1.1 IBUSZ Kft 1118 Budapest, Dayka Gábor utca 3. 01-09-266780), as controller, summarizes its data protection rules in this Privacy Policy.
1.2 IBUSZ Kft. reserves the right to unilaterally amend this Privacy Policy.
1.3 IBUSZ Kft. shall treat personal data confidentially and take all security, technical and organisational measures to ensure the security of the data.
1.4 Please note that the court, the prosecutor, the investigating authority, the law enforcement authority, the administrative authority, the data protection commissioner or other bodies authorised by law may request the controller to disclose, transfer or provide data and/or documents. IBUSZ Kft. will disclose personal data in response to such a request only if and to the extent strictly necessary for the purpose of the request, provided that the request is in compliance with the law.
1.5 IBUSZ Kft. shall process the personal data of customers in the context of the provision of travel agency services, to the extent and for the duration necessary for the conclusion of (e.g. request for proposal) and performance of contracts, for marketing purposes and for the enforcement of claims arising from contracts, and to the extent necessary for the performance of the relevant service, it shall transfer them to the partners providing the service(s) ordered by the customer via e-mail or through the IT systems used (its own and external systems: IBUSZ Kft’s own systems, office and B2B resellers’ systems, third party (global) booking systems (GDS), including to third countries where applicable.
1.6 IBUSZ Kft.'s data processing principles are in compliance with the applicable data protection legislation, in particular with the following:
IBUSZ Utazási Irodák Kft.
Registered address: 1118 Budapest, Dayka Gábor utca 3.
Phone:: (36-1) 485-2700
E-mail: info@ibusz.hu
Company registration number: 01-09-266780
Tax number: 10871403-2-43
Registration number: R0967/1999/1999
Account Number: MBH 10300002-20370886-70073285
Civil-liability insurer: Colonnade Insurance S.A. Branch Office in Hungary
Data concerning the registered address, location and contact details of the hosting provider of the websites www.ibusz.hu, www.ibuszalomutak.hu and www.utasbiztositas.online:
T-Systems Magyarország Zrt. - 1117 Budapest., Budafoki út 56.
Email: TS_ugyfelkapcsolat@t-systems.hu Tel.: +36-1,265-8444
Data concerning the registered address, location and contact details of the hosting provider of the website www.hajoutak.ibusz.hu of the controller:
TravelGATE Kft. - 1094 Budapest, Páva utca 8. 4. emelet 405.
E-mail: info@travelgate.hu Tel: +36/1 210-0048
Data concerning the registered address, location and contact details of the hosting provider of the websites wwww.ibuszevents.hu és a www.ibuszvam.hu of the controller:
FaXuniL Internetszolgáltató és Informatikai Kft. - 2220 Vecsés Város u. 2.
E-mail: info@faxunil.hu; Tel:+36 30 569 9028
Data concerning the registered address, location and contact details of the provider of the online payment by credit card (vPOS) solution for the wwww.ibusz.hu websites of the controller:
OTP Mobil Kft. -1138 Budapest, Váci út 135-139. B. ép. 5. emelet
E-mail: ugyfelszolgalat@simple.hu, 06 1 3666 611
“Personal data” shall mean any information about a living natural person that is identified or can by identified by anyone; a natural person is identifiable where he can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
“Processing” shall mean any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
“Restriction of processing” shall mean marking any personal data stored with the view to limit their future processing.
"Profiling" shall mean any form of automated processing of personal data whereby personal data are used to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict characteristics associated with that person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
“Pseudonymisation” shall mean the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable person.
“Filing system” shall mean a set of personal data, structured in any way, whether centralised, decentralised or structured according to functional or geographical criteria, which is accessible on the basis of specified criteria;
“Controller” shall mean a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by the European Union or Member State law, the controller or specific criteria for the designation of the controller may also be determined by the European Union or Member State law;
“Processor”: shall mean any natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
“Recipient” shall mean any natural or legal person, public authority, agency or any other body to whom any personal data is communicated, irrespective whether it qualifies as a third party. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with EU or Member State law shall not be regarded as recipients; the processing of such data by those public authorities must be in compliance with the applicable data protection rules in line with the purposes of the processing;
“Third party” shall mean a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
“Data subject’s consent” shall mean any voluntarily expressed, specific, informed and unambiguous indication of the data subject's will, by which he signifies, by a statement or action expressing confirmation in a clear and unambiguous manner, agreement to the processing of personal data relating to him;
“Personal data breach” shall mean any breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
“Direct mail” shall mean any postal consignment containing only advertising, marketing or promotional material, sent to more than one addressee at the same time, with the same content except for the name, address and any other information that does not change the nature of the message;
“Electronic marketing message (eDM, newsletter)” shall mean an electronic message containing only advertising, marketing or promotional material, sent by the controller to several data subjects at the same time to the email address they have provided.
“Text message” shall mean an electronic text message containing only advertising, marketing or promotional material, sent by the controller to several data subjects at the same time to the mobile phone number they have provided.
“Customer” shall mean any person who inquiries about the products and services of the controller in person, on the website, by telephone or in any other way, or who enters into a travel, service or other contract or legal relationship with the controller.
4.1 IBUSZ Kft. processes the data of visitors to the following websites:
Data subjects: visitors to and registered users of the websites,
Purpose of data collection:
The legal basis for data processing: Section 13/A (1) to (3) of the E-commerce Act, in the case of registered user, the provision of services ordered or otherwise used by them and the performance of contracts concluded with them pursuant to Article 6 (1) (b) of the GDPR.
Scope of processed data:
Duration of data processing: six months from the date of accessing the website in the case of data listed in point (a), until the withdrawal of the data subject's consent in the case of data listed in point (b), and eight years in the case of data listed in point (c).
4.2 Data processing related to cookies available on the websites www.ibusz.hu, hajoutak.ibusz.hu, www.ibuszalomutak.hu/
4.2.1 General information about cookies
Cookies (http cookies) are small data files, data packages placed on the visitor's computer by the operator of a website during and via the use of the website and saved and stored by the visitor's internet browser when downloaded from the website. In the case of a subsequent visit, the cookie enables the operator to, for example, identify the visitor or distinguish him from other users, or even send him customised information in the browser window.
How can I ban cookies from being installed on my computer or delete them?
It is important to know that most internet browsers accept and allow the placement and use of cookies by default. However, with the appropriate browser settings, one can refuse, restrict or block the use of cookies and delete cookies that have already been stored. Information on the settings required to use cookies is provided by the provider of each browser, and the necessary information can usually be found in the "help" section of the browser.
What happens if I delete cookies or do not consent to them being installed on my computer?
If the user does not wish to use cookies, this does not prevent him from visiting or browsing the website. However, some cookies are absolutely necessary for the proper functioning of certain services, so disabling or refusing the use of cookies, or deleting cookies that have already been stored, may result in the website suboptimal functioning and certain of its functions will not be properly usable by the visitor concerned.
Types of cookies
The cookies available on the websites listed in section 4.1 fall into two categories:
One group includes cookies that are essential for the functioning of the website (e.g. cookies that store user-recorded data, authentication session, user-oriented security, multimedia player session, load balancing session, and session cookies for user interface customisation), while the other group includes all other cookies whose purpose or function goes beyond the functioning of the website and serves other data processing purposes (e.g. analytical cookies, social media plug-ins and third-party (e.g. Google) cookies, cookies that record the user's Internet usage and other cookies for marketing purposes). While for the first group of cookies, it is sufficient for the website operator to provide prior information about the cookies that will be installed on the visitor's computer when using its website, for the second group, the consent of the visitor must be obtained in advance.
4.2.2 IBUSZ Kft. installs the following cookies when you visit the www.ibusz.hu website:
Name |
Data retention period |
Purpose of data processing |
XSRF-TOKEN |
1 session (1 cookie/user) |
Required for basic operation. For security purposes, it protects against cross-site request forgery (CSRF) attacks |
Allowed_cookie_types |
1 session (1 cookie/user) |
Required for basic operation. A cookie stored by the cookie accepting toolbar, which saves the user's preferences for future use. |
cookie_user |
30 days |
Required for basic operation. It provides technical assistance for browsing the tours on the website, liking and retrieving tours and the passenger menu. |
laravel_session |
1 session |
Required for basic operation. Identifies the current session |
player.vimeo.com |
|
Required for basic operation. Cookies are essential for playing videos embedded from the video sharing website Vimeo.com. |
youtube.com |
|
Required for basic operation. Cookies needed to play videos embedded from the video sharing website youtube.com. |
_ga |
2 years |
Analytical cookies: ID generated by anonymous website usage statistics |
_gat |
2 years |
Analytical cookies: ID generated by anonymous website usage statistics |
_gid |
2 years |
Analytical cookies: ID generated by anonymous website usage statistics |
IDE |
|
Analytical cookies: ID generated for the purposes of DoubleClick.net website usage statistics |
fr |
90 days |
Analytical cookies: ID generated for the purposes of Facebook website usage statistics |
IBUSZ Kft. installs the following cookies when you visit the www.ibuszalomutak.hu website:
Name |
Data retention period |
Purpose of data processing |
player.vimeo.com |
|
Required for basic operation. Cookies are essential for playing videos embedded from the video sharing website Vimeo.com. |
youtube.com |
|
Required for basic operation. Cookies needed to play videos embedded from the video sharing website youtube.com. |
_ga |
2 years |
Analytical cookies: ID generated by anonymous website usage statistics |
_gat |
2 years |
Analytical cookies: ID generated by anonymous website usage statistics |
_gid |
2 years |
Analytical cookies: ID generated by anonymous website usage statistics |
fr |
90 days |
Analytical cookies: ID generated for the purposes of Facebook website usage statistics |
IBUSZ Kft. installs the following cookies when you visit the www.hajoutak.ibusz.hu website:
Name |
Data retention period |
Purpose of data processing |
cookies_ok |
1 session (1 cookie/user) |
Required for basic operation. A cookie stored by the cookie accepting toolbar, which saves the user's preferences for future use. |
symfony |
1 session (1 cookie/user) |
Required for basic operation. Current session identifier, used to distinguish requests to the server |
_ga |
2 years |
Analytical cookies: ID generated by anonymous website usage statistics |
_gat |
2 years |
Analytical cookies: ID generated by anonymous website usage statistics |
_gid |
2 years |
Analytical cookies: ID generated by anonymous website usage statistics |
fr |
90 days |
Analytical cookies: ID generated for the purposes of Facebook website usage statistics |
player.vimeo.com |
|
Required for basic operation. Cookies are essential for playing videos embedded from the video sharing website Vimeo.com. |
youtube.com |
|
Required for basic operation. Cookies needed to play videos embedded from the video sharing website youtube.com. |
IBUSZ Kft. installs the following cookies when you visit the website ww.utasbiztositas.online :
Name |
Data retention period |
Purpose of data processing |
_ga |
2 years |
Analytical cookies: ID generated by anonymous website usage statistics |
_gat |
2 years |
Analytical cookies: ID generated by anonymous website usage statistics |
_gid |
2 years |
Analytical cookies: ID generated by anonymous website usage statistics |
fr |
90 days |
Analytical cookies: ID generated for the purposes of Facebook website usage statistics |
IBUSZ Kft. installs the following cookies when you visit the www.ibuszvam.hu website:
Name |
Data retention period |
Purpose of data processing |
PHPSESSID |
1 session (1 cookie/user) |
Required for basic operation. Current session identifier, used to distinguish requests to the server |
_ga |
2 years |
Analytical cookies: ID generated by anonymous website usage statistics |
_gat |
2 years |
Analytical cookies: ID generated by anonymous website usage statistics |
_gid |
2 years |
Analytical cookies: ID generated by anonymous website usage statistics |
Legal basis for data processing: the legal basis for the processing of the cookies listed in this section shall be Section 13/A (3) of the E-commerce Act and the legal provisions in Article 5 (3) of the Directive on privacy and electronic communications. In the case of analytical cookies, the legal basis for data processing shall be the consent of the data subject pursuant to Section155(4) of the Electronic Communication Act, which we request and record when the data subject first accesses the websites.
Duration of data processing: the duration of data retention for any given cookie is set out in the above table. Some of the cookies we use, usually preventing data loss in a given session, have a temporary lifetime and are deleted when the session expires, i.e. when the browser is closed. We also use persistent cookies, which remain on the visitor's computer for a longer period of time. Persistent cookies are stored for a limited period of time and are usually valid for a period of time set by the service provider. These are deleted or can be deleted by the user's browser cookie deletion operation.
Recipients of the processed data: Data processor webapix Ltd. that provides website management and development services for IBUSZ Kft.
Additional information about cookies set by third parties: cookies linked to third party services (e.g. Google, Facebook) on the website may also mean that if the visitor also uses the services of the third parties concerned, during the visit to our websites, these third parties (e.g. Google, Facebook) may collect additional personal data relating to the visitor, which they may process as part of the profile they hold about the user and may use this data to transmit targeted marketing and advertising messages. The lawfulness of such activities shall be the responsibility of these third parties. More information about Google's data processing practices can be found at https://www.google.com/policies/technologies/types/ and https://www.google.com/analytics/learn/privacy.html?hl=hu.
Visitors to the above websites have the possibility to reject or block the use of cookies at any time by selecting the appropriate settings in their internet browser, or to delete cookies already stored.
4.3 Data processing related to the sales activities of IBUSZ Kft.
The data subjects concerned by the data processing: customers of IBUSZ Kft.
The purpose of data processing: the use of services provided by IBUSZ Kft. and its partners (in particular travel, currency exchange, customs brokerage), as well as the establishment of civil law legal relationships (in particular, contracting, commissioning, renting) with other natural and legal persons in connection with the provision of services and activities of the controller.
Scope of the processed data: name, mother’s name at birth, place of birth, date of birth, nationality, address, postal address, number of ID card (passport), number of certificate suitable for identifying a person according to the Act LXVI. of 1992 on the registration of personal data and address of citizens. Tax number of a natural person customer with a tax number. Contact details for contacting the Data Subject: telephone number, e-mail address.
Legal basis for data processing: performance of a contract under Article 6 (1) (b) of the GDPR
Duration of data processing: eight years in accordance with Section 169 of the Accounting Act. In the case of direct marketing activities, until the withdrawal of the data subject's consent.
Recipients of the processed data: airlines, hoteliers, travel agents, passenger transport companies, tour operators, agencies, tax authorities, other agents, contractors, and vicarious agents involved in the provision of services. Depending on the location of the travel destination chosen by the data subject, data may also be transferred to third countries (outside the EEA).
Transmission of data to IBUSZ Kft.: in the event of ordering or contracting services published by IBUSZ Kft. as a tour operator with the involvement of a travel agent, the travel agent shall transmit the customer's data to IBUSZ Kft.
4.4 Frequent traveller system
Data subjects: persons registering online or in person in the IBUSZ Ltd. frequent traveller system.
The purpose of data processing: to facilitate the booking, ordering, liaising, conclusion and performance of travel contracts, collection and analysis of customer habits and preferences, provision of discounts, sending promotional offers and other consignments.
Legal basis for data processing: the data subject’s consent.
Scope of the processed data: name, address, telephone number, e-mail address and date of birth, travel-related data.
Duration of data processing: If the frequent traveller does not participate in any tour organised by IBUSZ for a period of 3 (three) years, IBUSZ will consider that the frequent traveller has terminated the contract. In this case, the card will automatically expire and the frequent traveller will be deleted from the Frequent Traveller Programme as of 31 December of the current year.
4.5 IBUSZ Kft’s electronic newsletter
Data subjects: persons subscribing to the newsletter.
The purpose of data processing: sending general e-mail newsletters to interested parties, including commercial advertising, informing them about current information and offers.
Legal basis for data processing: the data subject’s consent on the basis of Section 6 (1) of the Advertising Act and Article 6(1)(a) of the GDPR. The data subject may withdraw his consent at any time without giving reasons by unsubscribing from the newsletter, this will not affect the lawfulness of the processing based on the consent before the withdrawal of consent.
Scope of the processed data: name, year of birth, e-mail address, postal code
Duration of data processing: until consent is withdrawn.
Data subjects' rights in relation to data processing, including the right to lodge a complaint: see the general information in Section 8. Unsubscribe from newsletters by post: by sending a letter to our address (IBUSZ Kft., 1118 Budapest, Dayka Gábor u. 3), or an e-mail to info@ibusz.hu, or by telephone: (36-1) 485-2700, and for newsletters, by using the “unsubscribe” button at the bottom of the newsletter.
5.1 Right of access
The data subject may at any time request access to the personal data processed by IBUSZ Kft.
If the data subject requests confirmation from IBUSZ Kft. on whether IBUSZ Kft. processes his personal data, IBUSZ Kft. is obliged to provide information.
The data subject's right to receive confirmation on whether or not IBUSZ Kft. processes his personal data shall
(a) cover personal data relating to the data subject;
(b) not cover anonymous data; and
(c) include pseudonymised data that can be clearly linked to the data subject.
Upon request, IBUSZ Kft. will provide the data subject with access to and a copy of his personal data. If the data subject requests an additional copay/repeatedly requests a copy of his personal data, IBUSZ Kft. may charge a reasonable fee to cover the administrative costs incurred in connection with the execution of the request, which fee shall be borne by the data subject.
5.2 Right of rectification
The data subject has the right to rectify the personal data processed by IBUSZ Kft. This right shall
(a) not cover anonymous data;
(b) cover personal data relating to the data subject; and
(c) include pseudonymised data that can be clearly linked to the data subject.
IBUSZ Kft. shall correct or complete personal data as requested by the data subject. IBUSZ Kft. shall inform the recipients of the personal data (if any) of the rectification of the personal data concerned, unless informing the recipients proves impossible or would involve a disproportionate effort.
5.3 The right to erasure
Under certain conditions, the data subject has the right to request the erasure of personal data processed by IBUSZ Kft. IBUSZ Kft. shall delete the personal data of the data subject without undue delay if
(a) IBUSZ Kft. processes such personal data, and
(b) the data subject requests the erasure of his personal data; and
(c) the personal data are not necessary for the purposes for which IBUSZ Kft processes the personal data.
IBUSZ Kft. shall delete the personal data of the data subject without undue delay if
(a) IBUSZ Kft. processes the personal data of the data subject, and
(b) the data subject requests the erasure of his personal data; and
(c) the data subject withdraws the consent on which the processing of his data is based; and
(d) there is no other legal basis for the further processing of the data subject's data.
IBUSZ Kft. shall delete the personal data of the data subject without undue delay if
(a) the processing is necessary for the purposes of the legitimate interests pursued by IBUSZ Kft. or a third party, and
(b) the data subject objects to the processing of his personal data by IBUSZ Kft.; and
(c) the legitimate ground for processing such personal data does not override the data subject's objection.
IBUSZ Kft. shall delete the personal data of the data subject without undue delay if
(a) the data subject requests the erasure of his personal data; and
(b) the processing of such data by IBUSZ Kft. is not unlawful; or
(c) the cancellation is mandatory under applicable law; or
(d) the data subject's data are collected in relation to information society services.
IBUSZ Kft. will inform the recipients of such personal data (if any) of the erasure of the personal data concerned, unless informing the recipients would be impossible or would require a disproportionate effort.
5.4 Right to restriction of processing
The data subject may request the restriction of the processing of his personal data.
The rights of the data subject with regard to the processing of his personal data shall
(a) not cover anonymous data;
(b) cover personal data relating to the data subject; and
(c) include pseudonymised data that can be clearly linked to the data subject.
IBUSZ Kft. shall restrict the processing of the data subject's personal data for the period during which it verifies the accuracy of such data, if the data subject requests the restriction of the processing of his personal data and the data subject contests the accuracy of such data.
IBUSZ Kft. shall restrict the processing of personal data of the data subject if the data subject requests the restriction of the processing of data whose processing is unlawful and the data subject opposes the erasure of such data.
IBUSZ Kft. shall restrict the processing of the personal data of the data subject if
(a) the data subject requests the restriction of the processing of his personal data; and
(b) IBUSZ Kft. no longer needs these data for the purposes of its processing, and
(c) the data subject requests the data for the establishment, exercise or defence of legal claims.
IBUSZ Kft. shall restrict the processing of the personal data of the data subject if
(a) the data subject objects to the processing of personal data necessary for the purposes of the legitimate interests pursued by IBUSZ Kft., and
(b) the data subject is awaiting confirmation that there is a legitimate ground for the processing of the data subject's personal data by IBUSZ Kft. which does not override the data subject's objection.
IBUSZ Kft. will inform the recipients of such personal data about the restriction of the processing of the personal data concerned, unless informing the recipients would be impossible or would require a disproportionate effort.
If IBUSZ Kft. restricts the processing of the personal data of the data subject, it may
(a) store such personal data,
(b) process such personal data on the basis of the data subject's consent; and
(c) process personal data for the establishment, exercise or defence of legal claims or the defence of the rights of any person.
5.5 Right to data portability
Where the processing is based on the data subject’s consent or the performance of a contract, the data subject shall have the right to receive the personal data concerning him, which he has provided to IBUSZ, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
The data subject's right to data portability shall
(a) not cover anonymous data;
(b) cover personal data relating to the data subject; and
(c) not cover pseudonymised data that can be clearly linked to the data subject.
5.6 Right to lodge a complaint and right to go to court
If the data subject believes that IBUSZ Kft. has unlawfully processed the data subject's personal data, IBUSZ Kft. recommends that the data subject contact us using one of the contact details below in order to clarify the matter and to resolve it amicably as soon as possible. If this fails or if the data subject does not wish to exercise this option, the data subject has the right to lodge a complaint with the National Authority for Data Protection and Freedom of Information (NAIH) or with another data protection authority competent for the place where the data subject has his habitual residence, place of work or the place of the alleged infringement, without prejudice to other administrative or judicial remedies. In the event of an infringement, the person concerned can also go to court (regional court competence) and decide to bring the action before the court of the place where he lives or resides.
Name of the supervisory authority: National Authority for Data Protection and Freedom of Information (NAIH)
Registered address: 1055 Budapest, Falk Miksa utca 9-11. 3.
Mailing address: 1363 Budapest, PO box 9.
Phone: +36 1 391 1400
Fax: +36 1 391 1410
Email: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu
Budapest 24 October 2018
IBUSZ Utazási Irodák Kft.