Privacy Notice
OHBM Services Trade and Service Provider Limited Liability Company (hereinafter referred to as the "Data Controller"), as the operator of the website available under the domain name www.bulijegy.hu (hereinafter referred to as the "Website"), hereby publishes information on the data processing carried out in the course of the registration of the Website and the services related to the Website.
We do not disclose our customers' data to third parties.
By accessing the Website, users who register on the Website (hereinafter referred to as "User") accept all the terms and conditions of this Privacy Policy (hereinafter referred to as "Policy"), and therefore please read this Policy carefully before using the Website.
Users can provide information and data about themselves on the Website in two ways:
Use of, registration for, and provision of personal data to the Website (see Part I).
Information provided to the Data Controller in connection with the use of the Website, in connection with the visit to the Website and its use (see Part II).
Processing of data expressly provided by Users
1.) Data of the Data Controller
The data controller is OHBM Services Trading and Services Limited Liability Company, which operates the Website and the telephone customer service.
Postal address: 1077 Budapest, Rottenbiller utca 44. fszt. Ü-8.
Company registration number: 01 09 359445
E-mail: info@ohbmservices.com
Phone: +36 20 535 5544
2.) Scope of the data processed
When using the Website
In the registration interface, the User has the possibility to enter his/her personal data in order to use the services of the Website (hereinafter "purchase of tickets"). When purchasing tickets, the following personal data must be provided (data marked with * are mandatory):
- buyer's full name (first and last name) *
- e-mail address *
- note to the supplier
- company name
- billing address: postcode, town, street name, house number
- delivery address: postcode, town, street name, house number
- phone number
The Data Controller declares that in the case of payment by credit card or saving of credit card data, it does not process, collect, store or access in any way any card data necessary for the payment transaction, and that such data is processed by the provider of the credit card payment service.
Online credit card payments are made through Stripe's electronic payment processing system.
Stripe is a technology company building the economic infrastructure for the internet. It enables businesses of all sizes - from start-ups to public companies - to accept payments and manage their businesses online.
More information about Stripe (English site): stripe.com
Stripe privacy policy, statements, policies: Privacy Policy (stripe.com)
3.) Purpose and duration of data processing
The Data Controller uses the data for the following purposes in connection with the provision of services available from the Website:
When purchasing tickets on the Website and using the Website (ordering): the purpose of data processing is to ensure the provision of the services available on the Website, the management of the database related to the operation of the Website and the maintenance of contact.
The Data Controller reserves the right to delete the User's profile if the User does not log in to the User's profile within one year of registration and does not indicate within the deadline specified in the e-mail sent to the User's e-mail address provided during registration that the User's profile should not be deleted.
4.) Legal basis for processing personal data
By registering, Users consent to the Controller processing their personal data as described in this Notice. The processing of personal data is based on the User's voluntary consent given in the light of this information.
Users may only provide their own personal data on the Website. If they do not provide their own personal data, the data provider is obliged to obtain the consent of the data subject.
5) Who is entitled to access personal data, processing of data
The Data Controller is entitled to access the personal data in accordance with the applicable legislation.
The data are processed by the following processors acting on behalf of the Data Controller:
The Data Controller reserves the right to involve additional data processors in the future, which will be notified to Users by amending this Notice.
In the absence of an express legal provision, the Data Controller shall only disclose to third parties personally identifiable information with the express consent of the User concerned.
6.) Rights of the User
Upon the User's request, the Data Controller shall provide information about the personal data processed by the User, their source, the purpose, legal basis and duration of the processing, the name and address of the data processor and its activities related to the processing, and - in case of transfer of the data subject's personal data - the legal basis and the recipient of the transfer. The information may be requested by e-mail to info@ohbmservices.com and by post to the following postal address: 1077 Budapest, Rottenbiller utca 44, ground floor, No 8, 1077 Budapest, Hungary, in both cases by providing proof of identity and a postal address. The Data Controller shall reply in writing within 25 (twenty-five) days of receipt of the request at the latest.
The User is entitled to request the rectification of his/her personal data (indicating the correct data) also by e-mail to info@ohbmservices.com or by post to 1077 Budapest, Rottenbiller utca 44, ground floor, postal address Ü-8, in both cases by providing proof of his/her identity and a postal address. The Controller shall promptly make the correction in its records and shall notify the data subject in writing of the correction.
In addition to the above, the User may at any time request the deletion or blocking of his/her data, in whole or in part, by sending an e-mail to info@ohbmservices.com or by post to 1077 Budapest, Rottenbiller utca 44, ground floor, postal address Ü-8, free of charge, without giving any reason, by providing proof of identity and a postal address. The Data Controller shall, without undue delay upon receipt of the request for erasure, ensure the termination of the processing and delete the User from the register.
Instead of deletion, the Controller shall block the personal data if the User so requests or if, on the basis of the information available to it, it is likely that deletion would harm the legitimate interests of the User. The personal data blocked in this way may be processed only for as long as the processing purpose which precluded the deletion of the personal data persists.
If the Data Controller does not comply with the User's request for rectification, blocking or erasure, the Data Controller shall inform the User in writing within 25 (twenty-five) days of receipt of the request, stating the factual and legal reasons for refusing the request for rectification, blocking or erasure. In the event of refusal of a request for rectification, erasure or blocking, the Data Controller shall inform the User of the possibility of judicial remedy and of recourse to the National Authority for Data Protection and Freedom of Information.
The User may object to the processing of his/her personal data,
where the processing or transfer of personal data is necessary solely for compliance with a legal obligation to which the Controller is subject or for the purposes of the legitimate interests pursued by the Controller, the recipient or a third party, except in cases of mandatory processing
if the personal data are used or disclosed for direct marketing, public opinion polling or scientific research purposes; and
in other cases specified by law.
The Data Controller shall examine the objection within the shortest possible period of time from the submission of the request, but not later than 15 days, shall decide on the merits of the objection and shall inform the applicant in writing of its decision. If the User does not agree with the decision of the Controller or if the Controller fails to comply with the above time limit, the User may, within 30 days of the notification of the decision or the last day of the time limit, take the matter to court.
7) Handling and reporting of data breaches
A personal data breach is any event that results in the unlawful processing or treatment of personal data processed, transmitted, stored or handled by the Data Controller, in particular unauthorised or accidental access, alteration, disclosure, deletion, loss or destruction, accidental destruction or accidental damage to personal data.
The Data Controller shall notify the NAIH of a personal data breach without undue delay, but no later than 72 hours after becoming aware of the personal data breach, unless the Data Controller can demonstrate that the personal data breach is unlikely to pose a risk to the rights and freedoms of natural persons. If the notification cannot be made within 72 hours, the notification shall state the reason for the delay and the required information may be provided in detail without further undue delay. The notification to the NAIH shall contain at least the following information:
the nature of the personal data breach, the number and category of data subjects and personal data;
Name and contact details of the data controller;
the likely consequences of the data breach;
the measures taken or planned to manage, prevent or remedy the personal data breach.
The Data Controller shall inform the data subjects of the data breach within 72 hours of the discovery of the data breach through the Data Controller's website. The notification shall contain at least the information specified in this point.
The Data Controller keeps records of data breaches for the purpose of monitoring the measures taken in relation to the data breach and informing the data subjects. The register shall contain the following data:
the scope of the personal data concerned;
the range and number of persons concerned;
the date of the data breach;
the circumstances and effects of the data breach;
the measures taken to respond to the data breach.
The Data Controller shall keep the data in the register for 5 years from the date of the data breach.
Information otherwise collected in connection with the use of the Website - cookies
1.) What information do we collect in connection with your use of the Website?
If the User does not explicitly provide any personal data or information on the Website as described in Part I, the Data Controller shall not collect or process any personal data relating to the User in a manner that would allow the User to be personally identified.
By visiting the Website and clicking on the "Accept" button, all Users consent to the Data Controller recording the data and information described in this Part II of the Privacy Policy and to the placement of cookies necessary for the recording.
Such data are the data of the User's computer logging in, which are generated during the use of the Website and which are recorded by the Data Controller's system as an automatic result of technical processes. The automatically recorded data are automatically logged by the system when the User visits or exits the Website, without any specific declaration or action by the User.
This data is not linked to other personal user data, i.e. the User cannot be identified on the basis of this data. Access to such data is limited to the Data Controller. Such data may be collected using various technologies, such as cookies, web beacons and log files.
Such data include the following information:
Cookies: cookies are short text files that the website sends to the user's computer hard drive and contain information about the user. Log files: the Internet browser automatically transmits certain other data to the website, such as the IP address of the User's computer (e.g. 110.256.55.01), the type of operating system or browser program used by the User, the domain name from which the User visited the website, the sub-pages visited by the User within the website, the content viewed on the website.
The Data Controller, like other Internet service providers, analyses this data to determine which areas of the Website are more popular than others. Furthermore, like other major service providers, the Data Controller also uses this data to tailor the website experience to the user's needs.
2) How do we use this information?
The data collected through the above-mentioned technologies cannot be used to identify the User, nor does the Data Controller link this data to any other potentially identifiable data.
The primary purpose of the use of such data is to enable the Data Controller to operate the Website properly, in particular by tracking the data relating to visits to the Website and to detect possible abuse of the Website. The data set out in this notice may also be used by the Data Controller for the purposes of personal preferences (e.g. most frequently viewed content on the Website) and to remember your password.
In addition to the above, the Data Controller may use this information to analyse usage trends and to improve and develop the functionality of the Website, and to obtain aggregate traffic data on the overall usage of the Website.
The Data Controller may use the information obtained in this way to compile and analyse statistics on the use of the Website, and to transmit to third parties or make public in aggregate and anonymously aggregated statistical data (e.g. number of visitors or registrants, most popular topics or content) that are not suitable for such identification.
3.) Option to turn off cookies:
If you do not want the Data Controller to collect the above information about you in connection with your use of the Website, you may disable cookies in your internet browser settings, in whole or in part, or otherwise change your cookie settings.
However, in such a case, you accept that the content displayed on the Website may not be presented in a selective manner according to your preferences, that certain services may not be available or may not be available in the way they would otherwise be if cookies were enabled, and that the Website user experience may not be provided by the Data Controller to the same extent.
4.) Cookies placed by third parties:
The Website may contain information, in particular advertisements, which come from third parties, advertising service providers, who are not related to the Data Controller. These third parties may also place cookies, web beacons on the user's computer or collect data using similar technologies in order to send the user advertising messages in connection with their services. In such cases, the processing of data shall be governed by the data protection standards set by these third parties and the Controller shall not be liable for any such processing.
III. Links
The Data Controller is not responsible for the content, data and information protection practices of external websites accessible from the Website as a stepping stone. If the Data Controller becomes aware that a page or link it has established violates the rights of third parties or the applicable laws, it shall immediately remove the link from the Website.
Data security
The Data Controller undertakes to ensure the security of the data, to take technical and organisational measures and to establish procedural rules to ensure that the data recorded, stored or processed are protected and to prevent their destruction, unauthorised use or unauthorised alteration. It also undertakes to require all third parties to whom it transfers or discloses data on the basis of the consent of the Users to comply with the requirement of data security.
The Data Controller shall ensure that the processed data cannot be accessed, disclosed, transmitted, modified or deleted by unauthorised persons. The processed data may only be accessed by the Data Controller, its employees and the Data Processor(s) it employs, and shall not be disclosed by the Data Controller to third parties who are not entitled to access the data.
The Data Controller shall make every reasonable effort to ensure that the data are not accidentally damaged or destroyed. The Data Controller shall impose the above commitment on its employees involved in the processing activities.
The User acknowledges and accepts that, in the event of providing his/her personal data on the Website, despite the fact that the Data Controller has state-of-the-art security measures in place to prevent unauthorized access or disclosure, the protection of the data cannot be fully guaranteed on the Internet. In the event of unauthorised access or disclosure of data despite our efforts, the Data Controller shall not be liable for any such acquisition or unauthorised access or for any damage suffered by the User as a result thereof. In addition, the User may also provide personal data to third parties who may use it for unlawful purposes or in unlawful ways.
Under no circumstances will the Data Controller collect special data, i.e. data concerning racial or ethnic origin, membership of national or ethnic minorities, political opinions or party affiliations, religious or philosophical beliefs, membership of representative associations, health, pathological addiction, sex life or criminal records.
For data security, it is important that when using the Internet in public places on shared computers, you should always log out of the Website after use. If you are visiting our Site from your own computer, you will remain logged in for a certain period of time, depending on the application. In this case, you should also be careful to ensure that strangers do not have access to your computer and cannot carry out transactions (subscriptions, applications, orders, etc.) on your behalf.
Enforcement options
The Data Controller will make every effort to ensure that the processing of personal data is carried out in accordance with the law, if you feel that we have not complied with this, please write to us at info@ohbmservices.com or at the postal address 1077 Budapest, Rottenbiller utca 44, ground floor, Ü-8.
If you feel that your right to the protection of your personal data has been violated, you may, in accordance with the applicable legislation, seek redress from the competent authorities at the National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.) in court.
The National Media and Infocommunications Authority is responsible for advertising sent by electronic means, and the detailed regulations can be found in Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information and Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services.
Other provisions
The provisions of Hungarian law, in particular Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information, shall apply to this Information.
The Data Controller reserves the right to amend this Notice unilaterally at any time, with prior notice to the data subjects.
Pécs, 20 April 2023.
OHBM Services Trade and Services Limited Liability Company
Data Controller