Privacy policy


Welcome to the privacy policy (hereinafter: the Privacy Policy) of the EVC2019 which is made up the following different legal entities:

  • Pannonspot Kft.

14, Welther Karoly utca

9700 Szombathely



VAT number: HU13132439

  • Christoph Theis

Sank-Antoni-Straβe 7

7000 Eisenstadt


This Privacy Policy is issued on behalf of the Pannonsport Ltd. and Christoph Theis so when we refer to “we”, “us” or “our” in this Privacy Policy, we are referring to the relevant company/person responsible for processing your data.

This Privacy Notice describes our collection, use, disclosure, retention, and protection of your personal information. We respect your privacy and are committed to protecting your personal data. This Privacy Policy will inform you as to how we look after your personal data when you visit our website at: (hereinafter: the Site), regardless of where you visit it from, and tell you about your privacy rights and how the law protects you.

By using our Services and/or registering for an account with us, you are accepting the terms of this Privacy Policy and our User Agreement, and you are consenting to our collection, use, disclosure, retention, and protection of your personal information as described in this Privacy Policy.


  1. Us as Data Controller assumes an obligation that all data management relating to its activities complies with the provisions of this Privacy Policy and the relevant national laws and regulations specified in the legal acts of the European Union.
  1. Information regarding management of data by us is continuously available in the footer of the starting page of the website operated by us.
  1. We reserve the right to modify the Prospectus on Data Management unilaterally. In the event of modification, we shall notify the User by publishing the changes on the User accepts the revised Prospectus on Data Management by using the service after the modification takes effect.
  1. In order to protect the personal information of its customers and partners, we consider it important to respect its clients` right to information self-determination. We shall treat the personal data in a confidential manner and shall apply all security, technical and organizational measures that guarantee the security of data. Our data management practices are contained in this Prospectus on Data Management.
  1. Our principles on privacy are in line with the current data protection legislation, thus especially with the following:
  • Act CXII of 2011 on the Right of Informational Self‑Determination and on Freedom of Information (hereinafter referred to as Privacy Act);
  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: GDPR);
  • Act V of 2013 on the Civil Code (Civil Code);
  • Act CVIII of 2001 on Certain Aspects of Electronic Commerce and Information Society Services (E‑Commerce Act);
  • Act LXXVI of 1999on Copyright;
  • Act CLV of 1997 on Consumer Protection;
  • Government Decree No. 45/2014 (II.26) on the Detailed Provisions of Contracts Concluded between Consumers and Companies.


  1. Our data processing is based on the following legal rights (Paragraph 1 of Section 6 of the GDPR):

a) the individual has given their consent to the processing of their personal data for one or more specific purpose (voluntary consent);

b) data processing is necessary for the fulfilment of such a contract where the affected person is one of the parties or if it necessary to carry out steps required by the affected person before the contract is entered into (fulfilment of the contract);

c) data processing is necessary to fulfil the legal obligation for the data controller (legal obligation);

d) data processing is necessary to validate legitimate interest of data controller or a third party (legitimate interest).

  1. In case of data processing based on voluntary consent the affected person may withdraw their consent at any time during data processing.
  1. Individuals with particular disabilities and children with limited ability may not use services via our system.
  1. In some cases processing, storage and forwarding are made mandatory by law of which we will notify users separately.
  1. Please note that if data provider is not providing their own personal data, it is their responsibility to obtain the consent of the person concerned.
  1. Personal data may only be handled for a specific purpose. The purpose of data management must be met, data entry and management must be fair and legitimate at all stages of data processing. Only personal data that is essential for achieving the purpose of data processing can be handled to achieve this goal. Personal data can only be handled to the extent and for the duration required to achieve the goal. We will not use personal data for purposes other than those indicated.
  1. Online web shop services (purchase of tickets) – purchase transaction, entry, notification


Purpose of data processing: to ensure the provision of a web shop service on the site, the order, to fulfil the order, to document the purchase and payment and to fulfil the accounting obligation.

  1. This Privacy Policy aims to give you information on how We collect and process your personal data through your use of the Site, including any data you may provide through the Site for the reasons specified below.
  1. It is important that you read this Privacy Policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Policy supplements the other notices and is not intended to override them.
  1. The purpose of the Site is to gather the information necessary to organize the European Veterans Championships 2019. For this purpose, we ask users to provide name, sex, and country of the participants. In addition, we ask for the birthday of players.
  1. This information will only be used to organize and conduct a tournament. Access to that data is restricted to people involved in the organization. We will publish a list of participating players with their name, country and the entered events.
  1. You may enter email or phone number for players, but you are not obliged to do so. We treat these data strictly confidentially and will use them solely for purposes related to the tournament like sending an email when a player is requested as a double partner or sending an SMS with match information during the tournament. You can always edit the registration of players to remove email address or phone number.
  1. The organizer may decide to out-source some aspects of the tournament to third parties. These will have to adhere to the same privacy policy and will be allowed to use the data for the sole purpose of the task to which they are commissioned.

Where we need to collect personal data by low, or under the terms of the contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter with you (e.g. to register you for the tournament). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.


Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which We have grouped together as follows:

  1. Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, age, gender.
  1. Contact Data includes billing address, residential address, delivery address, email address, social media handles and telephone numbers.
  1. Financial Data: If users choose to pay with credit card we will redirect them to a contracted payment provider which will handle the financial aspects. The payment provider will provide as with transaction data like an id to identify the transaction, but the credit card number will not be processed in this system.
  1. Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
  1. Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, full ‘Uniform Resource Locators’ clickstream to, through and from the Site (including date and time) and other technology on the devices you use to access the Site.
  1. Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses, performance, results and times at our events, products you viewed or searched for; page response times; download errors; length of visits to certain pages; page interaction information (such as scrolling, clicks, mouse-overs and methods used to browse away from the page).

Possible consequences of failure to provide data: Failure of purchase transaction.


We collect, process, and retain personal information from you and any devices (including mobile devices) you may use when you: use our Services, register for an account with us, provide us information on a web form, update or add information to your account, or when you otherwise correspond with us regarding our Services.

We use different methods to collect data from and about you including through:

  1. Direct interactions: You may give us your Identity, Contact, and Financial Data by filling in forms or corresponding with us by postal, email, phone or otherwise. This includes personal data you provide when you:
  • Register for the EVC2019
  • Interact with us
  1. Automated technologies or interactions. As you interact with the Site, we may automatically collect Technical Data about your equipment and browsing actions. We collect this personal data by using cookies, server logs and other similar technologies.


We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  1. Where we need to perform the contract we are about to enter into or have entered into with you.
  1. Where it is necessary for our Legitimate Interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  1. Where we need to comply with a Legal or Regulatory Obligation.

Please, contact us to find out more about the types of lawful basis that we will rely on to process your personal data.


We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our Legitimate Interests are where appropriate and the period for which we retain your personal data. For the avoidance of doubt, please be aware that where we use a specific type of personal data for more than one reason and there is a conflict between the retention period for each such use in the table below, the longest retention period shall prevail.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please, contact us, if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/Activity Type of data Lawful basis for processing including basis of Legitimate Interest
To apply to participate, or participate, or to organize a team, in any of Our events (a) Identity Data

(b) Contact Data

(c) Transaction Data

(d) Technical Data

(e) Profile Data

(f) Marketing and

(g) Communications Data

(a) Performance of a contract with you
(b) Legitimate Interests (we need this data to be able to allow you to participate in our events and to stage Our events).
To facilitate and publish the results of Our events (a) Identity Data

(b) Profile Data

Legitimate Interests (we need the ability to publish and store the results, rank individuals, challenge results after the Specific Event and keep a historic log of this data all for the purpose of staging the event(s) and for archival and historic research. This also allows participants to rank themselves against other participants).
To televise, film and/or otherwise record our events and to take photographs and record footage of our events (a) Identity Data Legitimate Interests (we need the ability to publish, display, sell and distribute our events by means of film, television, radio, print media, internet, publicity material or any other media now or in the future).
To invite you to participate, and for you to participate, in our Hospitality (a) Identity Data
(b) Contact Data
(c) Marketing and Communications Data
(a) Performance of a Contract with you.
(b) Legitimate Interests (we need this data to be able to give you the option to attend, and to provide you with, high-quality hospitality).
To process and deliver your order including:

a) manage payments fees, and charges

b) collect and recover money owed

(a) Identity Data

(b) Contact Data

(c) Transaction Data

(d) Technical Data

(e) Profile Data

(f) Marketing and

(g) Communications Data

(a) Performance of a contract with you

(b) Necessary for our legitimate interests: to recover debts due to us

(c) Necessary to comply with a legal or regulatory obligation including for tax and consumer protection purposes

To manage our relationship with you which will include:

(a) Notifying you about changes to our terms or Privacy Policy

(b) Asking you to leave a review or take a survey

(c) Dealing with any complaints and responding to feedback

(a) Performance of a contract with you

(b) Necessary to comply with a legal or regulatory obligation

(c) Necessary for our legitimate interests: to keep our records updated

To administer and protect our business and the Site, including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of the data (a) Identity Data

(b) Contact Data

(c) Technical Data

(a) Necessary for our legitimate interests: running our business and IT services, network security, to prevent fraud, and in the context of a business reorganization or group restructuring exercise

(b) Necessary to comply with a legal or regulatory obligation

For events logistics and operational purposes including purposes including emergency service access routes, personal care plans and public access routes (a) Identity Data

(b) Contact Data

(a) Necessary for our legitimate interests: ensuring that the event logistics are in place to ensure successful staging or our events

(b) Necessary to comply with a legal or regulatory obligation such a safety, security, and insurance


The Site may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave the Site, we encourage you to read the privacy policy of every website you visit.


You can set your browser to refuse all or some browser cookies or to alert you when web sites set or access cookies. If you disable or refuse cookies, please, note that some parts of the Site may become inaccessible or not function properly.


We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please Contact us.

If We need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.


We may have to share your personal data with the parties set out below.

  1. Our acting as processors provide various services such as event entry, entry management and supporting services, grant management services, timing services, services with respect to the dissemination of photos, videos and other memorabilia, facilitation services for graphical representation of results, data analysis services, publication of race results services and IT and system administration services. Please Contact us to find out more about the various third parties who may process your personal data.
  2. Professional advisers acting as processors or joint controllers.
  3. Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in Hungary who require reporting of processing activities in certain circumstances.
  4. Third party athletic bodies and affiliations such as:

(A) European Table Tennis Association

(B) Hungarian Table Tennis Association

  1. Broadcasters to allow them to commentate on our events.
  1. Where you have consented to pass your personal data to third parties (for example, hotel groups about accommodation in relation to our events or charities where you have initially been unsuccessful in your event application).
  1. Media where we deem that there is a human-interest story about your participation at one of our events.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.


We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.


  1. Our IT systems and other data retention systems are located at its own seat and at its data processors`.
  1. We select and manage the IT tools used to manage personal data in the provision of the service so that the data:

a) is available for those entitled (availability);

b) authenticity and validation is provided (data authenticity);

c) integrity can be verified (data integrity);

d) is protected against unauthorized access (data confidentiality).

  1. We will protect the data with appropriate measures, especially against unauthorized access, alteration, transmission, disclosure, deletion or loss, as well as accidental destruction, harm, as well as unavailability due to any change to the technology used.
  1. In order to provide security to the data stored electronically in its various registers, we shall ensure, by using suitable technology, that the stored data could not be directly linked and linked to the data subject, unless permitted by law.
  1. We will employ such technical, structural and organizational measures to defend the security of data management that provides appropriate level of security to the risks arising in connection with data management.
  1. During data processing we shall maintain:

a) confidentiality: to protect information so that only persons authorized are able to aces it;

b) integrity: to protect accuracy and totality of information and method of processing;

c) availability: to ensure that if eligible user needs it, they can actually access the required information and have the tools available for such.

  1. Our IT System and network, as well as its partners`, are protected against computer‑assisted fraud, espionage, sabotage, vandalism, fire, flood, furthermore against computer viruses, cyber intrusions and attacks leading to refusal of Services. We use server‑level and application‑level protection features to ensure security.
  1. In the automated processing of personal data, we provide additional measures

a) to prevent unauthorized data entry;

b) to prevent the use of automatic data processing systems by unauthorized persons by means of data transmission devices;

c) verifiability and determination of which bodies personal data has been or may be transmitted to by means of data transmitting equipment;

d) verifiability and determination of when and who entered which personal data into the automatic data-processing systems;

e) the recoverability of installed systems in case of malfunction and

f) reports are prepared on errors occurring during automated processing.

  1. We shall take into account the prevailing development of technology when determining and applying measures for data security. If there are several possible solutions for data processing, the one that ensures the highest possible protection of personal data must be chosen unless this would be disproportionate.
  1. We shall ensure the protection of data procession security by such means of technical, organizational and institutional measures that provide a level of protection appropriate to the risks associated with data processing.
  1. Electronic messages transmitted via the Internet are vulnerable to network threats irrespective of protocol (email, web, ftp, etc.) which may result in fraudulent activity or disclosure or modification of information. We shall take all reasonable precautions to protect from such threats. We shall monitor the Systems in order to record any security deviation and to provide proof in case of all security related events. However, the Internet is commonly – therefore, also to the User – known to be not one hundred percent secure. We shall not be responsible for damages caused by inevitable attacks despite its best efforts.


Under certain circumstances, you have rights under data protection laws in relation to your personal data.

Data subjects` rights are in line with the current data protection legislation, thus with Government Decree No. 45/2014 (II.26) on the Detailed Provisions of Contracts Concluded between Consumers and Companies.

  • Right to be informed: The information shall be provided in writing via the contacts specified in section I of the present Information on Data Processing document. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.
  • Right to request correction of the personal data: This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Right of access by the data subject: The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

purposes of the processing;

the categories of personal data concerned;

the envisaged period for which the personal data will be stored;

the right to request rectification, or erasure, or restriction of processing of personal data;

any available information as to the source of data.

  • Right to rectification: Affected person may request from us to rectify or complete the processed personal data.
  • Right to erasure: The data subject shall have the right to obtain from us the erasure of personal data concerning him or her without undue delay where one of the following grounds applies:
  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • the data subject withdrew consent on which the processing is based and where there is no other legal ground for the processing;
  • the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
  • the personal data have been unlawfully processed;
  • the personal data have been collected in relation to the offer of information society services.
  • Right to restriction of processing: The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;

the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or

the data subject has objected to processing; in this case restriction shall apply for a period enabling the verification whether the legitimate grounds of the controller override those of the data subject.

  • Right to request the transfer of your personal data to you or a third party: We will provide to you or a third party you have chosen your personal data in a structured, commonly used, machine-readable format.

Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

  • Right to withdraw: This will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.


We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.


We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.


For Data Protection Issues, you have the right to make a complaint at any time to the National Information Commissioner’s Office. We would, however, appreciate the chance to deal with your concerns before you approach the NICO so please Contact us in the first instance.

Name: National Information Commissioner’s Office

Seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Postal address: H-1530 Budapest, PO Box: 5.

Phone: +36 1 391 1400

Fax: +36 1 391 1410