Introduction

Birdies Event provides the following information on the processing of natural persons’ data in order to fully comply with Regulation 2016/679 of the European Parliament and of the Council (GDPR) and Act CXII of 2011 on the Right to Information Self-Determination and Freedom of Information (Infotv.).

Data of the Data Controller

Name: Birdies Event Kft.
Headquarters: 1023 Budapest, Árpád fejedelem útja 31. Head office. 1. 1.
Tax number: 27838547-2-41
Company registration number: 01-09-400021
Phone: +36 20 312 4999
E-mail: info@birdiesevent.com
Website: www.birdiesevent.com

Data management

Data processing related to the provision of the service

  1. Contact us – under “Contact”
    Category of data subjects: website visitor
    Personal data processed: name, email address, telephone number
    Legal basis for processing: voluntary consent of the data subject
    Categories of recipients: the CoR, its agents, contractors
    Place and method of storage: electronically
    Deadline for deletion: 5 years from the last contact
    Data transmission: –
  2. Complaint handling: if you have made a complaint to us, the processing of the data and the provision of the data are essential.
    Categories of addressees, recipients: the CoR, its agents, contractors
    Personal data processed: name, email address
    Legal basis for processing: fulfilment of the legal obligation of the CoR
    Categories of recipients: the CoR, its agents, contractors
    Place and method of storage: electronically
    Deletion deadline: consumer protection law – the deletion deadline set out in the relevant legislation – 5 years
    Data transfer: at the request of the consumer protection authority

Data processing related to its operation

  1. Visitor data processing on the company’s website – cookie – see more below
    Category of data subjects: website visitor
    Personal data processed: see more in the cookie table
    Legal basis for processing: the data subject’s explicit and voluntary consent
    Categories of recipients: the CoR, its agents, contractors
    Place and method of storage: electronically
    Deletion deadline: see more details in the cookie table
    Data transfer: –
  2. Newsletter
    Category of data subjects: subscriber to the newsletter
    Personal data processed: name, email
    Legal basis for processing: voluntary explicit consent of the data subject
    Categories of recipients: the CoR, its agents, contractors
    Place and method of storage: electronically
    Deadline for deletion: upon unsubscription
    Data transmission: –
  3. Google registration and authentication- https://policies.google.com/privacy?hl=en
    Category of data subject: Google user
    Personal data processed: name, email address, profile picture and other data as specified in the service’s privacy policy.
    Legal basis for processing: voluntary explicit consent of the data subject by clicking on the “Log in” button
    Categories of recipients, addressees: –
    Location and method of storage: electronic
    Deadline for deletion: –
    Data transmission: –
  4. Facebook registration and authentication – https://www.facebook.com/privacy/explanation
    Category of data subject: Facebook user
    Personal data processed: name, email address and other data as specified in the service’s privacy policy.
    Legal basis for processing: voluntary explicit consent of the data subject by clicking on the “Log in” button
    Categories of recipients, addressees: –
    Place and method of storage: electronically
    Deadline for deletion: –
    Data transfer: –
  5. Facebook official site – https://www.facebook.com/policy.php
    Category of data subject: Facebook user
    Personal data processed: Facebook profile
    Legal basis for processing: data subject’s voluntary explicit consent by clicking on the “Like” button
    Categories of recipients, addressees: –
    Place and method of storage: electronically
    Deadline for deletion: –
    Data transfer: –
  6. Instagram official site – https://www.instagram.com/policy.php
    Category of data subject: user of Instagram
    Personal data processed: profile on Instagram
    Legal basis for processing: data subject’s voluntary explicit consent by clicking on the “Like” button
    Categories of recipients: –
    Place and method of storage: electronically
    Deadline for deletion: –
    Data transfer: –

Scope of personal data processed

In all cases, consent is voluntary and informed and is given by the data subject after having read this privacy notice.

The data held by the data controller are processed exclusively by the employees of the data controller involved in the implementation of the data management purposes set out in this information notice, who are bound by confidentiality obligations in respect of all data they have access to.

The Data Controller shall select and operate the IT tools used to process personal data in the course of providing the service in such a way that the processed data:

  • accessible to authorised persons (availability);
  • authenticity and verification (authenticity of processing);
  • can be verified to be unchanged (data integrity);
  • be protected against unauthorised access (data confidentiality).

The Controller shall take appropriate measures to protect the data against unauthorised access, alteration, disclosure, disclosure, erasure or destruction and against accidental destruction.

The Controller shall ensure the security of processing by technical, organisational and organisational measures that provide a level of protection appropriate to the risks associated with the processing.

The data controller shall, in the course of processing, preserve confidentiality: protect the information so that only those who are entitled to have access to it can do so; integrity: protect the accuracy and completeness of the information and the method of processing; availability: ensure that the information can be accessed and the means to do so are available when the authorised user needs it.

What cookies do

An HTTP cookie is a small packet of data that is created by the server containing the website you are browsing on the Internet, via the client’s web browser, on the first visit, if enabled in the browser. Cookies are stored on the user’s computer in a predefined location, which varies according to the browser type. On subsequent visits, the browser sends the stored cookie back to the web server, together with various information about the client. Cookies allow the server to identify the user, collect various information about the user and analyse it.

Main functions of cookies:

  • collect information about visitors and their devices;
  • remember visitors’ individual preferences, which are used, for example, when making online transactions, so they do not need to be re-entered;
  • make it easier, simpler, more convenient and smoother to use the website;
  • make it unnecessary to re-enter data already entered;
  • generally improve the user experience.

By using cookies, the Data Controller carries out data processing, the main purposes of which are:

  • user identification
  • identification of each session
  • identification of devices used for access
  • the storage of certain data provided
  • storage and transmission of tracking and location information
  • storage and transmission of data for analytical measurements

Under the GDPR, the use of cookies (in particular analytical cookies) is subject to the prior consent of the visitor and, in the case of cookies necessary for the operation of the website, on the basis of the legitimate interest of the website operator (Data Controller), so the visitor is able to allow or refuse cookies. However, if the visitor chooses to refuse cookies (i.e. does not consent to the processing of cookies based on consent), he or she may not be able to fully benefit from the interactive features of the website.

It should be stressed that the use of cookies is essential for the operation of the website, without which the entire website or certain parts of it may become inaccessible to the visitor. It should also be stressed that acceptance of the recommended cookie settings constitutes consent in the case of cookies based on consent, while any change to the settings that entails rejection/revocation of these cookies constitutes withdrawal of consent – which does not affect the lawfulness of the processing prior to the withdrawal of consent, but may affect certain functions and the enjoyment of the website.

During the use of the website, the following data in particular is recorded and processed about the visitor and the device used for browsing:

  • the IP address used by the visitor;
  • the browser type;
  • the characteristics of the operating system of the browsing device (language set);
  • the date of the visit;
  • the (sub)page, feature or service visited.

Accepting or authorising the use of cookies is not mandatory. You can reset your browser settings to reject all cookies or to indicate when a cookie is being sent. While most browsers automatically accept cookies by default, these can usually be changed (for example, by setting different security levels) to prevent automatic acceptance and will offer you the choice each time.

You can find out about the cookie settings of the most popular browsers by following the links below:

If you use a mobile device, you can find out more on the following pages:

Essential (session) cookies

Cookies are technically necessary for the website to work.

The purpose of these cookies is to allow visitors to browse the website of the Data Controller, use its functions and services fully and smoothly. The validity period of this type of cookie lasts until the end of the session (browsing), and when the browser is closed, this type of cookie is automatically deleted from the computer or other device used for browsing.

Cookies that require consent

These allow the Data Controller to remember the user’s choices about the website. The visitor may opt-out of this processing at any time before and during the use of the service. These data cannot be linked to the user’s identification data and cannot be transferred to third parties without the user’s consent.

Analytical cookies placed by third parties

The Data Controller also uses Google Analytics third party cookies on its website. By using Google Analytics for statistical purposes, the Controller’s website collects information about how visitors use the website. The data is used to improve the website and the user experience. These cookies will also remain on the visitor’s computer or other browsing device, their browser, until they expire or until they are deleted by the visitor.

General data processing policy

The data processing of the Data Controller’s activities is based on voluntary consent or on legal authorisation. In the case of processing based on voluntary consent, data subjects may withdraw their consent at any time during the processing.

In certain cases, the processing, storage and transmission of some of the data provided is required by law, and we will notify our customers separately. We draw the attention of the Data Controller to the fact that, if the data subject does not provide his or her own personal data, it is the data subject’s duty to obtain the consent of the data subject. Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (Infotv.);

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation, GDPR); Act V of 2013 on the protection of individuals with regard to the processing of personal data (GDPR). Act C of 2000 – on Accounting (Accounting Act); Act LIII of 2017 – on the Prevention and Combating of Money Laundering and Terrorist Financing (Pmt.); Act CCXXXVII of 2013 – on Credit Institutions and Financial Undertakings (Hpt.).

Contact form related data

Through the website, it is possible to contact the Data Controller. The personal data requested in the request:

  • Name (required field)
  • Email address (required)
  • Phone number (optional)

Purpose of the processing, intended use of the data processed: through the contact form, the data subjects may contact the Data Controller on a voluntary basis. The data received will be kept for a certain period of time for customer service purposes, but this information will not be used for marketing purposes. The legal basis for data processing is voluntary consent. Retention period: duration of the business relationship or request for cancellation.

The legal basis for data processing is voluntary consent.

Retention period: duration of the business relationship or request for cancellation.

Data relating to the operation of the website

Personal data requested in connection with the registration and login to the website:

  • Name
  • Email address
  • Google account details
  • Facebook account details

Purpose of data processing, intended use of the data processed: the data received during registration are used for statistical and marketing purposes.

The legal basis for data processing is voluntary consent.

Retention period: duration of the business relationship or request for cancellation.

Physical storage locations of data

We may process your personal data (that is, data that can be associated with you personally) in the following ways:

  • on the one hand, technical data relating to your computer, browser program, Internet address and the pages you visit are automatically generated in our computer system in connection with the maintenance of the Internet connection,
  • on the other hand, you can also provide your name, contact details or other information if you wish to contact us personally when using the website. Data technically collected in the course of the operation of the system.

The data that is automatically recorded is automatically logged by the system on entry and exit, without any declaration or action by the data subject.

This data cannot be linked to other personal user data, except where required by law. The data is only accessible by the birdies.com domain.

Data transfer, data processing, data subjects

The Data Controller and its internal staff have the right to access the data in the first instance, in accordance with the rules of eligibility, the system of eligibility and other internal regulations. The Data Controller may use third party Processors to perform certain operations and tasks relating to the Data. The Data Controller shall not disclose or transfer the Data to any third parties other than those listed above.

  1. hosting provider:
    name: WebHostIcon Tárhely- és Domain Szolgáltató Kft. company registration
    number: 01-09-949386
    registered office: 2097 Pilisborosjenő, Tulipán köz 2.
    tax number: 23023071-2-42
    email: ugyfelszolgalat@webhosticon.hu
    phone number: +36 30 598 7210
    https://webhosticon.hu/adatkezelesi-tajekoztato/
    Data management registration number: NAIH-58821/2012.
  2. newsletter service:
    Name: The Rocket Science Group, LLC
    Address: 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308, USA
    https://mailchimp.com/legal/
  3. website visitor statistics:
    name: Google Ireland Limited
    registration number: 368047
    registered office: Gordon House, Barrow Street, Dublin 4, Ireland
    https://www.google.com/analytics/terms/hu.html
  4. Facebook fan page maintained and operated by:
    name: Facebook Ireland Ltd.
    address: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland
    https://www.facebook.com/privacy/explanation

Rights of the person concerned

The Data Subject may exercise, inter alia, the rights described below in relation to the personal data processed by the Controller.

The Data Subject’s right of access

The Data Subject has the right to receive feedback from the controller as to whether or not his or her personal data are being processed and, if such processing is taking place, the right to access the personal data and the following information:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipients to whom or with whom the personal data have been or will be disclosed, including in particular recipients in third countries or international organisations;
  • the intended duration of the storage of the personal data;
  • the Data Subject’s right to rectification, erasure or restriction of processing and to object to processing;
  • the right to lodge a complaint with the supervisory authority;
  • where the data have not been collected from the Data Subject, any available information about their source;
  • the fact of automated decision making, including profiling, and the logic used and clear information on the significance of such processing and its likely consequences for the Data Subject.

The Data Controller shall provide the Data Subject with 1 copy of the personal data subject to processing. For additional copies requested by the Data Subject, the Controller may charge a reasonable fee based on administrative costs. If the Data Subject has submitted the request by electronic means, the Controller shall provide the information in a commonly used electronic format, unless the Data Subject requests otherwise, within a maximum of 30 days from the date of submission.

Right of rectification

The Data Subject shall have the right to obtain from the Data Controller, upon his or her request and without undue delay, the rectification of inaccurate personal data relating to him or her and the right to obtain the completion of incomplete personal data, taking into account the purposes of the processing.

Right to erasure

The Data Subject shall have the right to obtain from the Data Controller, upon his or her request, the erasure of personal data relating to him or her without undue delay, and the Data Controller shall be obliged to erase personal data relating to the Data Subject without undue delay if one of the following grounds applies:

  • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • the Data Subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
  • the Data Subject objects to the processing and there are no overriding legitimate grounds for the processing; the personal data have been unlawfully processed;
  • the personal data must be erased in order to comply with a legal obligation under Union or Member State law applicable to the Data Controller;
  • personal data are collected in connection with the provision of information society services.

The erasure of data cannot be initiated if the processing is necessary:

  • to exercise the right to freedom of expression and information;
  • for the purposes of complying with an obligation under Union or Member State law that requires the controller to process personal data or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • on grounds of public interest in the field of public health;
  • For archiving, scientific and historical research or statistical purposes in the public interest;
  • to bring, enforce or defend legal claims.

Right to restriction of processing

At the request of the Data Subject, the Controller shall restrict processing if one of the following conditions is met:

  • the Data Subject contests the accuracy of the personal data, in which case the restriction applies for the period of time necessary to allow the Controller to verify the accuracy of the personal data;
  • the processing is unlawful and the Data Subject opposes the erasure of the data and requests instead the restriction of their use;
  • the Controller no longer needs the personal data for the purposes of processing, but the Data Subject requires them for the establishment, exercise or defence of legal claims; or
  • the Data Subject has objected to the processing; in this case, the restriction applies for the period until it is established whether the legitimate grounds of the Controller prevail over the legitimate grounds of the Data Subject.

Where processing is restricted, personal data, other than storage, may be processed only with the consent of the Data Subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or of an important public interest of the Union or of a Member State.

Right to data retention

The Data Subject has the right to receive personal data concerning him or her which he or she has provided to the Controller in a structured, commonly used, machine-readable format and to transmit such data to another Controller.

Right to object

The Data Subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data, including profiling based on the aforementioned provisions. In this case, the Controller may no longer process the personal data, unless the Controller proves that the processing is justified by compelling legitimate grounds which override the interests or rights of the Data Subject or are related to the establishment, exercise or defence of legal claims.

Right of withdrawal

The Data Subject has the right to withdraw his or her consent to the processing of his or her personal data at any time.

Remedies available

In the event of a breach of his/her rights, the Data Subject may request information, seek redress or lodge a complaint through the contact details provided. In the event of failure to do so, the Data Subject is entitled to take legal action or to contact the National Authority for Data Protection and Freedom of Information.

Contact the National Authority for Data Protection and Freedom of Information (HAIH):

Headquarters: 1055 Budapest, Falk Miksa utca 9-11
Postal address: 1363 Budapest, Pf.: 9.
Tel:
+36 30 683-5969
+36 30 549-6838
+36 1 391 1400
Fax: +36 1 391-1410
E-mail: ugyfelszolgalat@naih.hu
Website: www.naih.hu

Other provisions

In the event of a request by a public authority or other body based on other legal obligations, the Data Controller may be obliged or required to disclose the data. In such cases, the Controller shall endeavour to disclose only such amount and type of personal data as is strictly necessary for the purposes of the obligation to disclose.

The data controller reserves the right and undertakes to amend its data protection policy in accordance with the applicable legal provisions and practice.

The data controller shall provide information on any changes to its processing on its central website prior to their entry into force.

Last modified 26 August 2022.