Etickets Retail Kft., Registration number 01-09-323865, Tax number 26318651-2-43, address (location): Hungary, 1118 Budapest, Mányoki út 14. 3. em. 1. (“we”, “us” or “our”) is the so-called “data controller” of your personal data and is therefore responsible for the lawfulness of what we do with your personal data.
The personal data we collect
Generally, the type of personal data we collect is the information that we need to enable you to make your travel arrangements and bookings. This includes information such as your first and last name, date of birth, telephone number and email address. The personal data we must receive to provide you with the travel arrangement you booked via our websites is the only data that is mandatory to provide. Depending on the kind of travel services you use, we may also collect your frequent flier number, information about your dietary requirements and health issues (if any), and other details which are relevant to your travel arrangements or which are required by another travel service provider (such as airlines and hotels). This is not an exhaustive list. Should you call our support, we will collect the data you provide during the phone call. As you can see below, our cookies also collect some information.
The sensitive personal data we collect
In some cases, we may handle so-called “special categories of personal data” about you, which may be considered sensitive. This would be the case, for example, if you (i) have submitted a medical certificate for use of a cancellation protection or a refund from an airline (ii) have a medical or health condition affecting your trip and for which you request assistance or where certain clearance is needed, or (iii) have made a request revealing some other sensitive personal data about you.
Before we handle sensitive personal data about you, we require your consent to do so. We therefore ask you to use the dedicated contact forms on our websites for submitting any sensitive data. The contact forms enable you to give us the consent required under applicable data protection legislation. Such consent may of course be withdrawn at any time. We will not handle any sensitive personal data that we are not permitted by you to handle, or that you have not provided us with. A limited number of our personnel will have access to your sensitive personal data, and after handling your sensitive data in accordance with your request, we will erase the data as soon as possible.
What we do with your personal data
We undertake such day-to-day measures that are necessary for businesses providing services to consumers, such as bookkeeping, accounting, billing, fulfilling anti-money laundering obligations and maintaining our website security. To the extent this is not mandatory under applicable laws, we undertake these measures based on our legitimate interest. We may also analyze our customers’ behavior in order to improve our websites and services on a general level. However, such analysis will use generalized or anonymized data on an aggregated level.
Sharing your personal data
Each partner is responsible for its own handling of your personal data after it has received it from us, meaning that you must contact the partner in question for any requests related to your rights under applicable data protection legislation. We recommend that you read the partners’ respective privacy policies for information on their handling of your personal data.
We will also share your personal data with other companies (so-called “data processors”) needed to deliver the services you requested, such as service providers running our call centers and our other suppliers and vendors that will handle your personal data when providing their services to us (for example external storage).
Third party providers
According to the applicable data protection legislation, you have certain rights as a so-called “data subject”. Below, we have listed your rights. Your rights include the following:
Right to access – You are entitled to access the personal data that we handle. You are also entitled to receive certain information about what we do with the personal data. Such information is provided in this document.
Right to rectification – Under certain circumstances, you are entitled to correct inaccurate personal data concerning you and to have incomplete personal data completed. Please note that we might not be able to correct inaccurate personal data provided by you due to e.g. the airline's rules, and that such particular change may incur a cost.
Right to erasure – Under certain circumstances, you are entitled to have your personal data erased. This is the so-called “right to be forgotten”.
Right to restriction of processing – Under certain circumstances, you are entitled to restrict how we use your personal data.
Right to data portability – You are entitled to receive your personal data (or have your personal data directly transmitted to another data controller) in a structured, commonly used and machine-readable format from us.
Right to object – You are entitled to object to certain types of handling of personal data that we carry out. This applies to all our activities that are based on our “legitimate interest”.
Finally, you also have the right to lodge a complaint with the applicable data protection supervisory authority.
In order to keep your personal data secure, we have implemented a number of technical and organizational security measures. For example, we maintain high levels of technical security in all systems (including traceability, disaster recovery, access limitations etc.). In addition, we have adopted policies to ensure that our employees (which of course are subject to confidentiality obligations) do not use personal data when it is not necessary. Such policies also set out our standards for when we contract suppliers or introduce new IT systems within our operations.