loading in progress...
27-28 November 2024
Puskás Arena Budapest

Datarights

Football Forum Hungary 2023

Privacy Policy

HPB Sportmanagement Kft. (hereinafter referred to as the "Organizer"), as the operators of the website www.footballforumhungary.hu (hereinafter referred to as the "Website"), hereby publishes the rules, data protection, data management principles and information on data management in connection with the registration for the Football Forum Hungary conference (hereinafter referred to as the "Event") announced via the Website. By registering and purchasing tickets via the Website, the registering users (hereinafter referred to as "User") acknowledge all the terms and conditions set out in this Privacy Policy (hereinafter referred to as "Policy") and are therefore kindly requested to read this Policy carefully before registering. Only persons over the age of 18 may submit data to the Website.

1. Data of data controller

HPB Sportmanagement Ltd. is the data controller and Cooltix Ltd. and Stripe are the data processors in accordance with the data processing agreement between them. The data controller and the data processor provide the substance of the agreement, in particular the role of the joint data controllers vis-à-vis the Users and their relationship with them, to the Users in this information notice. In this Notice, the Organiser is hereinafter collectively referred to as the "Data Controller".

Details of the Organiser

  • Registered office: 1013 Budapest, Lánchíd u. 15-17.
  • Representative: Mr. Hunor Dudás
  • E-mail events@thepathsm.com

2. Controlled and processed data

2/1. When registering and purchasing tickets for the conference advertised on the Website, the following data may be provided (data marked with * are mandatory):

  • full name of participant*;
  • participant's title*;
  • participant's telephone number*,
  • Participant's e-mail address*;
  • name of contact*;
  • contact phone number*;
  • contact email address *;
  • contact person title*;
  • company name*;
  • billing name*;
  • billing address*;
  • tax number*;
  • mailing name*;
  • mailing address*;
  • ticket type*;
  • coupon code details;
  • data in the comment;
  • notification details;
  • payment method*.

In the case of payment by credit card through the - (Stripe/Cooltix Payment Service, hereinafter "Stripe/Cooltix"), the Processor will record the following data:

  • Transaction ID - required for completion;
  • Transaction Status - required for completion;
  • Transaction status - transaction status - amount paid - required for completion.
  • The following data are processed in order to process the payment transaction:
  • name;
  • phone number;
  • e-mail address;
  • transaction amount;
  • IP address;
  • transaction date and time;
  • delivery address;
  • billing address.
  • tax number*;
  • mailing name*;
  • mailing address*;
  • ticket type*;
  • coupon code data;
  • data in the comment;
  • notification details;
  • payment method*.

In the case of payment by credit card through the - (Stripe/Cooltix Payment Service, hereinafter "Stripe/Cooltix"), the Processor will record the following data:

  • Transaction ID - required for completion;
  • Transaction Status - required for completion;
  • Transaction status - transaction status - amount paid - required for completion.
  • The following data are processed in order to process the payment transaction:
  • name;
  • phone number;
  • e-mail address;
  • transaction amount;
  • IP address;
  • transaction date and time;
  • delivery address;
  • billing address.

Purpose of processing: to authorise a payment transaction in Stripe/Cooltix, to process a payment transaction in Stripe/Cooltix, to monitor and prevent payment fraud in Stripe/Cooltix. By using Stripe/Cooltix, the User agrees to the Stripe/Cooltix Terms of Use, which are available at https://stripe.com/en-hu/privacy and https://support.cooltix.com/hu/articles/6912348-adatkezelesi-szabalyzat.

The Data Controller declares that in the case of payment by credit card, no card data necessary for the payment transaction are processed, and that these data are not accessed in any way, and are processed by Stripe, which provides the credit card payment facility.

3. Purpose and duration of data processing

The Controller uses the data for the following purposes in connection with the provision of the services available from the Website:

  • Contacting.
  • In the case of subscription to the Newsletter: sending an electronic newsletter, advertising message about offers, services, actions, promotions and competitions related to the Data Controller to the e-mail address provided by the User (hereinafter jointly referred to as the Newsletter).
  • The Data Controller shall process the personal data for the duration of the purpose of the processing and until the User requests the deletion of his/her data or withdraws his/her consent to the processing of his/her personal data. If the User withdraws his/her consent to receive the Newsletter, the Data Controller shall no longer send him/her the Newsletter and the Data Controller shall no longer process his/her data for this purpose. The personal data shall be deleted immediately upon termination of the purpose of the processing or upon the User's request.

4. Legal basis for the processing of personal data

By contacting the Data Controller, Users consent to the processing of their personal data by the Data Controller as described in this Notice. The processing of personal data is based on the User's voluntary consent given in the knowledge of this information, pursuant to Article 6(1)(a) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (hereinafter GDPR).

Users may only provide their own personal data on the Website. If they do not provide their own personal data, the data provider is obliged to obtain the consent of the data subject.

5. The purpose of the processing

is to carry out the technical tasks necessary for the processing and sending of e-mails and participation tickets. The Data Controller reserves the right to involve additional processors in the future, which will be notified to the Users by means of an amendment to this Policy.

Unless expressly provided for by law, the Data Controller shall only disclose personally identifiable information to third parties with the express consent of the User concerned.

6. The place of processing

of personal data processed in connection with the Website is www.footballforumhungary.hu and the Data Processors' platforms www.stripe.com and www.cooltix.hu.

7. Access to personal data

The Data Controller shall, upon the User's request, inform the User whether the Data Controller is processing his/her personal data and, if so, provide access to the personal data and inform the User of the following information:

  • the purpose(s) of the processing;
  • the purposes for which the personal data are being processed; and
  • the legal basis and the recipient(s) of the transfer of the User's personal data, if the User's personal data are transferred;
  • the intended duration of the processing;
  • the rights of the User in relation to the rectification, erasure and restriction of processing of personal data and to object to the processing of personal data;
  • the possibility of recourse to the Authority;
  • the source of the data;
  • the names and addresses of the data processors and their activities in relation to the processing.

The Data Controller shall provide the User with a copy of the personal data subject to processing free of charge. For additional copies requested by the User, the Controller may charge a reasonable fee based on administrative costs. If the User has made the request by electronic means, the information shall be provided in a commonly used electronic format, unless the data subject requests otherwise.

The controller shall provide the information in an intelligible form without undue delay, but no later than one month from the date of the request. The User may submit a request for access using the contact details specified in point 1.

Correction of processed data

The User has the right to request the Controller (using the contact details specified in point 1) to correct inaccurate personal data or to complete incomplete data (indicating the correct data), taking into account the purpose of the processing, by providing proof of his/her identity. The controller shall make the rectification in its records without undue delay and shall notify the data subject in writing of the rectification.

Erasure of processed data (right to be forgotten)

The User may request that the Controller erase personal data relating to him or her without undue delay and the Controller shall be obliged to erase personal data relating to the data subject without undue delay if one of the following grounds applies:

  1. the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  2. the User withdraws his or her consent and there is no other legal basis for the processing;
  3. the User objects to the processing of his/her personal data;
  4. the processing of personal data is unlawful;
  5. the personal data have been processed in breach of any EU or Member State law applicable to the controller
  6. deleted in order to comply with a legal obligation imposed on the controller by EU or Member State law;
  7. the personal data were collected on the basis of consent in connection with the provision of information society services to children.

If the Controller has disclosed (made available to third parties) the personal data and is obliged to delete it on the basis of the above, it shall take reasonable steps and measures, taking into account the available technology and the cost of implementation, to inform the controllers of the personal data concerned that the User has requested the deletion of the links to or copies of the personal data in question.

The personal data need not be deleted where the processing is necessary:

  • for the exercise of the right to freedom of expression and information;
  • to comply with an obligation under Union or Member State law to which the controller is subject to which the processing of personal data is subject or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • on grounds of public interest in the field of public health;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, where the right of erasure would be likely to render such processing impossible or seriously jeopardise it; or
  • for the establishment or exercise of legal claims; or
  • to bring, enforce or defend legal claims.

Restriction of processing

The User has the right to obtain from the Data Controller, at his/her request, the restriction of processing instead of the rectification or erasure of personal data, if one of the following conditions is met:

  • the User contests the accuracy of the personal data, in which case the restriction shall apply for the period of time necessary to allow the Controller to verify the accuracy of the personal data;
  • the processing is unlawful and the User opposes the erasure of the data and requests instead the restriction of their use;
  • the Controller no longer needs the personal data for the purposes of processing but the User requires them for the establishment, exercise or defence of legal claims; or
  • the User has objected to the processing; in this case, the restriction shall apply for a period of time until it is established whether the legitimate grounds of the controller prevail over the legitimate grounds of the data subject. Where processing is subject to restriction, such personal data, except for storage, may only be processed with the consent of the User or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the Union or of a Member State.

The Data Controller shall inform the User at whose request the processing has been restricted in advance of the lifting of the restriction on processing.

Furthermore, the User may at any time decide that the Controller shall no longer send him/her the Newsletter. The User may withdraw his/her consent to receive the Newsletters at any time, free of charge, without giving reasons and without any restrictions, by clicking on the unsubscribe button at the bottom of the Newsletters or by sending an e-mail to szervezes@sportforumhungary.hu or to the address of the Controller at 1013 Budapest, Lánchíd u. 15-17. fszt. After receipt of the unsubscription request, the Data Controller shall delete the data of the unsubscribing User from the direct marketing database without undue delay and shall no longer send the User any newsletters. If the withdrawal of consent concerns only the processing for direct marketing purposes (sending the Newsletter), the Data Controller shall delete the User from the direct marketing database without delay, but shall otherwise continue to be entitled to process the User's data in order to provide the Website services used by the User.

Obligation to notify the rectification or erasure of personal data or restriction of processing

The Data Controller shall inform any recipient to whom or with which the personal data have been disclosed of the rectification, erasure or restriction of processing of the personal data, unless this proves impossible or involves a disproportionate effort. Upon request, the Controller shall inform the User of these recipients.

8. Right to object

The User may object to the processing of his/her personal data if the processing is

  • is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
  • necessary for the purposes of the legitimate interests pursued by the Controller or a third party. In the event of the User's objection, the Controller may no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the User or for the establishment, exercise or defence of legal claims.

If personal data are processed for direct marketing purposes, the User has the right to object at any time to the processing of personal data concerning him/her for such purposes, including profiling, where this is related to direct marketing (Newsletter). If the User objects to the processing of personal data for direct marketing purposes, the personal data may no longer be processed for such purposes.

Action by the Controller in relation to the User's request

The Data Controller shall inform the User of the measures taken in response to the request for access, rectification, erasure, restriction, objection and portability without undue delay and at the latest within one month of receipt of the request. If necessary, taking into account the complexity of the request and the number of requests, this time limit may be extended by a further two months. The Data Controller shall inform the User of the extension of the time limit, stating the reasons for the delay, within one month of receipt of the request. If the User has submitted the request by electronic means, the information shall be provided by electronic means where possible, unless the data subject requests otherwise. If the Data Controller does not take action on the User's request, it shall inform the User without delay and at the latest within one month of receipt of the request of the reasons for the failure to act and of the right to lodge a complaint with a supervisory authority and to seek judicial remedy.

At the User's request, the information, the information and the action taken on the basis of the request shall be provided free of charge. Where the User's request is manifestly unfounded or excessive, in particular because of its repetitive nature, the Controller may, taking into account the administrative costs of providing the requested information or information or of taking the requested action, charge a reasonable fee or refuse to act on the request. The burden of proving that the request is manifestly unfounded or excessive shall lie with the Controller.

9. Data security

The Data Controller undertakes to ensure the security of the data, to take technical and organisational measures and to establish procedural rules to ensure that the data recorded, stored or processed are protected and to prevent their destruction, unauthorised use or unauthorised alteration. It also undertakes to require all third parties to whom it transfers or discloses data on the basis of the consent of the Users to comply with the data security

requirements of data security.

The Data Controller shall ensure that the processed data cannot be accessed, disclosed, transmitted, modified or deleted by unauthorised persons. The processed data may only be accessed by the Data Controller, its employees and the Data Processor it has engaged, and shall not be disclosed by the Data Controller to third parties who are not entitled to access the data.

The Data Controller shall make every effort to ensure that the data are not accidentally damaged or destroyed. The Data Controller shall impose the above undertaking on its employees involved in the processing activity. The User acknowledges and accepts that, in the event of providing his/her personal data on the Website, despite the fact that the Data Controller has state-of-the-art security measures in place to prevent unauthorised access to or the disclosure of such data, the protection of such data on the Internet cannot be fully guaranteed. In the event of unauthorised access or disclosure of data despite our efforts, the Data Controller shall not be liable for any such acquisition or unauthorised access or for any damage suffered by the User as a result thereof. In addition, the User may also provide personal data to third parties who may use it for unlawful purposes or in unlawful ways.

10. Handling and reporting of data breaches

A data protection incident is any event that results in the unlawful processing or treatment of personal data processed, transmitted, stored or handled by the Data Controller, in particular unauthorized or accidental access, alteration, disclosure, deletion, loss or destruction, accidental destruction or accidental damage to personal data. The Data Controller shall notify the National Agency for Data Protection and Freedom of Information (NAIH) of the personal data breach without undue delay and no later than 72 hours after becoming aware of the personal data breach, unless the Data Controller can demonstrate that the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. If the notification cannot be made within 72 hours, the notification must state the reason for the delay and the required information may be provided in instalments without further undue delay. The notification to the NAIH shall contain at least the following information:

  • the nature of the personal data breach, the data subjects and the number of personal data and
  • category of data subject;
  • Name and contact details of the data controller;
  • the likely consequences of the personal data breach;
  • the measures taken or envisaged to manage, prevent or remedy the personal data breach.

The Data Controller shall inform the data subjects of the personal data breach within 72 hours of the discovery of the personal data breach through the Data Controller's website. The notification shall contain at least the information specified in this point. The Data Controller shall keep records of the personal data breach for the purpose of monitoring the measures taken in relation to the personal data breach and informing the data subjects. The register shall contain the following data:

  • the scope of the personal data concerned;
  • the scope and number of data subjects;
  • the date of the personal data breach;
  • the circumstances of the personal data breach, its effects;
  • the data protection incident, the circumstances of the data breach, the circumstances of the data breach, the circumstances of the data breach, the circumstances of the data breach, the circumstances of the data breach, the circumstances of the data breach, the data protection incident.

The Data Controller shall keep the data contained in the register for 5 years from the date of detection of the personal data breach.

11. Enforcement possibilities

The Data Controller shall make every effort to ensure that the processing of personal data is carried out in accordance with the law, however, if the User feels that this is not the case, he/she may write to the e-mail address szervezes@sportforumhungary.hu or to the address 1013 Budapest, Lánchíd u. 15-17. fszt. 1. If the User feels that his or her right to the protection of personal data has been infringed, he or she may, in accordance with the applicable legislation, seek redress from the competent bodies

  • National Authority for Data Protection and Freedom of Information (address: 1055 Budapest, Falk Miksa utca 9-11.; ugyfelszolgalat@naih.hu; www.naih.hu)
  • Court of Justice.

The National Media and Infocommunications Authority is responsible for advertising sent by electronic means, the detailed regulations are set out in Act CXII of 2011 of 9 years on the right to informational self-determination and freedom of information and Act CVIII of 2001 on certain issues of electronic commerce services and information society services.

12. Other provisions

This Information Notice is governed by Hungarian law, in particular by Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information and the provisions of the GDPR.

Budapest, April 2023.

HPB Sportmanagement Kft.

Data Controller

Purchase your ticket now!

Our partners