1. Name and contact details of the Data Controller
- Name: Belvedere-bor Kft.
- 8229 Paloznak, Kossuth u. 16.
- Tax number: 25928147-2-19
- Company registration number: 19-09-519106
- Registered and registered by: Veszprém Court of Registration
- Person responsible for data management of the company: Béla Zsolt Gyetvai
- Postal address: 8229 Paloznak, Kossuth u. 16.
- Phone number: + 36 87 789 727
- E-mail address: info@villagyetvai.hu

 

2. Content, purpose and scope of the Code
The purpose of this Privacy Policy is to provide the persons and guests concerned, hereinafter referred to as the "Data Subject"/"Customer"/"User", with concise, comprehensible, clear and understandable information on the management of personal data in the course of the activities of Belvedere-bor Ltd.
The Privacy Notice shall specify: the identity of the controller, the scope of the personal data processed by the Controller, the legal basis for the processing of the data, the method of processing (including access by the Controller and the transfer and transmission of data to third parties), the purpose of the processing, the duration of the processing, the requirements of data protection and data security and the means of enforcement of the User's rights. This Privacy Notice is originally written in Hungarian.

 

3. Definitions - based on the GDPR
- 'personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

- 'processing' means any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, sectioning, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- "controller" means a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law;
- "processor" means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
- "recipient" means a natural or legal person, public authority, agency or any other body to whom or with which personal data are disclosed, whether or not a third party. Public authorities that may have access to personal data in the context of an individual investigation in accordance with Union or Member State law are not recipients; the processing of those data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;
- 'consent of the data subject' means a freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she signifies, by a statement or by an act expressing his or her unambiguous consent, that he or she signifies his or her agreement to the processing of personal data relating to him or her;
- "data breach" means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

 

4. Basic rules of data processing by the Company, purpose and legal basis of data processing
Whose data do we process?
We process the data of all registered Users of the Website on the basis of their consent given at the time of registration.
Why do we process these data (purpose of processing)?
To identify our users, contact them and bill them (We use the information you provide, for example, to confirm your registration, send you information about the Services, update your information, or send you system messages as part of the Services, reminders about the Services, or responses to information you request.)

What happens if you do not provide the data:
The provision of these data is a minimum prerequisite for Registration, therefore, the provision of these data is mandatory for Registration, and by Registering, the user consents to the processing of these data by the Service Provider. If you do not provide this information, you will not be able to register on the Website. Please note that the scope of the data required for registration has been defined taking into account the principle of data economy.
Scope of personal data processed by the Company
Other activities on the Website: on the Website, the Data Controller may request other personal data of Users for certain activities (e.g., for prize draws, promotions), however, the provision of such data is voluntary, the Data Controller will inform Users about the data management in the form of a case-by-case information notice, and will use the personal data provided only for the purpose and for the duration of the activity indicated. Such processing shall also be governed by this Privacy Notice.
Registration, newsletter subscription
- What data do we process? Name, e-mail address, password, address, telephone number, IP address
- How do we process this data? The processing is based on the User's consent given during the use of the Website, as set out in this Privacy Notice, in accordance with the applicable law.
- For how long do we process this data? The period of processing is three (3) months from the date of cancellation of the Registration, given that after the termination of the Service, the Controller, a third party may have a civil claim against the User or the User's activity. In the case of registration with a billed service, the period shall be 8 years from the date of the last invoice.
- To whom do we transfer this data? (data transfer, data transmission) -
Data processing related to an order
- What data do we process? Transaction ID; Bank account number; Bank account holder; Payment amount; Payment date; IP address; Unique payment identifier; Unique payer identifier
- What is the basis on which we process this data? The processing is based on the consent of the User. The processing of the data is necessary to fulfil Orders
- For how long do we process this data? 5 years from the termination of the service.
- To whom do we transfer this data? (data transfer, data transmission) The data will be transferred to the company that provides accounting services for the Service Provider and to the Service Provider's invoicing partner.
Data processing related to payment
- On what basis do we process these data? Based on the User's consent
- What data do we process? Name, e-mail address, password
- For how long do we process this data? The period of processing is five (5) years from the date of cancellation of the Registration, given that after the termination of the Service, the Controller, a third party may have a civil claim against the User or the User's activity. In the case of registration with a billed service, the period shall be 8 years from the date of the last invoice.
- To whom do we pass this data? (data transmission, data transfer) Raiffeisen Bank Zrt. (headquarters: 1054, Budapest Akadémia utca 6.); Barion Payment Inc. (1117 Budapest, Infopark stny. 1.)
Data processed in the course of complaints and claims
- What data do we process? Name, e-mail address and address of the complainant,
- What is the basis for processing this data? Complaints: The legal basis for the processing of the data is the fulfilment of the legal obligation of the Data Controller pursuant to paragraph (7) of Article 17/A of Act CLV of 1997 on Consumer Protection.
- How long do we process these data? In the case of complaints and claims: for 5 years from the start of the complaint (statutory time limit).
- To whom do we disclose this data? (data requests, data transfers) -

 

5. The primary legal basis for data processing
- REGULATION (EU) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation or GDPR) - this information is provided pursuant to Article 13 thereof
- Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (General Data Protection Act)
- Act CVIII of 2011 on certain aspects of electronic commerce services and information society services ("Eker Act")

6. Access to personal data, modification of data, cancellation of registration
The User may access, delete, modify or restrict the processing of personal data, the portability of data, object to the processing of personal data at any time, free of charge, by sending a request to info@villagyetvai.hu or by contacting the Data Controller at any of the contact details indicated in point 1 of this Privacy Policy.
Duration of processing, deadline for deletion of data:
The data will be deleted immediately after the User's response to the request for a quote.
If the User purchases a ticket for an event in the Service Provider's system, a contract has been concluded, so the deadline for deletion of personal data is different for accounting records, since pursuant to Article 169 (2) of Act C of 2000 on Accounting, these data must be kept for 8 years. Accounting documents (including general ledger accounts, analytical or detailed records) which directly and indirectly support the accounting accounts must be kept for at least 8 years in a legible form, retrievable by reference to the accounting records.

 

7. Use of cookies
Types of cookies. A session cookie is a type of cookie that is necessary to maintain even the most basic level browsing processes. In its absence, the page-to-page process can no longer be tracked by the website. The content of the cookie is usually just a string of 20-30 quasi-random alphanumeric characters.
Advertising and browsing cookies collect the browsing habits of the visitor on the website, thus allowing more targeted and personalised offers to be offered and enhancing the user experience during the browsing process. The content of the cookie is more informal than the session cookie, but it may still not contain any personal data of the visitor.
Cookies on the Company's website: the Company's website allows you to access your personal menu with a session cookie. And with its advertising and browsing support cookies, it aims to improve the user experience of the website by analysing visitor behaviour.
Allow, restrict or disable cookies: all modern browsers allow you to choose whether or not to accept cookies. Browser settings can be used to customise whether a visitor is notified when a website wishes to place a cookie in their browser, as well as how long different types of cookies can be retained and whether they are deleted when the browser is closed. It is important to know whether a website wishes to place a cookie on your browser, how long different types of cookies may persist and what happens when you close your browser. It is important to know that certain services on some websites are explicitly dependent on the acceptance of cookies, so that if you disable cookies, you may experience unexpected functionality on the website, or worse, you may not be able to use the services of the website.

8. Profiling
Google Analytics: website traffic data is measured by the Data Controller using the web analytics service Google Analytics provided by Google, Inc. ("Google"). Google Analytics compiles reports on user interactions with Google Analytics clients' websites, based primarily on internal cookies. Google Analytics Advertising features can be enabled through Google advertising cookies - such as remarketing - for Google Display Network products such as AdWords. Each computer and device that connects to the internet is assigned a unique number, called an IP address (Internet Protocol address). Such numbers are allocated in blocks by country, and an IP address can often be used to identify the country, state/county and city from which the computer connects to the internet. Because of the way the internet works, websites use IP addresses, website owners may be able to know the IP address of their users even if they do not use Google Analytics. However, Google Analytics only collects the IP address of website users to protect the security of the service and to allow website owners to get a picture of where their visitors are coming from around the world (also known as "IP geolocation"). Google stores data in a performance-optimised, encrypted format instead of traditional file systems or databases. To reduce access and redundancy, data is split across multiple physical and logical volumes to prevent data misuse.
Google remarketing: By visiting the Website, you acknowledge and consent to the fact that during your visits to our website, one or more cookies will be sent to your computer, which will enable your browser to be uniquely identified. These cookies are provided by Google and are used through Google Adwords. These cookies are only sent to your computer when you visit each sub-page, so they only store the fact and time of your visit to that sub-page. The cookies sent as described above are used as follows: third-party service providers, including Google, use these cookies to store if the data subject has previously visited the advertiser's website and, on this basis, display advertisements to the data subject on the websites of partners of third-party service providers, including Google. The data subject can opt-out of Google's cookies by visiting the Google advertising opt-out page (http://www.google.hu/privacy_ads.html) or opt-out of cookies from third-party service providers by visiting the Network Advertising Initiative opt-out page (http://www.networkadvertising.org/managing/opt_out.asp).

Legal basis for processing: no consent is required from the data subject where the sole purpose of the use of cookies is to provide a communication over an electronic communications network or where the service provider strictly needs the cookies to provide an information society service explicitly requested by the subscriber or user.

9. Access to data, data security measures
The Data Controller will make every effort to ensure the security of the data in accordance with Article 32 of the General Data Protection Regulation (GDPR). Please note that the data you provide will be transmitted to our server over an encrypted line using SSL (SecureSocketLayer) technology, which guarantees that data transmitted over the Internet will not be accessible to third parties. Our authentication for the encrypted connection has been issued by GeoTrust, using ExtendedValidation SSL (Extended Validation SSL) under a strict set of conditions.
Please also note that all contracts concluded on our site and payment by credit card are made with the following optional financial partners:
- the purchase may be made through the Internet card acceptance system of our contractual partner Raiffeisen Bank Zrt. (head office: 1054 Budapest, Akadémia u. 6., Cg.: 01-10-041042). The relevant page of our partner is certified by Netlock. The Java application that handles the communication receives and sends the data via a secure channel protected by our partner's computer system, which ensures that the data you provide cannot be disclosed to unauthorised persons
- the purchase can be made through the online card acceptance system of Barion Payment Inc. (headquarters: 1117 Budapest, Infopark stny. 1.).

 

10. Special provisions for underage users
For children, minors: If you wish to register, please ask your parents to help you. If you are a minor under the age of 16, you should always ask for your parent's consent when entering your name, phone number, or other personal information on the website. And if you are a child under 14, do not give out any of your details, such as your name, email address, phone number, without your parent's knowledge, but ask them to help you. Also ask your parent to read the following lines aimed at informing parents.
Parents: acceptance of this Privacy Notice, Registration: If the child is under the age of 16 (or is under a guardianship that fully or partially restricts his or her legal capacity) but over the age of 14, he or she cannot register on the Website or accept this Privacy Notice on his or her own. Both the registration and the acceptance of this Privacy Notice require the consent or approval of the person having parental authority or legal guardian (usually the parent). This section also applies to persons under guardianship that restricts their capacity to process personal data. Orders: if the child is under 18 (or is not an adult or is incapable), he or she cannot place an Order, the Order can be placed on his or her behalf by his or her legal representative (usually his or her parent). This section also applies to persons subject to a guardianship order restricting their capacity to act. For the reasons set out above, if the child is under 18 years of age or otherwise has limited capacity but has reached the age of 14, the prior consent or approval of the person having parental authority over the child or the child's legal guardian is required for the use of the Website. Such consent includes accepting full responsibility for the child's use of the Site. The consent shall be sent to the Data Controller at one of the contact details indicated in point 1 of this Privacy Notice.

 

11. Further information
The Company may occasionally contract with certain legal or natural persons to perform tasks and provide services on its behalf (for example: website administration or development, operation, or call center tasks).

Where it is unavoidable that persons may become aware of personal data in the course of their duties, the Data Controller shall ensure that they act in accordance with the applicable data protection legislation and this Privacy Statement and shall be responsible for their compliance with the rules. The website may contain links to other websites whose privacy policies are outside the control of the Data Controller. If you leave our website by using these links, the privacy policy of the operator of the website you have visited will apply.

 

12. Users' rights, enforcement options
You may request the following in relation to your personal data processed by the Data Controller (each of which is set out in detail below):
- access to the data we process about you
- request a correction
- request the deletion of your data
- restrict the processing of your data
- carry the data we process
- object to the processing of your data.
The Data Controller shall inform you of the action taken on your request or the reasons for non-action without undue delay and in any event within one month of receipt of the request. If the request is complex, the time limit may be extended by a further two months.
Information will be provided electronically where possible. Information and action will be provided free of charge, except for requests that are clearly unfounded or excessive, in particular because of their repetitive nature. In such cases, we will charge a reasonable fee or refuse to take the requested action. We may ask you for information necessary to confirm your identity in connection with your request.
You can lodge a complaint with the supervisory authority about our action or you can also exercise your right to a judicial remedy. You can access the following information about the processing of your personal data:
- what data we process from you;
- the purposes for which we process your data;
- for how long we process the data;
- who has received or will receive your personal data;
- the safeguards for data processing outside the EU or internationally;
- if you have not provided your data to us, from whom we have received it;
- the fact of automated decision-making, including profiling, information on the logic used, the significance of the processing and its consequences for you;

Your rights and remedies in relation to the processing:
Correction: You have the right to obtain, at your request and without undue delay, the correction of inaccurate personal data relating to you or the completion of incomplete personal data by the Data Controller.
Erasure: You may request the Controller to erase your personal data if:
- the personal data are no longer necessary for the purposes for which they were collected or processed.
- you withdraw your consent on which the processing is based and there is no other legal basis for the processing.
- you object to the processing and there are no overriding legitimate grounds for the processing.
- the personal data have been unlawfully processed.
- the data must be deleted in order to comply with a legal obligation.
- in relation to services offered directly to children.
Right to be forgotten: If you have requested the deletion of your data as set out above and we have disclosed your personal data, we will take reasonable steps to inform other data controllers that have processed the data that you have requested them to delete the links to or copies of the personal data in question. Please note that we cannot comply with your request for erasure if the data is necessary for the establishment, exercise or defence of legal claims, or if it would restrict your right to freedom of expression and information, or if we are subject to a legal obligation (or a legal obligation imposed on us by a legal obligation in the public interest or for scientific, research or statistical purposes) that is contrary to the erasure request.

Restriction: restriction means that such personal data may only be stored or processed with your consent (except for the establishment, exercise or defence of legal claims, the protection of the rights of others or important public interests). You have the right to request restriction of the processing of your data if:
- You claim that the data is inaccurate, in which case the restriction applies for the period during which we verify the accuracy of the personal data.
- the processing is unlawful but you oppose the erasure of the data and instead request the restriction of its use - we no longer need the personal data but you require it to establish, exercise or defend legal claims.
- if you object to the processing, in which case the restriction will apply for a period of time until it is determined whether our legitimate grounds override your legitimate grounds
We will inform all those to whom we have disclosed the personal data of the rectification, erasure or restriction of processing, unless this is impossible or involves a disproportionate effort. A list of such recipients is available to you upon request.

Data portability: you have the right to receive the personal data provided to the Data Controller and to have those data transferred to another Data Controller if the processing is based on your consent or the performance of a contract and is automated. The portability must not infringe the rights and freedoms of others or the right to erasure (right to be forgotten). You may also request the Controller to transfer the personal data directly to the new service provider, if technically feasible.

Objection: you may object to any processing based on the legitimate interest (or public interest) of the Data Controller. Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data relating to you for these purposes, including profiling, and we may no longer process the data after you have objected. Profiling: you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Except where it is necessary for the conclusion or performance of a contract between you and the controller, where you have given your explicit consent or where the law allows the decision to be taken in a way that protects your rights and interests, in which case you have the right to obtain human intervention, to express your views and to object to the decision. Enforcement: the User may enforce his rights under the General Data Protection Regulation (GDPR) and the Civil Code (Civil Code). In case of violation of his rights, the User may apply to the courts or lodge a complaint with the supervisory authority. You may lodge a complaint with the supervisory authority of the Member State where you have your habitual residence, place of work or place of the alleged infringement if you believe that the processing of your personal data infringes the GDPR.
The supervisory authority in Hungary is the Hungarian National Authority for Data Protection and Freedom of Information, whose registered office is at 1055 Budapest, Falk Miksa u. 9-11., website: www.naih.hu, telephone number: +36 (1) 391-1400. You have the right to a judicial remedy against a legally binding decision of the supervisory authority that applies to you, or if the authority does not deal with your complaint or does not inform you of the procedural developments or the outcome of the complaint within three months. Proceedings against the supervisory authority must be brought before the courts of the Member State where the supervisory authority is established. If you have suffered damage as a result of a breach of the General Data Protection Regulation, you are entitled to compensation from the Controller (or the processor) for the damage suffered. Court proceedings must be brought before the courts of the Member State where the Controller (or processor) is established. Such proceedings may also be brought before the courts of the Member State where you are habitually resident. If you consider that your personal data have been processed in a way that does not comply with the General Data Protection Regulation and that your rights have been infringed, you may bring the infringement before a court. Court proceedings must be brought in the courts of the Member State where the Controller (or processor) is established. Such proceedings can also be brought in the courts of the Member State where you have your habitual residence.

The headings in this Privacy Notice are for information purposes only and are not in themselves sufficient to understand the processing. If you have any questions that are not clearly answered in this Privacy Notice, please contact info@villagyetvai.hu.