Effective from March 1, 2021
Service Provider’s Name: |
Interticket, Inc. |
Company Registration: |
Massachusetts, US |
Company Registration number: |
3222273 |
E-mail contact address: |
privacy@corporate.interticket.comm |
Website: |
www.interticket.com |
Customer Service e-mail address: |
support@corporate.interticket.comm |
Contact for Complaints: |
complaints@corporate.interticket.comm |
– Act CXII of 2011 on the Right of Informational Self‑Determination and on Freedom of Information (hereinafter referred to as Privacy Act);
– Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR);
– Act V of 2013 on the Civil Code (Civil Code);
– Act C of 2000 on Accounting (Accounting Act);
– Act CXXXVI of 2000 on the Prevention and Combating of Money Laundering and Terrorist Financing (PCMLTF);
– Act CVIII of 2001 on Certain Aspects of Electronic Commerce and Information Society Services (E‑Commerce Act);
– Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (Business Advertising Act).
1/a) the individual has given their consent to the processing of their personal data for one or more specific purpose (voluntary consent);
1/b) data processing is necessary for the fulfilment of such a contract where the affected person is one of the parties or if it necessary to carry out steps required by the affected person before the contract is entered into (fulfilment of the contract);
1/c) data processing is necessary to fulfil the legal obligation for the data controller (legal obligation);
1/d) data processing is necessary to validate legitimate interest of data controller or a third party (legitimate interest).
Purpose of data processing: to ensure the provision of a web shop service on the web site, the order, to fulfil the order, to document the purchase and payment and to fulfil the accounting obligation. Further purpose of data processing is to identify the user as a ticket buyer, as well as to deliver the ordered service and to send notifications (technical notifications related to the performance, such as changes to the performance, cancellation, change of times, parking information etc.), to carry out payment through payment service provider, to register users, differentiate between users, to transfer access data to the event organizer, and to fulfil the contract
Grounds for data processing: fulfilment of a contract, subsection b) Paragraph 1 of Section 6 of the GDPR.
Scope of processed data: surname and first name, phone number (optional if customer provides for receiving notifications, email address, password given at pre-registration, delivery address provided for home delivery, the number, date and time of the transaction, customer code, number of the gift card or culture voucher.
Deadline to erase data: 210 days after the last performance in the transaction, supposed that the performance has a specific date. In case of performance without a specific date, the deadline to erase data is 18 months after the date of transaction. If in the same transaction there are tickets purchased for performances with and without specific date, the later date would be taken into consideration.If a dispute arises in connection with the purchase transaction, Service Provide shall maintain the data for the duration of the dispute; the legal basis of which is legitimate interest of Service Provider, subsection f) of Paragraph 1 of Section 6 of the GDPR.
Possible consequences of failure to provide data: Failure of purchase transaction.
Purpose of data processing: to ensure the provision of a web shop service on the web site, the order, to fulfil the order, to document the purchase and payment and to fulfil the accounting obligation. Further purpose of data processing is to identify the user as a ticket buyer, as well as to deliver the ordered service and to send notifications (technical notifications related to the performance, such as changes to the performance, cancellation, change of times, parking information etc.), to carry out payment through payment service provider, to register users, differentiate between users, to register the balance on the card, to register purchases made with the card, to register discounts and privileges connected to the card, to provide the rights in connection with the season ticket (including rights for renewal if provided by event organizer), to fulfil the contract. Further purpose of data processing is to provide information on the annual renewal of the season ticket (via email or post), reminder regarding the next performance for the season ticket (via email or post), in case of free season tickets twice monthly notification regarding the events of the venue (via email) to facilitate the choice of User.
Grounds for data processing: fulfilment of a contract, subsection b) Paragraph 1 of Section 6 of the GDPR.
Scope of processed data: surname and first name, phone number (optional if customer provides for receiving notifications, email address, password given at pre-registration, delivery address provided for home delivery, the number, date and time of the transaction, customer code, number and balance of the gift card, number and balance of culture card.
Deadline to erase data: 24 months following the date of the transaction for season tickets. In case of gift cards, discount cards, Culture Cards, the deadline to erase data is 6 months following the expiration date, or – if the given card has no expiration date – 18 months following the date of transaction. If a dispute arises in connection with the purchase transaction, Service Provide shall maintain the data for the duration of the dispute; the legal basis of which is legitimate interest of Service Provider, subsection f) of Paragraph 1 of Section 6 of the GDPR. If tax benefits are connected to the purchased card (for instance Culture Card) the data retention period shall be specified in the effective regulations; grounds: subsection c) Paragraph 1 of Section 6 of the GDPR.
Possible consequences of failure to provide data: Failure of purchase transaction.
Purpose of data processing: By choosing a password during the pre-registration process it will be possible for the user to provide their details only once and not at each purchase. Some services are only available to registered users on the web site. Such services include blogging and comment writing, comment rating, and the following functionality (to be notified about artists, venues and events). As a convenience functionality, in a personal menu, users may edit their personal information, view and download their tickets and invoices, follow their comments, already visited pages, reviews, modify following and newsletter subscriptions and if they are part of the membership system, view the balance of their points. Managing multiple personal data stored in the account obviously means profiling as well.
Grounds for data processing: voluntary consent of the affected person, subsection a) Paragraph 1 of Section 6 of the GDPR.
Scope of processed data: email address, password and those personal data that User has provided during purchase or in their account: address, billing address, phone number. Processed data may furthermore be products purchased by User during their orders, date and invoice of the purchases, Comments made by User and their rating, comments, performances, artists, venues rated by the User, artists, venues and performances marked by User to be followed, pages viewed by User, newsletter subscriptions and balance of membership points collected.
Deadline to erase data: Data provided will be handled by Service Provider until such time as User prohibits use for this purpose by unsubscribing.
Possible consequences of failure to provide data: User cannot use the convenience functions and services of the website.
The Notification Service allows the ticket buyer, in addition to technical information about the event (technical alerts related to the performance, such as changes to the performance, cancellation, change of times, parking information etc.), to use notification services such as pre-performance reminder, rating following the performance, as well as automated announcements (alerts for leaving the basket, ticket available to buy again, etc.).
Grounds for data processing: voluntary consent of the affected person, subsection a) Paragraph 1 of Section 6 of the GDPR.
Scope of processed data: email address, name, optional phone number if user would like to receive the notifications via text message, Facebook Messenger ID if user would like to receive the notifications via Messenger chatbot.
Deadline to erase data: Data provided will be handled by Service Provider until such time as User prohibits use for this purpose by unsubscribing.
Possible consequences of failure to provide data: User cannot use the convenience functions of the website, not notified of changes.
Purpose of data processing: to issue invoice related to the purchase transaction and to retain such for the duration specified in the relevant laws.
Grounds for data processing: to meet legal obligation, subsection c) Paragraph 1 of Section 6 of the GDPR.
Scope of processed data: first and family name, billing address provided for billing, number, date and time of the transaction, contents of invoice, tax number in case of VAT receipt (if provided by customer).
Deadline to erase data, period of data processing: 8 years or as specified in the currently effective legislation on taxation and accounting.
Possible consequences of failure to provide data: Failure of purchase transaction.
Purpose of data processing: Profiling helps users to see relevant and personalized offers on the website and in the newsletters` recommendations. Profiling helps data processors to create the most appropriate offers for the customers.
Grounds for data processing: voluntary consent of the affected person, subsection a) Paragraph 1 of Section 6 of the GDPR.
Scope of processed data: email address, name, address, information relating to the use of the website (time of the visit, duration, pages viewed, clicks on the page, search engine usage), basket usage (order identifier, products, product categories, values), purchases (transaction date, value, product, its category, discounts used, method of payment), technical information (IP address, cookie ID, browser type, device type, Google, Facebook, Hotjar, Findgore, Prefixbox identifiers, source page), newsletter and notification message usage information (time of opening the email, its tool, click-through links, purchase data), blog-related data (comments, ratings, click-through links).
The logic of profiling: the offer system offers a list of events to be displayed on the website and in the messages sent by Service Provider that are likely to be the most relevant to the customer.
Deadline to erase data: Data provided will be handled by Service Provider until such time as User prohibits use for this purpose by unsubscribing.
Possible consequences of failure to provide data: offers not relevant to the user are displayed on the website and the newsletters, User cannot use the convenience functions of the website.
Purpose of data processing: Sending email newsletters containing advertisements to interested users. If a user subscribes to the newsletter, Service Provider can send newsletters at a frequency at its own discretion. Service Provider shall endeavour to offer events relevant to the reader of the newsletter based on the user`s place of residence, previous purchases and other data collected through profiling.
Grounds for data processing: voluntary consent of the affected person, subsection a) Paragraph 1 of Section 6 of the GDPR.
Scope of processed data: name, email address, post code, phone number and data collected through profiling.
Deadline to erase data: Data provided will be handled by Service Provider until such time as User prohibits use for this purpose by unsubscribing. To unsubscribe from the newsletter, click the Unsubscribe link at the bottom of the newsletter. The personal data will be deleted within 10 working days of receiving this request.
Possible consequences of failure to provide data: User is not notified of the events.
Purpose of data processing: to provide participation in the loyalty program offered by Service Provider available to regular users of the interticket.com website.
Grounds for data processing: voluntary consent of the affected person, subsection a) Paragraph 1 of Section 6 of the GDPR.
Scope of processed data: name, email address, post code, phone number and data collected through profiling.
Deadline to erase data: Data provided will be handled by Service Provider until such time as User prohibits use for this purpose by unsubscribing.
Possible consequences of failure to provide data: User cannot take part in the loyalty program offered by Service Provider.
Cookies are variable content alphanumeric information packets sent by the web server that are stored on the user’s computer and stored for a predetermined validity period. The use of cookies allows to query some data of the website’s visitor and track their internet usage. Cookies help to keep track of user’s interests, internet usage patterns and the website visit history in order to ensure that the user’s shopping experience is optimal. Since cookies are used as a kind of tag that allows a web page to recognize a visitor returning to the page, by using them valid username and password for that site can also be stored. If the browser sends back a previously stored cookie, the service provider processing the cookie has the ability to link the current visit of the user to previous ones but only to relating to their own content.
The information sent by the cookies makes it easier to recognize web browsers therefore users can receive relevant and “personalized” content. Cookies make browsing more convenient, including online data security needs and relevant advertising. With the help of cookies, Service Provider can also create anonymous statistics on page viewers’ habits, so can better customize the look and content of the page.
Service Provider’s website uses two types of cookies:
– Temporary Cookies – session use (session–id) cookies necessary for the use of the website. Their use is essential for navigating on and for the functioning of the website. Without them, the site or parts of it will not be displayed, browsing becomes obstructed, placing tickets in the basket or bank payment cannot be properly implemented.
– Permanent cookies that will remain on the device, depending on the settings of the web browser, for a long time or until they are deleted by the user. Within these there are internal and external cookies. Internal cookies are created if the Service Provider’s server installs the cookie and the data is forwarded to its own database. If the cookie is installed by the Service Provider’s server, but the data is forwarded to an external service provider, an external cookie is used. Third party cookies placed by a third party in the user’s browser (Google Analytics, Facebook Pixel) are external cookies. These are put in the browser if the visited website uses services provided by a third party. The purpose of permanent cookies is to ensure that the site operates at the highest level in order to increase user experience.
When visiting the website, users can give their consent to storing permanent cookies stored on their computer that can be accessed by the Service Provider by clicking on the cookie alert button on the sign in page.
Users can configure and prevent cookie related activities by using the browser program. To manage cookies, users can usually use the Cookies or Cookie tracing option in Privacy/History/Custom Settings menu under Tools/Settings menu of their browser. Please note however that without the use of cookies it is possible that User will not be able to use every service provided by the website, thus especially the payment options. For further information on cookies please click on the link provided on the cookie alert banner on interticket.com website.
Purpose of data processing: carrying out payment transactions with the payment service provider, identifying and distinguishing users, identifying user’s current session, storing data created during the session, preventing data loss, identifying and tracking users, web analytics.
Grounds for data processing: voluntary consent of the affected person, subsection a) Paragraph 1 of Section 6 of the GDPR.
Scope of processed data: identification number, date, time and the previously visited webpage.
Period of data processing: temporary cookies are stored until all websites of the same type are closed. Permanent cookies are stored on the user’s computer for a year or until the user deletes them.
Possible consequences of failure to provide data: unavailability of certain services of the website, unsuccessful payment transactions, inaccuracies in analytics.
If a user uses the service from a mobile device (e.g. smartphone), when the application is downloaded the program may ask for permission to use the location as data (egg. when using the “near” feature) for features that require location.
Purpose of data processing: If consent is given by the user, the application can provide such personalized searches that takes into account where the user is currently located. The location as data is not stored in the data processor`s system it is only facilitating the use of certain functions during a given transaction (more exact search, the “near” feature).
Grounds for data processing: voluntary consent of the affected person, subsection a) Paragraph 1 of Section 6 of the GDPR.
Scope of processed data: the geographical location of the user at a certain time, IP address.
Scope of data processing: 3 days
Possible consequences of failure to provide data: inability to use all services of the mobile device
Data controller can use the data for statistical purposes. The use of data in a statistically aggregated form cannot contain the name or any other identifiable information of the user in any form.
Technically recorded data are data from the user’s computer that has logged in that are generated when the service is being used and which are logged by the data management system of the data controller as automatic results of technical processes (egg. IP address, session ID). Due to the way the Internet works, the automatically recorded data will automatically be logged by the system, using the Internet, without a separate declaration or action from the User. The Internet does not work without this automatic server-client communication. Such data cannot be linked to other personal data of the User – with the exception of personal data for compliance with a legal obligation. This data can only be accessed by the data controller. Logs technically, automatically recorded during the operation of the system will be stored in the system for a reasonable period of time necessary for the operation of the system.
Service provider records incoming and outgoing phone calls of its customer services.
Purpose of data processing: to enforce the rights of customers and data controller, to provide evidence for possible disputes, to provide evidence to support subsequent verification and the possible un-collectability of a claim, and subsequent proof for agreements, quality assurance, compliance with legal obligations.
Grounds for data processing: voluntary consent of the person concerned.
Scope of processed data: identification number, caller’s phone number, called number, data and time of the call, audio recording of the call as well as other personal information provided during the call.
Deadline to erase data: 5 years.
Possible consequences of failure to provide data: inability to access help via phone.
If you would like to contact our company you can get in contact with the Service Provider on the contact details provided in this information leaflet or via the contacts specified on the website. Service Provider deletes all received emails, together with sender’s name, email address, date, time and other personal data provided in the email no later than 5 years after the disclosure.
Google Analytics as an external service provider helps to independently measure website visits and other web analytics data. For detailed information on how measured data is handled please visit the following link: http://www.google.com/analytics. Google Analytics data is used by the Service Provider for statistical purposes only to optimize the functionality of the site.
We provide information on data management not specified in this document at the time of the registration of such data. Please note that the court, prosecutor, investigating authority, offense authority and administrative authority, National Authority for Data Protection and Freedom of Information, Hungarian National Bank as well as other bodies under the authorization of the legislation may request Service Provider to provide information, provide and hand over data or provide documents. Service Provider shall only disclose personal information to the authorities – if the authority has specified the exact purpose and the scope of data – to the extent necessary for the purposes of the request.
– to the organizer of the given event in order to make it possible for the organizer of the event to inform customer directly and without delay if the event is cancelled, its time is changed or of any other detail that might be of interest, furthermore, if the event is cancelled, to refund or exchange tickets directly, and to allow entry to the event and fulfil the contract (appropriate management of the event). With the data transfer the organizer of the given event will become an independent data processor in relation to the transferred data. Data transfer may also take place in such a way that the Service Provider gives the organizer of the event suitable access to the IT system used for ticketing (Tickets system).
– Tasks related to sending emails to the Users and if the person concerned has given permission for profiling, any tasks related to such are carried out by Wanadis Kereskedelmi és Szolgáltató Kft. (1118 Budapest, Rétköz u. 7.), or Emarsys eMarketing Systems AG (Marzstrasse 1, 1150 Vienna, Austria) as data processors, based on their contracts with data controller.
– to OJT Kft.- which provides customer services (Only relevant to those customers who use Service Provider`s contact information to seek help, information or voice a complaint.
– Service Provider will hand over those data to financial institutions that take part in the purchase process by carrying out the payment which are required by the financial institution for executing the payment. The range of required data may vary by financial institutions. Service Provider will not obtain any of the personal data provided at the financial institution`s own data request page.
2/a) is available for those entitled (availability);
2/b) authenticity and validation is provided (data authenticity);
2/c) integrity can be verified (data integrity);
2/d) is protected against unauthorized access (data confidentiality).
8/a) to prevent unauthorized data entry;
8/b) to prevent the use of automatic data processing systems by unauthorized persons by means of data transmission devices;
8/c) verifiability and determination of which bodies personal data has been or may be transmitted to by means of data transmitting equipment;
8/d) verifiability and determination of when and who entered which personal data into the automatic data-processing systems;
8/e) the recoverability of installed systems in case of malfunction and
8/f) reports are prepared on errors occurring during automated processing.
Requests for changes in personal details or for deleting personal details can be sent from the registered email address or by post, via a written, fully conclusive private document expressing such request. Certain personal data can also be modified using the website’s personal profile page.
– |
purposes of the processing; |
– |
the categories of personal data concerned; |
– |
the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; |
– |
the envisaged period for which the personal data will be stored |
– the right to request rectification or erasure or restriction of processing of personal data;
– the right to lodge a complaint with a supervisory authority; – any available information as to the source of data; |
– the existence of automated decision-making, including profiling, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. |
Data Controller shall only see credible any information request sent by email – unless the person concerned otherwise identifies the credibility – if the request is sent from the User`s registered email address. Requests for information must be sent via email to the contact address mentioned in the header.
If personal data is not accurate and accurate data is available to the data controller, the data controller shall rectify the personal data.
– the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;;
– the data subject withdrew consent on which the processing is based and where there is no other legal ground for the processing;
– the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
– the personal data have been unlawfully processed;
– the personal data have to be erased for compliance with a legal obligation in Union or Member State law;
– the personal data have been collected in relation to the offer of information society services.
The previous (erased) data can no longer be recovered after the request for erasure or modification has been completed.
– the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
– the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
– the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or
– the data subject has objected to processing; in this case restriction shall apply for a period enabling the verification whether the legitimate grounds of the controller override those of the data subject.
– is necessary for entering into, or performance of, a contract between the data subject and a data controller;
– is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
– is based on the data subject’s explicit consent.
ANNEX
Definitions used in the present Information on Data Processing document