(1) Data Privacy Statement
Dear Visitor,
You are reading the Data Privacy Statement of the bfz.hu and the shop.bfz.hu sites operated by the Budapest Festival Orchestra Foundation (hereinafter: BFO), as well as related customer relations activities. In the following section, we aim to elucidate the objectives and categories of data processing that occur when utilizing our online interfaces and engaging with the associated services.
Designation of the Controller
Name of the Controller: Budapest Festival Orchestra Foundation
Registered office: H-1034 Budapest, Selmeci utca 14–16.
Tax number: 18005488-2-41
Data Protection Officer: Dr. Bernadett Szeredás-Budán
Email: adatvedelem@bfz.hu
Address: 1034 Budapest, Selmeci u. 14-16.
(2) About the processing activity performed by the BFO
The BFO is committed to protecting the privacy of concertgoers, the orchestra’s patrons, the musicians and staff, including the careful and confidential processing of their personal data. As defined in data protection laws, personal data means any information/data relating to an identified or identifiable person. A person can be identified, directly or indirectly, such as by name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. As part of human dignity, the data protection right safeguards an individual’s right to informational self-determination, stipulating that their personal data may only be processed based on the legal bases specified in the regulations. For this reason, protecting your personal data is a top priority for the BFO. Please be aware that if you do not agree to the processing of data either during or prior to the services being rendered, or if you do not actively participate in supplying data as per legitimate interests, you will be unable to access the advanced services offered by BFO and its data processing partners. We appreciate your understanding in this matter.
Description of the processing activity in accordance with the requirements of the European Union General Data Protection Regulation (GDPR)
|
i) the purpose of the data processing |
ii) the categories of processed data |
iii) the legal bases for processing |
iv) the duration of the processing |
|---|---|---|---|
|
To improve the user experience when visiting the website |
only cookie-based user tracking based on IP address - see the cookie policy here |
the data subject’s consent as per Article 6(1)(a) of the GDPR |
see the cookie policy |
|
To log into your user profile site (to purchase tickets and season pass, to subscribe to Livestream notification, to view certain audiovisual content) |
address and title (e.g. Jr., Dr., etc.), first name, family name, phone number, zip code, city, address, email address, date of birth, pensioner (yes/no), password, preferred language, acceptance of the BFO’s Data Privacy Statement, previously bought tickets and field of interest |
the data subject’s consent as per Article 6(1)(a) of the GDPR |
in the event of withdrawal of consent, a period of 30 days following withdrawal of the consent, with the exception of relevant details (e.g. ticket purchase) required by law (e.g. Act on Accounting) to be retained |
|
Temporary visitor (without registration) purchasing tickets or donating without registration |
email address, family name, first name, phone number country, zip code, city, address |
Compliance with a legal obligation under Article 6(1)(c) of the GDPR |
eight years following the relevant year as specified in Section 169(2) of the Act on Accounting. |
|
Bank card payment receipt retention obligations |
the name and address of the ticket buyer and, in the case of a legal entity, the tax number |
Compliance with a legal obligation under Article 6(1)(c) of the GDPR |
eight years following the relevant year as specified in Section 169(2) of the Act on Accounting. |
|
Subscribing to the BFO Newsletter |
title, first name, family name, email address, date of birth (not compulsory) |
the data subject’s consent as per Article 6(1)(a) of the GDPR |
a period of 30 days following unsubscribing; automatically in case of inactivity of an unregistered user for 5 years |
|
BFO Shop shopping platform for registered and non-registered users |
Billing details: email address, family name, first name, company name (not mandatory), tax number (not mandatory) country, street, street number, floor, staircase, apartment (not mandatory) zip code, city, phone number (not mandatory) Delivery to other address: first name, family name, company name (not mandatory), country, street and street number floor, staircase, apartment (not mandatory), zip code, city |
Taking steps required for the conclusion of a contract (GTCC) and the performance of the contract pursuant to Article 6 1. (b), as well as pursuant to the General Terms and Condition of the online store available HERE. |
eight years following the relevant year as specified in Section 169(2) of the Act on Accounting. |
|
Registered Patron’s login through the website (BFO Patrons) |
All data categories related to user profile, amount of further support/membership level, date of entry, date of payment, expiry of membership, nickname (not compulsory), name of partner (not compulsory) |
the legitimate interest of the controller pursuant to Article 6(1)(f) of the GDPR, i.e. communication with patrons committed to classical music |
eight years following the relevant year as specified in Section 169(2) of the Act on Accounting. |
|
Include the name of the Patron on the website |
name, BFO Patron level |
the data subject’s consent as per Article 6(1)(a) of the GDPR |
Until consent is withdrawn see website/More information on BFO Patron page |
|
Registration for free concerts, including processing for statistics |
title, first name, family name, email address |
the data subject’s consent as per Article 6(1)(a) of the GDPR |
One year from the day following the event |
|
Customer satisfaction survey, audience research (concert visitors, ticket buyers) |
in the case of anonymous or specific groups of ticket buyers, name and email address, telephone number |
the legitimate interest of the controller pursuant to Article 6(1)(f) of the GDPR, which is to improve the quality of the service |
Deletion from the customer relationship database within 72 hours in case of customer objection |
|
Taking pictures and videos at concerts and public events of the Data Controller |
the image of the person concerned |
in the case of crowd shots: the legitimate interest of the controller pursuant to Article 6(1)(f) GDPR; in the case of a still image: the consent of the data subject pursuant to Article 6(1)(a) GDPR |
see in detail in the Privacy Notice on Image and Video Capture |
|
Operation of a camera system in the service area of the concert hall of the Data Controller at Selmeci utca 14-16, 1034 Budapest |
video recording (image of the data subject) |
on the basis of Article 6(1)(f) of the GDPR, legitimate interest of the data controller (protection of property) |
see in detail in the Camera System Information Notice |
|
Technical notifications (change of concert, notification of event for supporters) |
address, first name, surname, e-mail address |
in case of change of concert, performance of contract pursuant to Article 6(1)(b) GDPR; in case of event for supporters, performance of contract pursuant to Article 6(1)(b) GDPR. Article 6(1)(f) of the GDPR: consent of the data subject pursuant to Article 6(1)(a) of the GDPR |
within 30 days of unsubscription or 72 hours if the data subject objects |
|
Pre-concert, post-concert notifications |
address, first name, surname, e-mail address |
Legitimate interest of the controller pursuant to Article 6(1)(f) GDPR; in case of new subscription after previous unsubscription: consent of the data subject pursuant to Article 6(1)(a) GDPR |
within 30 days after unsubscription or 72 hours if the data subject objects |
User profiling means a form of (partially) automated processing of personal data evaluating the personal aspects relating to a natural person, in particular to analyze or predict aspects concerning the data subject's personal preferences, interests, or related characteristics. Today, modern customer service software is capable of recording customer or client activity in a way that also helps the Controller/Service Provider in providing customers/users with services even more closely tailored to their needs. The Controller uses the customer relations and management (CRM) software by Crane Kft. The legal basis of the processing is the controller’s legitimate interest pursuant to Article 6(1)(f) of the GDPR. The purpose of processing is to create a more direct communication with patrons committed to classical music, and to offer them services tailored to their needs. For more information, please feel free to contact us.
(3) Processors used
| Name of the Service Provider: | InterTicket Kft. (ticket and season ticket purchase) |
| Registered address and postal address: | H-1139 Budapest, Váci út 99. |
| Registration agency: | The Metropolitan Court as Court of Registration |
| Company registration number: | Cg. 01-09-736766 |
| Tax number: | 10384709-2-41 |
| Email address: | interticket@interticket.hu |
| Website URL: | www.jegy.hu |
| Data Privacy Statement |
available here. |
| Name of the Service Provider: | OTP Mobil Szolgáltató Kft. (online payment with bankcard) |
| Registered address and postal address: | H-1143 Budapest, Hungária krt. 17-19 |
| Registration agency: | The Metropolitan Court as Court of Registration |
| Company registration number: | Cg. 01-09-174466 |
| Tax number: | 24386106-2-42 |
| Email address: | dpo@otpmobil.com |
| Website URL: | simplepay.hu |
| Data Privacy Statement | available here. |
| Name of the Service Provider: | Crane Kft. (CRM system) |
| Registered address and postal address: | H-1138 Budapest, Révész utca 27-29. 2. em |
| Registration agency: | The Metropolitan Court as Court of Registration |
| Company registration number: | Cg. 01-09-862008 |
| Tax number: | 13567257-2-41 |
| Email address: | info@crane.hu |
| Website URL: | craneds.ie |
| Data Privacy Statement | available here. |
| Name of the Service Provider: | eSolution Kft. (web development) |
| Registered address and postal address: | H-2481 Velence, Vásártér utca 40.; |
| Registration agency: | The Metropolitan Court as Court of Registration |
| Company registration number: | Cg. 07-09-030086 |
| Tax number: | 12596535-2-07 |
| Email address: | aniko@esolution.hu |
| Website URL: | esolution.hu |
| Name of the Service Provider: | Bence Németh, sole proprietor |
| Registered address and postal address: |
H-1148 Budapest, Bolgárkertész utca 64. |
| Registration number: | 54961294 |
| Tax number: | 6325423-1-42 |
| Email address: | n.bence@gmail.com |
| Name of the Service Provider: | PSYMA-Hungary Kft. (audience research) |
| Registered address and postal address: | H-1138 Budapest, Párkány u. 17. |
| Registration agency: | The Metropolitan Court as Court of Registration |
| Company registration number: | Cg. 01-09-468674 |
| Tax number: | 12141111-2-41 |
| Email address: | hedvig.lehmann@psyma.com |
| Website URL: | www.psyma.com |
(4) Data transfer to third countries
The Controller may not transfer personal data to countries outside the EU/EEC or to international organizations. If the Controller uses the services of an online cloud provider, it shall at all times follow the principles of built-in and default data protection to ensure that, in selecting the relevant service provider, it cooperates with enterprises registered in the EU/EEC so that data storage and processing takes place on servers and by service providers located within the EU/EEC.
(5) Data security measures
The BFO ensures the protection of the personal data processed with measures appropriate to the operational risks. These include information security measures (e.g. password protection, firewall etc.) as well organizational measures (e.g. strict authorisation management, confidentiality declarations of employees involved in data management). In the event you detect any personal data breach (e.g. you receive messages of dubious authenticity purportedly from us), please report it to the data controller immediately.
(6) What rights do you have as a data subject?
Below is a brief summary of the rights you may exercise as a data subject. For a more detailed information, please feel free to contact our data protection officers using the contact details above.
For every legal basis for actual processing performed through the website or processing required to ensure the operation of the website (see column iv in Section (2) of this Statement), you can request information about the processing of your personal data, as well as rectification of your personal data in case you find your personal data have been registered incorrectly on the registration or newsletter interface of the website. Please notify us of any changes in your details (e.g. email address) in an email sent to the rendeles@bfz.hu email address.
If you no longer want personal data related to you to be processed by us, you may exercise your right to erasure. Even if you have previously consented to the processing, you can withdraw your consent any time. Please note that the Controller cannot erase any data required to be processed by law or required for the exercising of a third person’s rights (e.g. information used in civil lawsuits or criminal proceedings). If you find it necessary, you may request restriction of processing related to you - this is called right to restriction.
You shall have the right to receive the personal data concerning you, which you have provided to the BFO, in an electronically captured format (right of access) and have the right to transmit those data to another controller. You have the possibility to do this one time free of charge.
You also have the right to lodge a complaint or obtain judicial redress. Please see below for more details.
You can send a request for exercising your rights as a data subject to the notification address specified in this Statement. Your request will be investigated and reviewed within one month. Where appropriate, and once proper information has been provided, we may require an additional two months to complete our investigation.
In the event you find our reply unsatisfactory, you may contact the data protection authority using the following contact details.
National Authority for Data Protection and Freedom of Information
Registered office: H-1055 Budapest, Falk Miksa utca 9-11.
Email: ugyfelszolgalat@naih.hu
Mailing address: H-1363 Budapest, Pf.: 9.
Electronic Administration Portal: Short name: NAIH KR ID: 429616918
Phone: +36 30 683 5969; +36 30 549 6838; +36 1 391 1400
Fax: +36 1 391 1410
Website: https://naih.hu
The regulation used for the creation of this Data Privacy Statement is Regulation (EU) 2016/679 of the European Parliament and of The Council.
Last update of this Data Privacy Statement: October 24, 2024
Thank you for reading this Statement.
