Cookie policy
In order to ensure the proper functioning of the website and to enhance your browsing experience, the website uses small text files (cookies) that are sent from a server to the user's computer. More than 90% of websites use cookies and are obligated to ask for the user's permission in accordance with European Union legislation. By using this website, the user accepts the use of cookies. The user can use the website even if he does not accept cookies, but certain functions will not be available.
What is a cookie?
A cookie is a small text file that is downloaded to a user's computer when they visit a website. Cookies make it easier to use a website: they save the user's settings on the website (name or address) and activate them when the user visits the site again. This allows the information received to be tailored to the user's needs and browsing habits.
In addition to simple information about preferences, cookies can also store large amounts of personal data (name, email address), but this requires the user's permission. If the user does not authorise it, the cookies cannot access files on the computer. Cookies are stored and sent in a way that is not visible to the user, but in the browser settings you can choose to allow the storage of cookies, delete stored cookies and perform other operations related to the use of cookies.
What are session cookies?
Session cookies are temporary cookies that are deleted from your computer when you close the browser you are using to surf the internet. These cookies allow websites to store temporary data.
What are the permanent cookies?
Permanent cookies remain on the user's computer even after the browser is closed. These cookies allow websites to store data in order to facilitate the use of the website. For example, websites that ask for a username and password "remember" what the user has entered and display it on each visit. Permanent cookies can remain on a user's computer for days, months or years.
What are first-party cookies?
First-party cookies come from the website the user is browsing, and can be either permanent cookies or session cookies. Websites use them to store data to facilitate users' subsequent visits to the site.
What are third-party cookies?
Third-party cookies are placed by other websites on the website the user is browsing, such as pop-up ads. These cookies monitor the website for advertising purposes.
Does this website use cookies?
Yes, this website uses cookies to make the user experience easier and better.
What cookies does this website use?
● Session cookies - these cookies are automatically deleted when the user closes the browser used to browse the internet
● Permanent cookies - these are stored in the user's browser until they expire or are manually deleted by the user. The information collected is anonymous and does not contain any personal data
Are there third-party cookies on this website?
Several third party services store limited cookies, these are not set by the website. Restricted cookies allow you to freely use options that allow you to easily access content. This website allows the following:
● Web analytics
This website uses the web analytics service Google Analytics. If the user wishes to prevent this service from storing cookies on their device, they can do so by going to Google Analytics https://tools.google.com/dlpage/gaoptout
How can I block cookies?
Cookie settings are browser-related. It is up to the user to decide whether to allow the use of cookies or to delete cookies at any time, thereby removing the online visibility. Most browsers offer the option to disable the storage of cookies.
PRIVACY POLICY
1. Purpose of this privacy notice
As the data controller, the Museum of Illusions Limited Liability Company acknowledges that it is bound by the contents of this legal notice. It undertakes to ensure that all processing of data relating to its activities complies with the requirements set out in this Policy and in the applicable national legislation and European Union legal acts, in particular the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as "GDPR").
The purpose of this privacy notice is to inform the user about the data protection and data management principles, rules and regulations applied on the provider in relation to the services provided by the provider.
This notice applies to the processing of data relating to the recipients of the services provided by the controller as natural persons.
The providor reserves the right to amend this notice, subject to prior and timely notification to the persons concerned
2. Data of the Data Controller
Name: the Museum of Illusions Limited Liability Company
Registered office: 1065 Budapest, Bajcsy-Zsilinszky út 3.
Company registration number: 01-09-346339
Name of court of registration: Fővárosi Törvényszék Cégbírósága
Tax number: 27042537-2-42
Legal representative: Róbert Maros Managing Director
E-mail: [email protected]
Website: https://illuziokmuzeuma.hu/
3. Purpose, legal basis and duration of processing
The purpose, legal basis and duration of the processing are set out in Annex 1
4. Transfer of data, data processing - The controller will only transfer employee data to another person if:
● the transfer is required by law (e.g. statistical data collection; employer reporting obligations);
● the data subject has given his or her explicit consent to the transfer and the transfer is intended for a person who has a contractual relationship with the controller, and where the transfer is made in the performance of a contractual relationship between the controller and the controller (e.g. a customer relationship);
● the controller uses a processor to perform specific tasks
● In order to facilitate its administrative tasks, the controller uses a data processor (e.g. invoicing) to carry out certain processing operations and to provide technical support. The list of data processors is set out in Annex 2 to this notice; in the case of a different data processor, the controller will inform employees in advance of the specific identity of the data processors.
To ensure the security of your personal data, we impose the following requirements on our data processors:
● A processor may only carry out instructions that are recorded in writing.
● The data controller and the processor must enter into a written contract, which must include the data transferred by the controller to the processor and the activities of the processor with respect to the data.
● Employees who process personal data are bound by confidentiality obligations.
● The processor shall implement organisational and technical measures to guarantee data security.
● The processor shall assist the controller in fulfilling its obligations.
● The processor shall, at the controller's discretion, return all personal data to the controller or delete them, delete existing copies, except where Member State or Union law requires the data to be stored.
● The processor shall facilitate and enable audits and on-site inspections by the controller or with the assistance of an auditor appointed by the controller
● Where the processor engages the assistance of an additional processor, the processor shall be subject to the same obligations as those originally contracted between the processor and the controller.
● Transfers abroad
Personal data will not be transferred outside the European Economic Area.
5. Rights of data subjects and means of enforcement
The data subject may request information on the processing of his/her personal data, and may request the rectification, erasure or withdrawal of his/her personal data, except for mandatory data processing, and may exercise his/her right to data portability and objection in the manner indicated when the data were collected, or by contacting the controller at the above contact details.
Right to information:
The controller shall take appropriate measures to provide data subjects with all the information referred to in Articles 13 and 14 of the GDPR and each of the disclosures referred to in Articles 15 to 22 and 34 of the GDPR concerning the processing of personal data in a concise, transparent, intelligible and easily accessible form, in clear and plain language.
The right of access of the data subject:
The data subject shall have the right to obtain from the controller feedback as to whether or not his or her personal data are being processed and, if such processing is taking place, the right to access the personal data and relevant information relating thereto.
The controller shall provide the information within a maximum of one month from the date of the request.
Right of rectification:
The data subject may request the correction of inaccurate personal data relating to him or her processed by the controller and the completion of incomplete data.
Right to erasure:
The data subject shall have the right, upon request and without undue delay, to obtain from the controller the erasure of personal data relating to him or her, if one of the following grounds apply:
● the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
● the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
● the data subject objects to the processing and there is no overriding legitimate ground for the processing;
● the personal data have been unlawfully processed;
● the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
● the personal data have been collected in connection with the provision of information society services
Right to restriction of processing:
At the request of the data subject, the controller shall restrict processing if one of the following conditions is met:
● the data subject contests the accuracy of the personal data, in which case the restriction applies for a period of time which allows the accuracy of the personal data to be verified;
● the processing is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use;
● the controller no longer needs the personal data for the purposes of the processing but the data subject requires them for the establishment, exercise or defence of legal claims; or
● the data subject has objected to the processing; in this case, the restriction shall apply for a period of time until it is established whether the legitimate grounds of the controller override the legitimate grounds of the data subject.
Where processing is restricted, personal data, other than storage, may be processed only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or of an important public interest of the Union or of a Member State.
Right to data retention:
The data subject has the right to obtain the personal data concerning him or her which he or she has provided to the controller in a structured, commonly used, machine-readable format and to transmit these data to another controller.
Right to object:
The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing of his or her personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions. In the event of an objection, the controller may no longer process the personal data, unless there are compelling legitimate grounds for doing so which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Automated decision-making on individual cases, including profiling:
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
Right of withdrawal:
The data subject has the right to withdraw his or her consent at any time.
Right to apply to the courts:
The data subject may take the controller to court in the event of a breach of his or her rights. The court will rule on the case out of turn.
Data protection authority procedure:
If you have a complaint about our processing, you can contact:
Name: National Authority for Data Protection and Freedom of Information
Headquarters: 1055 Budapest, Falk Miksa utca 9-11
Address for correspondence: 1363 Budapest, PO Box 9.
Phone: 06 1 391 1400
Fax: 06 1 391 1410
E-mail: [email protected]
Website: http://www.naih.hu
6. Data protection incident
In the event of unauthorised access to personal data processed by us, or if there is any other data breach (e.g. unlawful destruction, loss, alteration) or suspicion thereof, we will notify the competent supervisory authority in accordance with the GDPR in the manner and under the conditions set out therein, without undue delay and, if possible, within 72 hours at the latest.
As soon as we become aware of the data breach, we will immediately take the necessary security measures to remedy the breach that gave rise to the data breach.
If the data breach is likely to result in a high risk to the rights and freedoms of natural persons, we will inform the data subject of the data breach without undue delay.
IMAGE AND SOUND RECORDINGS
● Guests are entitled to make still and moving images and sound recordings in the Museum. In doing so, all visitors are responsible and obliged to respect the privacy rights of other visitors and to refrain from unnecessary disturbance of other visitors.
● Guests are entitled to capture and publish the Museum's logo on their images for their own private use.
● By entering the Museum premises, Guests acknowledge that, due to the nature and operation of the Museum, public events and mass gatherings may take place in the Museum, during which still and moving images and sound recordings may be made. In these cases, the specific consent of the persons concerned is not required for the making, publication and use of the recordings.
ORGANISING EVENTS
● Events can be organised in the Museum. For detailed information and conditions, please contact our staff!
● A written offer for the Event will be made separately, written acceptance of the offer - within the given deadline - and payment of the advance fee are the conditions for the holding of the Event.
● The GTC apply to all participants of the Event. It is the responsibility of the Event Organiser (the Client) to enforce these Terms and Conditions with the Event Participants. In the case of children's parties, the Customer shall be obliged to enforce the provisions of the GTC with children and to ensure the presence of a sufficient number of accompanying adults.
7. Other provisions
Information on data processing not listed in this notice will be provided at the time of collection.
We inform our customers that the court, the prosecutor, the investigating authority, the law enforcement authority, the administrative authority, the National Authority for Data
Protection and Freedom of Information, the Hungarian National Bank, or other bodies authorised by law may contact the data controller to provide information, to disclose or transfer data, or to provide documents.
The data controller shall disclose to the authorities - if the authority has indicated the precise purpose and scope of the data - personal data only to the extent and to the extent strictly necessary for the purpose of the request.
Appendix 1. – The data processed
Duration of processing
Scope of the data processed:
Surname and first name, telephone number, e-mail address, password provided during pre-registration, delivery address provided when requesting home delivery, billing address provided for invoicing, transaction number, date and time, receipt content, range of products purchased, customer code, name, address and tax number in the case of VAT invoices, payment method used by the User, other data requested by the event organiser during the purchase
Purpose of the processing:
Online webshop service
Legal basis for processing:
Voluntary consent of the data subject and Article 169 (2) of Act C of 2000 on Accounting
Duration of processing:
8 years
Scope of the data processed:
first and last name, billing address, e-mail address
Purpose of the processing:
Invoicing
Legal basis for processing:
legal obligation
Duration of processing:
The accounting documents and the orders and contracts supporting them are stored for 8 years (+ 2 years with regard to the cycle of tax authority audits) in accordance with Section 169 (2) of the Accounting Act. Otherwise, until the expiry of the limitation period.
Scope of the data processed:
name, e-mail address, interests, age
Purpose of processing:
Direct marketing or commercial enquiries (e.g. sending a newsletter)
Legal basis for processing:
voluntary consent of the data subject
Duration of processing:
until consent is withdrawn
Appendix 2. – Data processors
Name and location of the data processor:
1. Cooltix Ltd.
(1084 Budapest, József utca 3. 3/27)
Activity of the data processor: online webshop service, statistical data analysis
Personal data processed by the Data Processor: first and last name, telephone number, e-mail address, password provided during pre-registration, delivery address provided in case of delivery request, billing address provided for invoicing, number, date and time of transaction, receipt content, range of products purchased, customer code, name, address and tax number in case of VAT invoice, payment method used by the User, other data requested by the event organiser during the purchase
https://support.cooltix.com/terms/v/hu/szolgalatasi-feltetelek/data-policy
2. Museum of Illusions Ltd.
(1065 Budapest, Bajcsy-Zsiliniszky út 3.)
Activity of the data processor: invoicing, statistical data analysis
Personal data processed by the data processor: billing data