PRIVACY POLICY - Jazzpiknik

Preamble

The Data Controller is engaged in organizing events, selling tickets for these events and related services, conducting the events, granting entry to visitors, and providing access to services offered by itself or its partners at the events. Visitors’ likenesses may be recorded at the festival.

For ticket purchases, event entry, the use of services at the event, the assessment of future needs, documentation of the event, and communication related to the event, the Data Controller needs access to the ticket purchasers’ personal data. The purpose of the rules set out herein is to ensure that during the events organized by the Data Controller, everyone’s rights, fundamental freedoms, and right to privacy are respected in the course of personal data processing.

The Data Controller declares that it carries out its data processing activities – through the adoption of appropriate internal rules, technical, and organizational measures – in full compliance at all times with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, GDPR) and with the provisions of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (Infotv.).

1. Scope of this Policy

This privacy notice applies to the processing of personal data relating to natural persons by the Data Controller.

2. Definitions

To facilitate understanding, we highlight the most important definitions:

1. “personal data”: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;

2. “processing”: any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

7. “controller”: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;

8. “processor”: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

10. “third party”: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;

11. “consent of the data subject”: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

3. Data Controller’s details

- Name: Jazzpiknik Fesztivál Kft. (Jazzpiknik Festival Limited Liability Company)
- Address: 1024 Budapest, Ady Endre u. 19.
- Company registration number: 01-09-931397
- Email: [email protected]
- Data Protection Officer: Dániel Sánta – Email: [email protected]

4. Purposes, legal bases, and cases of data processing

Ticket purchase
- Purpose: Processing ticket purchases, ensuring entry, invoicing
- Legal basis: GDPR Article 6(1)(b) – performance of a contract
- Data processed: name, email address, phone number, billing data, date of birth (for youth tickets), ticket type
- Data retention:
- invoices: 8 years
- name: deleted 1 year after the event (Civil Code §6:22 (3) limitation period)
- email address: pseudonymized 1 year after the event
- country, city, postal code: stored as anonymized statistical data
- address, phone number: deleted 1 year after the event (same limitation period as above)

Newsletter subscription
- Purpose: Sending newsletters, event-related offers
- Legal basis: GDPR Article 6(1)(a) – consent
- Data processed: name, email address
- Retention: until withdrawal of consent

Event entry
- Purpose: Secure entry, verification of eligibility
- Legal basis: GDPR Article 6(1)(f) – legitimate interest
- Data processed: name, ticket ID, entry time, date of birth (for youth tickets)
- Retention: 30 days after the event

Prize draws
- Purpose: Conducting prize draws, notifying winners
- Legal basis: GDPR Article 6(1)(a) – consent
- Data processed: name, email, possibly phone number or postal address
- Retention: 30 days after the end of the game

Recording of likeness
- Purpose: Documentation of the event, information, communication
- Legal basis: GDPR Article 6(1)(f) – legitimate interest
- Data processed: image (photo, video), audio recording
- Retention: 10 years

5. Data processors and transfers to addresses

- Netpositive Kft.: Ticket creation and purchase, receipts – IT services, webshop operation, hosting

- KBOSS: Invoice issuance, to comply with legal requirements

- Jazzpiknik Festival’s contracted partners: photo, video recording on legitimate interest for the documentation of the event, information, communication

The Data Controller may transfer personal data to other third parties only on a legal basis or with the data subject’s prior consent.
No data transfer is made to third countries (outside the EU).

6. Rights of the data subjects

Under GDPR Articles 12–14, every data subject has the right to exercise their rights concerning the processing of their personal data and to request that the Data Controller restore lawful processing if they raise a legitimate objection.

Data subjects have the right to:
- access their personal data,
- request rectification,
- request erasure,
- request restriction of processing,
- object to processing,
- withdraw consent at any time,
- request data portability.

Contact: [email protected]
The Data Controller will respond within 30 days at most.

7. Right to file a complaint

Supervisory authority:
Hungarian National Authority for Data Protection and Freedom of Information (NAIH)
- Address: 1055 Budapest, Falk Miksa utca 9-11.
- Web: https://naih.hu
- Email: [email protected]
- Phone: +36 1 391 1400

8. Automated decision-making and profiling

The Data Controller does not use automated decision-making and does not carry out profiling.

9. Amendments

The Data Controller reserves the right to amend this notice. The current version is always available on the festival’s official website: https://jazzpiknik.hu

Effective as of: August 4, 2025, until withdrawn.