PRIVACY POLICY

Margaret Island Theatre Nonprofit Co.– hereinafter referred to as the “Theatre” – hereby fulfills its prior information obligation regarding the processing of personal data, as required by REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. Accordingly, all information pursuant to the relevant provisions of the Regulation is provided in a concise, transparent, intelligible and easily accessible form, using clear and plain language for the data subjects concerned.

IDENTIFICATION OF THE DATA CONTROLLER

The Theatre informs the data subject that it qualifies as the data controller with regard to the processing of personal data.

COMPANY NAME: Margaret Island Theatre Nonprofit Co.
REGISTERED OFFICE: 1007 Budapest, Margitsziget Open-Air Stage and Water Tower, hrsz. 23800/3
TAX NUMBER: 27986712-2-41
REPRESENTATIVE: Bán Teodóra, Managing Director
WEBSITE: margitszigetiszinhaz.hu/en

Personal data may be accessed by employees of the Theatre who are authorized based on their access rights related to the specific purpose of processing, as well as by persons and organizations performing data processing activities under service contracts for the Theatre, within the scope defined by the Theatre and to the extent necessary for performing their duties.

IDENTIFICATION OF DATA PROCESSOR(S)

(1) In relation to personal data processed on the basis of voluntary consent, the Theatre engages an external data processor for the operation and maintenance of its website.

NAME: Tibor Bakonyi (Sole Proprietor)
REGISTERED ADDRESS: 1081 Budapest, Kiss József u. 9., Hungary
REGISTRATION NUMBER: 56249136
TAX NUMBER: 74488210-1-42
REPRESENTATIVE: Tibor Bakonyi
E-MAIL: bakonyiart@gmail.com

(2) The owner of the software used for the Theatre’s newsletter service processes and stores the database in accordance with legal requirements:

“personal data”: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
“processing”: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
“restriction of processing”: the marking of stored personal data with the aim of limiting their processing in the future;
“profiling”: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
“pseudonymisation”: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
“filing system”: any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;
“controller”: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
“processor”: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
“recipient”: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not;
“third party”: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
“consent of the data subject”: any freely given, specific, informed and unambiguous indication of the data subject’s wishes;
“personal data breach”: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data;
“enterprise”: a natural or legal person engaged in an economic activity.

LEGAL BASIS OF DATA PROCESSING
Consent of the data subject
(1) Processing of personal data is based on the data subject’s consent.
(2) Consent may be given in writing, electronically (e.g. ticking a checkbox), or through any clear affirmative action.
(3) Silence, pre-ticked boxes or inactivity do not constitute consent.
(4) Consent covers all processing activities carried out for the same purpose(s).
(5) Where processing has multiple purposes, consent must be given for all of them.
(6) The data subject may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

Performance of a contract
Processing is lawful if necessary for the performance of a contract or steps prior to entering into a contract.

Legal obligation or vital interests
Processing may be required by law or necessary to protect vital interests.

Legitimate interests
Processing may be based on legitimate interests provided they do not override the rights of the data subject.

RIGHTS OF THE DATA SUBJECT

The data subject has the right to:
be informed prior to processing,
access personal data,
request rectification or erasure,
request restriction,
data portability,
object to processing,
not be subject to automated decision-making,
lodge a complaint with a supervisory authority.

Supervisory authority:
Hungarian National Authority for Data Protection and Freedom of Information
Address: 1055 Budapest, Falk Miksa u. 9-11
Phone: +36 (1) 391-1400
Email: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ticket Office

Ticket Office

Programs archive