Privacy Notice
(ticketing)

1. Controller’s name, registered seat and representative

Name: BOBO FUN PARK Kft.
Registered seat: 8394 Alsópáhok, Fő utca 120.
Official representative: Csaba Baldauf, Managing Director
Contact person for data protection issues: Judit Nyirő, Deputy Director of Operations

2. Data Protection Officer:

Dr. Boldizsár Morvay – dr.morvay@balintfy.hu

3. The data processed:

  • name, e-mail address, telephone number, residential address, number of persons wishing to use the service, number and age of children wishing to use the service (if you create your own login account on the online interface during booking, or voluntarily fill out the declaration of responsibility in advance, the name, address, date of birth and mother's name of the person concerned, and the name, mother's name and date of birth of the represented minor)

4. Purpose of data processing:

  • ticketing, invoicing, creating an online login account for the convenience of customers

5. Legal basis for data processing:

  • performance of contract (Article 6 (1) (b) of the GDPR)
  • regarding the names and residential addresses required for invoicing, compliance with the legal obligation set out in Section 169 (1) of Act C of 2000 on Accounting – Article 6 (1) (c) of the GDPR
  • creating a personal online login account and  the consent of the data subject when completing the declaration of liability (Article 6 (1) (a) of the GDPR)

6. Legal consequences if data are not supplied:

  • the controller is unable to sell the ticket; no data processing.

7. Transfer of data:

a.) data are transferred only to the data processor company operating the online system; name of data processor: MORGENS Design Kft. registered seat: 8800 Nagykanizsa, Csányi László utca 2. representative:Katona Zoltán managing director 

b.) data will also be transferred to the following banks that carry out bank transactions: – OTP Bank Nyrt, (H-1051 Budapest, Nádor utca 21.) OTP Mobil Kft. (H-1143 Budapest, Hungária krt. 17.) K&H Bank Zrt. (H-1095 Budapest, Lechner Ödön fasor 9.)

c.) the e-mail address will be transferred within the European Union in encrypted (SHA-256 hash algorithm), non-reversible form for statistical and analytical purposes and for personalised advertising to the following company:
– Google Ireland Limited (address: Google Building Gordon House, Barrow St, Dublin 4, Ireland)

d.) the e-mail address will be transferred to a third country, to the following company in encrypted (SHA-256 hash algorithm), non-reversible form for statistical and analytical purposes and for personalised advertising:
– META Inc (1601 WILLOW ROAD MENLO PARK, CA 94025-USA)
– Microsoft Inc (One Microsoft Way. Redmond, Washington 98052-6399-USA)

8. Legal basis of the data transfer:

– with regard to the transfer of data under 7.a: performance of contract
– with regard to the transfer of data under 7.b.c: the data subject’s consent

9. Duration of personal data processing:

  • the controller will process the personal data received during the sales process only while the purpose of the data processing applies, i.e. during the term of its contract with the data subject.
  • if a personal online login account is created during ticket purchase, the data provided during account registration will be processed by the data controller as long as the guest’s online account is active
  • The following data constitute an exception to the above:
    • name, residential address: 8 years, as per Section 169 of Act C of 2000 on Accounting

10. Information on the data subject’s general rights

Data subjects have the right to

  • request information from the controller regarding whether their personal data are being processed; if they are, the data subjects may request access to these personal data.
  • request the controller to rectify incorrect personal data without undue delay.
  • request the controller to erase their personal data without undue delay; the controller is under obligation to erase the personal data of the data subject without undue delay if certain other conditions apply
  • request the controller to restrict the data processing if
    • the data subject disputes the accuracy of the personal data /such restriction shall be in force while the controller verifies the accuracy of the personal data/;
    • the data processing is unlawful but the data subject is against the erasure of data and prefers a restriction of use instead;
    • whereas the controller no longer needs the personal data, but the data subject does for purposes of presenting, enforcing or protecting legal demands.
    • the data subject has objected to the data processing; in such a case, the restriction will apply for the duration of establishing whether the controller’s legitimate interests prevail over the data subject’s legitimate interests.
  • receive their personal data, provided by them to the controller, in a structured, commonly used format, and forward the data to another controller without this being prevented by a controller to whom they had provided such personal data, where the data processing is based on voluntary consent or contract, and is automated.
  • if personal data are processed for direct marketing purposes, the data subject has the right to object to the processing of their personal data for that purpose, including any profiling that is associated with direct marketing.
  • object to being subject to decisions based solely on automated data processing – including profiling – that would have a legal effect or similar significant consequence on them.

11. Information on profiling and automated decisions:

  • there are no profiling or automated decisions

12. Data storage, data security

The controller and the organisation involved as a processor store the data on their own computing devices which are held at the registered seat, and in the case of the processor, they can be found in a server farm. The controller and processor choose and operate their IT devices so that the data processed could be accessed by the authorised persons, their credibility and validation remain assured, it could be verified that they had not been modified and they are protected against unauthorised access. Data are protected against unauthorised access, modification, transfer, disclosure, erasure or destruction as well as accidental destruction, damage and unavailability due to the change of the applied technology in such a way that, by having regard to the current technological development, the controller takes care of the protection of processing security with technological, organisational and structural measures that provide an adequate level of protection against the risks associated with processing.

13. Right to seek help from authorities:

Data subjects may take the controller to court if their rights have been breached. Lawsuits will be adjudicated by the Regional Court (Zalaegerszeg Regional Court contact information: 8900 Zalaegerszeg, Várkör u. 2.). The data subject may choose whether to bring a lawsuit before a regional court with competence at the data subject’s permanent or temporary place of residence. In such matters, the court will expedite its procedures.

Legal remedy is available and complaints may be filed at the National Authority for Data Protection and Freedom of Information: Name: National Authority for Data Protection and Freedom of Information. Registered seat: 1055 Budapest, Falk Miksa utca 9-11. Postal address: 1363 Budapest, Pf.: 9. Telephone: 06.1.391.1400 Fax: 06.1.391.1410 E-mail: ugyfelszolgalat@naih.hu Website: http://www.naih.hu

14. Link to Privacy Policy

The controller’s Privacy Policy is available at www.bobofunpark.hu/en/privacy-policy.

Share