Conditions of participation and information on data processin

1. Cookies

Parts of kiskiconcert.com (hereinafter "the website") use small data files (hereinafter "cookies") to help identify the website user. By visiting the website and using some of its functions, the data subject gives his or her consent to the storage of these cookies on his or her computer and to their access by the data controller.
The user of the website can set and block cookie-related activity through the browser program. Please note, however, that in the latter case, without the use of cookies, you may not be able to use all the services of the website.
As a technical intermediary, the data controller may ensure that third parties cooperating with the service provider, in particular Google Inc., store cookies when a website user visits the website, if the website user has previously visited the website of the data controller and may display an advertisement to the website user on this basis. 
Website users can also delete the cookie from their computer or set their browser to refuse the use of cookies. In addition, Google ensures that the user can disable the cookies placed by Google by going to the page where they can opt out of the ads displayed by Google (http://www.google.hu/policies/technologies/ads/). By disabling or deleting cookies, the use of the websites may become more inconvenient for the website user.

What are cookies and how do we handle them?
Cookies are small data files (hereinafter: cookies) that are transferred to the user's computer through the use of the website by the website and are saved and stored by the user's internet browser.
General tasks of the cookies:
• collect information about visitors and their devices;
• remember the visitors' individual preferences, which are used, for example, when making an online transaction, thus it is not necessary to re-enter them;
• make the website easier to use;
• provide a quality user experience.
In order to provide a personalised service, a small piece of data called a cookie is placed on the user's computer and read back during a subsequent visit. If the browser returns a previously saved cookie, the cookie management service provider has the possibility to link the user's current visit to previous visits, but only for its own content.
Most commonly used internet browsers (Chrome, Firefox, Edge, Explorer, Opera, Safari, etc.) accept and allow the download and use of cookies by default, but it is up to the user to modify the browser settings to refuse or block them, or to delete cookies already stored on the computer.
More information on the use of cookies is available in the "help" section of each browser.
Disable cookies for each browser:
• Chrome: https://support.google.com/accounts/answer/61416?hl=hu
• Firefox: https://support.mozilla.org/hu/kb/sutik-informacio-amelyet-weboldalak-tarolnak-szami?redirectlocale=hu&redirectslug=Cookies+handling
• Internet Explorer: https://support.microsoft.com/hu-hu/help/17442/windows-internet-explorer-delete-manage-cookies#ie=ie-11
• Safari: https://support.apple.com/kb/PH21411?viewlocale=en_US&locale=en_US
• Edge: https://support.microsoft.com/hu-hu/help/10607/microsoft-edge-view-delete- browser-history
• Opera: http://help.opera.com/Windows/10.20/hu/cookies.html

Terms of use:

The concert is organized by Király Gábor e.v. with the permission of the copyright owner: Gyermekétkeztetési Alapítvány (Children’s Nutrition Foundation) (H-1203 Budapest, Mária u. 3.) The owner of the domain is Gabor Kiraly Founder of the Children’s Nutrition Foundation.
Name of the concert: World premiere of KIRÁLY Gábor's Four Fantasies for Violin and Chamber Orchestra performed by KORCSOLÁN Orsolya violinist and the Anima Musicae Chamber Orchestra, conducted by Prof. SUGÁR Gergely Online broadcast access: https://www.kiskiconcert.com

The concert will be available for viewing on the above website for users (hereinafter referred to as "Visitors") who have registered on www.kiskiconcert.com and bought his/her ticket. The ticket will entitle the Visitor to a single online viewing of the concert within 30 days of buying the ticket with the option to view the video within 24 hours from the starting of the video.

Supporting the concert:

Visitors may pay for the tickets via the Barion payment gateway at kiskiconcert.com (https://www.barion.com/hu/jogi-informaciok/).

DATA PROCESSING RULES

1. Data of the controller

Name: Király Gábor e.v.
Registered office: H-1029 Budapest, Ördögárok u. 146.
Registration number: 57146122
Tax number: 58790920-1-42
Telephone: +361 2832510
E-mail address: gabor@kiskiconcert.com

Pursuant to Article 37 (1) of the GDPR, the Data Protection Officer of the website is:
Name: József Csaba FEKETE, Chairman of the Board of Trustees of the Children’s Nutrition Foundation.
Telephone: +361 2832510
E-mail address: data@kiskiconcert.com

2. The scope of data categories processed

2.1 The data controller processes the following personal data:

2.1.1. of Visitors
• personal identification data (name)
• contact data (telephone, e-mail address)
• banking data (account holding bank, bank account number)

2.1.2. of Promoters
• personal identification data (name)
• contact data of his/her social media sites inclusive the URLs of these sites
• contact data (telephone, e-mail address)
• banking data (account holding bank, bank account number)

3. The method of obtaining data

The personal data under clause 2.1. is obtained by us during the Visitor’s and Promoter’s registration on kiskiconcert.com

The Visitor and the Promoter shall provide the information specified in clause 2.1 during registration. In the absence of this information, data controller would not be able to accept the payment or provide the viewing of the concert and would not able to pay the commission for the Promoter.

4. Laws on data processing

• EU Regulation 2016/679 (General Data Protection Regulation GDPR)
• Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information
• Act V of 2013 on the Civil Code
• Act CLXXV of 2011 on the Right of Association, Public Benefit Status, and the Functioning and Support of Non-Governmental Organisations
• Government Decree 350/2011 (XII. 30.) on certain issues of NGO management, fundraising and public benefit status • Act LXXXI of 1996 on Corporate Tax and Dividend Tax
• Act C of 2000 on Accounting

5

. Legal basis and purpose of data processing

5.1 The primary legal basis for processing is the consent of the data subject [Article 6 (1) (a) of GDPR].

5.2 The purpose of the processing is the acceptance of the fee and the Visitor’s access to the concert, the enforcement of the rights and obligations arising from these legal relationships and the fulfilment of the legal obligations related to the legal relationship [Article 6 (1) (b) and (c), Article 9 (2) (h) of GDPR].
The purpose of data management is to enable the payment of the Promoter’s commission.

5.3 At the request of the Promoter, the data controller may notify the Visitor of subsequent concerts if the Visitor has given permission to do so.

5.4 Furthermore, the purpose of the processing is to pursue the legitimate interests of the data controller or of a third party [Article 6 (1) (f) of GDPR].

5.5 The purpose of data processing based on the consent of the Visitors is to pursue the legitimate interests of the data controller, namely: the successful implementation of broadcasting activity [Article 6 (1) (f) of GDPR].

5.6 The data controller does not use purely automated processing or individual measures for profiling purposes in order to make decisions.

In the case of processing for purposes other than the above, the data controller will inform the data subject in advance and, if necessary, obtain his or her consent to the processing.

6. Data retention period

The data controller will delete the processed personal data immediately when it is no longer needed for the purposes detailed in clause 5. However, after the fee has been paid, the data controller will continue to store the personal data that it is legally obliged to retain. This is usually due to statutory record-keeping and retention obligations and limitation periods. On this basis, the retention period for personal data can be up to 10 years. Furthermore, the data controller will retain personal data for as long as any claims against it may be asserted.

7. The place of data retention, security measures

The data controller retain electronic data on the servers and computers of the Children’s Nutrition Foundation at its registered office, and paper data in the archives at its registered office.

The IT systems used by the data controller to process personal data are chosen in such a way that they are accessible to authorised persons, their authenticity is ensured, the integrity of the personal data processed can be verified, the systems are protected against unauthorised access and the developer of the IT system certifies its compliance with the GDPR.

Paper-based data are stored in lockable cabinets/rooms.

8. Scope of persons authorised to access the data, data processing, data transfer

8.1 At the data controller and the Children’s Nutrition Foundation, access to the personal data of the natural person concerned is limited to those persons who, by virtue of their position, are responsible for facilitating the performance of the data controller’s and the Children’s Nutrition Foundation’s contractual and legal obligations, have agreed to confidentiality and have been duly informed of the provisions of the GDPR.

8.2 In addition, our Foundation – in order to fulfil its contractual and legal obligations – also uses third party service providers, who are also bound by confidentiality obligations and are also obliged to fully comply with the provisions of the GDPR. Service providers used by our Foundation:
• Google Analytics
• Barion Pixel
• Facebook pixel

8.3 In addition to the above, the data controller may also transfer the personal data processed to additional recipients if this is necessary to fulfil its contractual or legal obligations. These may include, for example:
• authorities, courts, prosecutors' office.

8.4 The data controller does not transfer personal data outside the European Economic Area.

9. Rights of the data subject

Right of access and information (Article 15 of GDPR)
The data subject may request information about the data processed by the data controller and/or the Foundation, in addition to the information contained in this notice.

Right to rectification (Article 16 of GDPR)
The data subject may request the data controller and/or the Foundation to rectify inaccurate personal data without delay.

Right to erasure, right to be forgotten (Article 17 of GDPR)
The data subject may request the erasure of his or her personal data if the personal data are no longer necessary for the purposes for which they were processed, if he or she has withdrawn his or her consent in the case of processing based on consent, or if his or her personal data are unlawfully processed by the data controller and/or the Foundation.

Right to restriction of processing (Article 18 of GDPR)
The data subject may request the restriction of processing in the event of inaccurate data until rectification, or in the event of unlawful processing, if he or she does not wish the data to be deleted or if the purpose of the processing has ceased but the data controller and/or the Foundation needs the data for the purpose of pursuing a claim or until the objection has been dealt with.

Right to data portability (Article 20 of GDPR)
The data subject is entitled to receive the personal data processed in a structured, commonly used, machine-readable format and to transmit them to a third party controller.

Right to objection (Article 21 of GDPR)
The data subject may object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data based on Article 6 (1) (e) or (f) of the GDPR, including profiling based on those provisions. In this case, the data controller and/or the Foundation may no longer process the personal data, unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

10. Legal remedies

The natural person concerned may lodge a complaint with the Chairman of the Foundation, the data protection supervisory authority (National Authority for Data Protection and Freedom of Information, naih.hu) or a court.