Information on Data Controlling

Introduction

Főnix Rendezvényszervező Közhasznú Nonprofit Kft. (4026 Debrecen, Hunyadi utca 1-3., (hereinafter the Service Provider) as controller acknowledges the contents of this information on data controlling as binding. It assumes the obligation to ensure that all its data controlling activities comply with the requirements described in this policy and the valid legal regulations.

Főnix Rendezvényszervező Közhasznú Nonprofit Kft. is committed to protect the personal data of its customers and business partners and considers it extremely important to respect the information rights of its customers.

Főnix Rendezvényszervező Közhasznú Nonprofit Kft. treats the personal data of its customers and partners confidentially and it takes all technical, organisational and safety measures that guarantee the safety of the data.

1. Name and contact information of the Controller
Controller’s name: Főnix Rendezvényszervező Közhasznú Nonprofit Kft.
Controller’s postal address: 4026 Debrecen, Hunyadi utca 1-3.
Controller’s email address: info@fonixinfo.hu

2. The purpose, legal basis and duration of data controlling; the scope of personal data

The data controlling aspects of the activities of Főnix Rendezvényszervező Közhasznú Nonprofit Kft. are based on voluntary consent. In certain cases, however, legal regulations make it obligatory to control, store and forward a certain part of the supplied data, about which we separately inform the users.

We draw the attention of data suppliers that it is the data supplier’s obligation to obtain the data subject’s consent if they supply personal data other than their own.

This Information on Data Controlling of Főnix Rendezvényszervező Közhasznú Nonprofit Kft. complies with the valid legal regulations on data protection, in particular the following:
– Directive (EU) 2016/679 of the European Parliament and Council
– Act CXII of 2011 on the right of informational self-determination and on the freedom of information (InfoAct)
– Act CLV of 1997 on consumer protection (ConsAct)
– Act C of 2000 on accounting (AccAct)
– Act V of 2013 on the Civil Code (CC)
– Act XIX of 1998 on criminal proceedings (CrimAct)
– Act CVIII of 2001 on certain aspects of electronic commerce and information society services (EcommAct)
– Act C of 2003 on electronic communications (ECAct)
– Act CXXXIII of 2005 on non personal and property protection and the activity of private investigators (PPAct)
– Act XLVIII of 2008 on the basic conditions and certain restrictions of commercial advertising activities (CaAct)

2.1. Sale of tickets

Purpose of data controlling: issue of invoices for customers

Legal basis of data controlling: the provisions of Act CXII of 2011 (InfoAct) and Act C of 2000 on Accounting (AccAct)

Type of controlled personal data: customer’s name and address

Duration of data controlling: 8 years

Legal basis of data forwarding: data controlling is necessary to perform the agreement (Point b, Paragraph (1), Section 6 of the GDPR)

2.2. Events

The visitor acknowledges that video and audio recordings are made about the free events of Főnix Rendezvényszervező Közhasznú Nonprofit Kft., which may feature the Visitor. By participating in the free event, the Visitor acknowledges that he/she may be subject of video and audio recordings, which Főnix Rendezvényszervező Közhasznú Nonprofit Kft. may use, multiply, publish and distribute without any further compensation.

Legal basis of the data controlling: the data subject’s voluntary consent by participating in the event

Type of controlled personal data: Image and voice of the visitor

Duration of data controlling: until withdrawal of the data subject’s consent

3. Electronic monitoring system

An electronic monitoring system is used in the buildings operated by Főnix Rendezvényszervező Közhasznú Nonprofit Kft., which includes the installation of cameras. The exact location and the names of the monitored areas can be accessed in the information material posted on the portal of Főnix Rendezvényszervező Közhasznú Nonprofit Kft.

Personal data controller:

Purpose of data controlling: in order to protect human life and health, as well as property, and to prevent and detect offences, catch offenders, prove offences, identify those entering the territory of the buildings, record the fact of entry, document the activities of unauthorised visitors and examine the circumstances of possible occupational and other accidents.

Legal basis of data controlling: in case of visitors, entry to the building; in case of employees, Section 11 of Act 1 of 2012 on the Labour Code (LabCode), as well as Point f, Paragraph (1), Section 6 of the GDPR as has the legitimate interest to protect property.

Type of controlled personal data: the face image visible in the image recordings of the persons entering the building and other personal data recorded by the monitoring system.

Duration of data controlling: three working days if not used (Point c, Paragraph (3) of the PPAct)

Application of the recordings

Entitled to view the live image of the cameras: employees of Főnix Rendezvényszervező Közhasznú Nonprofit Kft.

Entitled to view the camera recordings: employees of Főnix Rendezvényszervező Közhasznú Nonprofit Kft.

Entitled to save the camera recordings on data media: Főnix Rendezvényszervező Közhasznú Nonprofit Kft.

The appropriately authorised persons may only view the stored recordings of the camera monitoring and recording system operated by Főnix Rendezvényszervező Közhasznú Nonprofit Kft. in order to prove offences committed against human life, physical health or property and to identify the offenders. Those data subjects, whose rights or legitimate interests are affected by the image recordings may request the data controller not to destroy the recordings or delete them until the court or competent authority is contacted but not longer than 30 days. The person featured in the recording may request information about the recordings made of him/her and may request a copy to be made or, if other persons are also featured in the recording, they may view the recordings. The data subject may request the recording featuring him/her to be deleted, the data related to the recording to be modified and may also object to data controlling.

The data controller shall record the views into the stored recordings, the name of the person assigned to the process and the reasons for viewing the data in an official protocol.
Data forwarding: in case of administrative or criminal proceedings, towards the authorities performing them.

Circle of forwarded data: the recordings made by the camera system and containing relevant information.

The legal basis for data forwarding: Paragraph (1), Section 71, Point a, Paragraph (2), Section 151 and Paragraph (2), Section 171 of the CrimAct, as well as Point a, Paragraph (1), Section 75 and Paragraph (3), Section 78 of the AccAct

4. The legal background, legal basis and purpose of data controlling performed on the website; the scope of controlled personal data and the duration of data controlling

Information on the use of cookies

What is a cookie?
A cookie is an alphanumeric information package of changing content sent by the web server, which is recorded on the user’s computer and stored for a pre-determined period of time. The use of cookies makes it possible to request certain data of the visitor and track his/her internet use. Thus the use of cookies makes it possible to precisely determine the range of interests, the internet use habits and the history of website visits of the given user. As a cookie operates as a kind of tag with which the website can recognise visitors returning to the site, their use also makes it possible to store the user name and password valid on the given site.
If the user’s browser returns the previously stored cookie during a visit to the website, the sender’s service provider sending the cookie may associate the current visit with previous ones; however, as the cookies are attached to the domain, it is only able to do this regarding its own contents. The cookies are not suitable to identify the user by themselves; they are only suitable to recognise the visitor’s computer.

The legal background and legal basis of cookies:
The background for data controlling is provided by Act CXII of 2011 on the right of informational self-determination and on the freedom of information (InfoAct) and Act CVIII of 2001 on certain aspects of electronic commerce and information society services (EcommAct). The legal basis of data controlling is your consent in accordance with Point a, Paragraph (1), Section 5 of the InfoAct.

Main characteristics of the cookies used on the website:
_ga, _gid, _gat: google analytics tracking cookie

5. Data controlling related to ordering and invoicing
Legal background and legal basis of data controlling:
The background for data controlling is provided by Act CXII of 2011 on the right of informational self-determination and on the freedom of information (InfoAct) and Act C of 2000 on Accounting (AccAct). The legal basis of data controlling is your consent in accordance with Point a, Paragraph (1), Section 5 of the InfoAct and, in case of the withdrawal of your consent, the performance of the legal obligation of the Data Controller determined in the AccAct in accordance with Point a, Paragraph (5), Section 6 of the InfoAct.
Purpose of data controlling: Issuing invoices in accordance with the legal regulations and performing the obligation of retaining accounting documents. Based on Paragraphs (1)-(2), Section 169 of the AccAct, the companies shall retain the accounting documents directly and indirectly supporting their accounts.
The circle of controlled data: name, address, email address, telephone number.
Duration of data controlling: Based on Paragraph (2), Section 169 of the AccAct, the issued invoices shall be retained for 8 years after issuance. We hereby inform you that in case you withdraw your consent to issue the invoice, the Data Controller shall be entitled to store your personal data supplied during the issuance of the invoice for 8 years according to Point a, Paragraph (5), Section 6 of the InfoAct.
Possible consequences of the failure to supply data: failure to buy tickets.

6. Data controlling related to sending newsletters
Legal background and legal basis of data controlling: The background of data controlling is provided by Act CXII of 2011 on the right of informational self-determination and on the freedom of information (InfoAct) and Act XLVIII of 2008 on the basic conditions and certain restrictions of commercial advertising activities (CaAct). The legal basis of data controlling is your consent in accordance with Point a, Paragraph (1), Section 5 of the InfoAct and Paragraphs (1)-(2), Section 6 of the CaAct.

Purpose of data controlling: The purpose of data controlling is to keep you informed about the latest and best offers and campaigns.
The circle of controlled data: name, address, email address, postal code
Duration of data controlling: withdrawal of the concerned data subject’s consent

9. Data controlling related to bookkeeping
Data processor’s name: Főnix Rendezvényszervező Közhasznú Nonprofit Kft.
Data processor’s postal address: 4026 Debrecen, Hunyadi utca 1-3.
Data processor’s email address: info@fonixinfo.hu
Based on the written agreement concluded with the Data Controller, the Data Processor contributes to the processing of accounting documents. During this process the Data Processor manages the name and address of the data subject as necessary for accounting records and for the period set in Paragraph (2), Section 169 of the ACccAct; the related data are immediately deleted afterwards.

10. Marketing database
The data of persons giving their consent to interactions for direct marketing purposes are controlled by Főnix Rendezvényszervező Közhasznú Nonprofit Kft.
Purpose of data controlling: building a database of business purposes, sending email newsletters containing commercial advertisements for the data subjects, preparing tailored offers using online analytical data and forwarding the data controller’s and its partner’s offers.
Only persons over the age of 16 may give their content to interactions for direct marketing purposes.
Legal basis of data controlling: the data subject’s voluntary consent and Paragraph (5), Section 6 of the CaAct.
The circle of controlled data: ID number, name, address, email address, telephone number, consent given to interactions for direct marketing purposes; and the system stores the analytical data related to login and logout, messages sent, delivered and opened and the data subject’s online activity (e.g. date and time of events, viewed pages, IP address of computer, reason for the failure of delivery, shopping habits, demographical data, transaction data).
Duration of data controlling: withdrawal of the concerned data subject’s consent.
Possible consequences of the failure to supply data: the data subject does not get informed about the offers of the data controllers and their partners.
The withdrawal of the consent given to the forwarding of direct marketing messages and the deletion or modification of personal data may be requested using the contact information below:
by e-mail to info@fonixinfo.hu and
by post addressed to Főnix Rendezvényszervező Közhasznú Nonprofit Kft at 4026 Debrecen, Hunyadi utca 1-3.

The independent measuring and auditing of the website visit and other web analytic data of Főnix Rendezvényszervező Közhasznú Nonprofit Kft. are assisted by the server of Google Analytics as an external service provider.

11. Data safety measures
The Data Controller declares that it has introduced appropriate safety measures in order to protect personal data from unauthorised access, modification, forwarding, publishing, deletion or destruction as well as accidental loss or damages and becoming inaccessible due to changes in the applied technology.

12. Your rights related to data controlling
During the period of data controlling, you are entitled to:
– the right to be informed,
– the right of rectification,
– the right of erasure of the data,
– the right of blocking of the data and the right to object.

During the period of data controlling you may request the Data Controller to give you information on the controlling of your personal data. Within the shortest possible time from the submission of the request but no later than 30 days, the Data Controller shall inform you in writing in a comprehensible form on the data controlled, the purpose, legal basis and duration of data controlling, as well as who receive or have received the data and for what purposes if the data were forwarded.
During the period of data controlling you may request the Data Controller to rectify your personal data. The Data Controller shall satisfy your request within a maximum of 15 days.
You have the possibility to request the erasure of your personal data, which the Data Controller shall satisfy within a maximum of 15 days. The right of erasure does not extend to the event when the Data Processor is obliged by the law to further store the data or when the Data Controller is entitled to further control the personal data in accordance with Paragraph (5), Section 6 of the InfoAct (for example in connection to invoicing).
You may request the Data Processor to block the personal data if the final erasure of the data would infringe the legitimate interests of the data subject. The thus blocked personal data may only be processed as long as the purpose that excluded the erasure of the personal data exists.
You may object to the controlling of your personal data if the processing or forwarding of the personal data is only needed to satisfy the legal obligation related to the Data Controller or to exercise the legitimate interests of the Data Processor or a third person, with the exception of obligatory data controlling in the case determined in Paragraph (5), Section 6 of the InfoAct; if the use or forwarding of the personal data is for the purposes of direct marketing, public opinion survey or scientific research (without your consent).
The Data Controller shall examine the objection as soon as possible but no later than 15 days after the submission of the request and makes a decision regarding its justification and informs you about its decision in writing. If the data controller fails to satisfy the data subject’s request of rectification, blockage or erasure, it shall inform the data subject about the factual and legal reasons for rejecting the request of rectification, blockage or erasure in writing or electronically, with the data subject’s consent, within the next 30 days.
If you believe that the Data Controller has infringed any legal provision related to data processing or failed to satisfy any of your requests, you can initiate investigation proceedings of the National Authority for Data Protection and Freedom of Information in order to eliminate the presumed illegal data controlling (postal address: 1530 Budapest, Pf.: 5., e-mail: ugyfelszolgalat@naih.hu).
Besides, we also inform you that, in case of infringing any of the legal provisions on data controlling or if the Data Controller fails to satisfy any of your requests, you may also turn to the court against the Data Controller.

13. Right to be informed
If it is requested by the data subject, Főnix Rendezvényszervező Közhasznú Nonprofit Kft. shall introduce appropriate measures in order to provide the data subjects with all the information mentioned in Sections 13 and 14 of the GDPR and all notifications according to Sections 15-22 and 34 in a brief, transparent, comprehensible and easily accessible form clearly and in accessible language.

14. Right of access of the data subject
The data subject is entitled to receive feedback from the data controller regarding whether the controlling of his/her personal data is ongoing and if such data controlling is ongoing, he/she is entitled to have access to the personal data and information.

15. Right of rectification
Főnix Rendezvényszervező Közhasznú Nonprofit Kft. shall rectify the personal data if it is incorrect and if the correct personal data are available.

16. Right to erasure
In case of the existence of the following reasons, the data subject is entitled to request Főnix Rendezvényszervező Közhasznú Nonprofit Kft. to erase the related personal data without undue delay:
– the personal data are no longer needed for the purposes they were collected or otherwise controlled;
– the data subject withdraws his/her consent constituting the basis of the data controlling and no other legal basis exists for the data controlling;
– the data subject objects to the data controlling and no priority legitimate reason to continue data controlling;
– the personal data were controlled illegally;
– the personal data must be erased in order to satisfy the legal obligations prescribed in the legal regulations of the EU or the member state;
– the personal data are collected in connection with offering services related to the informational society.
The erasure of the data may not be initiated if the data controlling is necessary: in order to exercise the freedom of expression and the right to information; to satisfy the legal obligation prescribing the controlling of data according to the law of the EU or the member state or to complete tasks performed for public interest or within the frameworks of exercising the permissions of legal authority granted to the data controller; for purposes concerning the field of public health or for archiving, scientific and historical research purposes or statistical purposes based on public interest; or in order to submit, exercise or protect legal claims.

17. Right to the restriction of data controlling
If it is requested by the data subject, Főnix Rendezvényszervező Közhasznú Nonprofit Kft. shall restrict data controlling if the any of the following conditions are met:
– the data subject questions the accuracy of the personal data, in which case the restriction applies to the period that makes it possible to check the accuracy of the personal data.
– the data controlling is illegal and the data subject objects to the erasure of the data, requesting the restriction of their use instead.
– the data controller no longer needs the personal data for the purposes of data controlling but the data subject requests them in order to submit, exercise or protect his/her legal claim.
– the data subject objected to data controlling.

If the data controlling is subject to restriction, the personal data may only be controlled with the data subject’s consent or for the purposes of submitting, exercising or protecting legal claims or to protect other natural or legal persons or if they may be controlled for the material public interests of the Union or a member state, with the exception of storing them.
Főnix Rendezvényszervező Közhasznú Nonprofit Kft. shall previously inform the data subject about the lifting of the restriction of data controlling.

18. Right to data portability
The data subject is entitled to receive the personal data related to his/her person and supplied to the data controller in a structured, widely used and machine-readable format and to forward these data to another data controller.

19. Right to objection
The data subject is entitled to object to data controlling of his/her personal data necessary to complete tasks performed for public interest or within the frameworks of exercising the permissions of legal authority granted to the data controller or to exercise the legitimate interests of a third party due to any reason related to his/her own situation at any time.

20. Right of withdrawal
The data subject is entitled to withdraw his/her consent at any time. The withdrawal of the consent does not concern the legitimacy of data controlling based on the consent and performed before the withdrawal.

21. Right to turn to the court
If his/her rights are infringed, the data subject may turn to the court (competent according to the registered office of the defendant or the data subject’s address) against the data controller. The court shall act with urgency in these cases. The legal proceedings initiated in connection with the protection of personal data are free of dues.

22. Proceedings of the data protection authority
Complaints may be submitted to the National Authority for Data Protection and Freedom of Information. Name: National Authority for Data Protection and Freedom of Information. Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.

23. Modifications of this information on data controlling
The Data Controller reserves the right to modify this information on data controlling.