Data Privacy
Information on the data management processes of Budafok Dohnányi Orchestra Non-profit Public Benefit Ltd. as Data Controller (hereinafter: Data Controller)
With regard to the handling of your personal data by Budafok Dohnányi Orchestra (hereinafter: BDO), BDO hereby informs you as per Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: GDPR), according to the contents of article no. 13.
BDO as Data Controller recognises the contents of the present Data Management Information as binding.
BDO commits to meet all requirements regarding data management in connection with BDO’s activities as defined in the present policies and in the national regulations in force, as well as the legal acts of the European Union. BDO reserves the right to change the present information document at any time. In such a case, those affected will be notified on BDO’s official site (www.bdz.hu).
BDO feels obliged to protect the personal data of all data subjects and considers it very important to respect its clients’ right of informational self-determination. BDO manages all personal data confidentially and will always do its best to provide any and all security, technical and organisational provisions to guarantee data safety.
1 Purpose and legal basis of data management, range of data handled, time period of data management, range of those with access to data, data forwarding
1.1 Web Page Registration
Please be informed that when you as user and also as data subject affected by the handling of personal data (data subject) visit the site www.bdz.hu (hereinafter home page or website) run and maintained by BDO as data controller and avail of website services offered there, the personal data inserted by you or gained through your activities will be managed as described in the present Information Document.
Beware that our website uses cookies, primarily for the sake of BDO providing ever higher quality services and the proper risk management in terms of security and data privacy. By visiting the website small sized files, so-called cookies may be sent to your computer or the device through which you visit the website. A separate information document can be found about the use of cookies on the website.
Please be informed that the cookies used on our website do not handle personal data.
Should you register on BDO’s website, BDO will thereafter handle the following types of your data in connection with the use of the website: name, home address, phone number, email address, password.
The legal basis for data management for such a case is point b) (performance of the contract) of paragraph (1) of article no. 6 of GDPR. Conditions for data use regarding the website are available at https://bdz.hu/adatkezelesi-tajekoztato.
Your data as per the present point will be handled by us until the deletion of your registration.
Your data as per the present point may be accessed by appointed employees of BDO, as well as legal persons (data processors) providing computer support for BDO.
1.2 Newsletter / Direct Marketing
Upon your consent and based on your voluntary agreement, BDO may handle the following types of your data for direct marketing purposes: name, home address, phone number, email address.
In such a case, the legal basis for data management is your consent as per point a) of paragraph (1) of article 6 of GDPR. Your consent given for direct marketing is not a precondition for you entering into a contract with BDO. Your consent as for the purposes of this point may be withdrawn at any time, free of charge at any of the following contacts:
Website: www.bdz.hu
Email address: info@bdz.hu
Phone: +36 1 3221488
In person: Art Secreteriat of Budafok Dohnányi Orchestra (Building IV, Kerepesi út 29/b, Budapest 1087).
Your data as per the present point will be handled by us until the withdrawal of your consent to use them for direct marketing.
Your data as per the present point may be accessed by appointed employees of BDO, legal persons (data processors) providing computer support for BDO and legal persons dealing with the sending out of BDO’s direct marketing materials.
Furthermore, we kindly inform you that the data provided by you or gained from earlier ticket purchases from BDO or services provided to you by the same will also be used for the customising of the marketing materials sent to you according to your personal preferences. No automatic decision-making is performed during the above process.
1.3 Data management regarding ticket and season’s ticket purchases
Should you purchase tickets or season’s tickets directly from BDO on the website or in any other way (through our partners, e.g. Müpa, Interticket) and provide your personal data, the following of these will be handled in this regard by BDO:
name, home address, phone number, email address, tax number, bank account number, data regarding earlier purchases and their delivery, areas of interest.
In such a case the legal basis for data management is point b) (performance of the contract) and c) (“performance of legal obligation”) of (1) of article no. 6 of GDPR, with attention to the fact that by your purchasing a ticket of a season’s ticket, a contract is closed between you and BDO, and that BDO has tax and accounting obligations with regard to the performance of the contract.
Your data as per the present point will be managed by us for 5 years after the performance of the contract, in case of data necessary for the performance of tax obligations until the end of the tax legislation limitation period (5 years starting on the last day of the calendar year in which the tax return could have been filed or reported, or, lacking these, tax should have been paid), that is, for 7 years at the most, while data necessary for the performance of accounting obligations will be handled for 8 years at the most.
Your data as per the present point may be accessed by appointed employees of BDO, legal persons (data processors) providing computer support for BDO and legal persons dealing with ticket sales and BDO’s online payment service provider.
1.4 BDO Patrons’ Club
If you are a member of BDO’s Patrons’ Club, the following data of yours may be handled by BDO in connection with your membership:
Name; address; email address; phone number; sum paid/level of support; ticket purchase history; date of entry; password; day, month, year of birth; expiry date of club membership; partner’s name (if you or your partner provided us with this information)
In this case the legal basis for data management is point b) (performance of the contract) and c) (“performance of legal obligation”) of (1) of article no. 6 of GDPR, with attention to the fact that by your entering our patrons’ club, a contract is closed between you and BDO, and that BDO has tax and accounting obligations with regard to the performance of the contract.
Your data as per the present point will be managed by us for 5 years after the performance of the contract, in case of data necessary for the performance of tax obligations until the end of the tax legislation limitation period (5 years starting on the last day of the calendar year in which the tax return could have been filed or reported, or, lacking these, tax should have been paid), that is, for 7 years at the most, while data necessary for the performance of accounting obligations will be handled for 8 years at the most.
Your data as per the present point may be accessed by appointed employees of BDO Patrons’ Club, legal persons (data processors) providing computer support for BDO and BDO’s online payment service provider.
1.5 Data management in relation to the loyalty programme
If you are a member of BDO’s Loyalty Programme, the following data of yours may be handled by BDO in connection with your membership:
Name; address; email address; phone number; ticket purchase history; loyalty programme card number; date of entry; points collected; areas of interest; day, month, year of birth
In this case the legal basis for data management is point b) (performance of the contract) and c) (“performance of legal obligation”) of (1) of article no. 6 of GDPR, with attention to the fact that by your entering our patrons’ club, a contract is closed between you and BDO, and that BDO has tax and accounting obligations with regard to the performance of the contract.
Your data as per the present point will be managed by us for 5 years after the performance of the contract, in case of data necessary for the performance of tax obligations until the end of the tax legislation limitation period (5 years starting on the last day of the calendar year in which the tax return could have been filed or reported, or, lacking these, tax should have been paid), that is, for 7 years at the most, while data necessary for the performance of accounting obligations will be handled for 8 years at the most.
Your data as per the present point may be accessed by appointed employees of BDO, legal persons (data processors) providing computer support for BDO and legal persons dealing with ticket sales and BDO’s online payment service provider.
1.6 Data management in relation to auditions
If you register for an audition with BDO, the following data of yours may be handled by BDO in connection with your registration:
Name; address; email address; phone number; day, month, year of birth; mother’s maiden name; any personal data you provided in your CV, e.g.: musical instrument mastered, prizes won at competitions, schools, language skills etc.
In this case the legal basis for data management is point b) (performance of the contract) and c) (“performance of legal obligation”) of (1) of article no. 6 of GDPR, with attention to the fact that by your registering for auditions, a contract is closed between you and BDO.
Your data as per the present point will be managed by us for 5 years after the performance of the contract, in case of data necessary for the performance of tax obligations until the end of the tax legislation limitation period (5 years starting on the last day of the calendar year in which the tax return could have been filed or reported, or, lacking these, tax should have been paid), that is, for 7 years at the most, while data necessary for the performance of accounting obligations will be handled for 8 years at the most.
If you agree to it, we may use your data in order to get back to you after an unsuccessful audition with possible casual work opportunities.
Your data as per the present point may be accessed by appointed employees of BDO, as well as legal persons providing computer support for BDO.
1.7 Data Management in Relation to Dohnányi Academy
If you register to participate in Dohnányi Academy, the following data of yours may be handled by BDO in connection with your registration:
Name; address; email address; phone number; day, month, year of birth; mother’s maiden name; any personal data you provided in your CV, e.g.: musical instrument mastered, prizes won at competitions, schools, language skills etc.
In this case the legal basis for data management is point b) (performance of the contract) of (1) of article no. 6 of GDPR, with attention to the fact that by your registering for the academy, a contract is closed between you and BDO.
Your data as per the present point will be managed by us for 5 years after the performance of the contract, in case of data necessary for the performance of tax obligations until the end of the tax legislation limitation period (5 years starting on the last day of the calendar year in which the tax return could have been filed or reported, or, lacking these, tax should have been paid), that is, for 7 years at the most, while data necessary for the performance of accounting obligations will be handled for 8 years at the most.
Your data as per the present point may be accessed by appointed employees of BDO, as well as legal persons providing computer support for BDO.
2 Data Controller
Your data are handled by (data controller): Budafok Dohnányi Ernő Symphonic Orchestra Nonprofit Public Benefit Ltd. (Company registration no.: 01 09 920044, seat: Tóth József u. 47, Budapest 1221.)
Person in charge of internal data privacy of data controller:
Name: Linda Borbély
E-mail: adatvedelem@bdz.hu
Our data processors: Interticket Commercial & Services Ltd., Viacom Information Technology Ltd., Jegymester (“Ticket Master”), Expectterv, Müpa (Palace of Arts), ZAK (Music Academy), Klauzál (Klauzál Gábor Cultural Centre, Budafok-Nagytétény), MÁK (Hungarian State Treasury)
3 The list of our data processors is available on the webpage Disclosure Data_Data Controllers (https://bdz.hu/kozerdeku-adatok/).
Description of technical and organisational measures applied for data storage and safety
Your personal data are stored at the Art Secreteriat of BDO (Building IV, Kerepesi út 29/b, Budapest 1087), and in the information technological systems used by BDO on the server at BDO’s headquarters as well as in cloud based background storages.
BDO will apply every reasonably expected technical safety measure in order to secure a safe storage of data with no access whatsoever by third parties.
The IT safety description of personal data storage and technical and organisational safety measures applied to ensure data security:
BDO regularly shares information about the protection of personal data to its employees in written form as well as through training.
In order to ensure an adequate level of security for personal data, Data Controller and the processors shall take all technical and organisational measures appropriate to ensure the fundamental rights of data subjects and adjust these measures to the scale of the risks of the management itself (especially that of sensitive data), including the use of pseudonymisation where justified. The data security measures are regularly reviewed by Data Controller and, if necessary, amended accordingly.
4 Your rights in relation to data processing (data subject rights):
You have the following rights in relation to the processing of your personal data:
15 right of access (Article 15 of GDPR): You have the right to be informed by BDO whether or not your personal data is being managed and, if such management is ongoing, you have the right to access your personal data and the information contained in this notice.
Upon request BDO will provide you with a copy of the personal data that is the subject of data processing. For additional copies requested by you, BDO may charge a reasonable fee based on administrative costs. If you have submitted your request electronically, we will provide the information in a commonly used electronic format unless you request otherwise.
- the right to rectification (Article 16 of GDPR): You have the right to have inaccurate personal data concerning you corrected by BDO upon your request and without undue delay. You also have the right to request the completion of incomplete personal data.
- the right to erasure (Article 17 of GDPR): You have the right to request that BDO delete personal data concerning you without delay, and BDO is obliged to delete personal data concerning you without delay if one of the following grounds applies:
- the personal data is no longer necessary for the purposes for which it was collected or otherwise handled;
- if the legal basis for the data management is your consent and you withdraw it and there is no other legal basis for the data management;
- you object to the data management and there is no overriding legitimate ground for thedata management;
the personal data have been unlawfully managed;
- in order to comply with a legal obligation under EU or member state law applicable to BDO, the personal data must be erased.
The above provisions under this point (c) shall not apply where (i) it is necessary to process the personal data for compliance with an obligation under EU or member state law applicable to BDO (ii) the processing is necessary for the establishment, exercise or defence of legal claims.
18 right to restriction of data management (Article 18 of GDPR): You have the right to have BDO restrict the management of your data at your request if one of the following conditions is met:
You contest the accuracy of the personal data, in which case the restriction shall apply for the period of time necessary to allow BDO to verify the accuracy of the personal data;
the data management is unlawful and you disapprove the erasure of the data and instead request the restriction of their use;
BDO no longer needs the personal data for the purposes of data management but you require them for the establishment, exercise or defence of legal claims; or
you have objected to the data management; in which case the restriction will apply for the time period until it is determined whether BDO’s legitimate grounds override your legitimate grounds.
21 right to object (Article 21 of GDPR): You have the right to object to the management of your personal data at any time on grounds relating to your particular situation. In this case, BDO may no longer handle your personal data, unless BDO can demonstrate compelling legitimate grounds for the data handling which override your interests, rights and freedoms or are related to the establishment, exercise or defence of legal claims. In case data management is carried out for the fulfilment of a legal obligation, the exercise of the right to object does not result in the cessation of data management under this notice.
22 the right to be informed of the above rights (Article 12 of GDPR): BDO will inform you of the circumstances of data management in a concise, transparent, clear and plain language without delay and in any event within one month of receiving your request under points (a) to (e) above. If necessary, taking into account the complexity of the request and the number of requests, this time limit may be extended by further two months. BDO will inform you of the extension of the deadline, stating the reasons for the delay, within one month of the receipt of your request.
This information is given free of charge. If your request is manifestly unfounded or excessive (in particular because of its repetitive nature), BDO may, taking into account the administrative costs of providing the information requested or of taking the requested action: (i) charge a reasonable fee; or (ii) refuse to act on the request. The burden of proving that the request is manifestly unfounded or excessive lies with BDO.
BDO will inform all recipients to whom or with whom the personal data have been disclosed of the provisions of points (b) to (d) above (i.e. of any rectification, erasure or restriction of data management), unless this proves impossible or involves a disproportionate effort. BDO will inform you of these recipients upon request.
Right to lodge a complaint (Article 77 of GDPR): You have the right to lodge a complaint with the supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement of rights, if according to your consideration the handling of personal data concerning you infringes the GDPR. The complaint can be made to the National Authority for Data Protection and Freedom of Information (address: Szilágyi Erzsébet fasor 22/C.; Budapest 1125; +36 1 391 1400; fax: +36 1 391 1410; ugyfelszolgalat@naih.hu).
Right to judicial remedy (Article 79 of GDPR): You have the right to judicial remedy if you believe that your rights under the GDPR have been infringed as a result of the handling of your personal data in a way that does not comply with the GDPR. Proceedings against BDO must be brought before the courts of the member state in which BDO’s activities are performed. Such proceedings may also be brought before the courts of the member state where you are habitually resident.
Right to data portability (Article 20 of GDPR): you have the right to data portability if the legal basis for the processing is points (a) or (b) of paragraph (1) in Article 6 of GDPR, i.e. your consent or the performance of a contract with you. In this case, you have the right to receive the personal data concerning you that you have provided to BDO in a structured, commonly used, machine-readable format and the right to transmit these data to another controller without BDO preventing you from doing so. You also have the right, where technically feasible, to request BDO to transfer your personal data directly to another data controller.
You may request information about the management of your personal data by the following means:
You can request further information about the processing of your personal data by letter (Kerepesi út 29/b; Budapest H-1087) or by email (adatvedelem@bdz.hu).
Handling Complaints
Please be informed that if you (as a data subject) have a complaint about the management of your personal data or if you experience unlawful data management, you have the following legal remedies.
6.1. Please note that if you experience what in your judgement is an unlawful situation in connection with the management of your personal data, please notify Data Controller directly so that we can investigate the matter and take action to remedy the unlawful situation without delay. Following such notification, Data Controller will, without delay, take all reasonable steps required by law and reasonably expected of it to investigate the matter and bring the unlawful situation to an end.
6.2. Please note that, notwithstanding the above, in the event of unlawful data management, you have the right to seek redress directly with the data protection supervisory authority:
■ Hungarian National Authority for Data Protection and Freedom of Information Headquarters: Szilágyi Erzsébet fasor 22/C.; Budapest 1125
Mailing Address: Pf. 5, Budapest 1530
Telephone: (+36 – 1) 391-1400
Fax: (+36 – 1) 391 – 1410
E-mail: ugyfelszolgalat@naih.hu
URL https://naih.hu
If you need assistance in contacting the supervisory authority or further information on complaint handling, please do not hesitate to contact us.
6.3 Please note that in the event of a breach of your data protection rights, you may, at your option, take Data Controller to court. The court will decide the case in a special proceeding. You may bring the case before the courts either in the place where Data Controller is established or in the place where you reside or stay. Data Controller is liable to compensate you for the damage caused by the unlawful management of your data or by the breach of data security requirements. Please note that Data Controller is also liable for any damage caused to you by a data processor. Please note that Data Controller will be exempted from liability if it proves that the damage was caused by an unforeseeable event outside the scope of data management.
In force from: 25 May 2018.
