1. By clicking the Redirect button the Customer accepts [SYMBOL-BP Vendéglátó és Kulturális Szolgáltató Korlátolt Felelősségű Társaság] ([8600 Siófok, Dózsa Gy. u. 42.]) at [http://xticket.hu/en/] to provide the following personal data stored in its user database to PayU Hungary Ltd. (1074 Budapest, Rákóczi út 70-72.)
Provided data: username, family name, given name, country, phone number, e-mail address.
The purpose of data transmission: customer support for users, confirming transactions and fraud- monitoring for users defence.
2. Informing customers that, the bank card payment of <http://xticket.hu/en/>, The transaction is EUR basis, regardless the currency of the owner of credit card is not EUR currency.
The currency that is shown on the website, just indicative, because the payment made by selling price of the issuer bank.
Your bank account for the payment of an amount in euro, may be different due to the conversion.
Data protection and data management principles and policy of the Xticket.hu web shop
I. The XTICKET.HU webshop hereby announces its data protection and data management principles and policy, which we consider to have a binding effect. We framed this policy with especial regard to act LXIII of 1992 on the protection of personal data and the disclosure of data of public interest, act VI of 1998 on the protection of individuals with regards to the automatic processing of personal data, provisions on the announcement of the Convention dated in Strasbourg on 28 January 1981 and recommendations of "ONLINE PRIVACY ALLIANCE".
The aim of this announcement is to ensure that within the frame of our services the rights and liberties of each individual, in particular his privacy, regardless of his nationality and place of residence, are respected in the course of automatic processing of his personal data (data protection).
II. Definitions for the purposes of this announcement:
Personal data shall mean any data relating to a specific natural person (hereinafter referred to as ‘data subject’) as well as any conclusion with respect to the data subject which can be inferred from such data. In the course of data processing such data shall be considered to remain personal as long as their relation to the data subject can be restored.
Special data shall mean any personal data relating to
a) racial, or national or ethnic minority origin, political opinion or party affiliation, religious or other ideological belief;
b) state of health, pathological addictions, sexual life or personal data pertaining to criminal records;
c) data management: irrespective of the applied process, recording and storage, processing, utilisation and erasure of personal data (including transmission and disclosure), as well as the alteration of data and the prevention of their further use;
d) data processing shall mean the technical operations involved in data management, irrespective of the method and tools used for such operations and the venue where it takes place;
e) data transfer shall mean making data accessible for a specific third person;
f) disclosure shall mean making data accessible for anybody;
g) controller shall mean a natural or legal person or unincorporated organization that determines the purpose of the processing of personal data, makes decisions regarding data management (including the means) and implements such decisions itself or engages a processor to implement them. Where data management is mandatory, the purpose and the terms of management and the controller shall be specified by the statute or local government decree in which it is ordered;
h) processor shall mean a natural or legal person or unincorporated organization that is engaged in the processing of personal data on behalf of a controller;
i) erasure shall mean the destruction or elimination of data sufficient to make them irretrievable;
j) automated data file shall mean a set of data intended to be automatically processed;
k) automatic processing shall cover the following operations, where such operations are accomplished partly or wholly with automated tools: data storage, logic or arithmetic operations carried out with data, alteration, erasure, retrieval and dissemination of data.
III. Data quality, i.e. requirements pertaining to personal data in the course of automatic processing:
a) data may only be obtained and processed in a fair and lawful manner;
b) data may only be stored for specified and lawful purposes, and no data may be used in any different manner;
c) data shall comply with the purpose of their storage, and they may not go beyond that;
d data shall be accurate and up to date if necessary;
e) data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data are stored,
f) data related to racial origin, political opinion, religious or other ideological belief or to state of health and sexual life unless the national law provides appropriate guarantees. This provision also applies to personal data related to sentences,
g) appropriate safety measures shall be taken for the protection of personal data stored in automated data files to prevent accidental or illegal destruction or accidental loss, unauthorized access, alteration or dissemination of data.
Everybody has the right
a) to obtain information on the automated file of their personal data, including the main purpose thereof, the name, address or registered office of the person controlling data file;
b) to be informed at reasonable intervals and without excessive delay or cost whether their personal data are stored in an automated data file and to receive information on such data in an intelligible form;
c) to request for correction or erasure of such data, where appropriate, in the most simple possible manner and within the shortest possible time;
d) to legal remedy in case their request for information specified by law or where appropriate, request for communication, correction or erasure of data is rejected. Upon the data subject's request the data controller shall provide information concerning the data relating to them, including those processed by a data processor on its behalf, the purpose, grounds and duration of processing,
the name and address (registered office) of the data processor and on its activities relating to data management, and the recipients of his data and the purpose for which they are or have been transferred. The data controller shall provide the information in writing in an intelligible form without delay but not later than within 30 days of the receipt of request. The data subject may file for court action against the controller for any violation of his rights. Data controller shall be liable for any damage caused to a data subject as a result of unlawful processing or by breaching the technical requirements of data protection. The data controller shall also be liable for any damage caused by a data processor acting on its behalf. The data controller may be exempted from liability if he proves that the damage has been caused by reasons beyond his control. No compensation shall be paid where the damage has been caused by intentional or negligent conduct on the part of the data subject.
Personal data may be processed if
a) the data subject has given his consent, or
b) decreed by law or by a local authority based on authorization conferred by law concerning specific data defined therein. Where it serves the interest of the public, free access to particular personal data may be ordered by law as defined therein. In all other cases, free access to personal data may be provided only upon the consent of the data subject that is to be made in writing with regard to special data. If there is any doubt, it is to be presumed that the data subject has not granted his consent to allow free access. The consent of the data subject shall be considered granted in connection with any data he has made public or has supplied for publication.
Purpose limitation principle of data management:
Personal data may be processed only for specified and explicit purposes, where it is necessary for exercise of certain rights or for fulfilment of obligations. Such purpose must be satisfied in all stages of operations of data processing. The personal data to be processed must be in compliance with the purpose for which they have been collected, it must be suitable to achieve that purpose, and it may be processed to the extent and the duration necessary to achieve that purpose.
Transfer of data, set of transfer operations:
Data may be transferred, whether in a single or in a set of operations, if the data subject has given his consent or if the transfer is legally permitted, and if the safeguards for data processing are satisfied with regard to any and all personal data.
Data controllers, and within their sphere of competence, data processors must implement adequate safeguards and appropriate technical and organizational measures to protect personal data as well as frame adequate procedural rules to enforce the provisions of the Data Protection Act and other regulations concerning confidentiality and security of data processing. The data – especially the personal data qualified as state secret or official secret – shall be protected, in particular, against unauthorized access, alteration, disclosure, erasure or damage or destruction.
The XTICKET.HU undertakes to publish awareness-rising and clear notice prior to data collection, recording and processing data of any of its users to inform them about method, purpose and
principles of data collection. Furthermore, the XTICKET.HU shall call the attention of the data subject to the fact that the disclosure is voluntary whenever data collection, recording and processing is not prescribed by law. If compulsory, the legal regulation on which it is based shall also be indicated. The data subject shall be informed on the purpose of the data control and on the persons who will handle or process the data. Notification of data management is considered granted where disclosure by transmission from existing data processing operations or by transfer or combination for further processing is prescribed by legal regulation.
The XTICKET.HU shall inform the user whenever the disclosed data are intended to be used for any other than the original purpose of the data collection and obtain the prior express consent of the data subject to such data processing or enable him to raise objection against the use of data.
The XTICKET.HU shall comply with the stipulations contained in Principles without exception in the course of data collection, recording and processing and inform the data subject of its activities through electronic mails. The XTICKET.HU undertakes not to employ sanctions against any user that refuses non-compulsory disclosure.
The XTICKET.HU also undertakes to ensure the data security; it shall take the technical and organizational measures and elaborate the rules of procedure to ensure that the collected, stored and processed data are protected. Furthermore, the XTICKET.HU shall prevent the destruction, unauthorized use and alteration of the personal data. The XTICKET.HU shall request any third party to which the XTICKET.HU will possibly transfer or disclose personal data to comply with their obligations related to data protection.