The organizers of the Budapest Spring Festival, i.e. Müpa Budapest Nonprofit Ltd.(1095 Budapest, Komor Marcell utca 1.) and BFTK Nonprofit Ltd. (1052 Budapest, Városház utca 9–11., henceforth: the Organizers) consider the protection of you personal data extremely important. As joint data controllers (henceforth: Controllers), the Organizers hereby make public their method of controlling user data, as well as the rules and principles they abide by when controlling said data.
Your data, as the data of a user of the website of the Budapest Spring Festival (www.btf.hu) and its services, shall be processed only when you have been duly informed and you have given your express consent.
1. The security of your data, and our data processing principles
The Controllers shall treat your personal data in a manner that is as transparent as possible, for the sole purpose of a specific, clear and legitimate purpose, only to the extent required and for the briefest period necessary to achieve the purpose, in a manner that is legitimate and fair in all respects. We take great care to ensure that the data we process are accurate and up-to-date.
The Controllers have also designed their respective organisational structures, and operate them through strict internal organisational rules and the allocation of different access rights, in such a way that enables them to provide, at all points, sufficient guarantee with regard to the transparency of data processing and the security of your personal data. The Controllers shall not disclose any personal data to third parties without your consent or prior notification, unless they are expressly required to do so by law or by the instruction of a competent authority. The Controllers shall make every effort to ensure that your personal data cannot be accessed by any unauthorised person by implementing appropriate technical measures (operating a single internal IT system).
The Controllers will organize in-house training and invite external trainers to keep such employees that are involved in the processing of personal data informed about the latest technical and legal requirements, so as to ensure the processing meets all legal and information security technical requirements at all points.
2. Scope of data processed by the individual Controllers
a) Logging the www.btf.hu server
When you visit the Festival’s website, the web server automatically logs your activity. This is necessary so that we can ensure the proper functioning of the website, and can prevent external attacks. The website is operated by Müpa Budapest, which consequently becomes the controller of the related data. Logging the server is in the legitimate interest of Müpa Budapest. The log file is used for quality assurance; it shall not be linked to any other information, and no efforts shall be made to identify users.
- The stored data are: IP address (anonymized), approximate geographical location, address of the pages visited, date and time information.
- Storage time: data will be deleted after 30 days.
b) Web analytics tracking
The independent tracking of usage and other web analytics data for the website, btf.hu, is carried out by a third-party provider, Google Analytics. The data are recorded in an anonymised form, and are used by the website’s operator, Müpa Budapest, exclusively for statistical purposes and for optimising the operation of the site. For detailed information about the processing of tracking data, please visit: http://www.google.com/analytics. Web data collection for such statistical purposes is a widespread practice, to which you consent by visiting our website.
c) Management of cookies
A cookie is a small set of data sent by our server to your web browser so that we can provide a customised and high-quality service. The next time you visit the btf.hu website, your browser will return the cookie to our server, which makes it possible to link individual sessions together.
There are two types of cookies on the website:
- Cookies essential for the use of the site, i.e. sessions and temporary cookies that make usage easier. Without these, the website or parts thereof will not be displayed, consent to the processing of cookies cannot be stored, browsing will be hindered, and consequently the website cannot be properly used. Therefore, by visiting this website, you consent to the use of these cookies.
- Persistent cookies, which, depending on web browser settings, will remain on your device for a longer period of time or until you delete them. Cookies that are installed by the web server of Müpa Budapest and that transfer data to Müpa’s own database are called internal cookies. Cookies that are installed by the web server of Müpa Budapest or a third party provider and that transfer data to the database of an external party provider are called external cookies.
The following types are distinguished on the basis of use:
a) all Google Analytics tracking code cookies
b) other tracking code for web analytics (e.g. HotJar)
c.) cookie of a heat map analytics tool (e.g. HotJar)
d.) mouse tracking cookies (e.g. HotJar)
e.) all cookies, remarketing codes and pixels installed by third-party service providers (e.g. Facebook, AdWords)
When you visit the website, btf.hu, you can give your consent to the use of persistent cookies by clicking the “I accept” button on the cookie consent banner.
- The data stored: identification code, date, time, page previously visited
- Storage period: for temporary sessions: until the end of the session; persistent cookies are usually stored on your computer for 1 year or until they are deleted.
Please note that cookies can be deleted from your computer at any time or you can disable them in your browser.
For more information about how service providers Google, Facebook, and Hotjar process tracking data, manage logging and cookies for the purposes of personalising advertisements, consult their privacy policies at https://www.facebook.com/about/privacy, www.google.com/intl/hu/policies/privacy, and https://www.hotjar.com/legal/policies/privacy, respectively.
e) Marketing contacts
The Budapest Spring Festival (and the CAFe Budapest Contemporary Arts Festival) are events of great importance for cultural life in Hungary and internationally. The Organizers consider it a responsibility of the utmost importance to present outstanding Hungarian and international productions of classical and popular music, as well as theatre, to as broad a Hungarian audience as possible, and do their best to ensure they can welcome you to as many of the festivals’ events as possible.
If you allow us to directly contact you through email or other channels of communication, and send you information about the events of the Spring Festival and CAFe Budapest, as well as other cultural events presented by the Organizers, we promise to inform you in time. The data processed for this purpose are your surname, first name, and email address.
If at any time in the future you decide you no longer want to be directly informed about the events of the festivals and other events presented by the Organizers, you can withdraw your consent directly via the link in the newsletter, on our website, or by a letter sent to firstname.lastname@example.org.
3. Your rights and how they can be enforced
You are welcome to demand the following from the Controllers, in a letter sent to email@example.com:
- You may request at any time that the Controllers inform you whether they handle your personal data, and if they do, you may ask them to provide you with access to the personal data processed by them. Please note that the request for information by email can be considered authentic by the Controllers in the first place if you send it from your registered email address. This of course does not prevent the Controllers from using other methods to identify the sender before providing the information requested.
- If you find that the processed personal data that are associated with you are incorrect, you may request that your personal data be corrected.
- You may request the deletion of your personal data processed by us at any time. Deletion may be refused (i) so that the right to freedom of expression and information may be exercised, or (ii) if the processing of personal data is authorised by law, or (iii) to ensure that legal claims can be presented, pursued or protected. Should the request for deletion be denied, the Controller contacted shall inform you, indicating the reason for the refusal of the deletion. Once the request to delete personal data has been fulfilled, previous (deleted) data cannot be recovered.
- If you dispute the accuracy of the personal data processed, you may request the Controller to restrict the processing of your personal data. In this case, the restriction shall apply to a period of time that allows the requested Controller to verify the accuracy of the personal data. You may also request a restriction on data processing if the data processing is carried out unlawfully or its purpose has already been achieved, but you object to the deletion of the processed personal data and request instead the restriction of their use.
- Personal data provided by you and processed by Müpa Budapest in an automated form shall be provided to you and/or be forwarded to another controller by Müpa Budapest in a widely used, machine-readable format.
- You may object to the processing of your personal data at any time (i) if the processing of personal data is necessary solely for the purposes of fulfilling a legal obligation of the Controllers, or of pursuing some legitimate interest of the Controllers or a third party; (ii) if the purpose of the processing is direct marketing, public opinion or scientific research; or (iii) if the processing takes place in order to perform a task of general interest. The approached Controller shall examine the legality of the protest and, if the objection is found to be substantiated, it terminates the processing.
4. Data processors
On behalf of the Controllers, the processing of personal data is carried out by contracted processors. A processor shall not take independent decisions with regard to the data, and shall only act in accordance with the provisions of its contract with the Controllers, as well as the instructions it receives from them. We have selected data processors that can guarantee, to the greatest possible extent, the security of your personal data. We ask all our processing partners to supply a contractual statement of compliance with applicable law, which is a prerequisite for any processing carried out by them on behalf of the Controllers. For more information about our processors, see the respective Privacy Policies on the Controllers’ websites (www.mupa.hu, and www.budapestinfo.hu).
5. Enforcement options
If you need further information, please get in touch by sending an email to firstname.lastname@example.org, a letter to the postal address, 1453 Budapest, Pf. 57, or contact us in person. Please note that if you submit your request for data processing in person, our colleagues may ask you to verify your identity.
You may submit your data processing complaint directly to the National Data Protection and Freedom of Information Authority (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c; phone: +36 1 391 1400; e-mail: email@example.com; website: www.naih.hu).
In the event of any infringement of your rights you may refer the matter to a court of justice. It is the responsibility of the court to examine the case. You may request that the case be examined by the court in whose jurisdiction you reside.
Budapest, 24 May, 2018