Privacy Policy

TICAT Kft. (registered office and postal address: 1065 Budapest, Nagymező u 3.; company registration number: 01-09-410431; tax number: 32176548-2-42; email address: support@ticat.hu (“Service Provider”)) has established and operates an online ticket sales System on the website www.ticat.hu (“Website”), which provides the user with the ability to purchase tickets (“Ticket Sales”) for cultural events (“Event”) and access to the purchased tickets. The Events typically take place in Hungary, organized by natural persons or other legal entities undertaking the organization of the Event (“Event Organizer”). The tickets are sold partly by the Service Provider in its own name, while in other cases the Service Provider only provides the ticket sales platform, and the legal relationship is established between you and the Event Organizer during the ticket sales. During the purchasing process, you will receive appropriate information on whether the Service Provider or the Event Organizer is considered the seller of the ticket for the given Event (“Ticket Seller”).

Below, we would like to inform you about what data processing takes place when using the Website, for what purpose, on what legal basis, and for how long we process certain personal data of yours, as well as what legal remedies you are entitled to regarding data processing.

Information regarding the data processing of the Website is continuously available in the footer of the Website’s home page.

The Service Provider is entitled to unilaterally modify the Privacy Notice. In the event of a modification to the Privacy Notice, we will notify you by publishing it on the Website. By using the Website after the modification takes effect, you accept the modified Privacy Notice.

Incapacitated persons and minors under 16 with limited legal capacity may not use the services through the Website.

It is up to you whether you provide, and which personal data you provide – this is not mandatory. However, the provision of personal data is essential for the success of the services we provide, and during the use of the ticket sales service, it is a condition for the conclusion and performance of the contract, as detailed below.

I. Definitions

Data Controller: the legal entity that determines the purposes and means of the processing of personal data independently or together with others;

Ticket Seller as Data Controller:

(i) If during the Ticket Purchase process you do not receive information that your legal relationship is being established with the Event Organizer, the Service Provider shall be considered the Ticket Seller, and thus the Data Controller for the purposes of this Privacy Notice.
If the Ticket Seller is the Event Organizer, the data concerning the Event Organizer will be communicated to you during the Ticket Purchase process, and in this case, the Event Organizer shall be considered the Data Controller, while the Service Provider acts as a Data Processor in such cases.

(ii) We further inform you that in the event you create a User Account or register for a newsletter on the Website independently of a Ticket Purchase, the Service Provider shall be considered the Data Controller regarding these data. Conversely, if you create a User Account or register for a newsletter together with a Ticket Purchase, the respective Event Organizer shall be considered the Data Controller and the Service Provider acts as a Data Processor in such cases.

Service Provider Name and Contact Details:

1. Service Provider Details:

TICAT Kft. (registered office and postal address: 1065 Budapest, Nagymező u 3.; company registration number: 01-09-410431; tax number: 32176548-2-42)

Website: www.ticat.hu

Data Protection Officer: Péter Dankházi

Email address: dankhazi.peter@ticat.hu

2. Event Organizer as Data Controller: If the Event Organizer is the data controller, we will explicitly inform you of this fact and the data processing rules applied by the Event Organizer during purchase, User Account creation, or newsletter subscription – if they differ from this notice.

personal data: any information relating to an identified or identifiable natural person (“data subject”);
identifiable is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;

special data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic and biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person's sex life or sexual orientation;

data processing: any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction;

profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements;

data processor: a legal person that processes personal data on behalf of the data controller.

GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

II. Specific Data Processing Operations

1. Registration on the Website

To use the ticket sales service on the Website, it is possible to register, i.e., create a user account (“User Account”). The following data are required during registration:

SCOPE OF PROCESSED DATA: Your name, email address, billing information: billing name, country, zip code, city, street, house number, password provided during registration.

PURPOSE OF DATA PROCESSING: Creation of a personalized User Account, through which the convenience services provided by the Data Controller can be used (e.g., one-time provision of billing address, storage of tickets, recommendations, modifying newsletter subscription, etc.).

LEGAL BASIS OF DATA PROCESSING: Your consent pursuant to Article 6(1)(a) of the GDPR.

DURATION OF DATA STORAGE: The Data Controller processes the provided data until you delete your User Account.

Persons entitled to access the data: The Data Controller’s colleagues involved in marketing, ticket sales, and billing.

Data Processor: WD Innovation Kft. involved in the operation of the Website (registered office: 1037 Budapest, Testvérhegyi lejtő 8/A; company registration number: 01-09-908813; tax number: 14546969-2-41).

2. Ticket Sales Service

Through the Website, you have the opportunity to buy tickets sold by the Ticket Seller (“Ticket Purchase”). During the Ticket Purchase, the Ticket Seller indicated during the purchase, acting as a data controller, processes the following personal data.

SCOPE OF PROCESSED DATA: Your name, email address, address, encrypted (non-decryptable) password, transaction number, transaction date / Surname and first name, billing address provided for issuing the invoice, transaction number, date and time, content of the receipt, tax number in case of a VAT invoice (if provided by you).

PURPOSE OF DATA PROCESSING: Providing ticket sales services, fulfillment of orders, conducting the purchase and related payment using a payment service provider, documenting the payment, and sending notifications related to the ordered service (e.g., performance change, time change, etc.) / Issuing the accounting document belonging to the purchase transactions and preserving it for the period specified in the legislation.

LEGAL BASIS OF DATA PROCESSING: The legal basis for data processing is the performance of the contract, GDPR Article 6(1)(b), and the Data Controller’s legitimate interest in enforcing its claims arising from the contract, GDPR Article 6(1)(f). / Fulfillment of the Data Controller’s legal obligation, GDPR Article 6(1)(c). (Accounting Act)

DURATION OF DATA STORAGE: 5 (five) years from the purchase. / 8 years, or the duration determined in the currently effective tax and accounting legislation.

Persons entitled to access the data: The Data Controller’s colleagues involved in marketing, ticket sales, and billing.

Data Processors: WD Innovation Kft. involved in the operation of the Website (registered office: 1037 Budapest, Testvérhegyi lejtő 8/A; company registration number: 01-09-908813; tax number: 14546969-2-41).

The technical conditions for billing are provided by the following company: KBOSS.hu Kft. (1031 Budapest, Záhony utca 7/D., company registration number: 01-09-303201; tax number: 13421739-2-41)

The technical conditions for payment are provided by the following company: SimplePay Zrt. (1138 Budapest, Váci út 135–139. B. building, 5th floor; company registration number: 01-10-143303, tax number: 32835155-2-44)

3. Newsletter

During Ticket Purchase, registration, or on other occasions through the Website, you have the opportunity to subscribe to the newsletter.
If you subscribe to the newsletter, the Data Controller may send you a newsletter at a frequency of its own choosing so that you can be informed in a timely manner about all relevant information regarding the programs of the Service Provider and the Event Organizers.
We inform you that in certain cases, if the Service Provider is the Data Controller, the Service Provider will transfer your personal data recorded in connection with the newsletter subscription to the Event Organizer so that the Event Organizer can directly contact you with its own newsletter.
In such a case, you can explicitly select during subscription whether the data should be transferred to the Event Organizer. In such cases, we will inform you about the data processing principles applied by the Event Organizer.

SCOPE OF PROCESSED DATA: Your email address, name / User behavior (which newsletter you read and which links you clicked).

PURPOSE OF DATA PROCESSING: Sending email newsletters to interested parties / Creating statistics on the success of newsletters, personalizing the sending of newsletters.

LEGAL BASIS OF DATA PROCESSING: The legal basis for data processing is Article 6(1)(a) of the GDPR, the consent of the data subject.

DURATION OF DATA STORAGE: Until the withdrawal of your consent to the sending of newsletters.

It is possible to unsubscribe by clicking the unsubscribe link found in the newsletter.

Persons authorized to access the data: The Controller’s employees involved in marketing and ticket sales.

Data Processor: WD Innovation Kft., involved in the operation of the Website (registered office: 1037 Budapest, Testvérhegyi lejtő 8/A; company registration number: 01-09-908813; tax number: 14546969-2-41).

4. Other Data Processing related to the use of the Website

4.1. Data processing related to accessing the Website

SCOPE OF PROCESSED DATA:

- IP address of the device used when visiting the Website, operating system, name of internet service provider
- Date and time of using the Website,
- Name and URL of the queried/downloaded data file,
- The website / application from which the Website was accessed (referral URL),
- The browser used.

PURPOSE OF DATA PROCESSING: The Data Controller records and uses the log file thus recorded for quality assurance purposes, does not link it with other information, and does not use it to identify the data subject user.

LEGAL BASIS OF DATA PROCESSING: The legal basis for data processing is Article 6(1)(f) of the GDPR, the legitimate interest of the data controller.

DURATION OF DATA STORAGE: 30 days from the generation of the data.

Persons authorized to access the data: The Controller’s employees involved in administration.

III. Other Information

Regarding data processing not included in this notice, we will inform you at the time the data is collected.

We inform you that courts, the prosecutor's office, the investigating authority, the infringement authority, the administrative authority, the National Authority for Data Protection and Freedom of Information (NAIH), or other bodies based on legal authorization may contact the Data Controller to provide information, disclose data, transfer data, or provide documents. The Data Controller shall only release personal data to authorities – provided the authority has indicated the precise purpose and the scope of data – in an amount and to an extent that is absolutely necessary for the realization of the purpose of the request and which the Data Controller is legally obliged to provide.

The Data Controller does not verify the accuracy of the data you provide; you are responsible for their adequacy. Please handle the login details of the User Account with appropriate security and ensure that only you use them. In view of this responsibility, all liability related to logins made with a given email address lies solely with the user who registered that email address. If the user does not provide their own personal data, it is their duty to obtain the consent of the data subject. The Data Controller does not request the provision of, and thus explicitly does not process, data that qualifies as special data of the user under the relevant legislation on the Website. If the Data Controller becomes aware that the user has uploaded special data to their User Account, the User Account will be deleted immediately.

Persons entitled to access personal data are employees in an employment relationship or a contractual relationship with the Data Controller, as well as the Data Processors named in the individual data processing operations. Please note that if the Event Organizer acts as the Data Controller, the Service Provider, as a data processor, is entitled to access personal data to the extent necessary for the provision of the service.

Please note that the services placed on the Website may contain numerous links that redirect you to websites operated by third parties other than the Website. After the redirection, the Data Controller assumes no responsibility for the data processing activities carried out on those websites.

I have translated the legal text into English, ensuring that legal references and terminology remain consistent and accurate according to GDPR standards.

IV. Data Subject Rights Regarding the Present Data Processing

1.1. Right of Access

Pursuant to Article 15 of the GDPR, you are entitled at any time to request information regarding whether and how your personal data is being processed by the Data Controller, including the purposes of the processing, the recipients to whom your data has been disclosed, or the source from which the Data Controller received the data, the duration of retention, any of your rights related to the processing, and, in the case of transfer to a third country or international organization, information regarding the safeguards related thereto.

In exercising the right of access, you are also entitled to request a copy of the data as follows:

The right to receive a copy shall not adversely affect the rights and freedoms of others.
If your request is excessive or clearly unfounded, the Data Controller may charge a reasonable fee pursuant to Article 12(5)(a) of the GDPR or refuse to act on the request pursuant to Article 12(5)(b) of the GDPR.

1.2. Right to Rectification

Pursuant to Article 16 of the GDPR, the Data Controller shall, at your request, rectify or supplement personal data concerning you.

1.3. Right to Erasure ("Right to be Forgotten")

Under Article 17 of the GDPR, if you request the erasure of your personal data, the Data Controller shall erase it without undue delay:

If it is no longer necessary for the purpose for which it was originally stored, or the processing is unlawful;
If you withdraw your consent and there is no other legal basis for the processing.
Data cannot be erased if the processing is necessary:

a) for exercising the right of freedom of expression and information;

b) for compliance with a legal obligation under Union or Member State law to which the controller is subject;

c) for the establishment, exercise, or defense of legal claims.

1.4. Right to Restriction of Processing

You may request the restriction of the processing of your personal data pursuant to Article 18 of the GDPR in the following cases:

The processing is unlawful, but you oppose the erasure of the data and request the restriction of their use instead;
The Data Controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise, or defense of legal claims.

1.5. Right to Data Portability

Pursuant to Article 20 of the GDPR, you are entitled to receive the personal data concerning you, which you have provided to the Data Controllers, and you also have the right to have these data transmitted directly by the Data Controllers to another controller, provided that the legal basis for the processing is your consent.

1.6. Right to Object

Pursuant to Article 21 of the GDPR, if the legal basis for the processing of your data is the legitimate interest of the Data Controllers or a third party (Article 6(1)(f) of the GDPR), you are entitled to object to the processing. The Data Controllers are not obliged to uphold the objection if they demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or if the processing is related to the establishment, exercise, or defense of legal claims by the Data Controllers.

1.7. Right to Lodge a Complaint, Right to a Judicial Remedy

If you consider that the processing of your personal data by the Data Controller infringes the provisions of the data protection laws in force at any time, in particular the GDPR, you have the right to lodge a complaint with the competent data protection supervisory authority. In Hungary, a complaint can be filed with the Nemzeti Adatvédelmi és Információszabadság Hatóság ("NAIH"). Contact details for NAIH:

Website: http://naih.hu/

Postal address: 1363 Budapest, Pf.: 9.

Address: 1055 Budapest, Falk Miksa utca 9-11.

Phone: +36 (1) 391-1400

Fax: +36 (1) 391-1410

Email: ugyfelszolgalat@naih.hu

Furthermore, according to the rules of the GDPR and the Info tv., you may apply to a court. Your detailed rights and remedies are contained in Chapters III and VIII of the GDPR and the provisions of Section 23 of the Info tv.

1.8. Responding to the Data Subject's Request

If you wish to exercise any of your rights or if you have any questions or comments, please contact the Data Controller at the contact details indicated in Section I of this Notice!

The Data Controller shall ensure that if you exercise any of your rights in connection with the present data processing and contact the Data Controller in this regard, the Data Controller shall respond to such requests without undue delay, but no later than within 30 days, and shall take the necessary measures at the other controller(s) to ensure the proper enforcement of data subject rights if the data processing is carried out jointly with another organization.