(1) Data Privacy Statement
Dear Visitor,
You are reading the Data Privacy Statement of the bfz.hu and the shop.bfz.hu sites operated by the Budapest Festival Orchestra Foundation (hereinafter: BFO), as well as related customer relations activities. In the following section, we aim to elucidate the objectives and categories of data processing that occur when utilizing our online interfaces and engaging with the associated services.
Designation of the Controller
Name of the Controller: Budapest Festival Orchestra Foundation
Registered office: H-1034 Budapest, Selmeci utca 14–16.
Tax number: 18005488-2-41
Data Protection Officer: Dr. Tamás Barabás
Email: adatvedelem@bfz.hu
(2) About the processing activity performed by the BFO
The BFO is committed to protecting the privacy of concertgoers, the orchestra’s patrons, the musicians and staff, including the careful and confidential processing of their personal data. As defined in data protection laws, personal data means any information/data relating to an identified or identifiable person. A person can be identified, directly or indirectly, such as by name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. As part of human dignity, the data protection right safeguards an individual’s right to informational self-determination, stipulating that their personal data may only be processed based on the legal bases specified in the regulations. For this reason, protecting your personal data is a top priority for the BFO. Please be aware that if you do not agree to the processing of data either during or prior to the services being rendered, or if you do not actively participate in supplying data as per legitimate interests, you will be unable to access the advanced services offered by BFO and its data processing partners. We appreciate your understanding in this matter.
Description of the processing activity in accordance with the requirements of the European Union General Data Protection Regulation (GDPR)
i) the function of the website, the purpose of the processing |
ii) the categories of processed data |
iii) the legal bases for processing |
iv) the duration of the processing |
To improve the user experience when visiting the website |
only cookie-based user tracking based on IP address - see the cookie policy at https://bfz.hu/documents/36/089564v1-cookie-szabalyzat-bfz-final-en.pdf |
the data subject’s consent as per Article 6(1)(a) of the GDPR |
see the cookie policy |
To log into your user profile site (to purchase tickets and season pass, to subscribe to Livestream notification, to view certain audiovisual content) |
address and title (e.g. Jr., Dr., etc.), first name, family name, phone number, zip code, city, address, email address, date of birth, pensioner (yes/no), password, preferred language, acceptance of the BFO’s Data Privacy Statement, previously bought tickets and field of interest |
the data subject’s consent as per Article 6(1)(a) of the GDPR |
in the event of withdrawal of consent, a period of 30 days following withdrawal of the consent, with the exception of relevant details (e.g. ticket purchase) required by law (e.g. Act on Accounting) to be retained |
Temporary visitor (without registration) purchasing tickets or donating without registration |
email address, family name, first name, phone number country, zip code, city, address |
Compliance with a legal obligation under Article 6(1)(c) of the GDPR |
eight years following the relevant year as specified in Section 169(2) of the Act on Accounting. |
Bank card payment receipt retention obligations |
Compliance with a legal obligation under Article 6(1)(c) of the GDPR |
eight years following the relevant year as specified in Section 169(2) of the Act on Accounting. |
|
Subscribing to the BFO Newsletter |
title, first name, family name, email address |
the data subject’s consent as per Article 6(1)(a) of the GDPR |
a period of 30 days following unsubscribing |
BFO Shop shopping platform for registered and non-registered users |
Billing details: email address, family name, first name, company name (not mandatory), tax number (not mandatory) country, street, street number, floor, staircase, apartment (not mandatory) zip code, city, phone number (not mandatory) Delivery to other address: first name, family name, company name (not mandatory), country, street and street number floor, staircase, apartment (not mandatory), zip code, city |
Taking steps required for the conclusion of a contract (GTCC) and the performance of the contract pursuant to Article 6 1. (b), as well as pursuant to the General Terms and Condition of the online store available HERE. |
eight years following the relevant year as specified in Section 169(2) of the Act on Accounting. |
Registered Patron’s login through the website (BFO Patrons) |
All data categories related to user profile, amount of further support/membership level, date of entry, date of payment, expiry of membership, nickname (if you have provided us with one), name of partner (if you have provided us with one) |
the legitimate interest of the controller pursuant to Article 6(1)(f) of the GDPR, i.e. communication with patrons committed to classical music |
eight years following the relevant year as specified in Section 169(2) of the Act on Accounting. |
Registration for free and/or chargeable concerts or events, including processing for statistics |
title, first name, family name, email address |
the data subject’s consent as per Article 6(1)(a) of the GDPR |
One year from the day following the event |
User profiling means a form of (partially) automated processing of personal data evaluating the personal aspects relating to a natural person, in particular to analyze or predict aspects concerning the data subject's personal preferences, interests, or related characteristics. Today, modern customer service software is capable of recording customer or client activity in a way that also helps the Controller/Service Provider in providing customers/users with services even more closely tailored to their needs. The Controller uses the customer relations and management (CRM) software by Crane Kft. The legal basis of the processing is the controller’s legitimate interest pursuant to Article 6(1)(f) of the GDPR. The purpose of processing is to create a more direct communication with patrons committed to classical music, and to offer them services tailored to their needs. For more information, please feel free to contact us.
(1) Processors used
Name of the Service Provider: | InterTicket Kft. |
Registered address and postal address: | H-1139 Budapest, Váci út 99. |
Registration agency: | The Metropolitan Court as Court of Registration |
Company registration number: | Cg. 01-09-736766 |
Tax number: | 10384709-2-41 |
Email address: | interticket@interticket.hu |
Website URL: | www.jegy.hu |
Data Privacy Statement | available here: https://www.jegy.hu/articles/655/adatkezelesi-tajekoztato?lang=en |
Name of the Service Provider: | OTP Mobil Szolgáltató Kft. |
Registered address and postal address: | H-1143 Budapest, Hungária krt. 17-19 |
Registration agency: | The Metropolitan Court as Court of Registration |
Company registration number: | Cg. 01-09-174466 |
Tax number: | 24386106-2-42 |
Email address: | dpo@otpmobil.com |
Website URL: | simplepay.hu |
Data Privacy Statement | available here: https://simplepay.hu/wp-content/uploads/2021/09/OTPM_kereskedoi_kapcsolattartoi_adatkezeles_eng_20211001.pdf |
Name of the Service Provider: |
Crane Kft. |
Registered address and postal address: |
H-2040 Budaörs, Munkácsy utca 10/2. |
Postal address: |
H-1067 Budapest, Eötvös u. 9. A. lph. 3.em. 19. |
Registration agency: |
The Metropolitan Court as Court of Registration |
Company registration number: |
Cg. 01-09-862008 |
Tax number: | 13567257-2-13 |
Email address: | info@crane.hu |
Website URL: | craneds.ie |
Data Privacy Statement |
available here: https://www.craneds.ie/privacy-notice/ |
Name of the Service Provider: | eSolution Kft. |
Registered address and postal address: | H-2481 Velence, Vásártér utca 40.; |
Registration agency: | The Metropolitan Court as Court of Registration |
Company registration number: | Cg. 07-09-030086 |
Tax number: | 12596535-2-07 |
Email address: | aniko@esolution.hu |
Website URL: | esolution.hu |
Name of the Service Provider: | Bence Németh, sole proprietor |
Registered address and postal address: |
H-1148 Budapest, Bolgárkertész utca 64. |
Registration number: | 54961294 |
Tax number: | 6325423-1-42 |
Email address: | n.bence@gmail.com |
(4) Data transfer to third countries
The Controller may not transfer personal data to countries outside the EU/EEC or to international organizations by . If the Controller uses the services of an online cloud provider, it shall at all times follow the principles of built-in and default data protection to ensure that, in selecting the relevant service provider, it cooperates with enterprises registered in the EU/EEC so that data storage and processing takes place on servers and by service providers located within the EU/EEC.
(5) Data security measures
The BFO ensures the protection of the personal data processed with measures appropriate to the operational risks. These include information security measures (e.g. password protection, firewall etc.) as well organizational measures (employees involved in processing may proceed pursuant to a confidentiality agreement) In the event you detect any personal data breach (e.g. you receive messages of dubious authenticity purportedly from us), please let us know immediately.
(6) What rights do you have as a data subject?
Below is a brief summary of the rights you may exercise as a data subject. For a more detailed information, please feel free to contact our data protection officers using the contact details above.
For every legal basis for actual processing performed through the website or processing required to ensure the operation of the website (see column iv in Section (2) of this Statement), you can request information about the processing of your personal data, as well as rectification of your personal data in case you find your personal data have been registered incorrectly on the registration or newsletter interface of the website. Please notify us of any changes in your details (e.g. email address) in an email sent to the rendeles@bfz.hu email address.
If you no longer want personal data related to you to be processed by us, you may exercise your right to erasure. Even if you have previously consented to the processing, you can withdraw your consent any time. Please note that the Controller cannot erase any data required to be processed by law or required for the exercising of a third person’s rights (e.g. information used in civil lawsuits or criminal proceedings). If you find it necessary, you may request restriction of processing related to you - this is called right to restriction.
You shall have the right to receive the personal data concerning you, which you have provided to the BFO, in an electronically captured format (right of access) and have the right to transmit those data to another controller. You have the possibility to do this one time free of charge.
You also have the right to lodge a complaint or obtain judicial redress. Please see below for more details.
You can send a request for exercising your rights as a data subject to the notification address specified in this Statement. Your request will be investigated and reviewed within one month. Where appropriate, and once proper information has been provided, we may require an additional two months to complete our investigation.
In the event you find our reply unsatisfactory, you may contact the data protection authority using the following contact details.
National Authority for Data Protection and Freedom of Information
Registered office: H-1055 Budapest, Falk Miksa utca 9-11.
Email: ugyfelszolgalat@naih.hu
Mailing address: H-1363 Budapest, Pf.: 9.
Electronic Administration Portal: Short name: NAIH KR ID: 429616918
Phone: +36 30 683 5969; +36 30 549 6838; +36 1 391 1400
Fax: +36 1 391 1410
Website: https://naih.hu
The regulation used for the creation of this Data Privacy Statement is Regulation (EU) 2016/679 of the European Parliament and of The Council.
Last update of this Data Privacy Statement: October 25, 2023
Validity of the previous Data Privacy Statement:
August 17, 2022 – October 24, 2023
January 1, 2022 – August 16, 2022
Thank you for reading this Statement.