Partybus, the rolling entertainment venue

+36 30 604 0453 partybus@partybus.co.hu
MagyarEnglish
Main menu
MagyarEnglish
+36 30 604 0453 partybus@partybus.co.hu
ORDER NOW!
Privacy policy (GDPR)

Privacy policy (GDPR)

Last update / Effective: 1 January 2024. 

I. General provisions 

Service provider details: 

Name of the Service Provider: BPPB Kft. 
Registered office and postal address: 1028 Budapest Mikszáth Kálmán u 6. 
Registering authority: Metropolitan Court of Budapest as a Court of Justice 
Company registration number: Cg. 01 09 919638 
Tax number: 14783021-2-41 
Your e-mail address: partybus@partybus.co.hu 
Website address: www.partybus.co.hu 
Complaints handling location and contact details: partybus@partybus.co.hu on working days  between 10.00 - 16.00 

I. Purpose of the Code: 

This Policy aims to ensure that in all areas of the services provided by the Service Provider, all  individuals, regardless of their nationality or place of residence, are guaranteed that their rights and  fundamental freedoms, in particular their right to privacy, are respected when their personal data are  processed by automated means (data protection). 

II. Privacy Policy applied by the Company 

1. The Service Provider's data management principles are in accordance with the applicable data  protection legislation and the relevant provisions of the GDPR.

2. The Service Provider is entitled to. Data Processing Policy unilaterally change. The Privacy Policy the  Service Provider will notify the User of any changes by publishing the changes on  www.partybus.co.hu. The entry into force of the amendments to the Privacy Policy the User will only  be able to access the amended Privacy Policy when using the system. By using the Service after the  effective date of the amendment, the User accepts the amended Privacy Policy. 

3. The Service Provider is committed to the protection of the User's personal data, and considers it of  the utmost importance to respect the right of informational self-determination of its customers. The  Service Provider shall treat personal data confidentially and shall take all reasonable steps to protect the privacy of its customers. as best he can security, technical and organisational measures to  guarantee the security of the data. 

4. The Service Provider uses personal data that are indispensable for the use of its services on the  basis of the consent of the data subjects and only for the purpose for which they are intended. 

III. Legal basis for processing  

1. Personal data may be processed if the data subject consents to it or if it is ordered by law or, on the  basis of a law, by a local government decree within the scope specified therein, for a purpose in the  public interest. The legal basis for data processing is the voluntary consent of the data subject  pursuant to Section 5 (1) a) of Act CXII of 2011 on the Right of Informational Self-Determination and  Freedom of Information (Act on the Freedom of Information) and Section 13/A of Act CVIII of 2001 on  Certain Aspects of Electronic Commerce Services and Information Society Services. 

2. The User gives his/her consent to the processing of certain data by using the website, by  registering or by voluntarily providing the data in question. 

3. The purpose of the automatically recorded data is to compile statistics, to improve the technical  development of the IT system and to protect the rights of the User. 

4. The Service Provider does not verify the personal data provided to it. The person providing the  data is solely responsible for the correctness of the data. Any User who provides an e-mail address  shall also be responsible for the fact that he/she is the only one to use the service from the e-mail  address provided. With regard to this assumption of responsibility, any liability for accessing the  service from a given e-mail address rests solely with the User who provided the e-mail address. If the  User does not provide his/her own personal data, he/she is obliged to obtain the consent of the data  subject and to inform the Data Controller thereof. 

IV. Purpose and scope of data processing, duration of data processing 

1. Technical data

Data technically recorded during the operation of the system: the data of the User's computer logging  in, which are generated during the use of the service and which are recorded by the Service  Provider's system as an automatic result of technical processes. The automatically recorded data are  automatically logged by the system on logging in or logging out, without any special declaration or  action by the User. These data may not be linked to other personal user data, except in cases required  by law. The data may only be accessed by the Service Provider. 

2. cookie 

During visits to the Website, the Service Provider sends one or more cookies - small files containing a  series of characters - to the User's computer, which will allow the User's browser to be uniquely  identified. These cookies are provided by Google and are used through the Google Adwords system.  These cookies are only sent to the visitor's computer when visiting certain sub-pages, i.e. they only  store the fact and time of the visit to the sub-page in question, and no other information. The use of  the cookies sent in this way is as follows. The User may opt out of Google cookies by going to the  Google advertising opt-out page. 

External servers help to independently measure the website's traffic and other web analytics data  (Google Analytics). The data controllers can provide detailed information on the handling of the  measurement data to the User (https://www.google.com/analytics). If the User does not want  Google Analytics to measure the above data in the manner and for the purpose described, please  install a browser add-on to block this. 

3. Data processing in relation to newsletters and unsubscribe letters 

On www.partybus.co.hu. In connection with the order, the user voluntarily provides the Service  Provider with the personal data specified below: 
Name / Email address / Phone number / Address / Website usage behaviour / Newsletter reading  behaviour / Shopping behaviour 
The processing is based on the User's voluntary, duly informed declaration, which, in the case of the  purchase, is necessary for the use of the sales service on the website, by using the sales service on  the website, the User declares that by using the website, he/she gives his/her explicit consent to the  use of the personal data provided during the use of the website. The legal basis for the processing of  the data is the voluntary consent of the data subject pursuant to Article 5 (1) (a) of Act CXII of 2011  on the Right of Informational Self-Determination and Freedom of Information and Article 169 (2) of  Act C of 2000 on Accounting. 

Only persons who are at least 18 years of age and have legal capacity are entitled to make purchases  through the Service Provider's system.
The purpose of the processing is to ensure the provision of the service or ordering package on the  website, the order, its processing, the documentation of the purchase and payment, the fulfilment of  the accounting obligation. Furthermore, the purpose of the data processing is to identify the User  purchaser and to fulfil the ordered service, to send notifications in connection with the order, to issue  invoices, to process payments, to register the Users and to distinguish them from each other.  Processed data: first and last name / telephone number / e-mail address, billing address provided for  invoicing / number, date and time of the transaction / content of the receipt / customer code / name,  address and tax number in the case of VAT invoices. Duration of processing: 8 years. 

4. Statistical data 

The Service Provider may use the data for statistical purposes in the limited way provided for by the  legislation in force. The use of the data in aggregate statistical form shall not include the name or any  other identifiable data of the User concerned. 

5. Other data processing 

Any other processing that may be necessary beyond the general data processing not listed in this  notice will be provided at the time of collection. Such specific processing includes the provision of  information by the courts, prosecutors, investigating authorities, law enforcement authorities,  administrative authorities, the Data Protection Commissioner or other bodies authorised by law,  when they contact the Controller to disclose, transfer or provide documents. The Service Provider  shall disclose personal data to these institutions and authorities only to the extent required by the  applicable legislation, to the extent and to the extent that is strictly necessary for the purpose of the  request, provided that the requesting institution or authority has indicated the exact purpose and  scope of the data and the legal reference. 

6.1. Telephone conversations 

The Service Provider maintains a telephone customer service. The telephone conversation is not  recorded. However, in the case of reservation, the name and telephone number may be recorded in  order to identify the User. The User voluntarily consents to the provision of this information by  making the call and being informed of the call. These data will be kept for the period of time specified  by law. 

6.2. Camera shots 

The Service Provider operates a camera system in busses. By purchasing the the User accepts and  agrees that he/she may be subject to camera recording. Depending on the technical capabilities of  the recording units, the camera recordings are stored for 3 - 4 days. After this period, the recordings are automatically deleted. The Service Provider shall only transfer the recorded camera recordings to  a 3rd party upon request by the authorities. 

7. Duration of data processing: until the consent is withdrawn. You can unsubscribe by clicking on the  Unsubscribe link at the bottom of the newsletter. Personal data will be deleted within 10 working  days of receipt of the request. 

V. Persons entitled to access the data 

The data may be accessed by the Service Provider's and by the additional data processors named  below. 

NAV Online számla 

The Data Controller uses the web analytics services of Google LLC, Google Analytics, Google Adwords,  Facebook Ireland Ltd. The web analytics services also use cookies to help analyse the use of online  interfaces. The data subject, by providing specific and explicit consent to the use of online platforms,  authorises Google Analytics and Google Adwords to transfer information generated by cookies about  the use of the online platform to Google's servers. The other cookies processed are stored on servers  within the European Union. By giving the specific consent provided on the website, the user consents  to the collection and analysis of his/her data in the manner and for the purposes set out above. The  above mentioned service providers use this information to evaluate and analyse the use of online  interfaces by the data subject, to compile reports on the activities carried out on online interfaces  and to provide other services related to the activities carried out on those interfaces and to the use of  the Internet. 

VI. Data security measures  

1. The Service Provider shall exercise the utmost care in the processing and storage of personal data.  In the area of information security, the Service Provider shall use the most effective and up-to-date  tools and procedures reasonably available. 

2. The Controller shall design and implement the processing operations in such a way as to ensure the  protection of the privacy of the data subjects. 

3. The data controller or the data processor in the scope of its activities shall ensure the security of  the data, and shall take the technical and organisational measures and establish the procedural rules  necessary to enforce the provisions of the GDPR and other data protection and confidentiality rules. 

4. Appropriate measures shall be taken to protect the data against, in particular, unauthorised access,  alteration, disclosure, disclosure, erasure or destruction, accidental destruction or damage and  inaccessibility resulting from changes in the technology used.

5. In order to protect the electronically managed data files in the different registers, an appropriate  technical solution must ensure that the data stored in the registers cannot be directly linked and  attributed to the data subject, unless permitted by law. 

6. When processing personal data by automated means, the controller and the processor shall take  additional measures to ensure that. 

  • prevent unauthorised data entry; 
  • preventing the use of automated data processing systems by unauthorised persons using data  transmission equipment; 
  • the verifiability and ascertainability of the bodies to which personal data have been or may be  transmitted using data transmission equipment; 
  • the verifiability and ascertainability of which personal data have been entered into automated data  processing systems, when and by whom; 
  • the recoverability of the installed systems in the event of a failure, and that errors in automated processing are reported. 

7. The controller and the processor shall take into account the state of the art when defining and  implementing measures to ensure data security. The choice between several possible processing  solutions should be made which ensure a higher level of protection of personal data, unless this  would impose a disproportionate burden on the controller. 

8. The Service Provider shall select and operate the IT tools used to process personal data in the  course of providing the service in such a way that the processed data: 

  • accessible to authorised persons (availability); 
  • authenticity and verification (authenticity of processing); 
  • can be verified to be unchanged (data integrity); 
  • be protected against unauthorised access (data confidentiality). 

9. The Service Provider shall ensure the security of data processing by technical, organisational and  organisational measures that provide a level of protection appropriate to the risks associated with  data processing. 

10. Electronic messages transmitted over the Internet, regardless of the protocol (e-mail, web, ftp,  etc.) are vulnerable to network threats that could lead to fraudulent activity or to the disclosure or  modification of information. The Service Provider will take all reasonable precautions to protect against such threats. It will monitor systems to ensure that any security discrepancies are recorded  and evidence of any security incidents is available. However, the Internet is not, as is well known to  Users, 100% secure. The Service Provider shall not be liable for any damage caused by an  unprotected attack, despite the utmost care. 

VII. Rights of data subjects and their enforcement, objection to processing of personal data, judicial  redress and compensation 

1. A change in personal data or a request for the deletion of personal data may be communicated by  means of a written statement in a private document with full probative value sent to the registered e mail address or by post. Changes to certain personal data may also be made by modifying the  personal profile page. Once a request for deletion or modification of personal data has been fulfilled,  the previous (deleted) data can no longer be restored. 

Users may request information about the processing of their personal data. Requests for information  sent by e-mail shall be considered authentic by the Data Controller only if they are sent from the  registered e-mail address of the User. At the request of the data subject, the controller shall provide  information on the data processed by the data subject or by a processor to whom the data subject  has delegated the processing, the source of the data, the purpose, legal basis and duration of the  processing, the name and address of the processor and the activities of the processor in relation to  the processing, and, in the case of transfer of the data subject's personal data, the legal basis and the  recipient of the transfer. The request for information should be sent by e-mail to  partybus@partybus.co.hu. The Service Provider is obliged to provide the information in writing in an  intelligible form, at the request of the data subject, within the shortest possible time from the date of  the request, but not later than 30 days. 

The information described above is free of charge if the person requesting the information has not  yet submitted a request for information to the controller for the same set of data in the current year.  In other cases, a fee may be charged. The fee already paid shall be refunded if the data have been  unlawfully processed or if the request for information has led to a rectification. 

The data controller may refuse to provide the data subject with information only in the cases  specified in the GDPR. In the event of refusal to provide information, the controller shall inform the  data subject in writing of the provision of this Act on the basis of which the information was refused. 

2. The data subject may request the controller to rectify his or her personal data and to erase or block  his or her personal data, except for mandatory processing. 

3. The controller shall keep a register of transfers for the purpose of monitoring the lawfulness of the  transfer and informing the data subject, which shall include the date of the transfer of personal data  processed by the controller, the legal basis and the recipient of the transfer, the scope of the personal  data transferred and other data specified in the legislation providing for the processing.

4. If the personal data is not accurate and the accurate personal data is available to the controller, the  controller shall correct the personal data and notify the data subject thereof. 

5. The personal data shall be deleted if 

a) unlawful treatment; 
b) the data subject requests it, as provided for in the Avtv; 
(c) it is incomplete or incorrect, a situation which cannot be lawfully remedied, provided that  cancellation is not precluded by law; 
(d) the purpose of the processing has ceased or the statutory time limit for the storage of the data  has expired; 
(e) ordered by a court or the Authority. 

In the case referred to in point (d) of the preceding paragraph, the obligation to erase shall not apply  to personal data whose data medium is subject to archival custody pursuant to the legislation on the  protection of archival material. 

5. Instead of erasure, the controller shall block the personal data if the data subject so requests or if,  on the basis of the information available to him or her, it is likely that erasure would harm the data  subject's legitimate interests. Personal data blocked in this way may be processed only for as long as  the processing purpose which precluded the deletion of the personal data continues to exist. 

6. The controller shall mark the personal data that it processes if the data subject contests the  accuracy or correctness of the personal data, but the inaccuracy or incorrectness of the contested  personal data cannot be clearly established. 

7. Rectification, blocking, flagging and erasure must be notified to the data subject and to all those to  whom the data were previously disclosed for processing. Notification may be omitted if this does not  harm the legitimate interests of the data subject having regard to the purposes of the processing. 

8. If the controller does not comply with the data subject's request for rectification, blocking or  erasure, the controller shall, within 30 days of receipt of the request, communicate in writing the 
factual and legal grounds for refusing the request for rectification, blocking or erasure. In the event of  refusal of a request for rectification, erasure or blocking, the controller shall inform the data subject  of the possibility of judicial remedy and of recourse to the Authority. 

9. The data subject must be informed before the processing starts whether the processing is based on  consent or whether it is mandatory. 

10. The data subject shall be informed clearly and in detail of all facts relating to the processing of his  or her data before the processing begins, in particular the purpose and legal basis of the processing,  the person authorised to process and process the data, the duration of the processing, if the  controller processes the personal data of the data subject pursuant to paragraph (5) of Article 6 of  the Data Protection Act, and who may access the data. The information shall also cover the rights and  remedies of the data subject in relation to the processing. In the case of mandatory data processing,  the information may also be provided by publishing a reference to the legal provisions containing the  information referred to in the above paragraph. 

11. The data subject may object to the processing of his or her personal data, where the processing or transfer of personal data is necessary for the fulfilment of a legal obligation  to which the controller is subject or for the purposes of the legitimate interests pursued by the  controller, the recipient or a third party, except in cases of mandatory processing; 
if the personal data are used or disclosed for direct marketing, public opinion polling or scientific  research purposes; and 

in other cases specified by law. 

The controller shall examine the objection within the shortest possible time from the date of the  request, but not later than 15 days, decide whether the objection is justified and inform the applicant  in writing of its decision. 

If the controller establishes that the data subject's objection is justified, the controller shall terminate  the processing, including further collection and further transmission, and block the data. 
If the data subject does not receive the data necessary to exercise his or her rights due to the data  subject's objection, he or she may, within 15 days of the notification, take legal action against the  controller in order to obtain access to the data, as provided for in Article 22 of the Data Protection  Act. The controller may also bring legal proceedings against the data subject. 

The controller may not delete the data of the data subject if the processing is required by law.  However, the data may not be transferred to the data recipient if the controller has consented to the  objection or if the court has ruled that the objection is justified.

12. The controller shall compensate any damage caused to another party by unlawful processing of  the data subject's data or by breach of data security requirements. The controller shall be exempted  from liability if he proves that the damage was caused by an unavoidable cause outside the scope of the processing. No compensation shall be payable where the damage resulted from the intentional or  grossly negligent conduct of the injured party. 

VIII. Enforcement options: 

If you have any questions or comments, please contact the Service Provider at  partybus@partybus.co.hu. The User may exercise his/her rights of enforcement before the courts in  accordance with the Data Protection Act and the Civil Code. Legal remedies and complaints may be  lodged with the National Authority for Data Protection and Freedom of Information: 

Name: National Authority for Data Protection and Freedom of Information 
postal address: 1530 Budapest, Pf.: 5. 
address: 1125 Budapest Szilágyi Erzsébet fasor 22/c 
Phone: +36 (1) 391-1400 
Fax: +36 (1) 391-1410 
E-mail: ugyfelszolgalat@naih.hu 
URL https://naih.hu 
Done at Budapest, 1 January 2024