PRIVACY POLICY
This Data Processing Notice defines the data protection related rules governing the use of Cyberjump Trampoline Park operated by Elevenpark Kft. (“Controller”) and of the related online information, reservation, and ticket sales sites (www.buda.cyberjump.hu) as visitors or registered users (the “Data Subject”).
The personal data of the Data Subject shall be processed by the Controller in accordance with the provisions of this Data Processing Notice, the General Data Protection Regulation (the “GDPR”), and the Act CXII of 2011 on Informational Self-determination and Freedom of Information (the “Information Act”).
1. THE CONTROLLER
Name:Elevenpark Kft.
Registered seat:2085 Pilisvörösvár, Szent Erzsébet utca 45.
Regional Court:Company Registry Court of the Budapest Environs Regional Court
Registration number: Cg. 13-09-130348
Address of the controller: 1117 Budapest, Hengermalom út 19-21.
Website of the actual data processing: www.buda.cyberjump.hu (“website”)
E-mail address: info@buda.cyberjump.hu
2. PRINCIPLES AND PURPOSES OF THE DATA PROCESSING ACTIONS
Only such a personal data shall be processed by the Controller that are indispensable for the achievement of the purpose of the processing and which are suitable for such purpose, and in connection with this, the Controller shall protect the personal data of the Data Subject.
The purpose of data processing is to enable the Controller to learn more about the needs of visitors to the website and Cyberjump Trampoline Park, and to provide even more useful and personal content through the service, and to ensure adequate level of security in case of online ticket purchase. The Controller does not use the data for any purpose other than those mentioned above.
3. ACTIVITIES RELATED TO THE DATA PROCESSING
The following data processing actions/processes shall be performed by the Controller in the course of use of the below cookies, registration, ticket purchase, billing, sending of newsletters, use of cameras, taking photos and recordings:
3.1 Cookies
The Controller applies cookies at the www.buda.cyberjump.hu website. The cookies are small files of information stored by your browser on your hard drive. Cookies can allow web applications to adjust their operation to your preferences, likes and dislikes, by collecting and storing preference-related information. Our policy on the use of cookies is available at the following address: https://buda.cyberjump.hu/en/cookie-policy
Purpose of processing:To improve the quality of the services of the Controller; to develop and improve the website contents according to the visitors’ needs
Legal basis of processing: As of acceptance of the cookies by the data subject
Period of processing: Until the cookies are deleted by the Data Subject
Erasure or modification of data: Most browsers allow you to view the active cookies on your computer and you may delete them, furthermore you can block the cookies of a specific website or all of the websites. You have the option to set your browser so that it will reject the cookies or warn you when cookies are sent to your device.
3.2 Registration
During the registration (“Guest”). (To protect minors, only adults over 18 can make the registry procedure.)
During the registration, each Guest creates a password that is used to log in the website. Guests are responsible for keeping their password confidential. Do not share your password with any third party.
Processed data: For persons above the age of 18: surname and first name, e-mail address, password, date of birth (day, month, year);
Data of children: surname and first name, date of birth (day, month, year)
Purpose of processing: Liaising, provision of information related to the Controller’s activities, entry into the Park; acceptance of the General Terms and Conditions and the Privacy Policy, understanding the statement on personal responsibility, information on the services of Elevenpark, making inquiries, simplified reservations
Legal basis of processing: The data subject’s voluntary consent
Period of processing: Until withdrawal of the consent, but maximum to the extent and time required for achievement of the processing purpose
Erasure or modification of data: The data subject can ask for information about the processed data and may request rectification of such data. The data subject can request erasure of their data at any time.
3.3 Using the service: making reservations, purchasing tickets
The Data Subject may purchase tickets on the website following registration. The further conditions regarding this are specified under Chapter IV.B of the General Terms and Conditions. The following data processing actions are performed when tickets are purchased:
Processed data:surname and first name, country, telephone number, e-mail
Purpose of processing: Provision of the reservation service; Compliance with the obligation to provide/issue invoices; exercising and performing the rights and obligations arising from our contract with the Data Subject
Legal basis of processing: Legitimate interest, mandatory data processing required pursuant to the tax regulations (legal provision)
Period of processing: Obligation of retention according to the tax laws: 10 tax years; the period of time required for achievement of the purpose of data processing
Erasure or modification of data: The data subject can ask for information about the processed data and may request rectification of such data.
Data entered on the SimplePay payment page (bank card details) will not be disclosed to the Controller, since SimplePay’s website is fully independent and secure.
3.4 Invoicing
Following confirmation of the reservation, Elevenpark Kft. shall be entitled to invoice the consideration payable for the reservation, and for that purpose the following data are required:
Processed data: surname and first name, e-mail, telephone number, address
Purpose of processing: Compliance with the obligation to provide/issue invoices; provision of customer service assistance to the Data Subjects when payment is made online, by bank/credit cards, confirmation of the transactions and fraud-monitoring performed for the sake of protection of the users
Legal basis of processing: Mandatory data processing required pursuant to the tax regulations (legal provision); Legitimate interest of the Controller
Period of processing: Obligation of retention according to the tax laws: 10 tax years
Erasure or modification of data: The data subject can ask for information about the processed data and may request rectification of such data.
3.5 Sending of Newsletters
At the registration the Guest agrees with sending him newsletters via e-mail regarding the activity of the Controller (e.g. promotions, notifications, offers, programme leaflets, loyalty schemes, reminders).
By subscribing, the Data Subject consents to the processing of their personal data provided here for purpose of sending of the newsletter, and accepts the Data Processing Notice of the Controller.
Processed data: surname and first name, e-mail address
Purpose of processing (1): Liaising with its customers, provision of information regarding the ordered products, the event, notification in the event of any changes, sending of information.
Legal basis of processing: Legitimate interest of the Controller (securing the contractual performance of the service)
Period of processing: Until withdrawal of the consent granted for processing, until deletion of the registration.
Purpose of processing (2): Provision of information to the persons subscribing to the newsletter about the Controller’s activities, events, programs, services, different news, furthermore memos or information may also be sent about events or any changes thereof.
Legal basis of processing: The data subject’s voluntary consent
Period of processing: Until withdrawal of the consent granted for the sending of the newsletters, but maximum to the extent and time required for achievement of the processing purpose
Processed personal data: surname and first name, e-mail address, date of birth (day, month, year)
Purpose of processing (3): Provision of services related to the loyalty program membership (Funandmore.club), provision of information to the Data subject Provision of information about the Controller’s activities, events, programs, services, different news, furthermore memos or information may also be sent about specific events, provision of birthday discounts;
Legal basis of processing: Contractual relationship regarding the Funandmore.club loyalty program membership
Period of processing: Until termination of the membership, or until withdrawal of the consent granted for sending of the newsletters, but maximum to the extent and time required for achievement of the processing purpose
3.6 Use of cameras, making image and video recordings
The Controller operates electronic surveillance equipment (cameras) in the Cyberjump Trampoline Park. The park’s policy on the use of video surveillance is available here, and is published at the entrance of Cyberjump Trampoline Park.
The data processing related to cameras recordings shall be performed as the followings:
Processed data: Image of the Data Subject
Purpose of processing:
a. to protect the life and safety of Data Subject, monitoring of compliance with the safety rules;
b. to protect the equipment of Cyberjump Trampoline Park and its commercial units, the personal assets and property of visitors and staff members (protection against theft and burglary), i.e. to detect and prevent violations, to catch perpetrators in the act, and to provide evidence thereto;
c. to present and promote the operation of the Cyberjump Trampoline Park, with use on facebook, instagram, youtube, and google+
Legal basis of processing: Contract (see: Section VIII.3 of the General Terms and Conditions) The people who are entering the area of the Cyberjump Trampoline Park, by the very act of entrance (implied by conduct), accept and acknowledge the legal use of the cameras.
Period of processing: Maximum to the extent and time required for achievement of the processing purpose
Erasure or modification of data: These recordings are “mass recordings” under Act 2:48 of Hungarian Civil Code, which provides that no express consent of the Guest is needed to making and use of thid recordings in line with the rules of this section.
In the event the purpose of the use or conveyance of the recordings is direct profit, survey or scientific research, the Guest is entitled to protest against it in line with section 16.
4. PROCESSING AND TRANSMISSION OF THE DATA
The Controller shall not transmit the personal data acquired from the Data Subject to any processors.
The Controller agrees not to provide registered Guests with any Additional Service without request or prior consent by, and to make it possible to stop the provision of such services at any time.
The data shall be transmitted by the Controller, in order to meet its statutory obligations, to the following recipients:
Recipient: OTP Mobil Kft.
Address: 1093 Budapest, Közraktár u. 30-32.
Further information: http://simplepay.hu/vasarloknak/
Purpose of processing: Execute ticket purchases with bank/credit cards; Compliance with the obligation to provide/issue invoices
Legal basis of processing: Mandatory data processing required pursuant to the tax regulations (legal provision)
Period of processing: Obligation of retention according to the tax laws: 10 tax years
Rights of the Guest: The Data Subject could ask for information about the processed data and may request rectification of such data.
Recipient: Kulcs-Soft Nyrt.
Address: http://www.kulcs-soft.hu/
Purpose of processing: Compliance with the obligation to provide/issue invoices
Legal basis of processing: Mandatory data processing required pursuant to the tax regulations (legal provision)
Period of processing: Obligation of retention according to the tax laws: 10 tax years
Rights of the Guest: The Data Subject could ask for information about the processed data and may request rectification of such data.
5. DATA STORAGE AND ACCESS
All Data are stored on the servers and computers of the Controller, in printed or digital format, or in computer systems located on the premises of designated third parties.
The processed Data may be accessed only by authorized staff members of the Controller who are involved in the provision of the services relating to the Data.
With a view to ensuring the security of the Data, the Controller applies a security system that is at least common in the profession, including the regular updating and extension of that system, and takes any and all reasonable measures to prevent unauthorized persons from accessing the processed Data.
6. RIGHTS OF THE GUEST, ENFORCEMENT OF CLAIMS
In terms of the Data specified under Section 3 of this Data Processing Notice the Data Subject has the right to request access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability, in accordance with the provisions of the below Sections.
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information.
6.1 Right for information
The Data Subject shall have the right to obtain from the Controller’s confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and information.
Within 25 days of submission of the request, the Controller informs the Guest in writing about the followings:
- the scope of processed data;
- the source of such data if not the Guest;
- the purpose of data processing;
- the legal basis of data processing;
- the period of data processing; and
- the legal basis and recipient of any data transfer.
6.2 Withdrawing the consent
The Guest may withdraw his or her consent granted via registration or other event to handling his or her data (e.g. sending newsletters) anytime in written form by contacting the Controller’s via post (2085 Pilisvörösvár, Szent Erzsébet utca 45.) or sending an e-mail (info@buda.cyberjump.hu).
6.3 The right to object
The Guest has the right to object against the handling of his or her personal data
• if the handling or conveyance of the personal data is required merely to perform the legal obligations applying to the Controller, or if it is required to enforce the legal rights of the Controller, the person who obtains the data or a third party except for mandatory data handling
• if the purpose of the use of the personal data is direct profit, survey or scientific research
• in other cases stipulated by law.
The Contoller shall investigate the claim within 15 days as of date when it was submitted, the Controller shall render a decision whether the claim is well-founded and notify the claimant of the decision in writing. In the event the Guest does not agree with the decision or the deadline is not met, the Guest may turn to court upon receiving the decision or within 30 days after the last day of the deadline for making a decision.
6.4 Right to data portability
The Data Subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller
6.5 Rectification and erasure of Data
If any Data is incorrect and the correct data is available to the Controller, the Controller corrects the data.
The Data must be deleted, without undue delay, if
the personal data are no longer necessary in relation to the purposes for which they were collected or processed;
the data subject withdraws his/her consent and there is no other legal basis for the processing;
the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
the personal data have been unlawfully processed
the personal data have to be erased for compliance with a legal obligation
The personal data of the Data Subject does not need to be erased, if the data processing is required for the following
for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing of the personal data;
for the establishment, exercise or defence of legal claims.
The Controller informs the Guest concerned about any correction or deletion of Data. No notice is required if the correction or deletion does not harm the legitimate interests of the Guest, taking into account the purpose of data processing.
In the event the Guest requires to have his or her registration data deleted or withdraws his or her consent to handling data connected to the registration, it shall automatically lead to the deletion of the Guest’s registration. In this case the Guest may use the Cyberjump Trampoline Park’s services only after a new registration (giving his or her particulars again).
6.6 Enforcement of claims
Any person may initiate an investigation by the Hungarian National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22c, the “Authority”) by submitting a complaint regarding any violation, or the imminent threat thereof, concerning the processing of the Data. The proceedings of the Authority are free of charge.
Guests may also file a lawsuit in case of any violation to their rights. Such matters are handled by the courts with urgency. The Controller is required to show that the processing of personal data is pursued in full compliance with applicable legislation. Such matters fall within the competence of district courts. Guests may also file the lawsuit with the court having jurisdiction over the place of residence or stay of the Guest concerned.
7. MISCELLANEOUS PROVISIONS
The website of the Controller may include referrals and links to websites operated by other service providers, where the Controller does not have any influence over the processing of Data. By clicking on such links, visitors are forwarded to websites operated by other service providers. Such websites do not and may not fall within the control of the Controller. Thus, the Controller may not be held liable for any data provision or personality rights related proceedings of such websites.
The Guests understand that they consent to the processing of their data freely and voluntarily, and they may withdraw their consent at any time by contacting the Controller by the means specified in this Privacy Policy.
If you do not agree on this Privacy Policy, please do not provide any personal data on the Website and/or at the Customer Service of Cyberjump Trampoline Park. Please be informed that the services of Cyberjump Trampoline Park are provided merely to those who have accepted the General Terms and Conditions and this Privacy Policy.
Effective: Budapest, (…) June 2018