fbData Policy - eTheatre

Data Policy

Processing of Personal Data

The Foundation for the Hungarian Theatres (Alapítvány a Magyar Színházakért) (registered seat: 1055 Budapest, Kossuth Lajos tér 16-17. fszt./1/a., registration number: 01-01-0012303; registering authority: Regional Court of Budapest Capital (hereinafter referred to as "eSzínház", "us" or "we") is the data controller for personal data processed under this Data Policy and is as such responsible for ensuring that the processing is conducted in accordance with applicable legislation.

By purchasing a ticket or by registering and creating a user account, the user ("you" or “User”) acknowledges eSzínház's processing of your personal data in accordance with the provisions below.

You are kindly requested to read the User's Terms and Conditions available at eSzínház's website eszinhaz.hu prior to reading the present data policy ("Personal Data Policy”). Az eSzínház uses cookies under the Cookies Policy that is inseparable part of this Data Policy. The Cookies Policy is available on the website of eSzínház.

Summary

This is a summary of how we process your personal data. Information that is more detailed is set out after this summary.

The use of personal data is necessary for us to provide the Service to you. This means that you cannot object to us processing your personal data and in the meantime still require us to provide the Service. However, you are entitled to object to certain use of your personal data, for example if the relevant use is not required for us to be able to provide our Service to you, but only necessary. This right of yours is further explained below in point 8.

As a data subject, you also have a number of other rights to gain insight into and influence how eSzínház processes your personal data. These rights include a right to gain access to the personal data eSzínház stores about you, request that we correct any incorrect data and a right to lodge complaints with supervisory authorities if you have concerns with eSzínház's use of your personal data. These rights are further explained in point 8 of this Data Policy.

The personal data that we process consist of the information provided by you when purchasing a ticket or creating a user account with eSzínház. We also process personal data that you otherwise may provide when contacting eSzínház (such as when you send an e-mail to the customer service), and information provided by you when participating in a survey. The eSzínház will also analyze how you use the Service, for example which contents you watch, devices used to access the Service and locations from which the Service is used.

The purposes with our processing of personal data include the ability to deliver the Service to you through our different platforms and to fulfill our legal obligations. For example, we will;

1) Use your e-mail and password to make it possible for you to sign in to your user account (if you already created one) and use the streaming service provided by eSzínház;

 

3) Use your account identifiers, viewing history and device information to improve the quality and stability of our Service and to correct any errors, for example to minimize any interruptions and make the Service more accessible; and

4) Use your payment details and IP address to ensure that you are domiciled in a country where the Service is offered and allow you to use the Service in other countries in accordance with relevant laws.

Unless you inform us otherwise (opt out) when you sign up for the Service or anytime later, we will process account identifiers, viewing history and device information for profiling purposes. This means that we, based on your viewing history, device information and account identifiers will evaluate your preferences, and interests in different series and other content provided by us. eSzínház uses this data to provide you with customized information and news about contents and special offers to analyze how the Service can be improved and to identify the content preferences of the Users in order to tailor the content offered to the Users. If you do not want your personal data to be processed for purposes relating to direct marketing based on your profile you may contact us by email.

If, upon registration or later, you subscribed to a newsletter or any other marketing material, you can opt out from direct marketing by following the link at the bottom of a newsletter or any other marketing e-mail which you receive from eSzínház or by sending an e-mail to the e-mail address or a letter to the postal address indicated under point 1.

 

If you have any questions about how eSzínház uses and protects your personal data, you are always welcome to contact eSzínház's data protection officer.

Contact details to the responsible for data protection: info@eszinhaz.hu.

Below follows a more detailed description on how we use personal data.

1. What entity is responsible for the processing of your personal data?

eSzínház is the data controller for the personal data processed under this Data Policy.

Our contact details are:

Adress: 1055 Budapest, Kossuth Lajos tér 16-17. fszt./1/a.

E-mail: info@eszinhaz.hu

2. What is "personal data" and "processing of personal data"?

The term "personal data" as used in this Data Policy is any piece of information that, either on its own or together with any other pieces of information, can be used to identify a living individual, and any other data that qualifies as personal data in accordance with the law applicable to eSzínház, including the General Data Protection Regulation (the "GDPR").

This Data Policy covers all personal data that is in any form considered processed under applicable law in relation to you as a User, including personal data that is collected, kept, stored, transferred, disclosed or otherwise used by eSzínház.

3. What personal data is processed and for what purposes?

eSzínház will only collect and process the personal data about you as explained in this Data Policy and as further set out in the "Data Processing Table" in point 11.

4. How is your personal data protected?

eSzínház has implemented appropriate technical and organizational measures for the protection of your personal data to ensure that only authorized persons are given access to it. eSzínház uses technical security systems, such as firewalls, encryption technologies, passwords and anti-virus programs, to prevent and avoid unauthorized use of personal data.

5. For how long is my personal data stored?

eSzínház will not store or process your personal data for any longer time than what is necessary to fulfill the purposes for the processing set out in this Data Policy or according to any mandatory applicable law, as further specified in the "Data Processing Table" in point 11.

Thus, when the purpose has been fulfilled in relation to a specific type of personal data, eSzínház will delete or anonymize the relevant personal data as soon as reasonably possible. Please note that we may store your personal data for sending you newsletters and marketing by e-mail purposes for a period after you have terminated the Service, to the extent allowed under applicable legislation. This time period may vary depending on in what country you live. You can at any time opt out from such newsletter or other marketing by following the link at the bottom of a newsletter or any other marketing e-mail which you receive from eSzínház, or by sending an e-mail to the e-mail address or a letter to the postal address indicated under point 1.

6. With whom do we share personal data?

eSzínház Group Companies

Your personal data may be provided to other companies within the eSzínház group and to companies with which the eSzínház group cooperates as the provision of such data is necessary for the purposes of the interests of eSzínház and the eSzínház group, namely, the provision of their services in the highest possible quality, direct advertising or other advertising, via e-mail or another channel, of services and products of eSzínház, companies within the eSzínház group or other companies and for market surveys. In the course of the review of such operations, The aforementioned interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

Companies engaged by eSzínház

Your personal data will be transferred to and processed by third party providers and suppliers which perform services for eSzínház, to enable these companies to perform the services requested by eSzínház. Such companies will be located both within and outside the EU. Services which will be requested include the provision of infrastructure and IT services, the provision of customer services, the processing of market surveys, management of send-outs via e-mail, the performance of statistical analyses and profiling, and processing of credit card and debit card transactions.

Only personal data that is necessary to fulfill the purposes stated in the "Data Processing Table" in Section 11 will be provided to the companies engaged by us. All third party providers and suppliers must follow eSzínház's instructions and applicable written data processor agreements and any other agreements that are in place between eSzínház and its third party providers/suppliers, and must implement appropriate technical and organizational measures for the protection of the personal data.

Authorities

eSzínház may need to provide personal data to relevant authorities (e.g. tax authorities or the police) in accordance with mandatory law and in order to fulfill legal mandatory obligations in each jurisdiction where eSzínház has Users. In the event of data breaches, certain personal data may need to be provided to data protection authorities.

7. To what countries will your personal data be transferred?

Your personal data will be transferred to companies in other countries within the EU that we have engaged to, among other things, be able to provide our Service to you.

8. What are your rights as regards your personal data?

Right to access and rectification

You have the right to obtain information on what personal data eSzínház processes regarding you, the source of the data, for what purposes the data has been used, and the identity of parties to whom the data has been provided. You have also the right to, at any time, request a correction of any inaccurate or incomplete personal data. If a request is manifestly unfounded or excessive, in particular because of its repetitive character, eSzínház may charge a reasonable administrative fee or refuse to act on the request.

Right to erasure (‘right to be forgotten’)

You may request that your personal data be erased in specific circumstances if e.g. you have terminated the Service and (i) the personal data is no longer necessary in relation to the purposes for which is was collected and (ii) there is no lawful reason for continuation of processing, or the processing is unlawful or the personal data has to be erased to comply with a legal obligation in the European Union or Hungary to which eSzínház is subject. This list is not exhaustive. Please contact eSzínház to receive further information on erasure of your personal data.

Right to object

You are entitled to object to certain processing or request that the processing of the personal data is restricted if(i)the personal data may not be correct, or (ii) you consider the processing to be unlawful, or (iii) eSzínház is basing its processing on a legitimate interest or (iv) you believe that eSzínház does no longer need the personal data for the purposes as set out in the "Data Processing Table" in Section 12. However, even if you object to certain processing, eSzínház may still continue such processing if allowed or obligated to do so under applicable legislation, for example to be able to fulfill legal requirements or to fulfil contractual obligations in relation to you.

Right to withdraw consent

If you at any time have provided a consent to eSzínház for processing of personal data (e.g. in case of newsletter subscriptions), you can always withdraw such consent for any future processing that is reliant on such consent. Withdrawal of the consent does not affect the lawfulness of the consent-based data processing before the withdrawal.

Right to data portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine readable format. You may also ask us to transmit such data directly to another controller where technically feasible.

9. What should you do if you have any complaints?

If you have any complaints on how we use your personal data, or would like further information, we would ask you to first contact our responsible person for data protection. However, you can also always make a complaint about how we process your personal data with the relevant public supervisory authority, specifically the authority where you live, work or where the alleged infringement has occurred. Use the following link to locate the relevant supervisory authority in your country:http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

 

Contact details of the Hungarian supervisory authority:

 

Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)

e-mail: ugyfelszolgalat@naih.hu

website: www.naih.hu

telephone: +36 1 391 1400

address: H-1055 Budapest, Falk Miksa utca 9-11.

Without prejudice to your rights to make complaints, where you consider that your rights under this Data Policy have been infringed as a result of the processing of your personal data in non-compliance with the applicable laws, you may also bring proceedings before the competent courts, including the courts of the EU member state where you have your habitual residence.

In any event, it is advisable that, in order to resolve the issue more quickly and effectively, you send any complaints or enquiries to eSzínház first prior to addressing the authorities.

10. Updates

This Data Policy may be modified by eSzínház at any time. Should eSzínház wish to use personal data other than as stipulated in the Data Policy in force at the time of data collection, notice of any such modifications will be provided to Users in a visible manner (e.g. such notice may be sent to you via email).

11. Data Processing Table

The below Data Processing Table outlines the categories of personal data collected and processed by eSzínház in relation to its Users and the purposes for processing each category of data.

These terms are used in the table and may require an explanation:

Legal ground: According to applicable data protection legislation, Personal Data may only be processed if there is a legally valid ground to support the relevant processing. eSzínház bases its processing on the following legal grounds as set out in the table:

Consent: The processing of personal data is based on your informed consent, e.g. to send direct marketing related materials such as electronic newsletters and marketing surveys;

Performance of a contract: The processing of personal data is necessary for eSzínház to be able to perform the Agreement with a User, e.g. to enable the User to sign into its account, use the Service and receive help from eSzínház's customer service;

Legitimate interest: The processing is based on a legitimate interest that eSzínház has in the processing, e.g. to enable eSzínház to send non-marketing (research) churn surveys to Users. A requirement is that such a legitimate interest is not overridden by the interests, fundamental rights or freedoms of the Users and the Users have the right to object. In light of the limitations regarding data processing, the safeguards and the technical and organizational measures implemented by eSzínház, eSzínház has established that where the processing of your data is based on eSzínház’s legitimate interest, such interest is not overridden by your interests, fundamental rights or freedom relating to data protection. You may contact us at any time to request more information on how we have reached this conclusion for different types of processing;

Legal obligation: The processing is necessary for eSzínház to comply with legal obligations applicable to eSzínház, e.g. financial information that needs to be stored for bookkeeping purposes.

Retention time or criteria: In this column, eSzínház specifies how long the User's data will be stored.

 

Type and source of personal data

Purpose

Legal Ground

Retention time or criteria

Identification details including but not limited to

-        account ID;

-        first name;

-        last name; and

-        age rate.

Source: Directly from the User at sign-up or from eSzínház's partners.

 

To enable eSzínház to deliver the service to its Users, including enforcing applicable terms and conditions as well.

Performance of a contract (GDPR Point b) Article 6 (1))

During the term of the User's account.

If the User has not had a User account, then not later than the end of the given performance for which the Agreement had been concluded between the User and eSzínház.

To enable eSzínház to provide customer service to its Users upon request (e.g. if a User contacts eSzínház), including troubleshooting.

To enable eSzínház to prevent abuse and defend eSzínház from, fraudulent claims by Users in relation to payments.

Legitimate interest (GDPR Point f) Article 6 (1))

During the term of the User's account and until the end of limitation period, but not longer than 3 years after the termination of the User account.

If the User has not had a User account, then up to 12 months after the end of the given performance for which the Agreement had been concluded between the User and the eSzínház.

To enable eSzínház to comply with legal obligations applicable to eSzínház, including responding to requests from authorities to access personal data.

Legal obligation (GDPR Point c) Article 6 (1)

During the term of the User's account and until the end of limitation period but no longer than 3 years after the termination of the User account.

 If the User has not had a User account, then up to 12 months after the end of the given performance for which the Agreement had been concluded between the User and the eSzínház.

Contact information including but not limited to e-mail address, telephone number.

 

Source: Directly from the User at sign-up or contact with eSzínház's customer service.

To enable eSzínház to deliver the service to its Users, including enforcing applicable terms and conditions

Performance of a contract (GDPR Point b) Article 6 (1))

During the term of the User's account.

If the User has not had a User account, then up to 12 months after the end of the given performance for which the Agreement had been concluded between the User and the eSzínház.

 

To enable eSzínház, where applicable, to provide customer service to its Users upon request (e.g. if a User contacts eSzínház), including troubleshooting.

To be able to send the User relevant information in relation to the service/user account, e.g. welcome e-mail, service updates and similar.

To be able to comply with legal obligations applicable to eSzínház, including responding to requests from authorities to access personal data.

Legal obligation (GDPR Point c) Article 6 (1))

During the term of the User account and up to the end of limitation period but not longer than 3 years after the termination of the User account.

If the User has not had a User account, then up to 12 months after the end of the given performance for which the Agreement had been concluded between the User and the eSzínház.

To enable eSzínház to prevent abuse and defend eSzínház from, fraudulent claims by Users in relation to payments.

Legitimate interest (GDPR Point f) Article 6 (1))

During the term of the User account and until the end of limitation period but no longer than 3 years after the termination of the User account.

If the User has not had a User account, then up to 12 months after the end of the given performance for which the Agreement had been concluded between the User and the eSzínház.

To provide Users with marketing materials, e.g. newsletters and marketing surveys.

Consent (GDPR Point a) Article 6 (1))

Up to the withdrawal of consent, or until 3 years from the termination of the user account.

If the User has not had a User account, then up to the withdrawal of the consent but up until 3 years from the end of the given performance for which the Agreement had been concluded between the User and the eSzínház..

To be able to send Users non-marketing (research) surveys, which are voluntary to participate in.

Legitimate interest (GDPR Point f) Article 6 (1))

During the term of the User’s account, or until the User unsubscribed from such non-marketing (research) surveys.

Payment details

  • data verifying the success / rejection of payment

 Source: continually as payments are made, when payments occur and from the payment service provider.

To enable eSzínház to deliver the service to its Users.

Performance of a contract (GDPR Point b) Article 6 (1))

8 years following the payment transaction.

To enable eSzínház to provide customer service to its Users upon request (e.g. if a User contacts eSzínház), including troubleshooting.

To enable eSzínház to analyze how the services offered to its Users can be improved.

Legitimate interest (GDPR Point f) Article 6 (1))

To enable eSzínház to prevent abuse and defend eSzínház from, fraudulent claims by Users in relation to payments.

To be able to comply with legal obligations applicable to eSzínház, including bookkeeping and EU content portability regulations.

Legal obligation (GDPR Point c) Article 6 (1))

Digital information data - including but not limited to geo-location/IP address, device type, device name, device ID, country code, ISP information, operating system version, password.

 

Source: Collected based on the User's use of the Service.

To enable eSzínház to deliver the service to its Users, including enforcing applicable terms and conditions.

Performance of a contract (GDPR Point b) Article 6 (1))

Geo-location/IP address, country code, ISP information: during the term of the User's account.

If the User has not had a User account, then up to the end of the given performance, for which the Agreement had been concluded between the User and the eSzínház.

Device type, device name, device ID, operating system version, password event: during the term of the User's account or due to lack of User account, up to the end of the given performance, for which the Agreement had been concluded between the User and the eSzínház.

To optimize the delivery of the Service to each specific device used to access the Service.

To enable eSzínház to provide customer service to its Users upon request (e.g. if a User contacts eSzínház), including troubleshooting.

To be able to send the User relevant information in relation to the service/User account, e.g. service updates.

To enable eSzínház to improve its products and services offered to Users, including the security of eSzínház's systems and/or platforms.

Legitimate interest (GDPR Point f) Article 6 (1))

To enable eSzínház to prevent abuse and defend eSzínház from, fraudulent claims by Users in relation to payments.

To enable eSzínház to comply EU content portability requirements set out in the Portability Regulation.

Legal obligation (GDPR Point c) Article 6 (1))

Usage information - including but not limited to viewing history, log in or log out events, etc. and results of marketing tracking.

Source: Collected based on the User's use of the Service.

To enable eSzínház to deliver the service to its Users

Performance of a contract (GDPR Point b) Article 6 (1))

During the term of the User's account.

If the User has not had a User account, then up to the end of the given performance for which the Agreement had been concluded between the User and the eSzínház.

To enable eSzínház to provide customer service to its Users upon request (e.g. if a User contacts eSzínház), including troubleshooting.

To enable eSzínház to improve its products and services offered to its Users.

Legitimate interest (GDPR Point f) Article 6 (1))

During the term of the User account and up to 12 months after its termination, or if the User has not had a User account, then up to 12 months after the end of the given performance for which the Agreement had been concluded between the User and the eSzínház.

To enable eSzínház to track the direct marketing activities targeting the User.

Consent (GDPR Point a) Article 6 (1))

Up to the withdrawal of consent, but not later than 8 months after the last User activity.

 

Non-marketing Survey responses – i.e. User's responses to surveys that the eSzínház asks Users to participate in, which responses may include personal information.
 

Source: Directly from Users who choose to participate in surveys.

To enable eSzínház to improve its products and services offered to its Users.

Legitimate interest (GDPR Point f) Article 6 (1))

12 months following the completion of the survey.

Marketing Survey responses – i.e. User's responses to marketing surveys that the eSzínház asks Users to participate in, which responses may include personal information.

Source: Directly from Users who choose to participate in surveys.

To enable eSzínház to understand the user experience of prospective, current and past Users in order to offer or tailor its services.

Consent (GDPR Point a) Article 6 (1))

Until the withdrawal of the consent, but up to 12 months.

 

Other information provided to customer service– including but not limited to further information that the User may provide to eSzínház's customer service in order for eSzínház to help the User with the given matter.

Source: Directly from Users who contact eSzínház's customer service

To enable eSzínház to provide customer service to its Users upon request (e.g. if a User contacts eSzínház), including troubleshooting.

Performance of a contract (GDPR Point b) Article 6 (1))

During the term of the User account or if the User has not had a User account, then up to the end of the given performance for which the Agreement had been concluded between the User and the eSzínház.