Privacy Policy

Fürdő Játékház Kft. collects and processes personal data in the course of operating the http//funcity.hu website ("Website"). By publishing this notice, the Operator aims to ensure that data subjects are fully informed about the purposes, methods, principles and security measures of data processing, in particular to enable them to make an informed choice about the use of the services available on the website and to give their consent to data processing. For the purposes described above, we provide the following information in accordance with our obligation under Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (hereinafter "Regulation").
(1) Definition of the Data Controller
The controller of the personal data specified below is Fürdő Játékház Kft. (Mailing address: Papp Simon sétány 6, Nagykanizsa 8800; company registration number: 20-09-076716, 27072785-2-20, e-mail: info@funcity.hu, phone number: +36 70/709-5000 - "Data Controller")
(2) Contact
The Data Controller does not have a Data Protection Officer. For data protection matters, you can contact Fürdő Játékház Kft. directly. (Mailing address: Papp Simon sétány 6, Nagykanizsa 8800; company registration number: 20-09-076716, 27072785-2-20, E-mail address: info@funcity.hu, telephone number: +36 70/709-5000).
(3) Principles kept in mind when processing personal data
The Controller processes personal data lawfully and fairly and in a transparent manner for the data subject ("lawfulness, fairness and transparency"). The Controller collects personal data only for specified, explicit and legitimate purposes and does not process them in a way incompatible with those purposes. Further processing for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes ("purpose limitation")is not considered incompatible with the original purpose in accordance with Article 89(1) of the Regulation. The Data Controller processes only the data that is strictly necessary for the purpose of the processing ("data economy"). The Data Controller shall endeavour to keep the personal data processed accurate and up to date and shall take all reasonable steps to promptly delete or rectify personal data that are inaccurate for the purposes for which they are processed ("accuracy"). The Controller shall process personal data in its possession only for the time necessary to fulfil the purpose of the processing ("limited storage") The Data Controller shall ensure the security of personal data, including the protection of personal data against unauthorised or unlawful processing, accidental loss, destruction or damage ("integrity and confidentiality"), by implementing appropriate technical and organisational measures for the processing of personal data. The Controller is responsible for compliance with the above and must be able to demonstrate such compliance ("accountability").
(4) General rules on data processing
1. The Controller processes personal data only in accordance with the rules laid down in the Regulation (Article 6(1) of the Regulation): a) where the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes (voluntary consent); b) where the processing is necessary for the performance of a contract to which the data subject is a party or for the performance of a task carried out at the request of the data subject prior to the conclusion of the contract (performance of the contract); c) where the processing is necessary for compliance with a legal obligation to which the Controller is subject (legal obligation); d) where the processing is necessary for the purposes of the legitimate interests pursued by the Controller or a third party (legitimate interest). 2. For processing based on voluntary consent, data subjects may withdraw their consent at any stage of the processing. 3. In cases where the processing of the personal data provided, including the transmission of the data, is required by law, the Data Controller shall also specifically inform the data subject thereof.
(5) Personal data processed by the Data Controller and definition of processing
Name of data processingNewsletter
Purpose of data processingRegularly informing the recipient (subscribed data subject) about the latest promotions, events and news of the Data Controller, essentially advertisments regularly.
Legal basis for data processingVoluntary consent /Art.6 (1) a) GDPR and Reklámtv. 6. § (1)/.
Scope of personal data(i) name - for identification purposes, (ii) e-mail address - for identification and newsletter purposes (iii) technical data: date of subscription and unsubscription - subsequent proof.
Special category of data-
Data storageWeb-server Kft., which provides hosting services on a contract basis. (Headquarters: Pásti u. 2. Debrecen 4025, 1. floor 5, e-mail: info@web-server.hu).
Adatkezelés időtartamaAktív (kiküldést lebonyolító) hírlevél adatbázisban: érintett leiratkozásáig, vagy ha Adatkezelő hozzájárulás-megerősítést kér, a megerősítés megadására nyitva álló határidő lejártával törlődnek az adatok.
Access to data(i) Rocket Science Group LLC. (https://www.mailchimp.com), as the data processor for the sending of newsletters and the automated management of unsubscriptions.
Adattovábbítás címzettjeiAlapvetően nem történik, kizárólag hatóság, bíróság számára történhet szükség esetén.
Description of the technical and organisational measures taken to ensure the security of data processing The following measures ensure the necessary and appropriate level of complex information security in terms of confidentiality, integrity and availability: The following measures ensure the necessary and appropriate level of complex information security in terms of confidentiality, integrity and availability: (i) complex administrative and technical safeguards (internal data protection policy, other mandatory policies including data management), (ii) the continuous tailoring of security measures on the basis of regular monitoring of data processing processes and continuous risk analysis, and a data processing contract with data processors providing appropriate guarantees, (iii) personal security measures, (iv) informing and educating those involved in data processing, raising awareness of the need for data protection.
Possible consequences of non-disclosureProviding this information is a prerequisite for sending newsletters, without it, sending is not possible.
Name of data processing3. Ticketing
Purpose of data processingArticle 6(1)(b) of the GDPR, which allows processing where processing is necessary for the performance of a contract to which the data subject is a party or is necessary for the purposes of taking steps at the request of the data subject prior to entering into a contract.
Who is affectedAny natural person who uses the ticketing service available on the Data Controller's Website.
Name of data processingData processing in connection with the operation of the website
Purpose of data processingTo operate the Website and provide the services available on the Website to users.
Legal basis for data processingArticle 6(1)(f) GDPR: legitimate interest of the controller in the use of cookies and IP addresses.
Scope of personal data(i) IP ID, (ii) Cookie IDs: - Mobile Advertising ID - a technical identifier in a Mobile Application Environment, e.g. on smartphone operating systems, - other data collected on users' interaction with advertising and digital platforms (websites, mobile applications): the type of browser used by the user and its settings; information about the operating system of the user's device; cookie identifiers and other identifiers specified for the device; IP addresses; information about the user's interaction and activity with websites and mobile applications, including the time of interaction or activity, the specific web address and search terms entered in the search engine; information about the approximate geographic location (city, region, postal code) of the device when accessing the website or mobile application, derived from the decomposed IP address information or GPS data.
Special category of data-
Data storageWeb-server Kft., which provides hosting services on a contract basis. (Headquarters: 2. Pásti u. Debrecen 4025, 1. floor 5, e-mail: info@web-server.hu).
Duration of data processingFor cookies and IP identifiers, as set out in the cookie notice, and for registration-related data, until the registration is deleted, but no longer than 18 months after the last activity - see the cookie notice for details.
Access to dataEmployees involved in the operation of the Website.
Recipients of data transfersThe data processor involved in the operation of the Website - Web-server Kft. (Headquarters: Pásti u. 2. Debrecen 4025, 1. floor 5, e-mail: info@web-server.hu) as a hosting provider.
Description of the technical and organisational measures taken to ensure the security of data processing The following measures ensure the necessary and appropriate level of complex information security in terms of confidentiality, integrity and availability: The following measures ensure the necessary and appropriate level of complex information security in terms of confidentiality, integrity and availability: (i) complex administrative and technical protection measures (internal data protection rules, other mandatory rules that also affect data management), (ii) the continuous tailoring of security measures on the basis of regular monitoring of data processing processes and continuous risk analysis, and a data processing contract with data processors providing appropriate guarantees, (iii) personal security measures, (iv) informing and educating data controllers, raising awareness of the need for data protection
Possible consequences of non-disclosureincomplete accessibility of the services of the Website, inaccuracy of analytical measurements.
(6) Detailed description of the technical and organisational measures taken to ensure the security of the processing of personal data
Amennyiben Ön hozzájárul, úgy – a fenteken felül - az alábbi cookie-kat is kezeljük: 1. The Data Controller's computer systems and other data storage locations are located at its headquarters and its data processors. 2. The Data Controller shall select and operate the IT tools used to process personal data in the course of providing the service in such a way that the processed data is accessible to those authorised to access it (availability); its authenticity and authentication are ensured (authenticity of processing); its integrity can be verified (data integrity) and it is protected against unauthorised access (data confidentiality). 3. The Data Controller protects personal data by complex administrative and technical protection measures (IT security policy, internal data protection policy, other mandatory regulations concerning data management), in particular against unauthorised access, alteration, transmission, disclosure, deletion or destruction, accidental destruction, damage and inaccessibility due to changes in the technology used. 4. The Data Controller shall manage the data files managed electronically in its various registers in such a way that the data stored cannot be directly linked and attributed to the data subject, unless permitted by law. 5. The Data Controller shall ensure the security of data processing, taking into account the state of the technology, by technical, organisational and organisational measures to provide a level of protection appropriate to the risks associated with the processing, which ensures (i) confidentiality: (protects the information so that only those who are authorised to access it have access to it), (ii) integrity (protects the accuracy and completeness of the information and the method of processing), (iii) availability (ensures that when the authorised user needs it, he or she can actually access the information and the means to do so are available). 7. The Data Controller's IT system and network are protected against computer viruses, computer intrusions and other attacks. The operator shall ensure security through server-level and application-level protection procedures. The data processors undertake to comply with these technical conditions on an ongoing basis in the data processing contracts concluded with the Data Controller
(7) Rights of data subjects
1. The data subject may request information about the processing of his or her personal data, and may request the rectification, erasure or withdrawal of his or her personal data, except for mandatory processing, and exercise his or her right to data portability and objection in the manner indicated when the data were collected, or by contacting the Data Controller at the contact details provided in Chapters (1) and (2) of this Privacy Notice. A change in personal data or a request for the deletion of personal data may be communicated by means of a written statement in a private document with full probative value sent to the registered e-mail address or by post. Some personal data may also be changed by editing the page containing the personal profile. 2. Right to information: The Controller shall take appropriate measures to provide data subjects with all the information referred to in Articles 13 and 14 of the Regulation and each of the particulars referred to in Articles 15 to 22 and 34 concerning the processing of personal data in a concise, transparent, intelligible and easily accessible form, in clear and plain language. The right to obtain information may be exercised in writing to the contact details set out in Chapter I of this Privacy Notice or by writing to the Data Controller's manager. Upon request, the data subject may be provided with information orally, after proof of his or her identity. 3. The right of access of the data subject: The data subject shall have the right to obtain from the controller feedback as to whether or not his or her personal data are being processed and, if such processing is taking place, the right to access the personal data and the following information: (i) the purposes of the processing; (ii) the categories of personal data concerned; (iii) the recipients or categories of recipients to whom or which the personal data have been or will be disclosed, including in particular recipients in third countries or international organisations; (iv) the envisaged period of storage of the personal data; (v) the right to rectification, erasure or restriction of processing and the right to object; (vi) the right to lodge a complaint with a supervisory authority; (vii) information on the data sources; (viii) the fact of automated decision-making, including profiling, and clear information on the logic used and the significance of such processing and the likely consequences for the data subject. A request for information sent by e-mail shall be considered authentic by the Data Controller only if it is sent from the registered e-mail address of the user, unless the data subject identifies himself/herself in another credible way. The request for information must be sent by e-mail to the administrator. In the event of a transfer of personal data to a third country or an international organisation, the data subject is also entitled to be informed of the appropriate safeguards for the transfer. 4. The Data Controller shall provide the data subject with a copy of the personal data processed. For additional copies requested by the data subject, the Data Controller may charge a reasonable fee based on administrative costs. At the request of the data subject, the Data Controller shall provide the information in electronic form. The controller shall provide the information within a maximum of one month from the date of the request. 5. Right of rectification: The data subject may request the correction of inaccurate personal data concerning him or her processed by the Controller and the completion of incomplete data. If the personal data is not accurate and the accurate personal data is available to the Data Controller, the Data Controller shall correct the personal data. 6. Right to erasure: The data subject shall have the right, upon request and without undue delay, to obtain the erasure of personal data concerning him or her by the Data Controller on one of the following grounds: (i) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; (ii) the data subject withdraws the consent on which the processing was based and there is no other legal basis for the processing; (iii) the data subject objects to the processing and there is no overriding legitimate ground for the processing; (iv) the personal data have been unlawfully processed; (v) the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject; (vi) the personal data have been collected in connection with the provision of information society services. The erasure of data may not be initiated if the processing is necessary for one of the following reasons: to comply with an obligation under Union or Member State law that requires the processing of personal data applicable to the Controller, or to establish, exercise or defend a legal claim of the Controller. 7. Right to restriction of processing: At the request of the data subject, the Data Controller shall restrict processing if one of the following conditions is met: (i) the data subject contests the accuracy of the personal data, in which case the restriction shall be for a period of time which allows the accuracy of the personal data to be verified; (ii) the processing is unlawful and the data subject opposes the erasure of the data and requests instead that the use of the data be restricted; (iii) the Controller no longer needs the personal data for the purposes of the processing but the data subject requires them for the establishment, exercise or defence of legal claims; or (iv) the data subject has objected to the processing, in which case the restriction shall apply for a period of time until it is established whether the legitimate grounds of the Controller override the legitimate grounds of the data subject. Where processing is restricted, personal data, other than storage, may be processed only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person. The Controller shall inform the data subject in advance of the lifting of the restriction on processing. 8. Right to data transmission: The data subject shall have the right to receive personal data concerning him or her which he or she has provided to the Controller in a structured, commonly used, machine-readable format and to transmit such data to another controller. 9. Right to object: The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions. In the event of an objection, the Controller may no longer process the personal data, unless there are compelling legitimate grounds for doing so which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such purposes, including profiling, where it is related to direct marketing. In the event of an objection to the processing of personal data for direct marketing purposes, the data may not be processed for these purposes. 10. Right of withdrawal: The data subject has the right to withdraw his or her consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal. 11. The controller shall inform the data subject of the action taken on the request pursuant to Articles 15 to 22 of the Regulation without undue delay and in any event within one month of receipt of the request. 11.1. If necessary, taking into account the complexity of the application and the number of requests, this deadline may be further extended by two months. The Data Controller shall inform the data subject of the extension of the deadline within one month of receipt of the request, stating the reasons for the delay. If the data subject has made the request by electronic means, the information will be provided by electronic means unless the data subject requests otherwise. 11.2. If the controller does not take action on the data subject's request, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for the failure to act and of the possibility for the data subject to lodge a complaint with a supervisory authority and to exercise his or her right of judicial remedy. 11.3. The Company will provide the requested information free of charge. Where the data subject's request is manifestly unfounded or excessive, in particular because of its repetitive nature, the Data Controller may, taking into account the administrative costs of providing the information or information requested or of taking the action requested, charge a reasonable fee or refuse to act on the request. 11.4. The Company shall inform any recipient to whom or with whom the personal data have been disclosed of any rectification, erasure or restriction of processing that it has carried out, unless this proves impossible or involves a disproportionate effort. The Data Controller will inform the data subject of these recipients upon request. 11.5. The Company shall provide the data subject with a copy of the personal data processed. For additional copies requested by the data subject, the Company may charge a reasonable fee based on administrative costs. If the data subject has submitted the request by electronic means, the information will be provided in electronic format, unless the data subject requests otherwise. 12. Compensation and damages: Any person who has suffered pecuniary or non-pecuniary damage as a result of a breach of the Regulation shall be entitled to compensation from the Data Controller or the processor for the damage suffered. The processor shall be liable for damage caused by the processing only if it has failed to comply with the obligations expressly imposed on processors by law or if it has disregarded or acted contrary to lawful instructions from the Controller. Where more than one controller or more than one processor, or both controller and processor, are involved in the same processing and are liable for the damage caused by the processing, each controller or processor is jointly and severally liable for the total damage. The controller or processor shall be exempt from liability if he or she proves that he or she is not in any way responsible for the event giving rise to the damage.
(8) Enforcement options:
1. The data subject may address any questions or comments directly to the Data Controller using the contact details indicated in Chapter (2) of this Privacy Notice. 2. The right to take legal action: the data subject may take the Data Controller to court in the event of a breach of his or her rights. The court is acting out of turn in the case. 3. Data protection authority procedure: complaints can be lodged with the National Authority for Data Protection and Freedom of Information: National Authority for Data Protection and Freedom of Information Address: Falk Miksa utca 9-11, Budapest 1055 Mailing address: 1363 Budapest, PO. 9. Telephone: +36 (1) 391-1400 Fax: +36 (1) 391-1410 www: http://www.naih.hu e-mail: ugyfelszolgalat@naih.hu
Budapest, 1 April 2022
[name of controller: Fürdő Játékház Kft.]