Privacy Policy
PRIVACY POLICY FOR GUESTS
Since You qualify as data subject in the application of data protection regulations, please be informed with respect to Articles 13 and 14 of the GDPR:
1. Data processor
§ 1 (1) The data procession is carried out by
a) Hungária Koncert Kft. (Abonyi Street 27. Ground Floor 2. Budapest, Hungary, H-1146 – Email: frontoffice@hungariagroup.com)
b) Duna Koncert Kft. (Abonyi Street 27. Ground Floor 2. Budapest, Hungary, H-1146 – Email: frontoffice@hungariagroup.com)
c) Duna Főnix Kft. (Abonyi Street 27. Ground Floor 2. Budapest, Hungary, H-1146Budapest. – Email: frontoffice@hungariagroup.com)
d) HDK Kft. (Abonyi Street 27. Ground Floor 2. Budapest, Hungary, H-1146 – Email: frontoffice@hungariagroup.com)
as joint processors (hereinafter referred to as: data processor).
(2) The summary of the arrangement that was concluded between the joint processors is as follows:
’1. The Parties agree to perform the duties of the data processor regarding the guests (who qualify as data subject) coming to the programmes organised by them together as joint controllers.
2. The Parties realise that the sales, booking, organising and invoicing activities required by the Programmes are primarily carried out by their employees and therefore it improves the efficiency to act as joint controllers.
3. The Parties realise, that
a) sales activity is primarily exercised by Hungaria Koncert Kft., or Duna Koncert Kft. or Duna Főnix Kft.;
b) the booking system is provided by Hungaria Koncert Kft. and Duna Koncert Kft.
c) the organisation and catering are provided by Hungária Koncert Kft., Duna Koncert Kft.,
d) invoicing is done by HDK Kft.
4. The necessary information shall be provided by that Party, whose surface is used by the guest or whose employee is involved in the sales activity or from whom a reseller orders the Programme, or from whom the data subject requests it.”
2. The respective data processing operations
§ 2 (1) Regarding the data processing operations,
a) the data processed by the data controller,
b) the purpose of the data processing,
c) the legal basis of the data processing,
d) the duration of the data processing,
e) the recipients, with whom the data are shared
are determined by the following table:
| Data | Purpose of the data processing | Legal basis of the data processing | Exact legal source – if data procession is required for the fulfillment of a legal obligation | Duration of the data processing | Recipients |
| Name | identification of the guest | necessary for the performance of a contact [GDPR Article 6 (1) b)] | until the obligation expires by prescription | ||
| Name | invoicing | necessary for the fulfillment of a legal obligation [GDPR Article 6 (1) c)] | § 169 of the VAT Act | until the right to set the tax expires by prescription | tax authority; accountant |
| Address | invoicing | necessary for the fulfillment of a legal obligation [GDPR Article 6 (1) c)] | § 169 of the VAT Act | until the right to set the tax expires by prescription | tax authority; accountant |
| VAT ID | invoicing | necessary for the fulfillment of a legal obligation [GDPR Article 6 (1) c)] | § 169 of the VAT Act | until the right to set the tax expires by prescription | tax authority; accountant |
| Email address | contacting the guest, forwarding information [e. g. the ticket/voucher] | necessary for the performance of a contact [GDPR Article 6 (1) b)] | until the obligation expires by prescription | ||
| Phone number | contacting the guest | necessary for the performance of a contact [GDPR Article 6 (1) b)] | deleted 3 months after the Programme ended | ||
| Nationality | in case of certain programmes: setting up tables that share a common language | consent of the data subject [GDPR Article 6 (1) b)] | deleted immidiately after the Programme ended | ||
| Accomodation | If that extra service option is booked, picking up and dropping off the guest at her/his accomodation. | necessary for the performance of a contact [GDPR Article 6 (1) b)] | until the obligation expires by prescription | ||
| Browser type, | optimizing the Websites | consent of the data subject [GDPR Article 6 (1) b)] | 1 year after purchase | ||
| OS type | optimizing the Websites | consent of the data subject [GDPR Article 6 (1) b)] | 1 year after purchase | ||
| IP addres | detecting fraud | consent of the data subject [GDPR Article 6 (1) b)] | 1 year after purchase |
(2) It is obligatory for the data subject to give her/his name, address, VAT ID (if available), email address. It is a condition so the contract can be concluded and if its omitted the contract is not concluded. The phone number, nationality and accomodation of the guest, however is not necessary for the conclusion of the basic contract, but it is necessary if the data subject intends to participate in certain additional services.
(3) Regarding the data processing operations in case the data subject registers to one of the websites,
a) the data processed by the data controller,
b) the purpose of the data processing,
c) the legal basis of the data processing,
d) the duration of the data processing,
e) the recipients, with whom the data are shared
are determined by the following table:
| Data | Purpose of the data processing | Legal basis of the data processing | Exact legal source – if data procession is required for the fulfillment of a legal obligation | Duration of the data processing | Recipients |
| Name | identification of the guest | consent [GDPR Article 6 (1) b)] | until the consent is revoked | ||
| Email address | identification of the guest | consent [GDPR Article 6 (1) b)] | until the consent is revoked |
(4) Registration according to paragraph (3) is not a prerequisite for the purchase through the websites and in case of data processing operations related to purchases/bookings the deletion of the registration (revoking the consent) shall have no effect on the legal basis of data processing operations related to purchases/bookings.
3. Rights of the data subject
§ 3 (1) The data subject may request access to her/his personal data, or that the data be rectified, erased, the processing be restricted or she/he may object.
(2) The data subject shall have the right to data portability.
(3) In case the data processing is based on consent, the consent maya t any time revoked which shall have no effect on the legality of the data processing before the consent is revoked.
(4) The data subject may issue a complaint to the appropriate agency, that is as follows:
Hungarian National Authority for Data Protection and Freedom of Information
| Post Address: | H-1530 Budapest, Pf.: 5. |
| Address: | Szilágyi Erzsébet Alley 22/c Budapest, H-1125 |
| Phone number: | +36 (1) 391-1400 |
| Fax: | +36 (1) 391-1410 |
| E-mail: | ugyfelszolgalat@naih.hu |
| URL | http://naih.hu |
(5) The provision of personal data is a statutory and contractual requirement as detailed in § 2, and it is a requirement necessary to enter into a contract as detailed in § 2 (2), and the data subject is not obliged to provide the personal data but it may result in the possible consequences of failure to provide such data as detailed in § 2 (2).
(6) Automated decision-making does not take place.