Privacy Policy

Data protection is specifically important for our company. Please read the following privacy policy extensively. 

1. Data Processing Information – vvolgy.hu

The Pásztó Development Nonprofit Limited Liability Company (registered office: Kölcsey u. 35, Pásztó, 3060, registration number: 01-10-045869, hereinafter referred to as the "Data Controller") provides in this privacy policy (hereinafter referred to as the "Policy") information on how it collects, uses, transfers, transmits, and stores personal data of its clients. The Data Controller declares that this Policy complies with applicable data protection regulations.

The Data Controller is entitled to unilaterally modify this Policy at any time in order to comply with applicable legal provisions, including modifications related to changes in the Data Controller's services. The amendments to this Policy will be communicated to the data subjects simultaneously with the changes on the vvolgy.hu website.

If you have any questions regarding this Policy, please contact us at info@vvolgy.hu. The current version of this Policy and any amendments can be found at https://www.vvolgy.hu/en/privacy-policy.

When drafting this Policy, the Data Controller took into account the following legal regulations:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("GDPR"),
  • Act CXII of 2011 on Informational Self-Determination and Freedom of Information ("Infotv."),
  • Act V of 2013 on the Civil Code ("Ptk.") and Act XLVIII of 2008 on the basic conditions and certain restrictions of economic advertising activity ("Grt."),
  • Act CVIII of 2001 on certain issues of electronic commerce services and services related to the information society ("Eker. tv."),
  • Act CXIX of 1995 on the processing of personal data for the purpose of research and direct marketing, and Act CXXXIII of 2005 on the rules of personal and property protection and private investigation activities ("Szvtv.")
  • Act C of 2000 on Accounting ("Számv. tv."),
  • Act CL of 2017 on the Rules of Taxation ("Art."),
  • Act CLV of 1997 on Consumer Protection ("Fgy. tv.").

2. Definitions

Data processing: performing technical tasks related to data management, regardless of the method, tool, or location of the application, provided that the technical task is carried out on the data.

Data processor: a natural or legal person, or an organization without legal personality, who, based on a contract - including contracts concluded under legal provisions - processes personal data.

Data management: any operation or set of operations performed on personal data, regardless of the applied procedure, including but not limited to collection, recording, organization, storage, alteration, use, retrieval, transmission, disclosure, coordination or linking, blocking, erasure, and destruction, as well as preventing further use of personal data, taking photographs, making audio or visual recordings.

Data controller: a natural or legal person, or an organization without legal personality, who, alone or jointly with others, determines the purpose of data management, makes decisions regarding data processing (including the means used), and carries them out, or executes them through a data processor.

Data transfer: making personal data accessible to a specified third party.

Data subject: any identified or identifiable natural person based on specific personal data, directly or indirectly.

GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Third party: a natural or legal person, or an organization without legal personality, who is not the data subject, data controller, or data processor.

Authority: the National Data Protection and Freedom of Information Authority established in accordance with constitutional provisions to ensure the right to informational self-determination, freedom of information, and the protection of personal data, as well as the legitimate accessibility of public data of public interest. Its task is to monitor and promote the enforcement of these rights.

Consent: the voluntary and unambiguous expression of the data subject's will, based on appropriate information, by which they give their unmistakable consent to the processing of their personal data, either in its entirety or for specific operations.

Personal data: any data or information that allows the direct or indirect identification of a natural person (data subject).

Service: The services operated by the data controller and provided by the data controller, accessible on the website.

3. Use of the Website

The use of certain Services available on our website, as well as the visitation and use of certain web pages/links, and communication, require visitors ("Visitors") to voluntarily provide Personal and/or sensitive data. Therefore, we kindly ask you to read the information contained in this Notice in all cases. Please note that providing data during contact with us implies the voluntary acceptance of the provisions stated in this Notice.

Such Services include, but are not limited to, the following:
For the use of our ticketing services, it is necessary to provide personal and credit card information.

Links to external websites:
Our website contains links to external websites that provide useful information to our Visitors. This Notice does not apply to external websites, and the Data Controller is not responsible for the data contained on such websites or any potential damages resulting from visiting or using external websites.

4. Handling of Personal Data

The Data Controller handles Personal data in accordance with the principles of good faith, fairness, transparency, and compliance with applicable laws and provisions of this Notice.

The Data Controller uses the necessary Personal data for the provision of Services solely based on the consent of the Data Subject and strictly for the stated purposes.
The Data Controller only processes Personal data for the purposes defined in this Notice and in relevant laws. The scope of processed Personal data is proportionate to the purpose of the Data Processing and cannot exceed it.
In cases where the Data Controller intends to use Personal data for a purpose other than the original collection purpose, the Data Subject will be informed, and the Data Subject's prior express consent will be obtained, or the Data Subject will be given the opportunity to prohibit such usage.
The Data Controller does not verify the accuracy of the Personal data provided by the Visitor; the responsibility lies solely with the individual providing the data.
The Data Controller ensures the security of Personal data by implementing technical and organizational measures and establishing procedural rules to protect the data against accidental loss, unauthorized destruction, unauthorized access, unauthorized use, unauthorized alteration, and unauthorized distribution. The Data Controller fulfills this obligation by notifying any third parties to whom Personal data is transmitted about these requirements.

5. Purpose of Data Processing

The purpose of data processing carried out by the Data Controller includes (a) providing online content services, (b) identifying the Visitor and establishing communication with the Visitor, (c) identifying the Services available to the Visitor, (d) generating statistics and conducting analyses, (e) protecting the rights of the Visitors, (f) asserting the legitimate interests of the Data Controller, and (g) technical development of the information system.

6. Protection of Minors

The information available on our website is not intended for minors. During data processing, we do not collect data – except for the IP address, which is automatically recorded due to the nature of internet services – from individuals who have not reached the age of 18. You may only provide personal data in accordance with the relevant data protection laws and guarantee that you have the appropriate and informed consent to disclose the information. By providing the information, you declare and warrant that your legal capacity to provide the information is not restricted. If you are considered legally "incapable" or "limited in legal capacity" regarding the provision of information and you are not authorized to make an independent statement in this regard, you must obtain the consent of the relevant third parties (e.g., legal representative, guardian) for the disclosure of information. In this context, you are obliged to consider whether the consent of a third party is necessary regarding the disclosure of the specific information. It is possible that Pásztó Fejlesztési Nonprofit Kft. will not establish personal contact with you; therefore, you are responsible for complying with this provision, and the Data Controller shall not be held liable in this regard. If we become aware that a user of our website is a child who is using this website without parental or guardian permission, we will make every reasonable effort to delete any information that has been obtained from the child and ensure that such information is not further transmitted or used by us. Please notify us immediately if you become aware that a child has provided information about themselves on this website without the permission of their parent or guardian.

7. Cookie Management

A cookie is an information package sent by the website to your computer when you visit the website, which allows certain services of the website to be more conveniently accessible to you. By using cookies, your preferences can be better assessed. You have the right to enable or disable cookies at any time through the settings of your computer's web browser or by modifying those settings. Furthermore, you can configure your browser settings to display a pop-up window notifying you before using cookies. If you want to learn more about this topic, there are numerous articles available on the internet, such as on the website http://www.allaboutcookies.org.

We use cookies on the website for the following reasons:

  • To store user sessions,
  • To collect statistics,
  • To store user preferences,
  • To store your consent regarding cookies.

You can enable or disable cookies by changing your browser settings. Since the options may vary depending on the browser, please refer to the Help menu of your browser or contact us for assistance (info@vvolgy.hu) for further information.

8. Legal Basis for Data Processing

The legal basis for processing Personal Data is the voluntary, prior, informed consent of the Data Subject. The Visitor is entitled to withdraw their consent at any time, without affecting the lawfulness of the processing prior to the withdrawal.

By providing the respective Personal data during the use of the Website, you declare that you have read and voluntarily and expressly consent to the version of this Information Notice in effect at the time of providing the data, and that the Personal data provided by you, as well as the Personal data generated about you, may be processed. You may provide Personal data in accordance with the relevant data protection laws and warrant that you have appropriate and informed consent to transfer the information.
The Data Controller records the Visitor's IP address upon entering the Website, in connection with the provision of the Service, based on the legitimate interest of the Data Controller and for the lawful provision of the Service, without the explicit consent of the Data Subject.

In addition to the voluntary consent of the Data Subject, the legal basis for Data processing related to content provision and associated activities may be the legitimate interest of the Data Controller, as well as the safeguarding of the fundamental rights to information and freedom of expression within the framework defined by laws. If the legal basis for Data processing is the legitimate interest of the Data Controller, the Data Controller has performed and may continue to perform the balancing test in accordance with the relevant provisions of the GDPR, which demonstrates that the Data Controller's legitimate interest associated with a specific Data processing is stronger than the rights and freedoms of the Data Subject related to the Data processing. Upon request, the Data Controller shall provide the Data Subject with information in accordance with the provisions of this paragraph as described in this Notice.

9. Duration of Data Processing

The Data Controller shall process the data of the Data Subject until the achievement of the Data Processing purposes described above, or until the withdrawal of the Data Subject's consent, or until the data is deleted at the request of the Data Subject.

Data that is automatically recorded during the operation of the system, necessary for ensuring the functioning of the system, shall be stored in the system for a justifiable period of time from their generation. The Data Controller ensures that these automatically recorded data cannot be linked to other Personal data, except in cases where it is mandatory by law.
If a court or authority orders the deletion of Personal data with legal force, the Data Controller shall carry out the deletion. Instead of deletion, the Data Controller, with the consent of the Data Subject, may restrict the use of Personal data if requested by the Data Subject, or if it can be assumed based on the available information that deletion would harm the legitimate interests of the Data Subject. The Data Controller shall not delete the Personal data as long as the Data Processing purpose that excludes the deletion of the Personal data is still valid.

10. Engagement of Data Processors

If the Data Controller carries out data processing activities on behalf of another party, the Data Controller shall only engage Data Processors who provide sufficient guarantees to ensure compliance with the requirements of the GDPR regarding data processing and the protection of the rights of data subjects, and who implement appropriate technical and organizational measures. The Data Processor shall not engage any further data processors without the prior written authorization, either on a case-by-case basis or in general, from the Data Controller.

The data processors and sub-processors acting on behalf of the Data Controller are Webpont Informatikai Kft. 
For more detailed information about the Data Processor engaged by the Data Controller, please contact info@vvolgy.hu.

Except for mandatory data transfers based on legal requirements, the contractual partners shall not transmit your data to third parties.

11. Data Security

We take necessary steps on our website to protect the Personal and/or sensitive data sent from your computer, particularly against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as accidental destruction and damage, and against becoming inaccessible due to changes in the applied technology. In order to protect electronically stored data files in various records, appropriate technical solutions must be implemented to ensure that the data stored in the records, unless permitted by law, cannot be directly linked or associated with the data subject.

Please be informed that we use data networks with adequate firewall and password protection. However, we would like to draw your attention to the fact that internet data transmission cannot be completely secure or error-free. You are responsible for the security of the provided personal data, except in cases where the Data Controller caused harm through the unlawful processing of the data subject's data or by breaching the requirements of data security.

12. Rights of the Data Subject and Remedies

The Data Subject may request information regarding the Data Processing by sending an email to info@vvolgy.hu or by sending a registered or certified letter to the address of the Data Controller stated above.

The Data Subject may request the Data Controller to inform them whether their Personal data is being processed, and if so, provide them with access to the Personal data being processed. The request for information may include the scope of the processed Personal data, their source, the purpose and legal basis of the Data Processing, the duration of the processing, the identification of Data Processors, and the activities related to the Data Processing. 

The Data Subject may request the correction or modification of the Personal data processed by the Data Controller. Considering the purpose of the Data Processing, the Data Subject may request the completion of incomplete Personal data.

The Data Subject may request the deletion of the Personal data processed by the Data Controller. The deletion may be refused 
(a) for exercising the freedom of expression and the right to information, or
(b) if the processing of Personal data is authorized by law, or
(c) for presenting, enforcing, or defending legal claims.

The Data Controller informs the Data Subject about the refusal of a deletion request, indicating the reasons for the refusal. Once the request for the deletion of Personal data has been fulfilled, the previously deleted data cannot be restored. Newsletters sent by the Data Controller can be unsubscribed from using the unsubscribe link provided in the newsletters. Upon unsubscribing, the Data Controller deletes the Personal data of the Data Subject from the newsletter database.

The Data Subject may request the restriction of the processing of their Personal data by the Data Controller if the Data Subject disputes the accuracy of the processed Personal data. The restriction applies for a period that allows the Data Controller to verify the accuracy of the Personal data. The Data Controller marks the Personal data being processed if the Data Subject disputes its accuracy or precision, but the inaccuracy or imprecision of the disputed Personal data cannot be clearly determined. The Data Subject may also request the restriction of the processing of their Personal data by the Data Controller if the Data Processing is unlawful, but the Data Subject opposes the deletion of the processed Personal data and instead requests the restriction of its use for specific legal claims. Furthermore, the Data Subject may request the restriction of the processing of their Personal data by the Data Controller if the purpose of the Data Processing has been fulfilled, but the Data Subject requests its continued processing by the Data Controller for the purpose of presenting, enforcing, or defending legal claims.

The Data Subject may request the Data Controller to provide them with the Personal data provided by the Data Subject and processed by the Data Controller in a structured, commonly used, and machine-readable format, or transmit it to another data controller.

The Data Subject may object to the processing of their Personal data
(a) if the processing of Personal data is solely necessary for fulfilling a legal obligation applicable to the Data Controller or for asserting the legitimate interests of the Data Controller or a third party;
(b) if the purpose of the Data Processing is direct marketing, public opinion research, or scientific research; or
(c) if the Data Processing is carried out in the public interest. The Data Controller examines the lawfulness of the objection raised by the Data Subject, and if the objection is well-founded, terminates the Data Processing, locks the processed Personal data, and informs all recipients to whom the Personal data affected by the objection has previously been disclosed about the objection and the measures taken based on it.

We recommend that the Data Subject, before resorting to administrative or judicial remedies, address their questions, comments, or complaints regarding the Data Processing to the employees of the Data Controller at the email address info@vvolgy.hu. In case of infringement of the rights concerning their Personal data, the Data Subject is entitled to contact the National Authority for Data Protection and Freedom of Information (address: Falk Miksa u. 9-11, 1055 Budapest, Hungary; telephone: +36 (1) 391-1400, fax: +36 (1) 391-1410, email: ugyfelszolgalat@naih.hu).

The Data Subject is entitled to bring a legal action before a court in case of the infringement of their rights. The jurisdiction for the proceedings lies with the competent court. The lawsuit can be initiated before the court of the Data Subject's domicile or place of residence, according to the choice of the Data Subject.