Data management information for the customers of the web store

I.The data controller

Name: Budapest Festival Orchestra Foundation
Headquarters: 126 Bécsi út, 1034 Budapest.
Phone: + 36 1 489 4330
E-mail account:

II. Description of data management

The Data Controller (hereinafter: Data Controller or BFZ) operates the website, which contains the BFZ products.
valid for online purchases.
Webshop services on the website, including: purchase of souvenirs, other
ordering and servicing marketed products.
The BFZ takes into account the principles of data management defined by law, in particular the
the principle of legality and fairness, the principle of purpose and the principle of accountability
In case of a registered customer - in accordance with the GTC of the data controller - mandatory for the purchase
fill in the information to be provided. With respect to personal information provided during registration, all
The sole responsibility lies with the person who registered the email address. The provision of data
possible consequences of failure to do so: purchase transaction failure.
It is possible to purchase on the website without prior registration. In this case, the buyer
immediately prior to purchase, you must provide the personal information absolutely necessary for the purchase
data. Purchasing is not possible without data.
The data controller is not in a position to verify the customer's personal data, so the customer guarantees a
for the authenticity of the data provided.

III. Purpose of data management

Ensuring the purchase on the webshop, the order, its service, the payment
documentation and compliance with the accounting obligation. Furthermore, the identification of the buyer, -
registration - and to help you make your choice.

ARC. Legal basis for data management

The contract between the customer and the data controller. Thus, Article 6 (1) of the * GDPR point (b) (contract
When subscribing to a newsletter related to Websopal and other important news of the BFZ, Article 6 (1) of the GDPR
Point (a) (prior consent).

V. Scope of data processed

Surname and first name, telephone number (optional if provided by the customer to receive notifications),
e-mail address, delivery address provided in case of home delivery request, transaction number, date and
date or customer code.
VI. Deadline for data management
Five years from the date of the transaction. Eight years under the Accounting Act. If
a dispute arises in connection with a purchase transaction, the data controller shall use the data in the dispute
for the duration of the

VII. Data transmission

BFZ transfers personal data to third parties only if the transfer is subject to law
or, where applicable, with the express consent of the purchaser.
In addition, the BFZ shall transmit to the competent authorities all personal data which
by law or a final official decision.
When making a purchase with a bank or credit card, the data provided to the BFZ will be transferred to that
to a financial institution, eg: SimplePay -Data management information, can be viewed at the following link:

VIII. Buyer's data management rights

BFZ informs the customer about the handling of his personal data at the same time as the contact.
The competent authority is the National Data Protection and Information Security Authority (NAIH), 1055 Budapest,
Falk Miksa u. 9-11., Or
The BFZ Privacy Notice is available at the following link:
* GDRP (Regulation of the European Parliament and of the Council (EU) 2016/679).

A Budapesti Fesztiválzenekar adatkezelési tájékoztatója

1. Name of the Data Controller

Data controller name: Budapest Festival Orchestra

Headquarter: 1033 Budapest, Polgár utca 8-10.

2. Data management rules

The Budapest Festival Orchestra (hereinafter: BFZ) It handles personal data in connection with this interface and the website in accordance with its data protection and data security regulations. The material scope of the Regulations extends to all processes carried out in all departments of the BFZ during which the processing of personal data specified in Article 4 of the * GDPR takes place.

Personal data may only be processed for the purpose of exercising a right or fulfilling an obligation. The use of personal data processed by BFZ for private purposes is prohibited. Data management must always comply with the purpose limitation principle.

BFZ processes personal data only for the purpose specified in Article 6 (1) of the GDPR.

The BFZ shall, before recording the data, in all cases - if the data come from the data subject in accordance with Article 13 (1) of the GDPR. - or - if the data do not come directly from the data subject in accordance with Article 14 (1) of the GDPR. communicate the required obligations to the data subject in accordance with

Employees performing data management at BFZ's organizational units and employees of organizations participating in data management on behalf of BFZ and performing one of its operations are obliged to keep the personal data they know confidential. Persons handling personal data and having access to it are obliged to make a Privacy Statement.

If a person covered by the Regulations becomes aware that the personal data processed by the BFZ is incorrect, incomplete or out of date, he / she is obliged to correct it or initiate the correction with the employee responsible for recording the data.

The data protection obligations of natural or legal persons or organizations without legal personality performing data processing activities on behalf of BFZ shall be enforced in the contract concluded with the data processor.

The director of the BFZ defines the organization of data protection, the tasks and powers related to data protection and related activities, and appoints the person in charge of data management, taking into account the specifics of the BFZ.

In the course of their work, the employees of BFZ ensure that unauthorized persons cannot access personal data, and that the storage and placement of personal data is designed in such a way that it cannot be accessed, learned, changed or destroyed by unauthorized persons.

The BFZ's data protection system is supervised by the Executive Director through a data protection officer appointed by him.

3. Enforcing the rights of data subjects

The data subject may request information on the handling of his / her personal data, as well as request the correction of his / her personal data, or - with the exception of the data processing ordered by law - the deletion or restriction of the contact details indicated in the BFZ.

The data subject has the right to receive the personal data concerning him / her made available to the Data Controller in a structured, widely used, machine - readable form, and he / she has the right to transfer this data to another data controller.

The BFZ is obliged to forward the received application or protest to the head of the organizational unit responsible for data management within three days of receipt.

The head of the organizational unit with tasks and competencies shall respond to the request related to the processing of the personal data of the data subject in writing, in a comprehensible form, no later than within one month from the date of his / her arrival.

At the request of the data subject, the Data Controller shall provide information on the data processed by the data subject or processed by the data controller by him or her, their source, purpose, legal basis, duration, name, address and activities related to data processing, circumstances of the data protection incident. , its effects and the measures taken to remedy it, and, in the case of transfers of personal data of the data subject, the legal basis and the recipient of the transfer.

As a general rule, the information is free of charge if the person requesting the information has not yet submitted an information request to the Data Controller for the same data set in the current year. In other cases, reimbursement may be established. The amount of the reimbursement may also be fixed by the contract concluded between the parties. Reimbursement of costs already paid shall be reimbursed if the data have been processed unlawfully or if a request for information has led to a correction.

Inaccurate data shall be corrected by the head of the department handling the data, if the necessary data and the official documents proving them are available, the GDPR. If the reasons set out in Article 17 exist, it shall take measures to delete the personal data processed.

Personal data must be deleted if

(a) personal data are no longer required for the purpose for which they were collected or otherwise processed;

(b) the data subject withdraws his or her consent on which the processing is based and there is no other legal basis for the processing;

(c) the data subject objects to the processing and there is no overriding legitimate reason for the processing;

(d) personal data have been processed unlawfully;

(e) personal data must be deleted in order to fulfill a legal obligation under Union or Member State law applicable to the controller;

(f) personal data have been collected in connection with the provision of information society services to children under the age of 18;

(g) if the controller has disclosed the personal data and the personal data are no longer needed for the purpose for which they were collected or otherwise processed, it shall delete them and take reasonable steps, including technical measures, taking into account available technology and implementation costs. measures to inform the controllers that the data subject has requested the deletion of links to the personal data in question or of a copy or duplicate of such personal data.

The data subject may object to the processing of his or her personal data;

- if the processing or transfer of personal data is necessary only for the fulfillment of a legal obligation to the Data Controller or for the enforcement of the legitimate interests of the Data Controller, the data recipient or a third party, except in the case of mandatory data processing;

- if the use or transfer of personal data is for the purpose of direct business acquisition, public opinion polling or scientific research; and

- in other cases specified by law.

The Data Controller shall examine the protest as soon as possible, but not later than within one month from the submission of the request, make a decision on the merits of the request and inform the applicant in writing of its decision.

If the Data Controller finds that the data subject's objection is justified, the data processing, including further data collection and data transfer, shall be terminated, the data shall be restricted and the protest and the measures taken on the basis thereof shall be notified to all persons to whom the data subject has previously transmitted and are obliged to take measures to enforce the right to protest.

If the data subject does not agree with the decision of the Data Controller, or if the Data Controller fails to meet the deadline, the data subject may apply to a court within thirty (30) days from the notification of the decision or the last day of the deadline.

If you do not receive the data necessary to enforce the data subject's right due to the data subject's protest, you may, within 30 days of the notification, apply to the court against the Data Controller for access to the data. The Data Controller may also sue the data subject.

If the Data Controller fails to notify, the Data Recipient may request information from the Data Controller regarding the circumstances related to the failure of the data transfer, which the Data Controller is obliged to provide within 8 days after the delivery of the Data Recipient's request. In the event of a request for information, the data recipient may file a lawsuit against the Data Controller within 30 days of the provision of the information, but no later than within the open deadline. The Data Controller may also sue the data subject.

The Data Controller may not delete the data of the data subject if the data processing has been ordered by law. However, the data may not be transferred to the data recipient if the Data Controller has agreed to the protest or the court has established the legitimacy of the protest.

If the assessment of the case is unclear in the exercise of the data subject's rights, the head of the data processing unit may request a resolution from the data protection officer by sending the case file and his / her position on the case, who shall comply with it within three days.

BFZ also indemnifies for the damage caused to others by the unlawful processing of the data subject's data or the breach of data security requirements, as well as the damages for personal injury caused by him or her or the data processor used by him or her. The data controller shall be released from liability for the damage caused and the obligation to pay damages if he proves that the damage or the violation of the data subject's right to privacy was caused by an unavoidable cause outside the scope of data processing. Likewise, it does not compensate for damage if it was caused by the intentional or grossly negligent conduct of the injured party.

The person concerned may appeal to the National Data Protection and Freedom of Information Authority (1125 Budapest, Szilágyi Erzsébet fasor 22 / C.) Or to the court competent according to his or her place of residence or stay.

4. Data management during the use of the BFZ website

Place of data management: the registered office of BFZ and the registered offices of the partners in the legal relationship.

4.1. Data management on the website

Anyone can access the BFZ's own website without disclosing their identity and providing their personal data, and in the case of registration, by providing the related mandatory data. You have free and unrestricted access to information on the Website and related sites. However, the website collects non-personal information from visitors unrestrictedly and automatically, using so-called cookies. However, no personal data can be obtained from this data, so it does not implement data management under the GDPR.

4.2. Data management related to contact, registration, loyalty program (contact)

BFZ operates its own website with the involvement of an authorized third party (ies), where visitors have the opportunity to contact them as well as other ways of contacting them.

purpose of data management: liaising with the BFZ

legal basis for data management: the stakeholder contribution under Article 6 (1) (a) of the GDPR, and Act CVIII of 2001 on certain issues in electronic commerce services and information society services. Act 13 / A. § (3)

scope of data managed: name, e-mail address, as well as other personal data provided by the data subject in case of registration

deadline for deleting data: until the contact case is settled (until the goal is achieved)

data storage method: in electronic form

individual rights: under the GDPR; right of access, right of rectification, right of erasure or restriction, right of objection and right of data portability

5. DPO Contact Information


6. Issues and intellectual property rights not covered in this prospectus

For matters not covered in this prospectus a GDPR and the BFZ Privacy and Data Security Policy apply.

As part of the consent, the user consents to the publication of the contents in accordance with this Prospectus in justified cases.

  • Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR / General Data Protection Regulation)


Sponsorship Club and Loyalty Program Data Management

The purpose of data management: payment to the Data Controller, registration of payers, differentiation from each other, documentation of the payment, fulfillment of the accounting obligation, contact of the payer, provision of discounts by the loyalty program

Legal basis for data management: the processing is necessary for the performance of the contract [Article 6 (1) (b) GDPR] and the Court of Auditors. tv.169. § (2)

Type of personal data processed: identification number, date, time, name, address, telephone number, name, address, telephone number of members of the community, additional data related to the Supporting Club Membership and the loyalty program

Duration of data management: the Accounting TV. In accordance with Section 169 (2), eight years.

In the case of card payment, the details of the bank card and the card payment transaction are handled by the bank of each store.

Data transmission:

In case of payment by credit card, the ID of the depositor, the amount, date and time of the transaction to the Bank.

Data processors:

Financial institution and other legal entities related to the Data Controller

Complaints can be lodged primarily with the Data Controller and the National Data Protection and Freedom of Information Authority:

Name: National Data Protection and Freedom of Information Authority

Headquarters: 1125 Budapest, Szilágyi Erzsébet avenue 22 / C.

"Cookie" policy

I. More information about cookies

The aim of the Budapest Festival Orchestra (BFZ) is to make your online experience and communication
be as informative, relevant and supportive as possible. Do this with cookies or the like
we use technologies. We think it's important to know what cookies our site uses,
and for what purposes. This will help protect your data as much as possible
ensures the user-friendly operation of our website.

II. What are cookies?
Cookies are small text files that are stored on your terminal equipment (computer
or mobile device) are stored when you visit certain websites.

III. Why do you need to use cookies?
Cookies can be used for different purposes. On the one hand, you can use them to make your site work properly
need. Without cookies, for example, your site would have a hard time remembering that you have already logged in as well
which products you put in your cart. These are called required cookies.
Cookies are also used to analyze the use of the website, to record the number of visitors, and
can also be used for site development purposes. Site usage statistics and more
reports are not assigned to individual individuals. These are analytics cookies.
The third group consists of cookies related to social media, which allow
social media integration on your site so you can instantly select
“Like” or “share” option on your favorite social media service.

ARC. How to select cookies and privacy options in BFZ
BFZ websites allow you to specify cookie settings. THE
By clicking on "Cookies", you can select the type of cookies our website uses
you can use. You can change the settings at any time. Also in the Cookie settings menu
can be considered as belonging to each category (necessary, analytical, social media related)
list of cookies.
Please note that you do not have to use the Cookie Settings option on our website
automatically by deleting previously set cookies. This is your web browser settings
You can do this as described below after changing the Cookie settings a
on our site.

A. Manage or disable cookies in your browser
In addition to the Cookie Settings section of our website, you can change your browser settings at any time
cookie settings. Note that your browser settings do not necessarily support this
simplicity you can find in the Cookie Settings section of our website. If you simply disable it
all cookies or our cookies, some parts of our website (s) may be
or its functions do not work because your browser does not allow us to properly
setting the cookies required for operation. For this reason, we recommend that you use all cookies in your web browser
Instead of disabling it, use the Cookie Settings option on our website.
Use the following list to get more information about the cookie settings you use
to disable or change your browser:

• Google Chrome:
• Firefox
• InternetExplorer: - for mobile
• Safari:
More information about the use of cookies on the website.

VI. Cookies that ensure the proper functioning of the website (required cookies)
Our website uses cookies for the following purposes:
• note the products you add to your shopping cart when shopping online
• note the information that you fill in at the time of payment or purchase
pages so that you do not have to enter your details again
• to store your preferred settings, such as language, location, to be displayed
number of search results, etc.
• identify abusive use of our site and services, e.g.
to record several consecutive failed login attempts
• load the site evenly for continuous access
• offer to store your login status so you don’t have to every time
re-enter the data

VII. Cookies that allow usage of the website (analytical cookies)
Our website uses analytical cookies for the following purposes:
• tracking the number of visitors to our websites
• track the length of time each visitor spends on our websites
• determine the order in which a visitor visits the various pages
on our site
• identify areas of our site that require improvement
• Website optimization
• request feedback on certain parts of our site

VIII. Cookies for sharing the content of our website via social media
(social media cookies)
• These cookies allow you to:
• for logged-in users of selected social media from our site
direct sharing and liking of certain content
• These social media partners may also collect your personal information for their own purposes. THE
BFZ has no influence on how these social media partners use your personal information
data. The cookie set by your social media partners and any data they collect
For more information on this, please read our own publication published by social media partners
privacy and cookie statements. Listed below by BFZ
cookie statements from the most commonly used social media channels:
• Facebook:
• Istagram:
• YouTube:
• Twitter:
• Google+:
• Tumblr:

IX. Final provisions
The statement regarding this Cookie may be amended from time to time by BFZ, for example, as
our website or cookie rules change. We reserve the right to change the content of the Cookie Statement and the cookies listed at any time without notice.
let's change it. The statement regarding the new Cookie is effective as of its publication.
If you do not agree with the modified statement, change your settings. Given
changes after the entry into force of access to our services
By using it, you agree to be bound by the modified Cookie Statement.
You can find the latest version on this website.

If you have any further questions and / or comments, please contact us:
E-mail address:
Address: 126 Bécsi út, 1034 Budapest.