Privacy policy

INTRODUCTION

The organizer of the Bartók Spring International Arts Weeks (hereinafter: Festival), Müpa Budapest Nonprofit Ltd. (registered address: 1095 Budapest, Komor Marcell utca 1., e-mail: info@mupa.hu or adatvedelem@mupa.hu, telephone: +36 1 555 3000) as data controller (hereinafter: Organizer, Müpa Budapest or Controller) attaches great importance to the protection of your personal data.  The Organizer hereby makes public its method of controlling user data, as well as the rules and principles it abides by when controlling said data.

Primary governing regulations:

  • REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 (General Data Protection Regulation, hereinafter: GDPR).
  • Act CXII of 2011 of Hungary on the Right to Informational Self-Determination and Freedom of Information.

Your data, as the data of a user of the website of the Festival (www.bartokspring.hu) and its services, shall be processed only when you have been duly informed and you have given your express consent. In addition, Müpa Budapest shall process data for the performance of a contract with you, for legitimate interests or on the basis of an express legal requirement.
 

1. THE SECURITY OF YOUR DATA, AND OUR DATA PROCESSING PRINCIPLES

Müpa shall treat your personal data in a manner that is as transparent as possible for the sole purpose of a specific, clear and legitimate purpose, only to the extent required and for the briefest period necessary to achieve the purpose, in a manner that is legitimate and fair in all respects. We pay great attention to ensuring that the data we process is accurate and up-to-date.

However, we are aware that compliance with the above is meaningless if technical and organisational measures are not taken to protect personal data.

That is why we chose our processor partner, Crane Kft. to assist us in processing the majority of our personal data, as it has been operating in accordance with ISO 27001 Information Security Standards since 2017, guaranteeing that your personal data is processed in accordance with the highest standards. Our IT partner, Frontside Kft. also operates Müpa Budapest’s website in accordance with the highest IT and information security standards.

We have also designed our organisational structure, which we operate through strict internal organisational rules and the allocation of different access rights, so that we are able to provide, at all points, the necessary guarantee for the transparency of our data processing and for the security of your personal data. Müpa will not disclose any personal data to third parties without the consent or prior notification of the data subject unless specifically required to do so by law or by instruction of a competent authority. Müpa will make every effort to ensure that your personal data cannot be accessed by any unauthorised person by implementing appropriate technical measures (operation of a single internal IT system).

We organize in-house training and invite external trainers to keep such employees involved in the processing of personal data informed about the latest technical and legal requirements, so as to ensure the processing meets all legal and information security technical requirements at all points.
 

2. SCOPE OF THE DATA PROCESSED BY US

A) Logging by the www.bartokspring.hu server

When you visit the Festival’s website, the web server automatically logs your activity. This is necessary so that we can ensure the proper functioning of the website, and can prevent external attacks. The log file is used for quality assurance; it shall not be linked to any other information, and no efforts shall be made to identify users.

Legal basis for processing: legitimate interest of the Controller (GDPR Article 6(1)(f)).
Stored data: IP address (anonymously), approximate geographic location, address of visited pages, date and time.

Duration of processing: data will be deleted after 30 days.

B) Cookies

A cookie is a small packet of data that our server sends to your browser to provide you with a personalised and high-quality service. If you return to our website, your browser will send the cookie back to our server, making it possible to create a connection between individual sessions. You will find three types of cookies on our website:
 

Functional cookies

Cookies essential for the use of the site, i.e. session IDs and temporary cookies that make use easier. Without these, the website or parts thereof will not be displayed, consent to the processing of cookies cannot be stored, the browsing experience will be substandard, and adding tickets to the shopping cart or bank payment will not be possible. The use of these cookies is necessary, for example, to log users in, to store language settings, to optimise traffic between web servers, and to identify the size of the screens used by users.

Given that these cookies are essential for the proper functioning of the website, by visiting the website you accept the use of these functional cookies. Essential cookies cannot therefore be activated or deactivated individually. You can, however, disable cookies in your browser at any time (for more information, see Managing and deleting cookies).

Legal basis for processing: to ensure the proper functioning of the website (GDPR Article 6(1)(b)).
 

Cookies for analytical purposes

Additional (statistical and marketing) cookies on our website may remain on the device for a longer period of time or until they are deleted by the User, depending on the web browser settings. Cookies that are installed by the web server of Müpa Budapest and that transfer data to Müpa’s own database are called internal cookies. Cookies that are installed by the web server of Müpa Budapest or a third party provider and that transfer data to the database of a third party provider are called external cookies.
 

full Google Analytics measurement code cookie

Google Analytics as an external service provider helps to independently measure the website hits and other web analytics data of the www.bartokspring.hu website. The data is recorded anonymously, Müpa uses them for statistical purposes only and to optimize the operation of the site. For detailed information about the processing of tracking data, please visit http://www.google.com/analytics. The collection of such web analytics data for statistical purposes is a widespread practice.

Google products fall under the responsibility of Google Inc. (Amphitheatre Parkway, Mountain View, CA 94043, USA). Google products in Europe fall under the responsibility of Google Dublin (Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001). Google Analytics Terms of Service: https://www.google.com/analytics/terms/hu, General Overview of Google Analytics Security and Privacy Principles: https://support.google.com/analytics/answer/6004245?hl=hu, and Google Privacy Policy: https://policies.google.com/privacy?hl=hu.

Statistical cookies collect and store only anonymous data. The data collected allow us to draw conclusions about how visitors use our website: the number of visits, the time spent on the website, the country, the region, and possibly the city from which the visitor entered our site. Such cookies store a list of the subpages visited by the user and the number of technical steps taken by someone to complete an activity on our site. These cookies help us to determine, for example, which subpages are visited and which content users are particularly interested in, so that we can improve the functionality of our website and the user experience during browsing. As a result, we can tailor the content of our website to the needs of our users. The IP address of your computer, transmitted for technical reasons, is automatically anonymised and does not allow conclusions to be drawn about the individual user.

Duration of data processing: up to 26 months, regardless of settings.
Legal basis for processing: consent of the Data Subject (GDPR Article 6(1)(a)).
 

Marketing cookies
a.) Google Ads

This cookie allows us to display personalised offers to you on external websites through Google ads. This cookie enables Google to recognise your browser when you browse the Internet. By using this cookie, we do not obtain any personal data about you, Google only transmits data to us for analytical purposes.

Detailed information on the service is available at https://www.google.com/intl/hu/policies/privacy
 

b.) Google Ads remarketing

The purpose of this Google Ads feature is to provide personalised ads on other websites based on your activity on our website. If you have consented to your Google browsing activity being linked to your Google Account and to the information from your Google Account being used to personalise advertising for you, Google will use your logged-in user data, together with Google Analytics data, to create targeting lists for cross-device remarketing. To support this functionality, Google Analytics processes the Google-authenticated identifiers of these users. These personal data processed by Google are temporarily linked to our Google Analytics data in order to create target groups.

For more information on how to turn off the display of ads, visit http://www.google.com/settings/u/0/ads/anonymous?hl=hu.
 

c.) Facebook

This cookie allows us to display personalised offers on the platforms of Facebook products (Facebook, Messenger, Instagram).

The Facebook Custom Audiences and Facebook Conversion (“Facebook Pixel”) services allow us to display interest-driven ads based on your interest in our services when you use the Facebook social networking platform or visit other external websites that also use this tool. They also allow us to ensure that our Facebook ads match your actual interests and to track your activity on our ads so that we can update our ads accordingly and ensure that they do not disturb you.
For detailed information on the service visit https://www.facebook.com/policies/cookies. The products of Facebook fall under the responsibility of Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA). Facebook.com is managed in Europe by Facebook Ireland Limited (Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland).

Duration of data processing: up to 2 years, regardless of settings.

Legal basis for processing: consent of the Data Subject (GDPR Article 6(1)(a)).
 

Managing and deleting cookies

When you visit the www.bartokspring.hu website, you can give your consent to the use of cookies for analytical and marketing purposes by clicking on the “Accept All” button on the cookie warning that pops up on the page.

If you only want to give your consent to the use of the cookies you have selected, you can manage the cookies individually by clicking on the “Manage cookies” button. You can change this setting at any time by following your browser’s instructions for deleting cookies, and then returning to our website and selecting the desired settings on the cookie warning pop-up on the start page.

You can also control the use of cookies and how long they are stored in your internet browser at any time, independently of our website. You can set your browser to not allow cookies to be saved as a default and/or to ask you each time you use your browser whether you agree to cookies being enabled. You can delete cookies you have turned on at any time.

Use the help function in your browser to access detailed information on how this is done.

  • Internet Explorer
  • Firefox
  • Chrome
  • Safari
  • Edge

Please note that disabling the use of cookies in general may limit the functionality of certain features of our website.
 

C) Purchasing tickets

When you purchase tickets through the website, the data you provide will be processed by Müpa Budapest in order to meet its contract with you (e.g. notification of cancelled performances, handling of subsequent ticket redemptions, issuing of invoices).

Scope of processed data: name, title, email address, postal address, telephone number.
Duration of data processing: 5 years from the date of ticket purchase.

Legal basis for processing: to ensure the proper functioning of the website (GDPR Article 6(1)(b)).

With regard to our obligation to issue receipts or invoices, we are obliged to retain the personal data you provide us with and which are necessary for the fulfilment of our financial obligations for the period of time required by applicable financial legislation.

Duration of processing: retention period as defined in the applicable financial legislation.

The legal basis for processing: compliance with a legal obligation, GDPR Art. 6(1) (c)).

We think that if you have purchased tickets for one of our performances, you may be interested in our other events. We may therefore send you information about some of our other programmes in the future via the email address you provided when you purchased your ticket.

Duration of processing: maximum 1 year from the date of purchase.
Legal basis for processing: legitimate interest of the Controller based on the purchase of tickets as a contract (GDPR Article 6(1)(c)).

You have the right to object to such processing by sending an email to adatvedelem@mupa.hu.
 

D) Müpa newsletter

Müpa, as one of the leading cultural institutions in Hungary, considers it an obligation to reach the widest possible range of Hungarian audiences with its outstanding performances of Hungarian and international classical and popular music and theatre productions. That is why we aim to welcome you at as many of our events as possible.

If you allow us to directly contact you through email or other channels of communication, and send you information about the events of the Bartók Spring, as well as other cultural events presented by the Organizers, we promise to inform you in time. For this purpose, we process the following personal data: your name, title, e-mail address, language, genre preference, activities.

Duration of processing: until consent is withdrawn.
Legal basis for processing: consent of the Data Subject (GDPR Article 6(1)(a)).

If at any time in the future you decide you no longer want to be directly informed about our events, you can withdraw your consent by clicking on the “Unsubscribe” link in the newsletter, or by sending a letter to adatvedelem@mupa.hu.
 

E) Making video and audio recordings

By entering the venues of the Festival, you expressly acknowledge that images and audio recordings may be made at the events and venues of the Festival, in which you, as a visitor, may also appear. By attending a (public) event of the Festival, you allow the Organizers to use said recordings as part of their core, cultural activity. You may not make any claims against Müpa Budapest, the organizers, the makers of the recording, or those who have a valid title to use the recording, when the recording is made use of in said manner.
 

3. YOUR RIGHTS AND HOW THEY CAN BE ENFORCED

You can demand the following from the Controller, in a letter sent to adatvedelem@mupa.hu:
You may request at any time that the Controller inform you whether they handle your personal data, and if they do, you may ask them to provide you with access to the personal data processed by them. By logging into your user account, you have direct access to your personal data, but you can still request information about the processing of your personal data in writing at any time. Please note that the Controller can only consider a request for information sent by email as authentic if it is sent from the user’s registered email address, but this does not preclude Controller from attempting to identify the applicant in some other way before providing the information.

If you find that the processed personal data that are associated with you are incorrect, you may request that your personal data be corrected. If you are a registered user, you may modify the data yourself through your user profile.

You may request the deletion of your personal data processed by us at any time. Deletion may be refused (i) so that the right to freedom of expression and information may be exercised, or (ii) if the processing of personal data is authorised by law, or (iii) to ensure that legal claims can be presented, pursued or protected. Should the request for deletion be denied, Müpa Budapest shall inform you, indicating the reason for the refusal of the deletion. Former (erased) data can no longer be recovered after the requests for erasure of personal data have been fulfilled.

If you dispute the accuracy of the personal data processed, you may request the Controller to restrict the processing of your personal data. In this case, the restriction shall apply to the period of time which allows us to verify the accuracy of the personal data. You may also request a restriction on data processing if the data processing is carried out unlawfully or its purpose has already been achieved, but you object to the deletion of the processed personal data and instead request the restriction of their use.

Upon your request, Müpa is obliged to disclose and/or transfer to another controller the personal data supplied by you and processed by it, in an automated manner in a segmented, widely used, machine-readable format.
You may object to the processing of your personal data at any time (i) if the processing of personal data is necessary solely for the purposes of fulfilling the legal obligation of the Controller (Müpa Budapest), or of pursuing the legitimate interest of the Controller or a third party; (ii) if the purpose of the processing is direct marketing, public opinion or scientific research; or (iii) if the processing takes place in order to perform a task of public interest. Müpa Budapest shall examine the legitimacy of the objection, and if the objection is found to be justified, the processing shall be terminated.
 

4. DATA PROCESSORS

Personal data processing on behalf of the Controller is carried out by data processors in a contractual relationship with us. The data processor shall not make an independent decision on the data and is entitled to proceed only in accordance with the provisions of the contract concluded with Müpa Budapest and the instructions we provide. We have selected data processors that can guarantee, to the greatest possible extent, the security of your personal data. We require a contractual declaration of compliance with applicable legislation from all our data processing partners, and only upon receipt of this may they carry out any processing on behalf of Müpa Budapest. You can view the current list of our data processors by clicking on the following link.
 

5. ENFORCEMENT OPTIONS

If you need further information, please contact us by email at adatvedelem@mupa.hu, by post at 1453 Budapest, P.O. 57, or in person. Please note that if you submit your request for data processing in person, our colleagues may ask you to verify your identity.

You may lodge a complaint about the processing of your data directly with the Hungarian National Authority for Data Protection and Freedom of Information (address: 1055 Budapest, Falk Miksa utca 9–11. | postal address: 1363 Budapest, Pf.: 9. | telephone: +36 1 391 1400 | fax: +36 1 391 1410 | email: ugyfelszolgalat@naih.hu | website: https://www.naih.hu).

In the event of any infringement of your rights you may refer the matter to a court of justice. The case shall be heard by the competent general court. You may request that the case be examined by the court in whose jurisdiction you reside.

The Controller is entitled to amend this Privacy Notice at any time at its exclusive discretion. If this entails changing the principles or the purpose of the data processing, it shall obtain the consent of the data subject in advance for further data processing.

Budapest, 25 November 2022