BKK CENTRE FOR BUDAPEST TRANSPORT PRIVATE LIMITED COMPANY. PRIVACY POLICY on the BKK Online Shop sales

Similar documents
MÁV-START e-ticket (online ticket purchase) Privacy Policy

Act CXII of 2011 on the right to information self-determination and freedom of information. Act ;

Data management guidelines. COMBIT Information Technology Private Limited Company. General information about the aim of the data management guidelines

Customer Service Phone number: ,

- GDPR (General Data Protection Regulation) is the new Data Protection Regulation of the European Union;

Privacy Policy. 1. Name and contact information of the data controller

INFORMATION CONCERNING HANDLING OF DATA. 1, Preamble. For TRENDO Invest Ingatlanfejlesztő Korlátolt Felelősségű Társaság {TRENDO Invest Real

DATA MANAGEMENT POLICY

Information leaflet about processing of personal data (

GENERAL TERMS AND CONDITIONS OF THE INTEGRATED FESTIPAY WRISTBAND VOUCHER TAG (FESTIPAY PAYMENT WRISTBAND)

TERMS AND CONDITIONS FOR THE USE OF THE WEBSITE AND PRIVACY POLICY

TERMS AND CONDITIONS

PRIVACY POLICY FOR THE LIDC 2018 INTERNATIONAL CONGRESS

NEWSLETTER DATA PROTECTION NOTICE. AImotive Ltd.

RECRUITMENT DATA PROTECTION NOTICE. AImotive Ltd.

DATA PROCESSING AGREEMENT

Eco Web Hosting Security and Data Processing Agreement

Be-novative Privacy Policy

SIX Trade Repository AG

Privacy Policy. Company registry number: Budapest, Gönczy Pál utca em. Homepage: contact: Phone:

Data Processing Agreement

Data processing policy

DATA PROTECTION POLICY THE HOLST GROUP

HF Markets SA (Pty) Ltd Protection of Personal Information Policy

swimmingprofessionals.org We collect and process personal data according to the laws. Our data storage is secured by the best available tools.

Wonderline Europe Zrt.

ma recycle GDPR Privacy Policy .com Rely and Comply... Policy Date: 24 May 2018

TALENTUM Limited Liability Company PRIVACY NOTICE

Data Processing Agreement

"PPS" is Private Practice Software as developed and produced by Rushcliff Ltd.

Privacy Notice Data Processor

S.C. FAST SUPPORT S.R.L Bucharest, 70 Jean Louis Calderon Street, 6 th Floor J40/8295/ , sole registration code no.

Data Protection and Privacy Policy PORTOBAY GROUP Version I

It s still very important that you take some steps to help keep up security when you re online:

Subject: Kier Group plc Data Protection Policy

Privacy Policy. Data Controller - the entity that determines the purposes, conditions and means of the processing of personal data

Learning Management System - Privacy Policy

You may contact The Translation Network by at You may also call The Translation Network at

Digital Signatures Act 1

Privacy Policy. Implemented on: November 2, 2017

DISCLOSURE ON THE PROCESSING OF PERSONAL DATA LAST REVISION DATE: 25 MAY 2018

Privacy notice for the participation in the MOL Freshhh Program

Privacy Policy Hafliger Films SpA

Privacy Policy Közbeszerzés Figyelő Ltd.

Terms and Conditions for External accounts Service

Privacy Policy V2.0.1

Motorola Mobility Binding Corporate Rules (BCRs)

2.4 The inspection and certification orders are processed in the order in which the documents and/or information are received.

Entrust SSL Web Server Certificate Subscription Agreement

DATA PROCESSING ADDENDUM

BCDC 2E, 2012 (On-line Bidding Document for Stipulated Price Bidding)

Data Processing Clauses

REGISTRATION FORM TRANSACTION REPORTING MIFID II. Please fill in, sign and return to:

Secure Messaging Mobile App Privacy Policy. Privacy Policy Highlights

DATA PROCESSING AND DATA PROTECTION NOTICE

DATA PRIVACY & PROTECTION POLICY POLICY INFORMATION WE COLLECT AND RECEIVE. Quality Management System

PRIVACY POLICY. I. Data controller. II. Definitions

INFORMATION NOTE ON DATA PROCESSING

TERMS & CONDITIONS OF E-COMMERCE STORE Pricecheck.tools of 29 May 2017

Terms and Conditions For Online-Payments

Data Processing Agreement

Depending on the Services or information you request from us, we may ask you to provide the following personal information:

Data Processor Agreement

Token Sale Privacy Policy

Privacy Statement for Use of the Certification Service of Swisscom (sales name: "All-in Signing Service")

BUZCOIN TOKENS SALE PRIVACY POLICY. Last updated:

EU-US PRIVACY SHIELD POLICY (Updated April 11, 2018)

Data Processing Policy

Mailbox Rental Terms and Conditions

DATA PROCESSING AGREEMENT

SMS SERVICE PROVISION

The Client is responsible for regularly updating its registered details.

Contributed by Djingov, Gouginski, Kyutchukov & Velichkov

SIMS TERMS AND CONDITIONS OF USE AGREEMENT

Privacy Policy. Last updated on 31 May 2018

The following terms apply at ExtilumHosting.com as of 1 September 2013.!

Latest version, please translate and adapt accordingly!

CONDITIONS FOR ONLINE RESERVATION

1 Privacy Statement INDEX

PPR TOKENS SALE PRIVACY POLICY. Last updated:

REGISTRAR AGREEMENT. Domain Name means a domain name allocated under the.eu Top Level Domain and its variants in other scripts.

Terms and Conditions for Allegion Data Processing and Transfer

Data Processing Agreement

The Apple Store, Coombe Lodge, Blagdon BS40 7RG,

Z.com Hosting Service Order

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

Privacy Policy... 1 EU-U.S. Privacy Shield Policy... 2

Graff Search Limited ( Graff Search ) is a recruitment agency and recruitment business.

Contract Services Europe

1.1. This User Agreement (hereinafter referred to as the Agreement) refers to the website located at

Clauses contain important provisions about our liability to you in relation to Royal Mail's Online Postage. Please read them carefully.

We reserve the right to modify this Privacy Policy at any time without prior notice.

WEBSITE PRIVACY POLICY

User may choose to continue or stop using the Service as needed. User continuing

CLSA DIRECT MARKET ACCESS SERVICES ANNEX

Reference Offer for Wholesale Roaming Access

Blue Bird Airways PRIVACY NOTICE

Terms & Conditions of InstaReM Mobile App

Starflow Token Sale Privacy Policy

2. What is Personal Information and Non-Personally Identifiable Information?

Transcription:

BKK CENTRE FOR BUDAPEST TRANSPORT PRIVATE LIMITED COMPANY PRIVACY POLICY on the BKK Online Shop sales

Table of contents 1. General provisions 1.1. During the sale of Passes on the BKK Online Shop, BKK only processes data from registered the Users (hereinafter referred to as: Users), and BKK receives data directly from the parties concerned (registered Users). BKK does not check the lawfulness of the data transfer (whether there are legal grounds for data processing); it is the sole responsibility of the User. Accordingly, if the data processing is subject to the consent of the concerned party, the obligation to obtain such consent lies with the User. If there is a breach of obligation to ensure lawful data processing, the User shall be liable for any breach of interest or penalty that affects BKK. If BKK becomes aware that the User is not entitled to process the personal data provided by the User, BKK shall immediately take the measures necessary to establish the lawfulness of the data processing (depending on the given situation it may be the suspension of data processing, the blocking of the data or the irrevocable deletion of unduly processed personal data). 1.2. By transferring their data, the User authorises BKK to process such data as an individual data processor in the interest of the fulfilment of the contract established between BKK and the User, within the required framework. 1.3. The notification of any affected parties regarding data processing by BKK is the sole responsibility of the User. The User, upon forwarding the data, expressly undertakes to notify the affected parties in accordance with Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter referred to as: Act on Information). 1.4. The privacy regulations and information that define the data processing by BKK, including the name and contact information of organisations entrusted with the online sale of Passes, are available on www.bkk.hu on an ongoing basis. 1.5. BKK reserves the right to change the Privacy Policy, of which BKK provides notification in accordance with the effective legislation. Email us at bkk@bkk.hu if there are any questions regarding the Privacy Policy. 1.6. BKK is committed to protect the personal data of its passengers, and it considers the right of passengers for self-determination regarding information also as highly important. BKK processes personal data with confidentiality, and BKK shall take all security, technical and organisational measures that guarantee data security. This Privacy Policy applies only to the processing of personal data; however, BKK undertakes that for any other data processing by BKK the requirements regarding data security of this Privacy Policy shall also be applicable. With regards to the online sale of Passes, BKK does not transmit personal data to any country outside the European Economic Area. 1.7. The data processing principles of BKK are compliant with legislation related to data protection, in particular with the following: the Fundamental Law of Hungary (Freedom and Responsibility, Article VI); Act V of 2013 on the Civil Code;

Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information; Act XLI of 2012 on Passenger Transport Services; Act CVIII of 2001 on certain issues of electronic commerce activities and information society services; Act C of 2000 on Accounting. 2. THE SCOPE OF PERSONAL DATA; THE PURPOSE, LEGAL BASIS AND DURATION OF DATA PROCESSING 2.1. Data of the User 2.1.1. During and after registration on the BKK Online (web) Shop, the User must provide their personal information. 2.1.2. The purpose of data processing: the conclusion of a Sales Contract for the sale of Passes on the BKK Online Shop, the identification of the User, the checking of activity related to the online sale and an easier access to contact the User. 2.1.3. The legal basis for data processing: the authorisation of the User provided through the submission of their data. 2.1.4. The types of processed data: family and first name; company name; name of the non-natural person (legal entity); email address; the User name; password; name, country of issuance, type and number of personal identification document(s) provided by the User; data of purchases initiated by the User; log data generated during other activities performed in the BKK Online (web) Shop. 2.1.5. The duration of data processing: 5 (five) years following the cancellation of the Sales Contract (for example, after the deletion of the registration). 2.2. Data of persons conducting a purchase for the benefit of the User 2.2.1. On the BKK Online (web) Shop, the User must provide the data required for issuing an invoice for the User that pays the purchase price of the given Pass. 2.2.2. The purpose of data processing: the contractual performance between BKK and the User, to ensure the verifiability of the different purchases (orders), the prevention of legal disputes, the fulfilment of the accounting obligations of BKK. 2.2.3. The legal basis for data processing: the authorisation of the User provided through the submission of their data. 2.2.4. The type of processed data: family and first name, company name, name of the non-natural person (legal entity), email address, tax identification number, company tax number, data of purchases (orders) initiated by the User. 2.2.5. The duration of data processing: the period defined in the effective act on accounting and other relevant legislation.

2.3. Information related to the Passes 2.3.1. Following registration on the BKK Online (web) Shop the User can perform online purchases. Prior to the first purchase, the valid identification number of the document (ID) used for travel with the given Pass must be provided for the User affected. 2.3.2. BKK stores data in the protected database of the server operated by its service agent. The database is directly linked to the online interface. 2.3.3. The purpose of data processing: the contractual performance between BKK and the User, to issue the right kind of Passes, to ensure the verifiability of the different purchases (orders), the prevention of legal disputes, the provision of convenient shopping functions (copying data from previous orders), the elimination of fraudulent Passes. 2.3.4. The legal basis for data processing: the authorisation of the User provided through the submission of their data. 2.3.5. The scope of processed data: the place of issue, the type and number of the personal identification document (active travel document) of the affected User (passenger). 2.3.6. The duration of the data processing: 5 (five) years after the expiry of the Pass. 2.4. Other data processing 2.4.1. Information upon the User s request on data processing not listed in this Privacy Policy will be provided by BKK and its service agent/representative. 2.4.2. Hereby we inform the Users that regarding data provided on the BKK Online Shop sale system BKK may be contacted by a court, a prosecutor, an investigating authority, a public administrative authority, the Hungarian National Authority for Data Protection and Freedom of Information ( NAIH ) or other bodies under legislative authorisation to provide or transfer data, and to provide certain documents. 2.4.3. To these authorities BKK shall provide personal data if the authority specified the exact purpose and scope thereof only to the extent that is indispensable to fulfil the request of the given authority. 3. THE METHOD OF STORING PERSONAL DATA, THE SECURITY OF DATA PROCESSING 3.1. BKK selects and operates the IT tools applied for processing personal data during sale of Passes in its Online Shop in a way that: a) the processed data would be accessible to those authorised to process it (availability); b) the authenticity and validation of the processed data would be ensured (authenticity of data processing); c) it can be ensured that the processed data have not changed (data integrity); d) the processed data would be protected against unauthorised access (data secrecy).

3.2. BKK protects the data with appropriate measures particularly from unauthorised access, alteration, transmission, disclosure, deletion or destruction, as well as random destruction, damage or inaccessibility resulting from the applied technology. 3.3. In order to safeguard the different electronically handled datasets in its registers BKK ensures the appropriate technical solutions that the stored data except where it is permitted by law cannot be directly linked to the affected person. 3.4. With regards to actual technological developments, BKK ensures data protection with technical, organisational and institutional measures that provide an adequate level of protection against risks occurring in relation to data processing. 3.5. During data processing BKK preserves a) confidentiality: BKK protects the information that only authorised persons would have access to it; b) integrity: BKK ensures the accuracy and completeness of the information and its processing method; c) availability: BKK ensures that when the authorised User needs it, they would have access to the desired information and the related tools would also be available. 3.6. The IT systems and networks of BKK and its cooperating partners are protected against computer-assisted fraud, espionage, sabotage, vandalism, fire and flooding as well as computer viruses, computer break-ins and attacks that lead to the denial of service. The operator ensures security with safety procedures on both a server and an application level. 3.7. Hereby we inform the affected people that regardless of Internet protocols (email, web, ftp, etc.) electronic online messages are vulnerable to network threats that lead to unfair activities, the disputing of the contract, the disclosure or modification of contractual information. In order to be defended against such threats BKK takes all the reasonable precautions, and as part of that, it monitors its systems to ensure that all safety derogation could be recorded and that these could serve as evidence for all securityrelated events. The monitoring of the system enables BKK to verify the effectiveness of the applied protective measures. 4. DATA AND CONTACT INFORMATION OF THE DATA CONTROLLER BKK Budapesti Közlekedési Központ Zártkörűen Működő Részvénytársaság (BKK Centre for Budapest Transport) Registered seat: 1075 Budapest, Rumbach Sebestyén utca 19 21. Company registration number: 01-10-046840 Telephone: +36 30 774 1000 email: bkk@bkk.hu

5. LEGAL REMEDIES 5.1. The affected person may request information on the processing of their personal data and they may request the correction and apart from the obligatory data processing even the deletion or blocking thereof at the indicated contact information of BKK. 5.2. If the affected person does not agree with the decision made by data processor, they may appeal to court within 30 days following the notification thereof. The affected person may also refer to court if their rights were breached by the data processor. The court handles such cases as an extraordinary procedure. 5.3. BKK pays compensation to the affected person or to a third party for any damage caused by the unlawful processing of data or breaching the requirements of data privacy. Data processor shall be exempt from any responsibility if the damage was caused by a force majeure beyond the control of data processing. Data processor does not compensate for the damage if it was caused by intentional or gross negligent conduct of the damaged party. 5.4. Legal remedies and complaints can be submitted to the Hungarian National Authority for Data Protection and Freedom of Information: Hungarian National Authority for Data Protection and Freedom of Information Registered seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/C Mailing address: 1530 Budapest, Pf. 5 Telephone: +36 1 391 1400 Fax: +36 1 391 1410 email: ugyfelszolgalat@naih.hu Website: http://www.naih.hu

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback