PRIVACY POLICY
This document provides information on the data management practices of Zwack Unicum Nyrt. relating to ticket purchase on the https://zwack.jegy.eu interface, hereinafter referred to as "the Portal".
Please read the following information carefully!
1. Purpose of this document
Zwack Unicum Nyrt. has created a ticketing and purchase platform for interested audiences in order to facilitate ticket purchase for events held by Unicum House at unicumhaz.hu. on the https://zwack.jegy.hu Portal, the Subject can choose the program and time they want to attend, as well as purchase a ticket to attend a program at a selected time. Zwack Unicum Nyrt. manages the personal data of the natural persons, who act as representatives of the natural persons and legal entities who register and purchase tickets through the Portal (hereinafter referred to as "Subjects") as provided for in Regulation (EU) 2016/679 of the European Parliament and of the Council repealing Regulation (EC) No 95/46 (27 April 2016) (hereinafter referred to as "the Regulation", "GDPR").
The Data Controller hereby informs the Subjects about the personal data managed by the Data Controller, the purpose of the data processing, the data retention period, the ways of storing, transmitting, the principles and practices of the data subject regarding the purchase and payment of tickets as data processing how and how to exercise.
Zwack Unicum Nyrt. reserves the right to unilaterally modify this document at any time.2. The Data Controller
Zwack Unicum Nyrt., as data controller (hereinafter Zwack, Data Controller) shall manage the data provided by the Data subject on the Portal:
-
Registered office of Zwack: 1095 Budapest, Soroksári út 26.
Name of the registrar: Metropolitan Court of Registration
Company registration number: 01-10-042048
Tax number: 10795044244
Email address: adatvedelem@zwackunicum.hu
Central telephone number: +36 1 456-5200
-
Registered office of Zwack: 1095 Budapest, Soroksári út 26.
3. Registration
The use of the Portal is not subject to pre-registration, but the registration on the Portal and the management of personal data through it will facilitate the future use of the Portal by the Subjects. The purpose of the Portal is to enable those concerned to obtain information and purchase tickets for House of Unicum events. Zwack will only process personal information during the process upon registration, which is primarily intended to associate the Data provided by the Subject and the billing data generated by the Subject in the event of a Purchase, in order to facilitate the ticketing process for the subject by avoiding the need to provide the data every time.
Please note that only one registration can be associated with one email address. Any liability for damage resulting from the provision of incorrect or false information shall be borne by the Subject. Zwack reserves the right to cancel manifestly erroneous or false registrations and to verify the accuracy of the information provided in case of doubt. Please note that in order to finalize the registration (in order to prevent false and erroneous registrations), an automatic email will be sent to the email address provided with a one-time password associated with the registration, needs to change. Failure by the Affected Party to comply within 10 days will result in the invalidation of the registration, and Zwack will delete any of the information provided during the registration.
Purpose of data management: Facilitate the purchase of tickets for the events listed on the Portal, the fulfilment of the contract for the purchase of tickets, and the communication with the Stakeholder in connection with the performance.
Legal basis for data management: the voluntary, informed consent of the Data subject, which the User gives by ticking the checkbox displayed during the registration, based on the information contained in this document. (Based on Article 6 (1) (a) of the GDPR).
Scope of data management: email address, password
Period of data storage: If the registration is not confirmed, the data used for registration will be deleted by Zwack 10 days after the confirmation email is sent. Data provided during the registration will be stored by Zwack until the consent of the data subject is withdrawn, in case of withdrawal of consent. One year after the last account activity, the information provided during registration will also be deleted.
Place of data management: additional servers owned by the data processor used by the data processor operating the Portal.
Method of data storage: electronic.
Persons familiar with the data: Employees of Data Controller responsible for the sale of tickets purchased on the Portal.
Data transfer: No data transfer.
Data Processor:
-
a.) name: SRS Informatika Kft.
registered office: 1047 Budapest, Fóti út 56.
company registration number: 01-09-879820
Potential Consequences of Failure to Provide Data: Use of the Portal is possible without registration; however, registration facilitates using the Portal again by avoiding the obligation to submit data again.
-
3.1. Cookies
The Data Controller hereby informs the User that when downloading the data of the Portal, the web server automatically stores small data files, so-called. cookies ("Cookies") are placed on the User's device and are read back later in the visit. The Data Controller treats these cookies as personal data in accordance with applicable law and regulatory practice.
During the use of the Site, the Data Controller places a cookie (Session ID), which is required for the proper functioning of the site, without the user's consent, solely for the purpose of identifying the session. Please note that if you do not allow any cookies in your browser, including your session ID, you will not be able to use the Portal.
Purpose of use of certain Cookies used by Data Controller, storage period:
Legal basis for data management: a legitimate interest of the Data Controller in the operation of the Portal. (Based on Article 6 (1) (f) of the GDPR).Type of Cookie The use of the Cookie the purpose of data management Storage period of the Cookie Is the consent of the data subject required? Session ID (.srsws.ASPXAUTH.#) Operation of the Portal, identification of the login user session until logout, protection of the registered user data. Until the session ends. No, placing the cookie does not require the consent of the data subject.
Scope of data management: session id.
Place of data management: additional servers owned by the data processor used by the data processor operating the Portal.
Method of data storage: electronic.
Persons familiar with the data: The Data Controller does not directly access the personal data, only through its data processor.
Data transfer: No data transfer.
Data Processor:-
a.) name: SRS Informatika Kft.
registered office: 1047 Budapest, Fóti út 56.
company registration number: 01-09-879820
Potential Consequences of Failure to Provide Data:
using the Portal without having to place the session ID may be impeded.
Please note that the User may, on a case-by-case basis, accept or decline the use of Cookies, or may reject the use of all Cookies by properly configuring the browser. For more information on how to do this, and about cookies, visit https://www.youronlinechoices.eu/.-
4. Links
Please note that the Portal also contains links to other websites. Your use of such external sites is subject to the privacy policies and guidelines of that site and Zwack has no control over the collection, storage or management of your personal information after clicking on the external link or the appropriate button.5. Data Security
Zwack respects personal data security regulations, so both Zwack and its authorized data processor will take all the technical and organizational measures and procedures necessary to enforce GDPR privacy and data security rules.
Zwack shall protect the data it handles by taking appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion or destruction, and accidental destruction.
Zwack will retain the following during its data management:
a) secrecy: protects the information so that only authorized persons have access to it
b) integrity: safeguards the accuracy and completeness of the information and processing method;
c) availability: Ensures that when an authorized user needs it, they can truly access the information they need and have the tools to do so.
Zwack adequately protects their IT systems and networks from computer fraud, spying, fire and flood, as well as viruses and computer hacking. The operator maintains security through server-level and application-level security procedures. Zwack monitors its systems to record any security incidents and provide evidence for each security incident. System monitoring also allows them to check the effectiveness of the precautions you apply. Zwack requires and controls compliance with information security measures in accordance with the terms of its contracts with the data processors it uses.6. Rights of Subjects and Enforcement
All personal information made available to Zwack by the Data Subject must be true, complete and accurate in all respects.
The data subject may request information on the management of their personal data, and may request the rectification of their personal data or, except for mandatory data processing, the exercise of their right to data storage and protest as indicated at the data collection.
Right of information:
Zwack shall take appropriate measures to ensure that all data relating to the processing of personal data referred to in Articles 13 and 14 of the GDPR and each information pursuant to Articles 15 to 22 and 34 of the GDPR are concise, transparent, understandable and easily accessible to those concerned.
The right to information can be exercised in writing through the contact details in Section 2 of this notice. Upon request, the person concerned may also be provided verbally with information upon verification of their identity.
The data subject's right of access:
The data subject shall have the right to obtain from the controller information on whether their personal data are being processed and, if so, to have access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be communicated, including in particular third-country recipients or international organizations; the envisaged period for which the personal data will be stored; the right to rectification, erasure or restriction of data management and the right to object; the right to file a complaint to the supervisory authority; information on data sources; the fact of automated decision-making, including profiling, and understandable logic and the importance of such data management and the expected consequences for the data subject. Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of appropriate guarantees regarding the transfer
Zwack will provide the data subject with a copy of the personal data that is being processed. For any additional copies requested by the data subject, the controller may charge a reasonable fee based on the administrative costs. At the request of the data subject, Zwack shall provide the information in electronic form.
The controller shall provide the information within a maximum of one month from the submission of the request.
Right of rectification:
The data controller shall provide the information within a maximum of one month from the submission of the request.
Right of erasure:
The data subject shall have the right, upon request, to erase personal data relating to them without undue delay on any of the following grounds:
- - personal data are no longer needed for the purpose for which they were collected or otherwise processed;
- - the data subject withdraws his consent as the basis for the processing and there is no other legal basis for the processing;
- - the data subject objects against the data processing and there is no overriding legitimate reason for the processing;
- - unlawful processing of personal data;
- - personal data must be erased in order to comply with a legal obligation under Union or Member State law applicable to the controller;
- - personal data was collected in connection with the provision of information society services.
Erasure of data shall not be initiated where data processing is necessary for: the exercise of the right to freedom of expression and information; to fulfil an obligation under Union or Member State law applicable to the controller for the processing of personal data or to carry out a task in the public interest or in the exercise of official authority vested in the controller; public health, or for archival, scientific and historical research or statistical purposes in the public interest; or to make, enforce, or defend legal claims.
Right to restrict data management:
At the request of the data subject, Zwack will restrict data processing if any of the following conditions are met:
- - the data subject disputes the accuracy of the personal data, in which case the limitation relates to the period during which the accuracy of the personal data can be verified;
- - the processing is unlawful and the data subject opposes the deletion of the data and calls instead for a restriction on their use;
- - the controller no longer needs personal data for the purposes of data processing but the data subject requires them to make, assert or defend a legal claim; or
- - the data subject objected to the processing; in this case, the restriction shall apply for a period until it is established whether the legitimate grounds of the controller prevail over those of the data subject.
Where data processing is subject to restrictions, personal data may be processed, except for storage, only with the consent of the data subject, or for the purpose of claiming, asserting or defending legal claims or protecting other natural or legal persons or Zwack shall inform the data subject in advance of the lifting of the restriction on data management.
Right to transfer data:
The data subject shall have the right to receive personal data concerning them which they have made available to the data controller in a structured, widely used, machine-readable format and to forward such data to another data controller.
Right to object:
The data subject shall have the right at any time to object to the processing of their personal data necessary for the performance of a task in the public interest or in the exercise of official authority vested in the controller. too. In the event of a protest, the controller may not further process the personal data unless it is justified by imperative reasons of overriding interest relating to the interests, rights and freedoms of the data subject or to the filing, enforcement or protection of legal claims.
Where personal data are processed for the purpose of direct marketing, the data subject shall have the right to object at any time to the processing of personal data concerning them for this purpose, including profiling, in so far as it relates to direct marketing.
If the subject objects to the processing of personal data for the purpose of direct marketing, the data cannot be processed for this purpose.
Automated decision making on individual matters, including profiling:
The data subject shall have the right not to be subject to any decision based solely on automated data management, including profiling, which would have legal effects or be substantially affected by them.
The above right does not apply if data management
- - is necessary for the conclusion or performance of a contract between the data subject and the controller;
- - is made possible by Union or national law applicable to the controller, which shall also lay down appropriate measures to protect the rights and freedoms and the legitimate interests of the data subject; or
- - is based on the explicit consent of the data subject.
Right of Withdrawal:
The data subject shall have the right to withdraw their consent at any time. Withdrawal of the consent shall not affect the legality of the consent-based data management prior to the withdrawal.
Rules of procedure:
The controller shall, without undue delay, and in any event within one month of receipt of the request, inform the data subject of the action taken on the request under Articles 15 to 22 of the GDPR. Where necessary, taking into account the complexity of the application and the number of applications, this time limit may be extended by a further two months.
The controller shall inform the data subject of the extension of the time limit, indicating the reasons for the delay, within one month of receipt of the request. If the data subject has made an application by electronic means, the information shall be provided by electronic means unless the data subject requests otherwise.
If the controller does not act on the data subject's request, it shall inform the data subject without delay and no later than one month after receiving the request, of the reasons for the non-action and of the data subject's ability to file a complaint with a supervisory authority.
Zwack will provide the requested information and information free of charge. Where the data subject's request is manifestly unfounded or excessively repetitive in nature, the controller may charge a reasonable fee, or refuse to act on the request, having regard to the administrative costs of providing the information or information requested or to take the action requested.
Unless it proves impossible or involves a disproportionate effort, the controller shall inform any recipient to whom he or she has been provided with any rectification, erasure or restriction on which they have been informed. At the request of the data subject, the controller shall inform those addressees.
The controller shall provide the data subject with a copy of the personal data subject to the processing. For the additional copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. If the data subject has made an application by electronic means, the information will be made available in electronic format, unless otherwise requested by the data subject.
Compensation and damages:
Any person who has suffered material or non-pecuniary damage as a result of a breach of this Regulation shall be entitled to compensation from the controller or the processor for the loss suffered. The data controller shall only be liable for damages caused by the data processing if they have not complied with the legal obligations specifically imposed on the data processors, or if they have disregarded or acted contrary to the lawful instructions of the data controller.
If several controllers or processors, or both controllers and processors, are involved in the same data processing and are responsible for the damage caused by the data processing, each data controller or processor shall be jointly and severally liable for the entire damage.
The controller or processor shall be released from liability if it proves that it is not responsible for the event causing the damage.
Data Protection Authority Procedure:
The data subject may file a complaint with the Hungarian National Authority for Data Protection and Freedom of Information regarding the processing of their personal data
Name: National Authority for Data Protection and Freedom of Information
Registered office: 1055 Budapest, Falk Miksa street 9-11.
Postal address: 1374 Budapest, Pf. 603.
Telephone: 06.1.391.1400
Fax: 06.1.391.1410
E-mail:ugyfelszolgalat@naih.hu
Website: http://www.naih.hu
Right to apply to the courts:
Irrespective of the submission of the complaint, the data subject may bring a case before the court against the data controller in case of violation of their rights. The court will deal with the matter out of turn.
7. Contact
If the User wishes to contact Zwack, they may do so through the contact details of the Controller as specified in Section 2 of this notice.