This Data Processing Policy defines the data protection related rules governing the use of the HAVASI website (“HAVASI website”) operated by the data controller Symphonic Concert Management Ltd. (“Controller”) and visitors (the “Data Subject”). The personal data of the Data Subject shall be processed by the Controller in accordance with the provisions of this Data Processing Policy, the General Data Protection Regulation (the “GDPR”), and the Act CXII of 2011 on Informational Self-determination and Freedom of Information (the “Information Act”).
THE DATA CONTROLLER
Name: Symphonic Concert Management Ltd.
Address: 1116 Budapest, Fegyvernek u. 33, Hungary
Registration number: 01-09-952968
Website of the actual data processing: www.havasi.eu (“website”)
E-mail address: firstname.lastname@example.org
PRINCIPLES AND PURPOSES OF THE DATA PROCESSING ACTIONS
Only such personal data shall be processed by the Controller that are indispensable for the achievement of the purpose of the processing and which are suitable for such purpose, and in connection with this, the Controller shall protect the personal data of the Data Subject.
The purpose of data processing is to enable the Controller to learn more about the needs of visitors to the website, and to provide even more useful and personal content through the service, and to ensure adequate level of security. The Controller does not use data for any purpose other than those mentioned above.
ACTIVITIES RELATED TO THE DATA PROCESSING
The data processing actions/processes shall be performed by the Controller in the course of use of the below cookies, registration, ticket purchase, sending of newsletters.
The Controller applies cookies at the www.havasi.eu website. The cookies are small files of information stored by your browser on your hard drive. Cookies can allow web applications to adjust their operation to your preferences, likes and dislikes, by collecting and storing preference-related information.
Purpose of processing:
To improve the quality of the services of the Controller; to develop and improve the website contents according to the visitors’ needs
Legal basis of processing:
As of acceptance of the cookies by the Data Subject
Period of processing:
Until the cookies are deleted by the Data Subject
Erasure or modification of data:
Most browsers allow you to view the active cookies on your computer and you may delete them, furthermore you can block the cookies of a specific website or all of the websites. You have the option to set your browser so that it will reject the cookies or warn you when cookies sent to your device.
(2) Sending of Newsletters
Controller provides the possibility for the Data Subject to subscription to the newsletter on the website.
The newsletter may contain in context with his content and aim: promotion, notification, offer, program leaflet, loyalty scheme, reminder).
By subscribing, the Data Subject consents to the processing of their personal data for the purpose of sending of the newsletter, and accepts the Data Processing Policy of the Controller.
Purpose of processing:
Liaising with its customers, provision of information regarding the ordered products, the event, notification in the event of any changes, sending of information.
Legal basis of processing:
Legitimate interest of the Controller (securing the contractual performance of the service)
Period of processing:
Until withdrawal of the consent granted for processing, until deletion of the registration.
DATA STORAGE AND ACCESS
All Data are stored on the servers of the Controller, in printed or digital format, or in computer system located on the premises of designated third parties.
The processed Data may be accessed only by authorized staff members of the Controller who are involved in the provision of the services relating to the Data.
With a view to ensuring the security of the Data, the Controller applies a security system that is at least common in the profession, including the regular updating and extension of that system, and takes any and all reasonable measures to prevent unauthorized persons from accessing the processed Data.
RIGHTS, ENFORCEMENT OF CLAIMS
In terms of the Data specified above the Data Subject has the right to request access to and rectification or erasure of personal data or restriction of processing concerning the Data Subject or to object to processing as well as the right to data portability, in accordance with the provisions of the below Sections.
The Data Subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information.
Rights for information
The Data Subject shall have the right to obtain from the Controller’s confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and information.
Within 25 days of submission of the request, the Controller informs the Guest in writing about the followings:
- the scope of processed data;
- the source of such data;
- the purpose of data processing;
- the legal basis of data processing;
- the period of data processing; and
- the legal basis and recipient of any data transfer.
Withdrawing the consent
The Guest may withdraw his or her consent granted via registration or other event to handling his or her data (e.g. sending newsletters) anytime in written form by contacting the Controller’s via post (2085 Pilisvörösvár, Szent Erzsébet utca 45.) or sending an e-mail (email@example.com).
The right to object
The Guest has the right to object against the handling of his or her personal data
- if the handling or conveyance of the personal data is required merely to perform the legal obligations applying to the Controller, or if it is required to enforce the legal rights of the Controller, the person who obtains the data or a third party except for mandatory data handling;
- if the purpose of the use of the personal data is direct profit, survey or scientific research;
- in other cases stipulated by law.
The Controller shall investigate the claim within 15 days as of date when it was submitted, the Controller shall render a decision whether the claim is well-founded and notify the claimant of the decision in writing. In the event the Guest does not agree with the decision or the deadline is not met, the Guest may turn to court upon receiving the decision or within 30 days after the last day of the deadline for making a decision.
Right to data portability
The Data Subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller
Rectification and erasure of Data
If any Data is incorrect and the correct data is available to the Controller, the Controller corrects the data.
The Data must be deleted, without undue delay, if
- the personal data are no longer necessary in relation to the purposes for which they were collected or processed;
- the Data Subject withdraws his/her consent and there is no other legal basis for the processing;
- the Data Subject objects to the processing and there are no overriding legitimate grounds for the processing;
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation.
The personal data of the Data Subject does not need to be erased, if the data processing is required for the following
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing of the personal data;
- for the establishment, exercise or defence of legal claims.
Enforcement of claims
Any person may initiate an investigation by the Hungarian National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c., the “Authority”) by submitting a complaint regarding any violation, or the imminent threat thereof, concerning the processing of the Data. The proceedings of the Authority are free of charge.
Guests may also file a lawsuit in case of any violation to their rights. Such matters are handled by the courts with urgency. The Controller is required to show that the processing of personal data is pursued in full compliance with applicable legislation. Such matters fall within the competence of district courts. Guests may also file the lawsuit with the court having jurisdiction over the place of residence or stay of the Guest concerned.
The website of the Controller may include referrals and links to websites operated by other service providers, where the Controller does not have any influence over the processing of Data. By clicking on such links, visitors are forwarded to websites operated by other service providers. Such websites do not and may not fall within the control of the Controller. Thus, the Controller may not be held liable for any data provision or personality rights related proceedings of such websites.
Effective: Budapest, 1 June 2020