This document provides information on the data management practices of Zwack Unicum Nyrt. relating to ticket purchase on the https://zwack.jegy.eu interface, hereinafter referred to as "the Portal".
Please read the following information carefully!
1. Purpose of this documentZwack Unicum Nyrt. has created a ticketing and purchase platform for interested audiences in order to facilitate ticket purchase for events held by Unicum House at unicumhaz.hu. on the https://zwack.jegy.hu Portal, the Subject can choose the program and time they want to attend, as well as purchase a ticket to attend a program at a selected time. Zwack Unicum Nyrt. manages the personal data of the natural persons, who act as representatives of the natural persons and legal entities who register and purchase tickets through the Portal (hereinafter referred to as "Subjects") as provided for in Regulation (EU) 2016/679 of the European Parliament and of the Council repealing Regulation (EC) No 95/46 (27 April 2016) (hereinafter referred to as "the Regulation", "GDPR").
The Data Controller hereby informs the Subjects about the personal data managed by the Data Controller, the purpose of the data processing, the data retention period, the ways of storing, transmitting, the principles and practices of the data subject regarding the purchase and payment of tickets as data processing how and how to exercise.
Zwack Unicum Nyrt. reserves the right to unilaterally modify this document at any time.
2. The Data ControllerZwack Unicum Nyrt., as data controller (hereinafter Zwack, Data Controller) shall manage the data provided by the Data subject on the Portal:
Registered office of Zwack: 1095 Budapest, Soroksári út 26.
Name of the registrar: Metropolitan Court of Registration
Company registration number: 01-10-042048
Tax number: 10795044244
Email address: firstname.lastname@example.org
Central telephone number: +36 1 456-5200
- Registered office of Zwack: 1095 Budapest, Soroksári út 26.
3. Ticket PurchasePurchase of tickets on the Portal is not subject to pre-registration, however, registration on the Portal and the management of personal data through the Portal will facilitate the future use of the Portal by Subjects. The purpose of the Portal is to enable those concerned to obtain information and purchase tickets for House of Unicum events. Zwack will process personal data during the purchase process solely for the purpose of preparing and executing the transaction as a Subject and for accounting and tax purposes related to the transaction, primarily to process, administer, to ensure that the parties perform the contract and Zwack complies with its legal obligations regarding the transaction.
Please note that the payment of the Ticket Initiated by Subjects shall be settled at OTP Mobil Kft., H-1143 Budapest, Hungária krt. 17-19. Reg: 01-09-174466 operated by Simple system, therefore the payment details are forwarded to OTP Mobil Kft. For information on data handling by OTP Mobil Kft. visit http://simplepay.hu/old/docs/201909/SimplePay_b2c_adatkezelesi_tajekoztato_eng_20190926.pdf.
During the purchase of the ticket, the data subject shall provide the information required for the preparation of the invoice of the purchase. If the data subject consents thereto, their details will be assigned to them during the registration process so that subsequent purchases do not require re-submission of the invoice information. Zwack manages the billing information associated with the registration on the basis of the data subject's consent, which, if consent is revoked, will delete the data associated with the registration. Such data will also be deleted if more than 1 year has elapsed since the last data subject's last registration activity. The deletion specified herein does not affect the data subject's personal data processed by Zwack in connection with the performance of its contract with the data subject or for the purpose of fulfilling its legal obligations in connection with the economic event.
Purpose of data management: Facilitate the purchase of tickets for events listed on the Portal without having to re-enter personal billing information. Purchase of tickets for events listed on the Portal as preparation and performance of a contract with the Stakeholder and fulfilment of legal obligations related to the purchase of tickets as an economic event.
Legal basis for data management: the express, informed consent of the Subject, which is provided by the User by ticking the checkbox displayed during registration, based on the information contained in this document. (Based on Article 6 (1) (a) of the GDPR).
Preparation and performance of the Contract with the Subject. (Based on Article 6 (1) (b) of the GDPR).
Fulfilment of the legal obligation to which the controller is subject, and the obligations laid down in the tax and accounting laws. (Based on Article 6 (1) (c) of the GDPR).
Scope of data management in all listed cases: email address, name, registered office, tax number,
Period of data storage: Billing data associated with the registration will be stored by Zwack until the data subject's consent is revoked, and will be deleted if the consent is revoked. Billing information associated with registration will also be deleted 1 year after the last account activity.
Personal data relating to the purchase of the Ticket as personal data relating to the performance of the Agreement will be retained until the end of the 6 years following both parties' performance of the Zwack Agreement, after which the data will be deleted.
In connection with the purchase of tickets as an economic event, Zwack will retain the data for 8 years as required by the Accounting Act.
Place of data management: servers owned by the data processor operating the Portal. Servers hosting Zwack's SAP IT system and the Zwack archive.
Method of data storage: electronic, and paper.
Persons familiar with the data: Data Controller's Employees responsible for the sale of tickets purchased on the Portal, performance of contracts and compliance with legal administrative obligations.
Data transfer: data transfer occurs in the direction of OTP Mobil Kft. operating the Simple system registered office: 1143 Budapest, Hungária krt. 17-19. Reg: 01-09-174466. The transfer shall be made in order for the Data Subject to pay the consideration of the Ticket purchased by the Data Subject. The following data will be transmitted during data transfer. City, country, billing address, zip code, county, cardholder email address. Subjects can get more information on data management by OTP Mobil Kft. by visiting the http://simplepay.hu/old/docs/201909/SimplePay_b2c_adatkezelesi_tajekoztato_hun_20190926.pdf website.
a.) name: SRS Informatika Kft.registered office: 1047 Budapest, Fóti út 56.
company registration number: 01-09-879820
Potential Consequences of Failure to Provide Data: it is possible to use the Portal without registration, however, for the purchase of tickets it is necessary to provide the above information, because without them the legal obligations related to the purchase of tickets cannot be fulfilled.
3.1. CookiesThe Data Controller hereby informs the User that when downloading the data of the Portal, the web server automatically stores small data files, so-called. cookies ("Cookies") are placed on the User's device and are read back later in the visit. The Data Controller treats these cookies as personal data in accordance with applicable law and regulatory practice.
During the use of the Site, the Data Controller places a cookie (Session ID), which is required for the proper functioning of the site, without the user's consent, solely for the purpose of identifying the session. Please note that if you do not allow any cookies in your browser, including your session ID, you will not be able to use the Portal.
Purpose of use of certain Cookies used by Data Controller, storage period:
Type of Cookie The use of the Cookie the purpose of data management Storage period of the Cookie Is the consent of the data subject required? Session ID (.srsws.ASPXAUTH.#) Operation of the Portal, identification of the login user session until logout, protection of the registered user data. Until the session ends. No, placing the cookie does not require the consent of the data subject.
Scope of data management: session id.
Place of data management: additional servers owned by the data processor used by the data processor operating the Portal.
Method of data storage: electronic.
Persons familiar with the data: The Data Controller does not directly access the personal data, only through its data processor.
Data transfer: No data transfer.
a.) name: SRS Informatika Kft.registered office: 1047 Budapest, Fóti út 56.
company registration number: 01-09-879820
Potential Consequences of Failure to Provide Data:using the Portal without having to place the session ID may be impeded.
4. LinksPlease note that the Portal also contains links to other websites. Your use of such external sites is subject to the privacy policies and guidelines of that site and Zwack has no control over the collection, storage or management of your personal information after clicking on the external link or the appropriate button.
5. Data SecurityZwack respects personal data security regulations, so both Zwack and its authorized data processor will take all the technical and organizational measures and procedures necessary to enforce GDPR privacy and data security rules.
Zwack shall protect the data it handles by taking appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion or destruction, and accidental destruction.
Zwack will retain the following during its data management:
a) secrecy: protects the information so that only authorized persons have access to it
b) integrity: safeguards the accuracy and completeness of the information and processing method;
c) availability: Ensures that when an authorized user needs it, they can truly access the information they need and have the tools to do so.
Zwack adequately protects their IT systems and networks from computer fraud, spying, fire and flood, as well as viruses and computer hacking. The operator maintains security through server-level and application-level security procedures. Zwack monitors its systems to record any security incidents and provide evidence for each security incident. System monitoring also allows them to check the effectiveness of the precautions you apply. Zwack requires and controls compliance with information security measures in accordance with the terms of its contracts with the data processors it uses.
6. Rights of Subjects and EnforcementAll personal information made available to Zwack by the Data Subject must be true, complete and accurate in all respects.
The data subject may request information on the management of their personal data, and may request the rectification of their personal data or, except for mandatory data processing, the exercise of their right to data storage and protest as indicated at the data collection.
Right of information:
Zwack shall take appropriate measures to ensure that all data relating to the processing of personal data referred to in Articles 13 and 14 of the GDPR and each information pursuant to Articles 15 to 22 and 34 of the GDPR are concise, transparent, understandable and easily accessible to those concerned.
The right to information can be exercised in writing through the contact details in Section 2 of this notice. Upon request, the person concerned may also be provided verbally with information upon verification of their identity.
The data subject's right of access:
The data subject shall have the right to obtain from the controller information on whether their personal data are being processed and, if so, to have access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be communicated, including in particular third-country recipients or international organizations; the envisaged period for which the personal data will be stored; the right to rectification, erasure or restriction of data management and the right to object; the right to file a complaint to the supervisory authority; information on data sources; the fact of automated decision-making, including profiling, and understandable logic and the importance of such data management and the expected consequences for the data subject. Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of appropriate guarantees regarding the transfer
Zwack will provide the data subject with a copy of the personal data that is being processed. For any additional copies requested by the data subject, the controller may charge a reasonable fee based on the administrative costs. At the request of the data subject, Zwack shall provide the information in electronic form.
The controller shall provide the information within a maximum of one month from the submission of the request.
Right of rectification:
The data controller shall provide the information within a maximum of one month from the submission of the request.
Right of erasure:
The data subject shall have the right, upon request, to erase personal data relating to them without undue delay on any of the following grounds:
- - personal data are no longer needed for the purpose for which they were collected or otherwise processed;
- - the data subject withdraws his consent as the basis for the processing and there is no other legal basis for the processing;
- - the data subject objects against the data processing and there is no overriding legitimate reason for the processing;
- - unlawful processing of personal data;
- - personal data must be erased in order to comply with a legal obligation under Union or Member State law applicable to the controller;
- - personal data was collected in connection with the provision of information society services.
Erasure of data shall not be initiated where data processing is necessary for: the exercise of the right to freedom of expression and information; to fulfil an obligation under Union or Member State law applicable to the controller for the processing of personal data or to carry out a task in the public interest or in the exercise of official authority vested in the controller; public health, or for archival, scientific and historical research or statistical purposes in the public interest; or to make, enforce, or defend legal claims.
Right to restrict data management:
At the request of the data subject, Zwack will restrict data processing if any of the following conditions are met:
- - the data subject disputes the accuracy of the personal data, in which case the limitation relates to the period during which the accuracy of the personal data can be verified;
- - the processing is unlawful and the data subject opposes the deletion of the data and calls instead for a restriction on their use;
- - the controller no longer needs personal data for the purposes of data processing but the data subject requires them to make, assert or defend a legal claim; or
- - the data subject objected to the processing; in this case, the restriction shall apply for a period until it is established whether the legitimate grounds of the controller prevail over those of the data subject.
Where data processing is subject to restrictions, personal data may be processed, except for storage, only with the consent of the data subject, or for the purpose of claiming, asserting or defending legal claims or protecting other natural or legal persons or Zwack shall inform the data subject in advance of the lifting of the restriction on data management.
Right to transfer data:
The data subject shall have the right to receive personal data concerning them which they have made available to the data controller in a structured, widely used, machine-readable format and to forward such data to another data controller.
Right to object:
The data subject shall have the right at any time to object to the processing of their personal data necessary for the performance of a task in the public interest or in the exercise of official authority vested in the controller. too. In the event of a protest, the controller may not further process the personal data unless it is justified by imperative reasons of overriding interest relating to the interests, rights and freedoms of the data subject or to the filing, enforcement or protection of legal claims.
Where personal data are processed for the purpose of direct marketing, the data subject shall have the right to object at any time to the processing of personal data concerning them for this purpose, including profiling, in so far as it relates to direct marketing.
If the subject objects to the processing of personal data for the purpose of direct marketing, the data cannot be processed for this purpose.
Automated decision making on individual matters, including profiling:
The data subject shall have the right not to be subject to any decision based solely on automated data management, including profiling, which would have legal effects or be substantially affected by them.
The above right does not apply if data management
- - is necessary for the conclusion or performance of a contract between the data subject and the controller;
- - is made possible by Union or national law applicable to the controller, which shall also lay down appropriate measures to protect the rights and freedoms and the legitimate interests of the data subject; or
- - is based on the explicit consent of the data subject.
Right of Withdrawal:
The data subject shall have the right to withdraw their consent at any time. Withdrawal of the consent shall not affect the legality of the consent-based data management prior to the withdrawal.
Rules of procedure:
The controller shall, without undue delay, and in any event within one month of receipt of the request, inform the data subject of the action taken on the request under Articles 15 to 22 of the GDPR. Where necessary, taking into account the complexity of the application and the number of applications, this time limit may be extended by a further two months.
The controller shall inform the data subject of the extension of the time limit, indicating the reasons for the delay, within one month of receipt of the request. If the data subject has made an application by electronic means, the information shall be provided by electronic means unless the data subject requests otherwise.
If the controller does not act on the data subject's request, it shall inform the data subject without delay and no later than one month after receiving the request, of the reasons for the non-action and of the data subject's ability to file a complaint with a supervisory authority.
Zwack will provide the requested information and information free of charge. Where the data subject's request is manifestly unfounded or excessively repetitive in nature, the controller may charge a reasonable fee, or refuse to act on the request, having regard to the administrative costs of providing the information or information requested or to take the action requested.
Unless it proves impossible or involves a disproportionate effort, the controller shall inform any recipient to whom he or she has been provided with any rectification, erasure or restriction on which they have been informed. At the request of the data subject, the controller shall inform those addressees.
The controller shall provide the data subject with a copy of the personal data subject to the processing. For the additional copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. If the data subject has made an application by electronic means, the information will be made available in electronic format, unless otherwise requested by the data subject.
Compensation and damages:
Any person who has suffered material or non-pecuniary damage as a result of a breach of this Regulation shall be entitled to compensation from the controller or the processor for the loss suffered. The data controller shall only be liable for damages caused by the data processing if they have not complied with the legal obligations specifically imposed on the data processors, or if they have disregarded or acted contrary to the lawful instructions of the data controller.
If several controllers or processors, or both controllers and processors, are involved in the same data processing and are responsible for the damage caused by the data processing, each data controller or processor shall be jointly and severally liable for the entire damage.
The controller or processor shall be released from liability if it proves that it is not responsible for the event causing the damage.
Data Protection Authority Procedure:
The data subject may file a complaint with the Hungarian National Authority for Data Protection and Freedom of Information regarding the processing of their personal data
Name: National Authority for Data Protection and Freedom of Information
Registered office: 1055 Budapest, Falk Miksa street 9-11.
Postal address: 1374 Budapest, Pf. 603.
Right to apply to the courts:
Irrespective of the submission of the complaint, the data subject may bring a case before the court against the data controller in case of violation of their rights. The court will deal with the matter out of turn.
7. ContactIf the User wishes to contact Zwack, they may do so through the contact details of the Controller as specified in Section 2 of this notice.