Privacy Policy – TicketNinja Visitors

Dear Customer,

by registering through the Ticketninja system, ticket purchases, signing up for the selected event, organizing the event and communicating via the Ticketninja system, our company handles personal information about you. Below, we would like to inform you about the most important information about how to manage your personal information and your rights. If you have any further questions about how to manage your personal information, please feel free to contact us at privacy@ticketninja.io or at our contact details below.

What is personal data?

Personal data is any data related to an identified or identifiable natural person (data subject). Thus, for example, your name, address, birth date, the content of any message sent to us, or your order information will be considered as personal data.

Who handles your personal data?

SZINTÉZIS-NET Szoftverfejlesztő és Szolgáltató Kft.
seat: 9024 Győr, Vasvári Pál út 1/C.
registry number: 08-09-011535
represented by: Farkas Paul Andor CEO
tel.: 96/550-521
privacy contact person: Pintér, Norbert
e-mail: privacy@szintezis-net.hu
(hereinafter: the Company)

What kinds of personal data is handled by the Company and for what purposes?

1. Registration

If you use the Ticketninja system for the first time, you must register as a user. For the user registration, the following data is required:
• name
• e-mail address
• billing information
• If you register with your existing social networking account (Google, Facebook, LinkedIn), your publicly available profile picture on the social networking site.
Entering the data required for registration is a necessary condition of using the service, so you are required to provide them. In the event of non-disclosure, the Company may refuse registration. The Ticketninja system will automatically send messages to the user (purchase confirmation, program login, payment order, etc.), these emails are part of the system and can not be blocked by the user. In these cases, the legal basis for data processing is the preparation of the contract between the controller and the concerned party, and the performance of the contract.

2. Participation in the event

If you sign up for a specific event through the Ticketninja system, you buy a ticket, sign up for the selected event and apply for optional programs within the event, the organizer of the event may request further information from you to participate. These data are not requested from you by the Company, but are stored in the system operated by the Company and are managed by the Company. The organizer of the event may deem the providing of some information mandatory in order to participate in each program.

3. Messages form the organizer of the event

The organizer of the event receives from the Ticketninja system the information and contact details of the users registered for the event. The organizer may send a message to the participants about the events related to the program, the activities of the participants and the status of their registration. The content of the messages sent in this way is not scrutinized by Szintézis-Net Kft., nonetheless the organizers must also observe the relevant data protection regulations. The purpose of sending organizer messages is to inform the participants about event information or feedback about participating in selected programs.

4. Invitation of a third person

The Ticketninja system allows a user to buy or book tickets for more than one person. In this case, the buyer invites the other persons involved to the system. The invited person receives an e-mail message about the invitation being sent to the e-mail address that the invitee entered in the system for that purpose. The invited person can sign up for the Ticketninja system by invitation, which is a condition of participation in the event. In addition to the first message about the invitation, the Company will not send any further messages to the invited person until he registers in the Ticketninja system. Personal information provided by the inviting party is deleted within 72 hours after the end of the event if the invited person hasn’t registered. The User sending the invitation is responsible for the legality and authenticity of the data being provided, and the authenticity of the given data is not verified by Szintézis-Net Kft.

5. Internal Business Purposes

Personal data may be used by Synthesis-Net Ltd. for internal business purposes, including the promotion of content and features of services, better understanding of users’ needs, development of services, protection against malicious activities and their identification, validation of Terms and Conditions, account support, customer support, and general support for services and Synthesis-Net business. In this case, the legal basis for data handling is the legitimate interest of Szintézis-Net Kft as a data controller.

6. Database construction

Szintézis-Net Ltd. stores the data of the users registered in the Ticketninja system (including mandatory data entered during the registration, the number of events visited by the user and the additional information requested by the organizers of each event) and organises them in a database. The purpose of creating a database is to define and organize the interests of users in order to send or forward information about events within their interest in the provision of a business-based service in the future. In this activity, Szintézis-Net Kft. neither transfers the database, nor any part of it, nor the data of the specific users to any third party and does not disclose it to the public. The construction of the database is based on the consent of the data subject.

7. Use for marketing purposes

If it is in accordance with the marketing preferences, Synthesis-Net Ltd. may use personal information for future contacting the user for the company’s marketing and advertising purposes, including information about the services and events that may be of interest to the user, promotional and marketing material preparation and transmission, and content and advertising of interest to the user during or outside the service. In this case, the legal basis for data handling is the consent of the party concerned.

To whom does Synthesis Ltd. transfer personal data?

In the case of forwarding your data, the Company has previously been assured that the recipient of the data transfer and the organization with access to data are established within the European Union and provides adequate guarantees that the processing of data by them is in conformity with the data protection regulations of Hungary and the European Union.

1. Organizer

When purchasing a ticket or registering, Synthesis-Net Ltd. transfers personal information to the event organizer.
The user acknowledges and agrees that the organizer may also transmit personal information to third parties involved in the creation of the event, including exhibitors, promotional activities or organization of other events. In this case, the organizer is responsible for the protection of personal data in accordance with its own privacy policy. Therefore, when registering for an event, the user may ask the organizer for information on whether his or her personal data is properly protected.

2. Online payment service providers

Szintézis-Net Kft., in the case of online payment, transfers the user’s personal data to the contracted service providers.
• szamlazz.hu: the data is forwarded to create and display the invoice. The following data are transmitted by the Company:
• billing name,
• billing address (country, city, street),
• tax number / EU tax number,
• contact email address and name,
• TicketNinja order identifier
• SimplePay: the purpose of data transfer is to allow online payment. Data transferred:
• contact email address and name,
• TicketNinja order identifier
• PayPal.com: The purpose of data transfer is to allow online payment. Data transferred:
• billing name,
• billing address (country, city, street),
• tax number / EU tax number,
• contact email address and name,
• TicketNinja order identifier
• SendGrid.com: The purpose of the data transmission is to send an e-mail. Transmitted data:
• Name,
• e-mail address
• OTP Mobil Ltd. (1093 Budapest, Közraktár u. 30-32.). The purpose of the data transfer is to provide customer support to users, transaction confirmation and fraud-monitoring to protect users. Data transferred:
• User,
• surname, first name,
• country,
• telephone number,
• e-mail address.

Using a Data Processor

Szintézis-Net Kft. Has the right to transfer personal data to its personal data processing partners to carry out certain business functions, including marketing, database management, back-up and disaster recovery, and contracted businesses providing e-mail services. These addressees are considered to be data processors under data protection law. The data processor only performs his / her duties on the instructions of the Company, and can not make any independent decisions regarding the management of your personal data. The Company has ascertained in advance that the data processor is established within the European Union and provides adequate guarantees that the data processing it manages is in compliance with the data protection laws of Hungary and the European Union. The data processor has provided the Company with the appropriate guarantees that it applies and maintains data security measures to ensure the confidentiality, integrity and availability of the personal data it manages.

Judicial and official inquiries

In addition to the aforementioned, the Company may only transmit your personal data to a court or other authority in cases set forth by law, upon an official request, or statutory requirements.

Data storage time

For the purpose of preventing future disputes or in the event of a dispute, in order for the Company to be able to prove the facts, the Company may retent personal data after the failure to conclude a contract, the performance of the contract or the termination of the contract, for five years after the failure of the contract or five years from the termination of the contract in accordance with the general rules of limitation of Act V of 2013. on the Civil Code of Hungary. The purpose of the data handling under this clause is to enable the Company to enforce or defend the rights and claims of the Company arising from the contract in the event of such legal claims and claims being filed.
The Company is required to store the personal data of your billing or ordering in accordance with the applicable accounting and tax laws.
The Company keeps personal information handled with your consent as long as it is required to accomplish the purpose of the data management or as long as you do not request the deletion of your personal information. Your account created by Ticketninja and its related data will be retained by Szintézis-Net Ltd. until your account is deleted or is requested to be deleted.

Data Security

Szintézis-Net Kft. handles the personal data personally or by contracted partners that have been transferred personal data in accordance with these Rules. Szintézis-Net Kft. will take all reasonable steps to protect the personal data received during the provision of the service in order to avoid loss, misuse, unauthorized use and access, disclosure, personal data modification and destruction. Users should keep in mind that no network, server, database, internet or e-mail connection can be completely free of any errors that may arise and should therefore pay particular attention to disclosing personal information.

Third Party Pages and Data

This privacy policy does not apply to personal data that the user has provided to other users or visitors through the use of the service, including information provided by the user to the organizers on the event side or publicly available on the service.
The provisions and procedures described in these regulations apply only to the services of Szintézis-Net Kft. The service may also include links to third party pages, but for the contents of these pages and third party policy and data protection provisions, Synthesis-Net Ltd. is not responsible.

Your privacy rights

1. Right of access by the data subject

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling.

2. Right to rectification

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

3. Right to erasure (‘right to be forgotten’)

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the data subject withdraws consent on which the processing is based on the data subject’s consent or the rightful purposes of the data handler, and where there is no other legal ground for the processing;
c) the data subject objects to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing
d) the personal data have been unlawfully processed;
e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

4. The personal data shall not be erased to the extent that processing is necessary:

a) for exercising the right of freedom of expression and information;
b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);
d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
e) for the establishment, exercise or defence of legal claims.

Please note that your application for cancellation must be submitted in writing (by mail or email) and must indicate which personal information is to be deleted and for what reasons.
If the Company upholds your Opinion relating to the deletion, the personal data processed will be deleted from all of your records and will inform you accordingly.

5. The right to object

You are entitled to object to the handling of your personal data and in such cases the Company may not process your personal data unless it can be demonstrated that
a) the data management is justified by compelling reasons of lawfulness on the part of the Company that have priority over your interests, rights and freedoms or
b) data management is related to the submission, validation or protection of the legal requirements of the Company.

6. Withdrawal of consent

If your data has been processed with your consent, you have the right to withdraw the consent at any time, but that does not affect the lawfulness of the data handling that has been effected prior to the withdrawal.

Enforcement of claims

In the event of violation of your personality rights, you may appeal to the Court of Justice.
At any time, you can ask for help from the National Privacy and Information Authority for privacy issues:
mail address: 1534 Budapest, Pf.: 834
address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Tel.: +36 (1) 391-1400
Fax: +36 (1) 391-1410
www: http://www.naih.hu
e-mail: ugyfelszolgalat@naih.hu

With respect to the enforcement of your rights, issues not resolved in these Rules are governed by the Act CXII of 2011 on Information Self-determination and Freedom of Information, as well as the European Parliament and Council Regulation (EU) No 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 (General Data Protection Regulation, GDPR). Synthesis-Net Ltd. reserves the right to change this Privacy Policy and Information Policy.