The Data Controller pays special attention to ensuring that the processing of personal data within its system complies with the provisions of Regulation (EU) 2016/679 of the EUROPEAN PARLIAMENT AND OF THE COUNCIL ("Regulation") on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as well as repealing Directive 95/46/EC (General Data Protection Regulation - GDPR).
In relation to data processing, the Data Controller hereby informs website visitors (hereinafter referred to as "User") about the personal data processed, the principles and practices followed in the processing of personal data, as well as the manner and possibilities for exercising User rights.
The User is entitled to partially or fully withdraw consent to data processing or request the deletion of their data via a written request addressed to the Data Controller in accordance with the procedure set out in this notice.
The data is processed by Sportfive MPA Kft.
Users can purchase tickets for cultural and sports events, as well as parking tickets, through the Website. These tickets can be purchased without registration (guest checkout). However, some tickets require Users to be redirected to the ticket sales platform of a Partner that has a contractual relationship with the Data Controller. In such cases, the User purchases the ticket directly from the Partner via the Partner's website, and not from the Data Controller. For such purchases, the User provides personal data directly on the Partner's website, and the data processing is governed by the data processing policies available on the respective Partner's website. The Data Controller does not receive any personal data from the Partner but is notified about the ticket number sold, solely for the purpose of enabling the User’s entry into MVM-DOME.
The email address provided during registration does not necessarily have to contain personal data. For example, it does not need to include the User’s name. The User may choose an email address that does not reveal their identity.
Services available for purchase through the Website (e.g., concert tickets, parking tickets) do not require registration. However, Users have the option to register using the methods below.
If a User purchases a ticket sold by a Partner rather than directly by MVM DOME, they will be redirected from the Website to the Partner’s page to complete the purchase. The Partner does not share User data with the Data Controller, and all personal data processing is subject to the Partner’s data processing notice available on their website.
Scope of processed data, purpose of data processing:
| Processed data | Purpose of data processing |
|---|---|
| Name | User identification |
| Contact and password retrieval | |
| Password | Ensuring secure access |
After registration, providing billing information is also mandatory when placing an order, so that the Data Controller can fulfill its legal obligations defined in section 2.5.
Purpose of Data Processing: Registration provides a convenience feature, allowing Users to avoid re-entering necessary purchase details for future transactions.
Duration of Data Processing: Personal data required for registration is processed from the time of registration until the User requests deletion. If the User does not request deletion, the Data Controller will delete their personal data from the system no later than 30 days after the termination of the Website.
Legal Basis for Data Processing: The User’s voluntary consent based on Article 6(1)(a) of the Regulation.
Source of Data: Directly provided by the User.
Consequences of Not Providing Data: Users can still complete purchases as a guest without registration. Lack of registration does not result in any disadvantage for the User.
If the User has a Google account, they can log in by clicking the "Sign in with Google" button or register by clicking the "Register with Google" button to make purchases or use services on the Website.
Scope of processed data, purpose of data processing:
When logging in with a Google account, the Data Controller processes the following data:
| Processed data | Purpose of data processing |
|---|---|
| User’s unique identifier | User identification |
| Contact and password retrieval |
The User is redirected to the external service's login page, where they can log in to the Data Controller's site using the data previously registered on Google. The Data Controller does not have access to or store the entered password data.
Further purpose of data processing: Ensuring that the User can register/log in to the MVM Dome registration platform using their existing Google account details.
Duration of data processing: The processing of personal data required for registration begins with the registration and lasts until the User requests its deletion. If the User does not request the deletion of their registration, the Data Controller will delete the User’s personal data no later than 30 days after the Website ceases to exist.
Legal basis for data processing: The User’s voluntary consent based on Article 6(1)(a) of the Regulation.
Source of data: Directly collected from the User.
Consequence of not providing data: The User can place an order without using a Google account (as a guest), and the lack of registration does not result in any disadvantageous legal consequences for the User.
If the User has a Facebook account, they can register by clicking the "Register with Facebook" button or log in by clicking the "Log in with Facebook" button on the Website. In this case, the User is redirected to the external service's login page, where they can log in to the Data Controller's site using the data previously registered on Facebook. The Data Controller does not have access to or store the entered password data. Registration is not mandatory in this case either.
Scope of processed data, purpose of data processing:
When logging in/registering with a Facebook account, the Data Controller receives the following data:
| Processed data | Purpose of data processing |
|---|---|
| Name | User identification |
| User’s unique identifier | User identification |
| Contact and password retrieval |
Further purpose of data processing: Ensuring that the User can register/log in to the MVM Dome registration platform using their existing Facebook account details.
Duration of data processing: The processing of personal data required for registration begins with the registration and lasts until the User requests its deletion. If the User does not request the deletion of their registration, the Data Controller will delete the User’s personal data no later than 30 days after the Website ceases to exist.
Legal basis for data processing: The User’s voluntary consent based on Article 6(1)(a) of the Regulation.
Source of data: Directly collected from the User.
Consequence of not providing data: The User can place an order in other ways (as a guest), without using a Facebook account, and the lack of registration does not result in any disadvantageous legal consequences for the User.
A request to delete the registration can be sent to the Data Controller. Upon receipt of the deletion request, the Data Controller immediately deletes the User's account along with all personal data. However, the deletion does not affect the destruction of invoices related to any orders already placed, or the deletion of data required for the Data Controller to fulfill its legal obligations (e.g., keeping complaints for 3 years).
Once the registration is deleted, the data cannot be restored.
Scope of processed data, purpose of data processing:
| Processed data | Purpose of data processing |
|---|---|
| Name | User identification |
| Address: | Data required for issuing an invoice |
| Communication, sending invoices, providing information related to the event | |
| Place and date of birth | User identification |
| Type of ticket/subscription, purchase date, validity period | Ensuring the delivery of the purchased ticket/subscription to the User and its use at the event at the specified time. |
| Online food/drink order | See more in section 5 |
Further purpose of data processing: Ensuring that the User can place an order for a service or product available on the Website without registration.
Legal basis for data processing: Performance of the contract based on Article 6(1)(b) of the Regulation.
Duration of data processing: The personal data provided during the order will be processed for 5 years from the completion of the order.
Source of data: Directly collected from the User.
Scope of processed data, purpose of data processing:
| Processed data | Purpose of data processing |
|---|---|
| Name | User identification |
| Contact related to the request for a quote | |
| Designation of the service | Subject of the request for a quote |
Based on Article 6(1)(a) of the Regulation, the User’s voluntary consent. If a contract is concluded between the Data Controller and the User during the request for a quote, the legal basis for data processing is the performance of the contract based on Article 6(1)(b) of the Regulation.
Duration of data processing: The personal data provided during the request for a quote will be processed for 2 months from the submission of the request. If a contract is concluded between the Data Controller and the User during the request for a quote, the personal data will be processed for 5 years from the completion of the order.
Source of data: Directly collected from the User.
Scope of processed data, purpose of data processing:
| Processed data | Purpose of data processing |
|---|---|
| Name | User identification, fulfillment of their order |
| Communication and providing the purchased parking ticket via email. | |
| Purchase date of the parking ticket | Ensuring t he use of the purchased parking ticket at the specified time |
| Address data (postal code, city, street, house number) | Data required for billing. |
It is possible to purchase a parking ticket without registration.
Legal basis for data processing: Performance of the contract based on Article 6(1)(b) of the Regulation.
Duration of data processing: Personal data related to the purchase of the parking ticket will be processed until the User deletes their registration, as all information related to the parking ticket remains available in the User's account as long as the registration is active. If the User requests the deletion of their registration, the provisions defined in section 2.1.4 apply.
Source of data: Directly collected from the User.
Consequence of not providing data: Without providing personal data, the User cannot purchase a parking ticket.
Scope of processed data, purpose of data processing:
| Personal data | Purpose of data processing |
|---|---|
| Name (last name, first name) | User identification, mandatory element of the invoice. |
| Address data (postal code, city, street, house number) | Mandatory element of the invoice. |
| Tax number for companies | Mandatory element of the invoice. |
Purpose of data processing: fulfillment of invoicing obligations and compliance with accounting principles, preparation and keeping of accounting records.
Legal basis: Performance of a legal obligation pursuant to Article 6(1)(c) of the Regulation. (VAT Act / Act CXXVII of 2007 on Value Added Tax)
Duration of data processing: invoices must be retained for 8 years.
Categories of recipients of personal data: tax authority, and if necessary or upon request, other authorities and courts.
Source of data: Directly collected from the User.
Consequence of not providing data: The Data Controller will not be able to fulfill its legal obligations defined by the applicable Hungarian laws.
Scope of processed data, purpose of data processing:
| Personal data | Purpose of data processing |
|---|---|
| Name (last name, first name) | User identification |
| Sending the invoice to the User. |
Duration of data processing: The Data Controller uses the szamlazz.hu system for issuing and sending invoices. Invoices are sent through the szamlazz.hu service provider’s system, which stores the User’s email address for 8 + 1 years as specified in the szamlazz.hu privacy notice.
Legal basis: Performance of a legal obligation pursuant to Article 6(c) of the Regulation. (Act C of 2000 on Accounting)
Source of data: Directly collected from the User.
Consequence of not providing data: The Data Controller will not be able to fulfill its obligation to provide the invoice to the Data Subject.
| Personal data | Purpose of data processing |
|---|---|
| Name (last name, first name) | User identification |
| making contact, maintaining communication in connection with the raised question | |
| Phone number | making contact, maintaining communication in connection with the raised question |
| Other (non-mandatory) data provided by the User. | Other data provided by the User that may be necessary to answer the question. Providing additional data is not mandatory. |
Further purpose of data processing: if the User has a question regarding the Website or the Data Controller's services, they can contact the Data Controller via the contact form on this Notice or other contact options on the Website. It serves to enable communication and contact between the Data Controller and the User regarding the raised question.
Duration of data processing: The Data Controller will process incoming emails and postal letters, including the sender’s name, email address, and any other personal data provided in the message, until the User's question or remark has been resolved or answered.
Legal basis: User’s voluntary consent based on Article 6(1)(a) of the Regulation.
Source of data: Directly collected from the User.
Possible consequence of not providing data: failure to maintain communication via customer correspondence.
| Personal data | Purpose of data processing |
|---|---|
| Name (last name, first name) | User identification |
| Making contact and maintaining communication in connection with the raised complaint | |
| Phone number | Making contact and maintaining communication in connection with the raised complaint |
| Other (non-mandatory) data provided by the User. | Other data provided by the User in the complaint that may be necessary for the investigation of the complaint. |
Further purpose of data processing: if the Data Controller handles the User’s complaint related to the provided service, personal data will also be processed during the procedure. The purpose of data processing is to handle the complaint in accordance with legal requirements and to enable contact and communication between the Data Controller and the User regarding the raised complaint.
Duration of data processing: In accordance with the rules defined in Act CLV of 1997 on Consumer Protection, the Data Controller is obliged to retain the complaint for 3 years.
Legal basis: Performance of legal obligations under Article 6(1)(c) of the Regulation as prescribed by the Consumer Protection Act and the Civil Code.
Source of data: Directly collected from the User.
Possible consequence of not providing data: failure to handle the complaint, as without providing personal data the Data Controller cannot contact or maintain contact with the User regarding the specific matter and cannot resolve the problem.
Purpose of data processing: registering and identifying the subscribing User in the newsletter database. Upon subscription, the Data Controller sends personalized direct marketing newsletters to the User based on the services used or purchases made. Unless otherwise declared, objected to, or opposed by the User, the Data Controller uses the personal data provided by the User to send information, promotions, offers, and updates about its services.
Duration of data processing: The Data Controller processes this data until the User unsubscribes from the newsletter via the unsubscribe link in the newsletter or requests removal by email or post. After unsubscribing, the Data Controller will not send further newsletters or offers to the User. The User can unsubscribe from the newsletter at any time, without limitation or justification, free of charge.
Legal basis: User’s voluntary consent pursuant to Article 6(a) of the Regulation.
Source of data: Directly collected from the User.
Possible consequence of not providing data: The User will not receive newsletters from the Data Controller and will not have access to the information, discounted offers, or promotions included in them.
Purpose of data processing: The Data Controller sends direct marketing newsletters to the User using direct contact methods. The Data Controller uses the personal data provided by the User to send information, offers, or request feedback regarding similar or identical services previously used by the User. Sending e-DM occurs only when there is a relevant and appropriate relationship between the User and the Data Controller, e.g., if the User is a client of the Data Controller. The User may object to direct marketing at any time, in which case the Data Controller will no longer use the User’s data for this purpose.
Duration of data processing: The Data Controller will use the personal data for sending direct marketing newsletters until the User objects.
Legal basis: The Data Controller’s legitimate interest under Article 6(1)(f) of the Regulation.
Source of data: Directly collected from the User.
Possible consequence of not providing data: If the User unsubscribes or objects to data processing, they will no longer receive direct marketing newsletters from the Data Controller.
Due to legitimate interest as the legal basis, the Data Controller conducted a balancing test, the result of which – available from the Data Controller – concluded that the Data Controller's legitimate interest proportionately limits the interests of the data subjects. Processing the personal data of the data subjects is essential for sending general marketing messages, promotional offers, and information, as well as ensuring the related rights of the Users. There are no alternative data processing solutions that would achieve this with less personal data or by using other methods.
Considering that the Data Controller sends marketing messages to Users who have contracted with it (through the website or otherwise), these Users, as the Data Controller's clients, can reasonably expect to receive marketing messages, promotional offers, and information – in accordance with GDPR Recital 47, which states that processing personal data for direct marketing purposes is based on legitimate interest.
The Data Controller and the employees of the Data Controller's Data Processor may access personal data in order to perform their duties.
The Data Controller only shares personal data it processes with other entities or state authorities in a manner and for purposes defined by law.
The Data Controller informs the User that courts, prosecutors, investigative authorities, administrative authorities, the National Authority for Data Protection and Freedom of Information, or other bodies authorized by law may contact the Data Controller to request information, data disclosure, or access to documents.
The Data Controller only discloses personal data to the authorities to the extent and in the amount necessary to achieve the purpose of the request, provided the authority specifies the exact purpose and scope of the data.
If the User chooses to pay by credit card, they are redirected from the Website to the SimplePay payment system operated by OTP Mobil Kft.
The Data Controller forwards the following data to OTP Mobil Kft. as Data Controller: the amount to be paid.
OTP Mobil Kft. does not forward to the Data Controller any personal data provided by the User or required for the credit card payment. The Data Controller is only informed about the completion or failure of the payment transaction. OTP Mobil Kft. is considered a data processor only for the data provided by the Data Controller. For data entered on the payment page, OTP Mobil Kft. acts as the Data Controller, since the Data Controller does not receive this data in any form.
Purpose of data transfer: to process the credit card payment, inform the User by email about the success or failure of the transaction, and perform fraud monitoring to protect the User (a system supporting the control of electronically initiated banking transactions and detecting fraud).
Legal basis of the transfer: User's voluntary consent under Article 6(1)(a) of the Regulation, considering that online payment is only possible if the User voluntarily provides their data.
Data transfer occurs during invoicing using the invoicing software (szamlazz.hu) to KBOSS.hu Commercial and Service Limited Liability Company (KBOSS.hu Kft.), when the Data Controller automatically sends the invoice for the purchase electronically (by email) from the szamlazz.hu system.
Data provided in the invoicing software: Name, address, and for companies, tax number.
Purpose of data transfer: Issuing an invoice.
Legal basis of data transfer: Based on Article 6(1)(c) of the Regulation, fulfilling a legal obligation.
The Data Controller takes all necessary measures to ensure data security and protects the data at an adequate level, particularly against unauthorized access, alteration, transfer, disclosure, deletion, or destruction, as well as accidental destruction or damage. The Data Controller ensures data security through appropriate technical and organizational measures.
The IT system of the Website is hosted on the servers of the Data Processor (WIX.com Ltd.).
When processing personal data, the Data Controller selects and operates the IT tools used in the provision of the service in a way that ensures that the processed data:
In the course of its activities, the Data Controller may engage data processors in certain cases. Data processors record, manage, and process the personal data transferred to them by the Data Controller in accordance with the Regulation and provide a declaration to the Data Controller regarding this. The data processor is only authorized to execute the instructions and decisions of the Data Controller.
The Data Controller transfers the necessary data based on data processing agreements, following the specified procedures. The Data Controller's data processors have operational locations in Hungary.
| Name of Data Processor | Data Processor’s Information | Activity of Data Processor |
|---|---|---|
| Kboss Kft. | Address: 1031 Budapest, Záhony utca 7/D. Email: info@szamlazz.hu Tel: +36-30-35-44-789 Web: www.szamlazz.hu | Operator of the Szamlazz.hu invoicing program |
| Showtrade Kft. | Address: 2310 Szigetszentmiklós, Dózsa György köz 3. | Software operation services, ticket sales platform |
| NU Web System Ltd. | Enterprise house, Lloyd Street North, Manchester, Science Park, Manchester, M15 6SE, United Kingdom | Software operation services |
| Amazon Web Services EMEA SARL | 38 Avenue John F. Kennedy, L1855, Luxemburg | Database management services |
| OTP Mobil Kft. | Address: 1143 Budapest, Hungária krt. 17-19. Email: informacio@otpbank.hu Web: https://otpmobil.hu/ | Operator of the SimplePay payment system |
| Google Tag Manager (Googleplex) | 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA | Website tracking system |
| T-Soft | 4032 Debrecen, Poroszlay út 6. | ERP system |
| Adroit Group Kft. | 2000 Szentendre, Kőzúzó utca 2. a. ép. | Software development and IT consulting services |
| Data Talks AB. | Kungsbroplan 3A, 112 27 Stockholm, Sweden | Data analysis |
The User may request information from the Data Controller in writing through the contact details provided above, so that the Data Controller informs them:
The Data Controller must also inform the User about when, to whom, and on what legal basis access was granted to their personal data or to whom the data were transferred.
The Data Controller provides the requested information in a widely used electronic format unless the User specifically requests it in writing in a paper format. The Data Controller does not provide verbal information via telephone.
The first copy of the personal data (which can be collected in person at customer service) is provided free of charge. For any additional copies requested, the Data Controller may charge a reasonable fee based on administrative costs. If the User requests the data electronically, the Data Controller provides them via email in a widely used electronic format.
Following the provided information, if the User disagrees with the data processing or the accuracy of the processed data, they may request the correction, supplementation, deletion, restriction of processing, or object to the processing of their personal data as specified in Section IV. The User may also initiate the procedures described in Section IV.
Upon the User’s written request, the Data Controller will correct any inaccurate personal data without undue delay or supplement incomplete data with the content specified by the User.
The Data Controller informs any recipients to whom the personal data have been disclosed about the correction or supplementation unless this is impossible or requires disproportionate effort. The User may request information about these recipients in writing.
The User may request the Data Controller to restrict the processing of their data by written request if
During the restriction, the User’s personal data may only be processed, except for storage, with the User’s consent, for asserting, exercising, or defending legal claims, for protecting the rights of another natural or legal person, or for important public interest of the Union or a Member State. The Data Controller informs the User in advance when the restriction of processing is lifted.
At the User’s request, the Data Controller shall delete the personal data concerning the User without undue delay if any of the specified grounds apply:
The User may not exercise the right to erasure if the data processing is necessary
If the data processing is necessary for the performance of a contract, or if the data processing is based on the User’s voluntary consent, the User has the right to request that the data provided to the Data Controller be received in a machine-readable format. If technically feasible, they may request that the data be transmitted to another data controller. In all cases, the right is limited to the data provided by the User; other data cannot be transferred (e.g., statistics, etc.).
The User may access the personal data concerning them found in the Data Controller’s system (e.g., during newsletter subscription):
The Data Controller fulfills a data portability request only based on a written request submitted by email or postal mail. To process the request, the Data Controller must verify that the User is indeed entitled to exercise this right.
Under this right, the User may request the portability of data they have provided to the Data Controller themselves.
Exercising this right does not automatically delete the data from the Data Controller’s systems; therefore, the data remains in the Data Controller’s records even after exercising this right, unless the User also requests the deletion of their data.
The User may object to the processing of their personal data by submitting a declaration to the Data Controller if the legal basis for the processing is
When exercising the right to object, the Data Controller may no longer process the personal data, except if it demonstrates that the processing is justified by compelling legitimate reasons that override the interests, rights, and freedoms of the User, or that relate to the establishment, exercise, or defense of legal claims.
The Data Controller decides whether the processing is justified by compelling legitimate reasons and informs the User of its position in a statement.
The User may object in writing (by email or postal mail) or, in the case of newsletters, by clicking the unsubscribe link included in the newsletter.
Within five years after the death of the User, the rights that belonged to the deceased during their lifetime, such as access, rectification, deletion, restriction of processing, data portability, and objection, may be exercised by a person authorized in an official declaration or in a public document or private document with full probative value made by the deceased to the Data Controller.
If the deceased made multiple such declarations to the Data Controller, the person named in the most recent declaration shall exercise these rights.
If the deceased made no such declaration, the rights that belonged to the deceased during their lifetime may be exercised within five years after death by the deceased’s closest relative under the Civil Code. If multiple close relatives wish to exercise these rights, the first relative to do so shall have priority.
Close relatives under the Civil Code include: spouse, direct-line descendants, adopted children, stepchildren, foster children, adoptive parents, stepparents, foster parents, and siblings.
The deceased’s close relative must verify: - the fact and date of the deceased’s death with a death certificate or court decision, and - their own identity, and if necessary, their status as a close relative, with an official document.
The person exercising the rights of the deceased is entitled to the rights and subject to the obligations of the deceased under the GDPR and relevant legislation during the exercise of these rights, including proceedings before the Data Controller, the National Authority for Data Protection and Freedom of Information, and the courts.
Upon written request, the Data Controller is obliged to inform the close relative about the measures taken, except if the deceased explicitly prohibited this in their declaration.
The Data Controller shall inform the User of the measures taken without undue delay, and in any case within one month of receiving the request. If necessary, taking into account the complexity of the request and the number of requests, this period may be extended by an additional two months. In this case, the Data Controller shall inform the User within one month of receiving the request of the reasons for the delay and that the User may lodge a complaint with the supervisory authority and exercise their right to judicial remedy.
If the User’s request is manifestly unfounded or excessive (particularly with regard to repetitive character), the Data Controller may charge a reasonable fee for complying with the request or may refuse to act on the request. The burden of proof lies with the Data Controller.
If the User submitted the request electronically, the Data Controller shall provide the information electronically, unless the User requests otherwise.
The Data Controller shall inform all recipients with whom or which the personal data has been shared of any rectification, deletion, or restriction of processing carried out, except where this proves impossible or involves disproportionate effort. At the User’s request, the Data Controller shall inform them of these recipients.
Any person who has suffered material or non-material damage as a result of a violation of the Regulation is entitled to compensation from the Data Controller or the data processor for the damage suffered.
The data processor is only liable for damage caused by data processing if it failed to comply with the obligations specifically imposed on data processors by law, or if it disregarded or acted contrary to the lawful instructions of the Data Controller.
The Data Controller or the data processor is exempt from liability if it proves that it bears no responsibility for the event that caused the damage.
The User may exercise their rights by submitting a written request via email or postal mail.
The User cannot enforce their rights if the Data Controller proves that it is not in a position to identify the User.
If the User’s request is manifestly unfounded or excessive (particularly with regard to repetitive character), the Data Controller may charge a reasonable fee for complying with the request or may refuse to act on the request. The burden of proof lies with the Data Controller.
If the Data Controller has doubts about the identity of the natural person submitting the request, it may request additional information necessary to verify the identity of the requester.
Under the Info.tv., the Regulation, and the Civil Code, the User may - turn to the National Authority for Data Protection and Freedom of Information (1055 Budapest, Falk Miksa utca 9-11.; www.naih.hu) or - enforce their rights before a court. The lawsuit may, at the User’s choice, also be initiated before the court having jurisdiction over the User’s place of residence (a list of courts and their contact details can be accessed via the link below:)
http://birosag.hu/torvenyszekek)A data protection incident is a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access to transmitted, stored, or otherwise processed personal data.
The Data Controller maintains a record of measures related to the data protection incident for the purposes of monitoring actions, notifying the supervisory authority, and informing the User. The record includes the scope of personal data affected, the number and identity of data subjects, the date, circumstances, and effects of the incident, and measures taken to mitigate it.
In the event of an incident, the Data Controller shall notify the User and the supervisory authority without undue delay, and at the latest within 72 hours, unless the incident poses no risk to the rights and freedoms of natural persons.
Within the scope of its IT security responsibilities, the Data Controller ensures measures that guarantee the possibility of restoring data, including regular backups and the separate, secure handling of copies (backup).
Accordingly, the Data Processor – to prevent the loss of electronically stored data – regularly creates backups of its database containing personal data, at intervals that vary depending on the system.
Backup deletion procedure: individual deletions are traceable in an anonymized record, and automatic deletions occur according to preset configurations.
Access to backups: access to backups is restricted and only persons with specific authorization can access them. Data can only be accessed after proper identification (at minimum, username and password).
The Data Controller reserves the right to unilaterally modify this Privacy Policy with prior notice to Users through the website.
The modifications take effect on the date specified in the notification with respect to the User, unless the User objects to the modifications.
If the User provides third-party data during newsletter subscription or for other purposes, or causes any damage while using the website, the Data Controller is entitled to enforce compensation against the User.
The Data Controller does not verify the personal data provided to it. The person providing the data is solely responsible for its accuracy. By providing personal data, each User also undertakes responsibility that the provided data is accurate and that only they use the service with their personal data.
Effective date of this Data Processing Notice: February 10, 2025.
