Protecting the personal data made available by visitors to its website and safeguarding visitors’ rights of autonomy with regard to information are important priorities for Budapest Airport. Budapest Airport is committed to handling visitors’ personal data in a way which complies fully with applicable legal provisions and contributes to ensuring the secure use of the internet by visitors. Budapest Airport handles visitors’ personal data confidentially, in accordance with valid legal provisions, provides for their security, takes the technical and organizational measures and establishes the procedural rules required to enforce applicable legal provisions and other recommendations.
These Regulations specify the principles which define our policy and daily practices relating to the protection of personal data. In it we present our services for which we request personal data from website users, our declaration on how and for what purposes such data are used, as well as how we provide for their security and protection.
During the drafting of the Regulations we took into account applicable legal provisions and international recommendations, with special emphasis on the following:
- Act LXIII of 1992 on the protection of personal data and the disclosure of public data;
- Act VI of 1998 on the protection of individuals during the machine-based processing of personal data;
- Act C of 2003 on electronic communication
- Government decree no. 226/2003. (XII. 13.) on special data handling conditions for electronic communication service providers, the data security of electronic communication services and the rules of displaying identifiers and of call forwarding
- Act CVIII of 2001 on electronic commerce.
If you have questions or problems in connection with the contents of these Regulations, or would like to make observations on something that is not clear from the Regulations or requires further explanation, please contact our colleague responsible for the protection of personal data at: firstname.lastname@example.org
If and when requested by visitors, we provide detailed information on the personal data handled by Budapest Airport, the purpose, the legal basis and the duration of data handling and activities relating to data handling.
Personal data may be handled if:
a) The affected person consents to it, or
b) This is prescribed by an act or by a municipal decree issued on the basis of statutory authorization, for a pre-defined scope. An act may prescribe the publication of personal data for reasons of public interest, with an exact specification of the scope of the data affected. In all other cases, publication requires the consent of the affected person, which must be given in writing in the case of special data. In case of any doubt, it must be presumed that consent has been refused. Consent shall be considered to have been granted with respect to data disclosed by the affected person during public appearances or handed over by him or her for the purpose of disclosure.
Regulations on data handling and the protection of visitors’ personal data apply to natural persons only, in view of the fact that personal data can only be interpreted with respect to natural persons (based on section 1 of paragraph 2 of act LXIII of 1992 on the protection of personal data and the disclosure of public data). This Declaration is therefore only binding with respect to the handling of the personal data of natural persons.
The most important principles relating to the handling of personal data, also enforced by Budapest Airport, are the following:
• Personal data may only be handled for a specific purpose, for the exercising of rights or the fulfillment of obligations.
• Data handling must be consistent with its objective during all of its phases.
• During data handling only personal data may be handled which is indispensable for the objective of the data handling, and is suitable for attaining that objective.
• Data may only be handled to the extent and for the time necessary to attain the given objective.
• In the absence of statutory regulations, personal data may only be handled with the consent of the visitor in question.
• The nature of the data provision, whether it is voluntary or mandatory, must be specified prior to the recording of the data. In case of mandatory data provision, the legal provisions prescribing this must be specified.
• In the course of data handling data may only be used for the objective specified.
• In addition to the objective of data handling, clear information must be provided as to who will handle and process the data.
• Data must be stored securely, in a manner proportionate with the objective of data handling, for the time necessary to attain the objective of data handling.
The data handler is obliged to provide for the security of the data, and is obliged to take the technical and organizational measures and to establish the procedural rules necessary for the enforcement of applicable legal provisions.
• Data must be protected, especially against unauthorized access, alteration, publication and deletion, as well as damage and destruction.
• Visitors may request information at any time during data handling, may check the contents of their data and may request their correction, modification, alteration or deletion at any time.
• Visitors may modify or revoke their consent to data handling at any time.
• Data is usually processed in a mechanical way.
• Data must be deleted concurrently with the attaining of the goal of data handling, in accordance with legal provisions.
• Data may be forwarded and different cases of data handling may be linked if the affected visitor has consented to this, or if an act permits this, and if the conditions of data handling are fulfilled for all personal data.
Prior to implementing data handling, the service provider must provide clear and understandable information, in compliance with legal provisions, about the manner and the objective of data recording, and, in the case of voluntary data provisions, about the indication of the voluntary basis.
By data or information suitable for personal identification we mean the personal data of natural persons with which someone can be personally identified, communication may be established with them or someone’s physical accessibility may be defined, including, without limitation: name, address, mailing address, telephone number, fax number, email address, bank credit rating, social security number, tax number, credit card information, customer profiles, biometric identifiers.
Anonymous information collected without enabling personal identification and which cannot be linked to natural persons, as well as demographic data collected without being linked to the personal data of identifiable persons, thereby preventing connection to a natural person, do not qualify as personal data.
By personal data provided by third persons based on the required consent we mean data or information suitable for personal identification, applying to the persons using the service, i.e. visitors, which were collected and provided by the service provider with the cooperation of a third party, in compliance with legal provisions.
We affirm as a general principle that in all cases when we request personal data from visitors, they can decide freely on whether to provide it or not, after reading and interpreting the relevant information. It must be noted, however, that if visitors decide not to provide their personal data, they may in some cases be unable to use some of the services requiring this.
Under no circumstances does Budapest Airport collect any special information relating to race, nationality, minority and ethnic origin, political views or affiliation, religious or other conviction, state of health, pathological addictions, sexual activity or criminal history.
We also request basic demographic data (age, sex, qualification, occupation, marital status, place of residence) from visitors during registration for certain services. Such data is used for analytical purposes, to improve and develop the quality of our services and to ensure that the services we provide fully satisfy visitors’ needs, but are not disclosed to third parties.
If we request visitors to register on certain subpages of our website bud.hu, we display in all cases which data is requested to be provided as “mandatory”, for what purpose and with what conditions. In this case the use of the word “mandatory” does not refer to the mandatory nature of data provision, but to the fact that there are some data fields which must be filled out for successful registration, and that failure to complete certain fields, or inappropriate completion could lead to the rejection of registration. Data requested to be provided as “mandatory” is requested in such a generalized format that they are not suitable for personal identification in any way whatsoever.
Personal and other data provided by visitors are not amended or linked with data or information originating from other sources. If such linking of data originating from different sources were to occur in the future, this would only be done based on prior consent from visitors, with the relevant information having been provided.
In case Budapest Airport commissions business partners to provide or operate some of its services, pages or campaigns, and such services involve the collection of personal data, the data is subject to the same rights of use and data handling for Budapest Airport as if it collected and stored the data itself. In the course of such cooperation, the business partner collects the data on behalf of and as a representative of Budapest Airport, and the provisions of these Regulations apply to such cases as well. If Budapest Airport maintains co-branded services with a content partner, the rights to use the personal data are shared, but the provisions of these Regulations still apply, based on data handling regulations with the same contents, prescribed for partners as part of the contractual relationship. In case of the above data handling scenarios, the identity of the data handler is clearly specified during the data provision process.
In the absence of specific authorization thereto, personal data made available by visitors is not disclosed to third parties under any circumstances.
However, the complete implementation of services may require the handover of some of visitors’ personal data to third parties on a temporary basis for the purpose of data processing or data handling, in case the necessary consent is granted. For example, if visitors undertake online payment on our service pages, the credit card number, indispensable for payment, is forwarded to the partner financial institution, but the credit card number is not stored. If as a result of a purchase made on our website bud.hu the product purchased needs to be sent to the buyer, the product to be delivered, its price, the name and the address of the addressee are handed over to the business partner performing delivery, specified on the opening page of the service in question, but the delivery partner may not use these data for any other purpose besides the delivery. The handling of personal data in this manner is not possible without consent to the forwarding of the data.
In compliance with its statutory obligation, Budapest Airport hands over requested and available information to the competent authorities if it is requested to hand over personal data in a manner consistent with legal provisions (received in a resolution seizing official data in connection with the suspicion of a criminal act).
If visitors make personal data available to us, we will take all necessary measures to provide for the security of such data, both during network communication (online data handling) and data storage (offline data handling).
If the services in question require clients to send personal data (e.g. credit card number) online to be able to use the service, we provide a channel ensuring appropriate protection for such messages (SSL-based connection).
As soon as the personal data are inside the IT infrastructure used by Budapest Airport, actions relating to the safeguarding and protection of the data are defined by the principles, procedures and security controls specified in the IT Security Policy of Budapest Airport, with all company employees being responsible for compliance therewith.
Only persons working in relevant positions may have access to personal data, with the application of high level access control measures.
The modification and deletion of personal data
If any of our clients requests the deletion of their personal data from our system (of course in some cases accepting that from then on they will not be able to use the service linked to the data, or at least not in the same way), such a request will be fulfilled immediately by deleting from our database the appropriate records specified by the visitor.
The placement of anonymous visitor identifiers (cookies)
An anonymous visitor identifier (cookie) is a unique series of signals suitable for identification and the storage of profile information, which service providers place on visitors’ computers. It is important to know that the complete IP address is not stored during the use of such signal series; they are therefore not able to identify the client, i.e. the visitor, in any way whatsoever on their own, they are only suitable for recognizing the visitor’s computer. It is not necessary to provide a name, email address or any other personal information, since service providers do not request data from visitors during the application of such solutions; data is only exchanged between computers.
In the era of the internet, personal information and personalized services can only be provided if service providers are able to individually identify the habits and the needs of their clients. Similarly to other service providers, Budapest Airport handles the aforementioned anonymous identifiers, which do not contain personal information, with the aim of finding out more about the information usage habits of clients in order to be able to improve the quality of its services and to be able to display tailor-made pages and marketing (advertising) content for clients visiting its website.
If you do not want such an identifier signal to be placed on your computer, you can adjust the settings of your browser in such a way that it will not allow the placement of such a unique identifier signal on your computer (in the case of most browsers this can be done in the settings / internet settings tab under the tools menu). In this case you will be able to use most of our services, but we will not be able to serve you fully in some cases (for example on pages offering solutions tailored to individual needs).
The analysis of log files
The analysis of log files generated during the use of web-based services provides information for service providers which is useful in several respects. In the log files the servers providing the service record data about the requests sent by visitors, such as the dynamic IP address of the computer sending the request, the type of browser used, the time of the request, the address of the requested page, etc. Budapest Airport uses such information for technical purposes (analyzing the secure operation of servers, subsequent checks) only. The data queues thus generated are not linked with information suitable for identification, originating from other sources.
The sending of special offers
Budapest Airport sends an email welcoming clients signing up for services requiring registration or subscription, which in some cases also contains information important in terms of the use of the service (for example confirmation of username and password). Subject to consent thereto, we also circulate emails to clients from time to time, providing information on new services, special offers, etc. If clients do not wish to receive such promotional messages going forward, even though they have not indicated this intention earlier, they can unsubscribe from these in the same manner and through the same channel as used to initiate the use of the service.