanners that are suitable for transferring data from each separate location to the VIZA system. Only approved PMS may be used for encrypted forwarding of the scanned data. The accommodation provider is required to record the personal data specified by law using PMS with an ID scanner. Data that cannot be read by the ID scanner or which are scanned incorrectly must be entered into the PMS manually by the accommodation provider. The storage space forwarding module integrated into the PMS forwards the data to the VIZA system.
WHEN THE GUEST USING THE ACCOMMODATION SERVICE CHECKS IN, THE ACCOMMODATION PROVIDER RECORDS THE FOLLOWING DATA USING THE ID SCANNER, with the aid of the PMS, which stores the data in the space specified by the Government decree.
- first name and family name;
- first name and family name at birth;
- place and date of birth;
- sex;
- citizenship;
- mother’s first name and family name at birth;
- the identification data on the identity card or travel document (for guests over the age of 14).
For guests younger than 14, the accommodation provider may record the above data on the basis of data provided by the guest’s representative (e.g. parent, guardian).
THE ACCOMMODATION PROVIDER ALSO ENTERS THE FOLLOWING DATA IN THE PMS:
- the address of the accommodation service;
- the starting date and the expected and actual end date of using the accommodation service.
DATA NOT INCLUDED IN THE IDENTITY DOCUMENT NEED NOT BE RECORDED.
The data:
- that the ID scanner is unable to read
- or reads incorrectly
must be entered into the PMS manually by the accommodation provider.
THE TOOLS USED BY ACCOMMODATION PROVIDERS AND THE VIZA SYSTEM MAY NOT STORE IMAGES OF THE SCANNED DOCUMENTS.
Under operative Hungarian law, all citizens are required to have an official identity document (identity card, passport or driving licence card) regardless of age, thus now including the newborn. The legislation requires data to be recorded for all guests using accommodation services, so recording of the data may not be neglected because of age or any other variable (e.g. the fee payable for the service, discounts, the length of the stay, relationship to the user).
Guests over the age of 14 using the accommodation service must present a document suitable for personal identification to the accommodation provider for the purpose of recording the data.
If the documents are not presented, the accommodation provider shall refuse to provide the accommodation service.
Data recording in absence of the guest
The accommodation provider may give guests the option of scanning the personal data required by law from their identity cards by themselves, remotely and digitally using the property management system.
The accommodation provider is still responsible for checking the data provided by the guest, before forwarding the data to the VIZA system. Accordingly, with regard to the data provided remotely, the accommodation provider shall check the identity of the guest, and the veracity of the data recorded in advance, at the latest on arrival of the guest. The check may also be done before the guest arrives, either by video call or by using a digital image providing proof of identity.
Connecting Property Management System (PMS)
Accommodation providers shall ensure that the PMS they use meets the conditions for transferring data to the VIZA system. For more information, contact your current software provider. Read more about approved PMS HERE.
Before reporting data for the first time, the accommodation provider must follow the instructions of the supplier of the PMS and the ID scanner to configure the software and the ID scanner and to create a secure network communication channel between the PMS and the VIZA system.
If the accommodation provider is able to supply VIZA data (i.e. he is using PMS with relevant certification and a suitably fitted ID scanner), he is technically prepared to supply data in accordance with legal obligations. The accommodation software supplier can provide information on how to continuously monitor whether the regular data reporting obligation is met.
Data transfer
All accommodation providers must have PMS and ID scanners that are suitable for the encrypted transfer of data for each separate location to the VIZA system. Read more about the software approved for data transfer HERE.
The PMS transfers the scanned personal data of guests in an encrypted manner by means of the storage space forwarding module integrated into the PMS. The accommodation provider is required to record the data specified by law using the ID scanner linked to the PMS.
The Government appoints the municipal governmental notary of the municipal government with competence for the given accommodation as commercial authority in relation to the accommodation provision activity, or in Budapest that of the relevant district, regarding areas under direct administration by the Metropolitan Government of Budapest the chief notary of Budapest, and as regards holiday boat accommodation the notary of the municipal government with competence over the port concerned. The competent commercial authority monitors the data transfers from accommodation providers to the VIZA system. Accommodation providers may join the system from 1 January 2021, with compulsory data transfer being required from 1 September 2021.
Software
In accommodations, only PMS that is suitable for transferring data to the VIZA system with an appropriate encryption procedure may be used.
The accommodation provider submits the personal data of guests as required by law to the VIZA system using the storage space forwarding module integrated into the PMS.
Software with certificates issued by the HTA for transferring data to the VIZA system:
| Name of manufacturer or distributor | Software name and version number | Website |
| 7Hills IT Kft. | 7H NTAK Connector | distributor's website |
| 7x24 Central Hostel, Budapest, Hungary | PBPMS 8.2.1 | distributor's website |
| Árpád Híd Ingatlan Kft. | FIG TREE HOTEL MANAGEMENT SYSTEM 7.0 | distributor's website |
| Bit Soft HU Kft. | BTS2VIZA | distributor's website |
| Chrome-Soft Kft. | Hotelgram | distributor's website |
| Com-Passz Kft. | Visual Hotel | distributor's website |
| CTS Informatika Kft. | CTS Szálláshely Nyilvántartó | distributor's website |
| Digithotel Online Foglalás Kft. | Digithotel.hu | distributor's website |
| EleniSoft Hungary Kft. | EleniSoft PMS | distributor's website |
| FLEXYS Számítástechnikai Rendszerház Kft. | Flexys Front-Office | distributor's website |
| GAP Solutions Kft. | RoomSoft | distributor's website |
| GTSG Kft. | GTSG HOTEL | distributor's website |
| GUBSE AG | SIHOT.PMS | distributor's website |
| HC DELTA KFT. | EOSNTAK_v1.0 | distributor's website |
| Hospitality and Retail Systems Kft. | HRS VISA EXPORT Portal (Fidelio) | distributor's website |
| Hospitality and Retail Systems Kft. | HRS VISA EXPORT Portal (Opera) | distributor's website |
| Hospitality and Retail Systems Kft. | HRS VISA EXPORT Portal (Opera Cloud) | distributor's website |
| HostWare Kft. | HostWare FRO Szállodai front office programcsomag | distributor's website |
| Hotelsystem Kft. | Hotelsystem | distributor's website |
| Infor (Österreich) GmbH | Infor HMS | distributor's website |
| Maistro Kft. | Maistro PMS | distributor's website |
| OFIMATICA TSS S.L. | OFIHOTEL | distributor's website |
| Profit-X Kft. | JPMS for Joomla | distributor's website |
| r3server.com Kft. | R3SERVER-H | distributor's website |
| Rhino Computer Kft. | Rhino Szálloda | distributor's website |
| The Pass Kft. | SabeeApp | distributor's website |
| TMRW Kft. | TMRW PMS | distributor's website |
| Using kft. | eRecepcios V2.0 | distributor's website |
ID scanners
An ID scanner is a tool that an accommodation provider subject to Act CLVI of 2016 uses to scan the legally required data of accommodation users from documents suitable for identification, for the purpose of submitting the data to the data storage location specified by the Government.
Processing of personal data
The VIZA system is only able to accept data packages where the personal data have been encrypted by the accommodation provider using the encryption keys specified by law. The law has designated DATRAK Digitális Adattranzakciós Központ Korlátolt Felelősségű Társaság [DATRAK Digital Data Transaction Centre Limited Liability Company] as the key distributor for providing the data encryption process.
ACCORDING TO OPERATIVE LEGISLATION, GUESTS OVER THE AGE OF 14 MUST PRESENT A DOCUMENT SUITABLE FOR ESTABLISHING PERSONAL IDENTITY:
“Hungarian citizens, immigrants, permanent residents, refugees and persons with protected status shall be required to hold and keep safe a valid identity card and to present such in the cases and in the manner specified by law, when requested to do so.”
Regarding the recording and transfer of data for the VIZA system, the accommodation provider is the data controller for the guest’s personal data and the HTA is the accommodation provider’s data processor.
The accommodation provider’s privacy policy
Based on the provisions of operative legislation, the accommodation provider is obliged to have a privacy policy, as, in line with the provisions of Act CXII of 2011 on the Self-Determination of Information and Freedom of Information as well as the GDPR ruling, guests must be provided with clear, understandable, and detailed information on all facts related to data processing, thus especially the purpose and legal basis for data processing, the person authorised to control and process data, the duration of processing, and the persons entitled to learn such information. Information shall also be provided on the data subject's rights and possible legal remedies.
THE COMPULSORY CONTENT OF THE PRIVACY POLICY
- the name and contact information of the data controller, the person authorised to represent the controller, and, if applicable, the name and contact information of the Data Protection Officer;
- information on whether the processing of personal data is based on law or a contractual obligation, or is a precondition for the conclusion of a contract;
- a designation of the obligation under which the data must be disclosed;
- az adatszolgáltatás elmaradásának következményei (mi történik, ha a vendég nem hajlandó megadni a személyes adatait);the consequences of failing to provide the data (what happens if guests are unwilling to disclose their personal data);
- the purpose(s) of data processing;
- the legal basis (bases) for data processing;
- the scope of the personal data processed;
- the duration of the storage of personal data (the duration of the storage and archiving of various personal data may differ depending on data processing purposes);
- the recipients of data processing and the range of data processors used (the companies that are involved in some manner in the processing of personal data as contracted by the processor, e.g. the name and contact information of an accounting company or operator of a booking system or PMS);
- the rights of the data subject (guest) (access, correction, deletion, withdrawal of consent, restriction of processing, objection to processing, data portability, possible cases of restriction, the right to submit complaints against data processing to the supervisory authority, (contact information for NAIH (Nemzeti Adatvédelmi és Információszabadság Hatóság [The Hungarian National Authority for Data Protection and Freedom of Information]) and possibilities for legal remedy, including the right to go to the court with jurisdiction for the data subject’s address or the controller’s registered seat;
- data security information and the organisational and technical measures taken by the controller to guarantee the confidentiality, integrity and availability of the personal data it processes.
When preparing your privacy policy, please ask for assistance from a trade association, or from an expert or lawyer who deals with data processing!
THE HUNGARIAN TOURISM AGENCY, THE OPERATOR OF THE VIZA SYSTEM AND THE HOSTING PROVIDER FOR TOURISM, IS THE ACCOMMODATION PROVIDER’S DATA PROCESSOR AS REGARDS THE DATA SUBMITTED TO THE SYSTEM
As such, the HTA:
- only handles guest data on the basis of instructions received from the accommodation provider, in connection with which it may only perform operations in accordance with the Tourism Act and with this Section
- shall ensure that employees performing tasks related to the role of the tourism hosting provider are bound by a confidentiality obligation with regard to guest data
- shall take appropriate technical and organisational measures to take into account the state of science and technology and the costs of implementation, as well as the nature, scope, circumstances and purposes of data processing and the varying probability and severity of the risk to individuals’ rights and freedoms, thus guaranteeing an adequate level of data security through encryption and ensuring that its employees do not have access to the guest data
- may not employ any additional data processor without prior specific ad hoc or general authorisation by the accommodation provider
- taking into account the nature of the data management, taking the necessary technical and organisational measures, it shall assist the accommodation provider as far as possible in fulfilling its obligations in relation to the exercising of the data subject's rights
- taking into account the nature of data management and the information available to the data processor, it shall assist the accommodation provider in fulfilling its obligations regarding the security of data processing and the handling of possible incidents
- on termination of the legal relationship concerning data processing, it shall act in accordance with the instructions of the accommodation provider regarding the guest data and copies thereof, unless the law or a binding legal act of the European Union requires it to continue to store the guest data.
Downloads
The documents available for download below help you to share information with guests, as all guests are required to present an identity document on arrival, regardless of age or citizenship. We recommend posting the notice in a clearly visible location at reception, where guests are checked in. We also recommend posting the information on the requirement to present travel documents on the booking interface, website, booking confirmation or in a separate e-mail sent to guests prior to arrival.