Introduction

We attach great importance to the protection of your personal data, so we would like to inform you about the following Cantemus Choir of Nyíregyháza (registered office: 4400 Nyíregyháza, Vay Á. körút 18., e-mail: mail@cantemus.hu or cantemus.adatvedelem@gmail.com, telephone: +36 42 508 708) as data controller (hereinafter referred to as: Nyíregyházi Cantemus Choir or Data Controller), and the principles and rules that we are required to follow when doing so.

Primary legislation:

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation, hereinafter "the GDPR") GDPR)
Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information

A Cantemus Choir of Nyíregyháza The use of the Digital Concert Hall website (https://live.cantemus.hu) and the use of our services is subject to the prior information and explicit consent of the user. In addition, the Cantemus Choir of Nyíregyháza processes data only for the purpose of fulfilling a contract with you, for legitimate interest or on the basis of an express legal requirement.

1. Security of your data, our data management principles

The Cantemus Choir of Nyíregyháza will process your personal data in accordance with the requirements of lawfulness and fairness in all respects, in the most transparent manner possible, only for specified, explicit and legitimate purposes, to the extent necessary and for the minimum period of time required to achieve the purpose. We take great care to ensure that the data we process is accurate and up-to-date in all cases.

However, we are aware that compliance with the above will not be achieved without technical and organisational measures to protect personal data.

We have also designed our organisational structure and operate it in such a way, through strict internal organisational rules and the allocation of different access rights, that it provides adequate guarantees at all points to ensure the transparency of our data processing and the security of your personal data. The Cantemus Choir of Nyíregyháza will not disclose any personal data to third parties without the consent or prior information of the data subject, unless expressly required to do so by law or by a public authority. The Nyíregyházi Cantemus Choir makes every effort to ensure that your personal data is not disclosed to unauthorized persons through the implementation of appropriate technical measures (operation of a unified internal IT system).

During internal trainings and organized trainings, we continuously inform the staff of Cantemus Choir of Nyíregyháza about the latest technical and legal requirements in order to ensure that our data management complies with legal and information security requirements at all points.

2. Scope of data processed

a) "Logging" live.cantemus.hu server

When visiting the website of the Cantemus Choir of Nyíregyháza, the web server automatically logs the user's activity. Without this, the proper functioning of the website would not be ensured and we would not be able to prevent possible external attacks. The log file is used for quality assurance purposes and is not linked to any other information and we do not seek to identify the user concerned.

Legal basis for processing: legitimate interest of the Controller (Article 6(1)(f) GDPR)

Data stored: IP address (anonymised), approximate geographical location, address of pages visited, date and time

Duration of processing: data will be deleted after 30 days

b) Cookies

A cookie is a small packet of data that our server sends to your web browser to provide you with a tailored and high quality service. When you visit our website again, your browser sends the cookie back to our server, allowing a connection to be established between sessions. There are three types of cookies on our website:

Cookies needed for operation

Session ID and session (temporary) cookies are essential for the use of the site, without the use of which the website or parts of it cannot be displayed, consent to the handling of cookies cannot be stored, browsing is hindered, the adding of tickets to the shopping basket or bank payment cannot be carried out properly. The use of these cookies is necessary, for example, to log users in, to store language preferences, to optimise traffic between web servers, to identify the size of the screens used by users.

Given that these cookies are strictly necessary for the proper functioning of the website, by visiting the website you accept the use of these cookies necessary for its functioning. The cookies that are strictly necessary cannot therefore be activated or deactivated individually. You can, however, deactivate cookies in your browser at any time (for more information, see "Managing and deleting cookies").

Legal basis for processing: to ensure the proper functioning of the website (Article 6(1)(b) GDPR)

Cookies for statistical purposes

Additional cookies (for statistical and marketing purposes) on our website may remain on the device for a longer period of time or until they are deleted by the User, depending on the web browser setting. If the web server of the Cantemus Choir of Nyíregyháza installs the cookie and the data is transferred to its own database, we speak of internal cookies. If the cookie is installed by the web server of the Nyíregyházi Cantemus Choir or a third party service provider, but the data is transferred to an external service provider, then we speak of an external cookie.

Statistical cookies on our website fall into the following two categories:

a.) full Google Analytics measurement code cookie

Google Analytics, as an external service provider, assists in the independent measurement of live.cantemus.hu website traffic and other web analytics data. The data is recorded anonymously and is used by the Cantemus Choir of Nyíregyháza exclusively for statistical purposes and to optimise the operation of the site. Detailed information on the management of the measurement data can be found at the following link: http://www.google.com/analytics.

Google products are the responsibility of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Dublin is responsible for Google products in Europe (Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001). Google Analytics Terms of Service: https://www.google.com/analytics/terms/hu.html, General Overview of Google Analytics Security and Privacy Principles: https://support.google.com/analytics/answer/6004245?hl=hu, and Google Privacy Policy: https://policies.google.com/privacy?hl=hu.

b.) Hotjar

Hotjar is a tool used on our website to measure in detail the activity (clicks, scrolls or explicit feedback in the form of questionnaires) on selected pages.

Detailed information on the service is available at this link: https://www.hotjar.com/cookies

The Hotjar services are provided by Hotjar Ltd (Dragonara Business Centre, 5th Floor, Dragonara Road,, Paceville St Julian's STJ 3141, Malta).

Statistical cookies collect and store only anonymous data. The data collected allows us to draw conclusions about how visitors use our website: the number of visits, the time spent on the website, the country, region or even the city from which the visitor entered. Such cookies store a list of the sub-pages visited by the user and the number of technical steps an action has taken on our site. These cookies help us to determine, for example, which subpages are visited and which content users are particularly interested in. In order to improve the functionality of our website and the user experience during browsing.

As a result, we can tailor the content of our website to the needs of our users. The IP address of your computer, which is transmitted for technical reasons, is automatically anonymised and does not allow conclusions to be drawn about the individual user.

Duration of data processing: up to 26 months, regardless of settings

Legal basis for processing: consent of the data subject (Article 6(1)(a) GDPR)

Cookies for marketing purposes

a.) Google Ads

This cookie allows us to display personalised offers to you on external websites through Google ads. This cookie enables Google to recognise your browser when you browse the internet. By using this cookie, we do not obtain any personal data about you and Google will only transmit this data to us for statistical purposes.

Detailed information on the service is available at this link: https://www.google.com/intl/hu/policies/privacy

b.) Google Ads remarketing

The purpose of this Google Ads feature is to serve personalised ads on other websites based on your activity on our website. If you have consented to your Google browsing activity being linked to your Google account and to the information from your Google account being used to personalise ads, Google will use your logged-in user data, together with Google Analytics data, to create targeting lists for cross-device remarketing. To support this functionality, Google Analytics processes users' Google-authenticated identifiers. This personal data processed by Google is temporarily linked to our Google Analytics data in order to create target groups.

For more information on how to turn off the display of ads, please visit http://www.google.com/settings/u/0/ads/anonymous?hl=hu.

c.) Facebook

This cookie allows us to display personalised offers on the interfaces of Facebook products (Facebook, Messenger, Instagram).

The Facebook Custom Audiences and Facebook Conversion ("Facebook Pixel") services allow us to display interest-based ads based on your interest in our services when you use the Facebook social networking platform or visit other external websites that also use this tool. These tools also allow us to ensure that our Facebook ads match your actual interests and to track your activity on our ads so that we can update our ads accordingly and make sure they are not confusing to you.

The detailed information about the service is available at this link: https://www.facebook.com/policies/cookies/ Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA) is responsible for the Facebook products. Facebook.com in Europe is the responsibility of Facebook Ireland Limited (Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland).

Duration of data processing: up to 2 years, regardless of the settings

Legal basis for processing: consent of the data subject (Article 6(1)(a) GDPR)

Managing and deleting cookies

When you visit the live.cantemus.hu.hu website, you can give your consent to the use of cookies for statistical and marketing purposes by clicking on the "Accept all" button on the cookie warning that pops up on the page.

If you only want to give your consent to the use of the cookies you have selected, you can manage the cookies individually by clicking on the "Manage cookies" button. You can change your settings at any time by following the instructions on your browser to delete cookies, then return to our website and re-enter the cookie alert settings on the login page.

You can also control the use of cookies and the length of time they are stored in the internet browser you use at any time, independently of our website. You can set your browser to not allow cookies to be saved as a general rule and/or to ask you each time you use your browser whether you agree to cookies being enabled. You can also delete cookies that you have repeatedly turned on at any time.

Use the help function in your browser to get detailed information on how it works.

Internet Explorer
Firefox
Chrome
Safari
Edge

Please note that disabling the use of cookies in general may limit the functionality of certain features of our website.

c) Buying tickets

When purchasing tickets via the website, the data you provide will be processed by the Cantemus Choir of Nyíregyháza in order to fulfil the contract with you (e.g.: notification of cancelled performance, handling of subsequent ticket redemption, issuing of invoice).

Data processed: name, title, e-mail address, postal address, telephone number.

Duration of data processing: 5 years from the date of ticket purchase

Legal basis for processing: performance of the contract resulting from the purchase of the ticket (Article 6(1)(b) GDPR)

With regard to our obligation to issue receipts or invoices, we are obliged to retain the personal data you provide us with and which are necessary for the fulfilment of our financial obligations for the period of time required by the applicable financial legislation.

Duration of processing: retention period as defined in the applicable financial legislation

Legal basis for processing: to fulfil a legal obligation to which the Data Controller is subject (Article 6(1)(c) GDPR)

We think that if you have purchased tickets for one of our performances, you may be interested in our other programmes. We may therefore send you information about some of our other programmes in the future via the e-mail address you provided when you purchased your ticket.

Duration of processing: maximum 1 year from the date of purchase

Legal basis for processing: legitimate interest of the Data Controller based on the purchase of tickets as a contract (Article 6(1)(c) GDPR)

You have the right to object to such processing by sending an email to cantemus.adatvedelem@gmail.com.

d) Cantemus Choir of Nyíregyháza newsletter

As one of the leading cultural institutions, the Cantemus Choir of Nyíregyháza considers its main task to bring Hungarian and international classical and choral music to the widest possible audience. Our aim is therefore to welcome you as our guest at as many of our events as possible.

If you do us the honour of subscribing to the newsletter of the Cantemus Choir of Nyíregyháza and thus allow us to contact you directly via e-mail, we promise to keep you informed of all relevant information about our programmes in due time.

You can subscribe to the newsletter as a standalone newsletter subscriber, in which case we will process your name, title, e-mail address, language, and genre preference. You can also subscribe to the newsletter as a website subscriber, in which case the data processed will be the same as for website subscriptions.

In the above cases, if you do not wish to receive future direct notifications of our programmes, you can withdraw your consent by clicking on the "Unsubscribe" link in the newsletter in the settings interface displayed there, or you can manage your preferences for notifications as a website subscriber by logging into your personal user account on the live.cantemus.hu website.

Duration of processing: until consent is withdrawn

Legal basis for processing: consent of the data subject (Article 6(1)(a) GDPR)

For members of the Cantemus Choir of Nyíregyháza Supporting Circle loyalty programme, subscribing to the Cantemus Choir of Nyíregyháza newsletter is a condition of membership, as we will inform you about recommended programmes, exclusive events, special offers and the development of loyalty points through the newsletter. For them, unsubscribing will result in their withdrawal from the loyalty programme.

e) Registration

The Cantemus Choir of Nyíregyháza will do its utmost to ensure that you can enjoy the best possible user experience when using its services, through a highly customer-oriented approach. The provision of high quality services that meet your needs in every respect is made much easier for us if you register on our website.

By registering on the live.cantemus.hu website, you consent to the processing of the following data: e-mail address, password, name, title, gender, year of birth, place of residence (country), postal code, genre preference, student/teacher status. Through your activities as a registered user of the website, we may process additional personal data: purchase history, website transactions, browsing activity. This data is used to provide you with the best possible customer service and to help you deal with problems.

If, during registration or afterwards, you consent to being contacted directly by our newsletter, you allow us to use the above data to provide you with up-to-date and personalised offers that reflect your needs at an increasingly high level.

Duration of processing: until the withdrawal of the data subject's consent

Legal basis for processing: consent of the data subject (Article 6(1)(a) GDPR)

You can access and freely manage your personal data at any time through your user account. The e-mail address you have provided is the most authentic channel of communication and can only be changed by sending a request to cantemus.adatvedelem@gmail.com.

Please note that in accordance with the data processing principles set out in Article 5 (1) of the GDPR, in particular the principles of purpose limitation, data minimisation and accuracy, the Cantemus Choir of Nyíregyháza does not process data that do not serve the original purposes of data processing. With this in mind, if there is no activity related to your account for 2 and a half years, we will send you a warning notice informing you that your account will be terminated. If you do not carry out any activity as a registered user for the subsequent six months, your account and the personal data we process in relation to it will then be deleted. This provision does not apply to Nyíregyháza Cantemus Choir loyalty program member users, in order to ensure that the data subject does not suffer any disadvantage as a result of the deletion (e.g. loss of loyalty points).

f) Cantemus Choir of Nyíregyháza loyalty scheme

The Cantemus Choir of Nyíregyháza operates a loyalty program for its most loyal guests, offering gradually increasing benefits - ticket discounts, exclusive events, pre-sale opportunities, priority parking - to its participants.

Through the consent you give when joining the Cantemus Choir of Nyíregyháza loyalty programme, we process your personal data in addition to the personal data you provided when registering, for the purpose of providing the (continuously expanding) services - direct contact, benefits, etc. - in the General Terms and Conditions of the loyalty programme: address, phone number, loyalty card number, number of loyalty points, loyalty level, vehicle registration number, individual requests (e.g. sending the programme guide by post).

You have the right to terminate your membership of the loyalty program at any time and withdraw your consent to the processing of your data in this regard, in which case your loyalty points will be lost and your loyalty level cannot be restored upon rejoining. Your request can still be withdrawn within 48 hours.

A Cantemus Choir of Nyíregyháza Communication of the Supporters' Circle programme

The Cantemus Choir of Nyíregyháza for the Supporters' Circle programme by joining the General Conditions of Participation, you agree that the Cantemus Choir of Nyíregyháza and the Circle of Supporters programme information on its operations, services, various current discounts and events for members is provided in the form of regular e-mail newsletters.

As a member of the Loyalty Circle, by blocking or not opening the information messages, you may lose access to the Loyalty Programme's discount offers and information about Loyalty Programme events that are free of charge. The Cantemus Choir of Nyíregyháza is not liable for any loss or damage arising from the above. explicitly excludes.

Duration of processing: until the withdrawal of the data subject's consent

Legal basis for processing: consent of the data subject (Article 6(1)(a) GDPR)

g) Making video and audio recordings

The Cantemus Choir of Nyíregyháza by entering the premises of the Cantemus Choir of Nyíregyháza you expressly accept that images and sound recordings may be made in the premises of the Cantemus Choir of Nyíregyháza and in its halls, on which you may appear as a visitor. By participating in the (public) events of the Nyíregyháza Cantemus Choir, you agree that the Nyíregyháza Cantemus Choir may use the recording in connection with its core cultural activities. In connection with such use of the recording, you may not make any claim against the Nyíregyházi Cantemus Choir, the organisers or the producers of the recording, or any other valid user of the recording.

3. Rights of data subjects and how to exercise them

Your correspondence regarding the following requests will be received via e-mail at cantemus.adatvedelem@gmail.com.

You may at any time request that Cantemus Choir of Nyíregyháza inform you whether it processes your personal data and, if so, provide you with appropriate access to the personal data it processes. By logging in to your user profile, you also have direct access to your personal data, but you can request information about the processing of your personal data in writing at any time. Please note that the Cantemus Choir of Nyíregyháza can only consider a request for information sent by e-mail as authentic if it is sent from the registered e-mail address of the user, but this does not preclude the Cantemus Choir of Nyíregyháza from identifying the applicant in another way before providing the information.

If you find that personal data we are processing about you is inaccurate, you can request that it be corrected. If you are a registered user, you can make changes to your data yourself via your user profile.

You can request the deletion of your personal data processed by us at any time. Deletion may be refused (i) for the exercise of the right to freedom of expression and information, or (ii) where the processing of personal data is authorised by law, or (iii) where it is necessary for the establishment or exercise of legal claims or the protection of legitimate interests. In each case, the Cantemus Choir of Nyíregyháza shall inform the data subject of the refusal to comply with the erasure request, indicating the reasons for the refusal. After the request for erasure of personal data has been fulfilled, the previous (erased) data can no longer be restored.

You may request that the Nyíregyháza Cantemus Choir restrict the processing of your personal data if you dispute the accuracy of the personal data processed. In this case, the restriction will apply for the period of time that allows us to verify the accuracy of the personal data. You may also request the restriction of processing if the processing is unlawful or the purpose of the processing has already been fulfilled, but you oppose the erasure of the personal data processed and instead request the restriction of their use.

The personal data provided by you and processed by Nyíregyházi Cantemus Choir in an automated way in a structured, commonly used, machine-readable format, shall be disclosed and/or transferred to another data controller by Nyíregyházi Cantemus Choir upon your request.

You may object at any time to the processing of your personal data (i) if the processing of the personal data is necessary solely for compliance with a legal obligation to which the controller (Nyíregyháza Cantemus Choir) is subject or for the purposes of the legitimate interests pursued by the controller or a third party; (ii) if the processing is for direct marketing, public opinion polling or scientific research purposes; or (iii) if the processing is necessary for the performance of a task carried out in the public interest. The Cantemus Choir of Nyíregyháza will examine the lawfulness of the objection and, if it finds that the objection is justified, it will cease the processing.

4. Data processors

Personal data processing on behalf of the Cantemus Choir of Nyíregyháza is carried out by data processors who have a contractual relationship with us. The data processor may not make any independent decision regarding the data, but is entitled to act only in accordance with the provisions of the contract concluded with the Nyíregyházi Cantemus Choir and the instructions received. Our data processors have been selected to ensure the security of your personal data to the greatest extent possible. We require a contractual declaration of compliance with the applicable legislation from all our data processing partners, and only upon receipt of this declaration may they carry out any processing on behalf of the Cantemus Choir of Nyíregyháza.

5. Enforcement options

If you need further information, please contact us at cantemus.adatvedelem@gmail.com e-mail address, 4400 Nyíregyháza Vay Á. körút 18. postal address or in person. Please note that if you submit your data processing request in person, our colleagues may ask you to verify your identity.

You can lodge a complaint about data processing directly with the National Authority for Data Protection and Freedom of Information (address: 1055 Budapest, Falk Miksa utca 9-11.; postal address: 1363 Budapest, Pf. 9; telephone: +36 1 391 1400, fax: +36 1 391 1410, e-mail: ugyfelszolgalat@naih.hu, website: www.naih.hu).

If your rights are infringed, you can go to court. The court has jurisdiction to hear the case. You can also choose to bring the case before the court of the place where you live or stay.

The Cantemus Choir of Nyíregyháza has the right to modify this Privacy Policy at any time at its unilateral decision. If this entails a change in the principles or purpose of data processing, it will obtain the consent of the data subject in advance for further processing.

Nyíregyháza, 01 September 2022.