Datenschutz / Datensicherheit

Privacy Policy

 

The aim of this Privacy Policy is to provide information about the processing of personal data made available to GP Ticket by the individuals using the websites

www.mygpticket.com

and

www.mygpstore.com

(hereinafter: ‘websites')

 

GP Ticket pays particular attention to the protection of personal data of its website users and its customers and respects their rights to informational self determination. When processing personal data confidentiality is preserved and all security, technical and organisational measures are taken that  guarantee the safety of such data. This document summarizes GP Ticket's data processing practices. 

 

1.   Users: 

Users are the visitors of the websites and those, who enter into agreements with GP Ticket Kft electronically.

 

2.   Name of data controller:

GP Ticket Kft. (hereinafter ‘GP Ticket' or ‘controller')

 

3.   Address and registration number of controller

1051 Budapest, Sas u. 11. 3/8a

Hungary

Budapest-Capital Regional Court: Cg. 01-09-889249

 

4.   Help and contact in data processing issues:

-       info@mygpticket.com 

-       info@mygpstore.com 

-       → 'Helpdesk' → 'Contact us' - blank field to fill in, postal address, fax and telephone numbers are available

 

5.   The aim of data processing

The aim of data processing is 

- concluding agreements with the buyers of tickets to motorsport events and the buyers of fun articles,

- fulfilling the orders,

- asserting claims arising out of the agreements,

- sending electronic newsletters,

- running the websites user-friendly, provision of high quality information 

In order to provide full range of services, there are links to hotel booking and car rental services on the websites. GP Ticket does not process personal data with regards to these services. By clicking on the links, users leave the websites.

Our available ‘Partner Program' does not process the user's personal data either.

 

6.    Lawfulness of data processing:

Personal data required for the conclusion of agreements are provided by the users, thus the legal title of data processing is the intention of the parties to enter into an agreement with each other. 

Further data processing, required for the fulfilment of contractual obligations and assertion of contractual claims is based on the signed agreements.

Personal data set out in the agreements shall be processed for compliance with legal obligations within a period specified in the Accounting Law.

Processing and maintenance of personal data might be required for the purposes of the legitimate interests pursued by the data controller or by a third party (e.g. investigation of a card fraud by the bank). 

The entitlement of GP Ticket to send electronic newsletters and to operate the websites user-friendly (by using ‘cookies') is based on the user's voluntarily given consent, withdrawable any time. 

 

7.   Scope of controlled data:

a)     Data controller processes the following personal data of users.

 

 

Sale of tickets

Sale of merchandising articles

Electronic newsletter

Hotel booking

Renting a car

Partner

program

name

X

X

X

-

-

-

e-mail address

X

X

X

-

-

-

phone number

X

X

-

-

-

-

fax number

X

X

-

-

-

-

delivery address 

X

X

-

-

-

-

invoicing address

X

X

-

-

-

-

elements of the order

X

X

-

-

-

-

cookie-k (pls. see details under the table)

X

X

-

-

-

-

 

If someone  provides the personal data of another person to GP Ticket, it is the responsibility of the provider of such personal data to obtain the data subject's consent! 

 

b)     Cookies on the GP Ticket website

As it is widely known, a cookie is a small piece of data sent from a website and stored in the user's web browser as a secret identifier, while the user is browsing that website. Cookies collect useful information about the user and his/her IT device and the user's individual scope of interest, remember settings, facilitate the use of the websites and enrich user-experience. 

Visiting pages mygpstore.com, mygpticket.com may generate the following types of cookies:

  • "Session cookie" - it is necessary to make an order by the user. Session cookie contains merely a workflow identifyer and its expiry. The workflow identifyer is connected to a temporary database containing the personal data of the user, required for the purposes of making an order, and the elements of the order.

When the user starts the ordering process, his/her personal data will be stored temporarily, approximately for 30 minutes, as described above. Session cookies expire and the collected data are deleted from the temporary database at completion of the ordering process and also if it is interrupted for any reason. If the user intends to submit an order, session cookies cannot be preliminary deleted or removed. 

  • Third party companies, organizations and service providers (e.g. Facebook, Google Adwords, etc.) may also initiate placement of „anonym cookies" on the computer of the users when the user visits the websites. Operation of these cookies does not allow GP Ticket access to the information gathered by the third parties, and does not allow the third parties get access to the cookies and the information collected by GP Ticket. 
  • „Advertising cookies" - by placing these cookies GP Ticket receives information if a user has seen a particular advertisement and if yes, how many times. Using these cookies allows targeted advertising with useful information provided to the customers and thereby adds value to the websites. 

Users may find information from the browser about the cookies set by the website, the length of storage, and may accept or prohibit setting of those. All modern browsers allow the change of cookie settings usually in the 'Options' or 'Preferences' menu of the browser. In such menus, the generic term "tracking" is used to cover advertising cookies. Opting out results in the prohibition of cookies tracking the user's activities on the various websites, mapping his/her browsing habits and personal interest.

By changing browser settings, users may achieve that only useful and necessary cookies be set on their devices and prohibit tracking ones. Users might prohibit the placement of all cookies as well.

When optimizing browser settings it has to be taken into consideration that prohibiting certain cookies might hurt user experience and/or prevent the use of a particular website function. This may happen in case of absolutely necessary session cookies mentioned above. Restriction of tracking cookies will not have negative impact on the use of the websites.

Descriptions about cookie setting in the various browsers are available at the following links: 

Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en 

Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Safari: https://support.apple.com/kb/ph21411?locale=en_US

 

8.   Periods for which the user's personal data are stored:

The length of the obligation to retain underlying documentation of commercial deals for accounting purposes is 8 years in accordance with the Accounting Law, thus personal data set out in the agreements will be processed until the end of this period and thereafter destroyed. 

Personal data made available to the data controller in the course of an unsuccessful transaction, when personal data were provided with the aim of entering into an agreement but finally such agreement was not concluded, shall be maintained at the request of the bank, for 5 years. The reason is to be able to inform the bank or the user during this period about the circumstances of a failing transaction or in an investigation of a card fraud. 

Personal data of those who subscribe to the newsletter are retained until the date of their un-subscription. 

 

9.   User's rights with regards to the processing of their personal data:

a)     Information and right to access, modification, rectification, restriction, etc.

By using the e-mail addresses info@mygpticket.com and info@mygpstore.com or any other options set out in paragraph 4, users may require information on the way and status of processing their personal data as follows: 

-       if personal data concerning the user are being processed,

-       where, 

-       what is the purpose of data processing,

-       what kind of personal data are processed,

-       are personal data forwarded  or not, if the answers is yes, who are the recipients of those,

-       the length of data controlling 

The user is entitled 

-       to receive information about the source of his/her personal data (GP Ticket processes personal data provided by the users only!) 

-       to request the correction of his/her personal data,

-       to request the termination and/or limitation of data processing if no purpose exists, or if data processing was based on the user's consent, or it was simply unlawful, etc.,

-       to object against data processing if the aim is direct marketing (and his/her consent was withdrawn), or if the purpose is the legitimate interest pursued by the data controller or any third party, but in the latter case, these are overridden by fundamental privacy rights and interest of the user.

The user is also entitled to forward his/her personal data to another data controller, provided that processing is carried out by automated means. In addition, he/she may request GP Ticket's support to such data transfer.

User may lodge a complaint with the court or the supervising authority with regards to any privacy claims he/she may have (see paragraph 14).

The user's requests for information about processing of his/her personal data, received by GP Ticket as indicated in paragraph 4, will be answered within the earliest reasonable timeframe, but at least within 1 month. Where necessary, the deadline can be extended by 2 additional months. Providing the required privacy information for the first time is free of charge. Reasonable administrative fees can be charged though, if the request is manifestly unfounded or gratuitous, in particular due to its repetitive character. 

b)     Newsletter subscription and unsubscription 

GP Ticket is entitled to send electronic newsletters to the users merely in possession of their preliminary and unambiguous consent. It may send also targeted Facebook advertisements to those who have consented to it and are also Facebook users.  

Addressees of electronic newsletters may unsubscribe the newsletter (along with the Facebook advertisements) any time a) using the contact details set out in paragraph 4 b) by clicking on the related link in the newsletter or c) using the unsubscribe button on the website.

If subscription was made on more than one language (e.g. to the English and the German version of the newsletter) and to both MotoGP and Formula1 events, unsubscription should be made with regards to each of these newsletters. Subscription records are kept by GPTicket for each business line as well as each language separately, in order that users receive the newsletter on the language they understand and only about the events that are interesting to them. Should the user not be sure about his/her subscriptions, GP Ticket should be contacted and instructed to delete the user's personal data from all lists.

The newsletter database shall be used by the data controller exclusively for the purposes of sending newsletters. Personal data of those unsubscribed are destroyed.

 

10.            Further processing and forwarding of personal data:

The websites www.mygpticket.com and www.mygpstore.com operate on the servers of Amazon Web Services EMEA Sarl (Luxembourg) as data processor, within the frame of the services agreements concluded by GP Ticket with the data processor. Personal data processed by GP Ticket are kept on these servers.

Above the Line Coding and Machine Learning (Al Wasl - City Walk 21B APT202 Dubai U.A.E.) performs the maintenance, development and programming tasks related to the websites. 

The invoices are issued out of the electronic billing system called "Novitax", run by the data controller as licensee, while the accounting tasks are completed by the bookkeeping company Ropo Kft.

MailChimp, registered in the US, provides for sending the newsletters to the users. In case of unsubscription, the related personal data will be deleted from the database of MailChimp. 

Lawful access to and the safety of the Users' personal data is guaranteed by the above service providers in the related services agreements concluded with GP Ticket, setting out the appropriate security, technical and organisational measures implemented to ensure compliance with the applicable data protection requirements. 

The data protection background of AmazonWeb Services EMEA Sarl and of Mailchimp services is guaranteed in the data protection terms and conditions, available on the service providers' website (the "Data Processing Addendum"). These documents apply the "Standard Contractual Clauses for the transfer of personal data to third (non EU) countries" laid down in European Commission Decision 2021/914 of 4 June 2021(„2021 Controller-to-Processor Clauses" or „SCC").

Personal data required for the performance of the agreements are disclosed towards the shipping companies responsible for the delivery of tickets and fan articles (e.g. DHL, GLS). In accordance with the shipping company's contract concluded with the data controller, it is obliged to maintain confidentiality of personal data and is prohibited to use or transfer those for any other purposes than delivery of tickets and fun articles to the GP Ticket customers. Data protection related obligations of the shipping companies are undertaken in their general terms and conditions.

GP Ticket reserves the right to forward personal data of users suspected of fraud or any infringement of law to the competent authorities and/or K&H Bank / K&H Payment Services, as the case may be.

 

11.     Data security:

GP Ticket takes all reasonable measures and those expected by data protection laws in order to ensure data security and to avoid any unauthorized access and modification, illegal forwarding or publishing, any destruction or damaging of data and any failure to access those due to the change of the used technique. Data controller excludes liability for destruction, loss, or damage of personal data due to a technical failure, natural disaster, terrorist act, any other ‘vis major' event, a crime or any use for unlawful purposes, provided that it has taken all necessary and reasonable protective measures available in accordance with the state of knowledge and technics which are customary in the services sector, taking also into consideration the related implementation costs.  

In the course of payments through a credit card, GP Ticket's system does not have access to the particulars of the credit card. Following completion of the order, users are automatically directed to the website of K&H Payment Services, where the payment is effected.  Data of the payment transactions are encrypted with 128 bits SSL encoding, which is the currently available most reliable encoding system. 

 

12.     Amendments to the Privacy Policy:

GP Ticket reserves the right to unilaterally amend this Privacy Policy within the frame of effective legal prescriptions. The amended policies will be published on the websites. It is strongly recommended that users frequently check the Privacy Policy, follow any future changes, learn and understand the consequences of those on the processing of their personal data.  

 

13.    Legal background:

This Privacy Policy is prepared in compliance with the following Acts: 

-             EU 679/2016 General Data Protection Regulation (GDPR) 

-                 Act 112 of 2011 ‘On informational self-determination and freedom of information'

-                Act 108 of 2001 ‘On certain issues of electronic commerce activities and information society       services'

-             Act 100 of 2000 'On Accounting'

-             Act 5 of 2013  'Civil Code'

 

14.    Enforcement of rights:

Users are entitled to lodge a complaint if, in their view, data processing in relation to their personal data breaches data protection laws or the terms and conditions of the present Privacy Policy.  

Please contact GP Ticket to address your problem by using the contact details set out in paragraph 4 ("Help and contact in data processing issues").

Users are entitled to initiate legal proceedings before the competent court, or might notify the National Authority for Data Protection and Freedom of Information (HU-1055 Budapest, Falk Miksa utca 9-11.; Postal address: 1363 Budapest, Pf.: 9.; e-mail: ugyfelszolgalat at naih.hu) and initiate an investigation with regards to a data processing issue.