FAQ: Information Privacy

I’m a visual type... What happens with my personal data? (Infographics)

Anyone can become familiar with the various data management procedures by reading the data-management policy but assistance is also provided in the flow charts hereunder.

The red arrows denote the route of the personal data, the black arrows denote the flow of the data which, in itself, is not personal and from which information concerning the individual cannot be derived.

  1. Purchasing ticket with club card at ticket office
  2. Purchasing ticket online with club card
  3. Purchasing ticket at ticket office without a club card
  4. Purchasing a web voucher as a foreign national
  5. Registering and collecting your club card at office
  6. Club card pre-registration

What role does the MLSZ have in relation to the central club-card and central ticket-sales system?

The MLSZ, as national football federation, ensures all the infrastructural conditions for the football competition system. In the interest of security at sporting events and in its competitions the MLSZ collaborated in the formation of the central club-card system and the central ticket-sales system.

The majority of clubs joined the central club-card system which was established with the collaboration of the MLSZ. Only Ferencvárosi TC (FTC) and Nagyerdei Stadion (DVSC) operate their own club-card system.

As coordinator, the MLSZ ensures the operation of the local club-card systems and ticket-sales systems, ensures the systems communicate with each other, and ensures professional service providers operate the IT background. With all of these arrangements a safe football experience can be achieved.

The MLSZ does not have access to the data of club-card holders, nor to the data of supporters purchasing tickets for club matches.

The MLSZ strictly manages the data of football-card users and those who purchase tickets for sporting events organised by the MLSZ.


On the basis of which laws does the data management take place?

The following laws regulate the significant circumstances of data management:

  • Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: Privacy Act);
  • Sections 71-73 and 76/A of Act I of 2004 on sports (hereinafter: Sports Act);
  • Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (hereinafter: Act on Commercial Advertising Activities).

The Sports Act entitles the match organiser to manage the personal data related to club cards and related to name-specific tickets.


What is the aim of the data management?

On the basis of the stipulations of the Sports Act – in the instance of an entrance system being operated – only name-specific entry tickets or season tickets may be sold. The central club-card system has been developed in the interest of making ticket-purchasing easier. Personal data is managed by the data manager in the interest of the operation of the system, the performance of card requests, the fulfilment of these requests and the usage of club cards.

Above and beyond this personal data may also be used in order to maintain contact and to send offers, providing the given user has expressly consented.

The data may also be used in order to exclude persons from sporting events should they be subject to procedures, deriving from infringement of the law at such events, by the authorities.

Details can be found under the Privacy Policy menu.


Who manages my data?

The club from which the supporter requested the club card manages that person’s personal data. If the club card is requested through the MLSZ, it is known as a Football card; in this instance the MLSZ will manage the card holder’s data.

The Football card is for those who do not have ties to one particular club, or who mainly attend national team matches. With a Football card you can attend any match where the organiser has made the use of a club card compulsory but has also made the use of a neutral (neither home, nor away team) card possible.

The MLSZ’s and the clubs’ club card systems work separately from each other, and the data are stored in separate databases.

The manager of data related to tickets (or season tickets) is the match organiser.

The MLSZ does not have access to the personal data of club card owners (except for the Football cards), nor for personal data related to club-team events.


What personal data do they manage?

Ticket, season ticket and/or club card owners’ name, date and place of birth, their mother’s maiden name, and their address are managed.

In order to maintain contact – according to the instructions of the card holder – and/or for marketing purposes, the data manager handles the card holder’s:

  1. name;
  2. card number,
  3. e-mail address;
  4. telephone number;
  5. address;
  6. signature

From the perspective of operating the club card system (user identification, documenting their statements and ensuring the trouble-free operation of the system) the following data is indispensable:

  1. card number;
  2. club membership category;
  3. date and time of card request;
  4. place of card collection;
  5. pre-registered or not;
  6. PIN code (secret 4-digit number, for increased card security);
  7. signature of the member or his/her legal representative;
  8. in the case of persons under 16 years of age, the name and address of the legal guardian (typically the parent).


Do they manage biometric data?

The systems established by the MLSZ or with its collaboration do not handle biometric data. We call biometric data those data which are connected to a person’s biological characteristics and which are suitable for identification purposes, for example, finger print, palm scan, face and iris pattern.


Which clubs are participating in the club card system?

The football clubs qualify as independent data managers.

The majority of clubs are part of the central club-card system established by the MLSZ:

  1. Balmazújváros Sport Kft. (4060 Balmazújváros, Sporttér u. 5.)
  2. Békéscsaba 1912 Előre Futball ZRt (5600 Békéscsaba, Kórház u. 6.)
  3. Diósgyőr FC Kft. (3534 Miskolc, Andrássy út 61.)
  4. Fehérvár FC. Kft. (8000 Székesfehérvár, Csíkvári u. 10.)
  5. Győri ETO FC Kft. (9027 Győr, Nagysándor J. u. 31.)
  6. Gyirmót FC Kft. (9019 Győr, Ménfői út 61.)
  7. Honvéd FC Kft. (1194 Budapest, Puskás Ferenc u. 1-3.)
  8. Mezőkövesd Zsóry FC Kft. (3400 Mezőkövesd, Széchényi út 9.)
  9. MTK Budapest Zrt. (1087 Budapest, Salgótarjáni út 12-14.)
  10. Nyíregyháza Spartacus FC Kft. (4400 Nyíregyháza, Sóstói út 24/A)
  11. Paksi Futball Club Kft. (7030 Paks, Fehérvári út 29.)
  12. PMFC-SPORT Szolgáltató és Kereskedelmi Kft. (7633 Pécs, Stadion u. 2.)
  13. Puskás Futball Klub Kft. (8086 Felcsút, Fő utca 176.)
  14. Soproni Vasutas Futball Kft. (9400 Sopron, Mátyás kir. u. 19.)
  15. Szombathelyi Haladás Labdarúgó és Sportszolgáltató Kft. (9700 Szombathely, Rohonci út 3.)
  16. Újpest 1885 Futball Kft. (1044 Budapest, Megyeri út 13.)
  17. Vasas Futball Club Kft. (1139 Budapest, Fáy u. 58.)
  18. VÁRDA Labdarúgó Kft. (4600 Kisvárda, Flórián tér 6.)
  19. ZTE Football Club Zrt. (8900 Zalaegerszeg, Október 6. tér 16.)

Only Ferencvárosi TC (FTC) and DVSC (or rather the Nagyerdei Stadion) operate their own club card systems, but in the interest of making it easier for visiting supporters to purchase tickets, visiting supporters may also use the central ticket sales system:

  1. DVSC Futball Szervező Zrt. (4032 Debrecen, Oláh Gábor u. 5.)
  2. FTC Labdarúgó Zrt. (1091 Budapest, Üllői út 129.)


Who will participate in managing my personal data as a data processor?

The below data processors (who strictly carry out technical tasks with the personal data) may come into contact with club card and ticket data:

  • Nádor Rendszerház Kft. (1152 Budapest, Telek utca 7-9.)
  • e-Corvina Kft. (1134 Budapest, Róbert Károly krt. 64-66.)
  • TEX Hungary Kft. (1146 Budapest, Dózsa György út 1.) In addition, MLSZ data processors are TEX Hungary Kft’s ticket agents, furthermore their contracted partners who hand over the issued cards to the card holders, whose current data can be accessed at www.tex.hu/mlsz
  • Jegymester Kft. (1065 Budapest, Bajcsy-Zsilinszky út 31.)

The individual clubs may employ other data processors; the given club will provide information in relation to this in their data management policy.


What kind of data management takes place when purchasing a ticket?

All of the club card systems connect to the central ticket sales system. When purchasing tickets, club cards are checked; the system checks if the PIN code matches to the card number given and also checks the card’s validity. Following successful authentication the personal data registered in the club card systems goes to the organiser’s ticket sales system on the basis of the user’s consent.

A club card register ensures the communication between the individual club card systems, and among the ticket sales systems, club card systems and external systems. Club card register does not store personal data, but records card numbers, date of issue and date of rejection, as well as the club identifier.

The MLSZ does not have access to the club card holder’s personal data or to personal data related to club teams’ events. Without the express authorisation of the given person (without the card usage during ticket purchasing) individual clubs do not have access to the data of other clubs or the MLSZ; moreover, following the ticket purchase the visiting club cannot access the data of the visiting supporters.


Who has access to the personal data, if the tickets are purchased as follows?

  1. Purchasing a ticket using a club card
    1. At the home team stadium ticket office: only the club organising the match and its data processors (e.g. cashier, who is an employee or subcontractor of the club) can see the data.
    2. bAt the visiting team stadium ticket office: if the visiting club is selling tickets for visiting supporters, it does so at the request of the organising club (data manager), that is, it does so as the data manager’s data processor. In such cases the visiting club (or its cashier) records and enters the personal data on behalf of the match organiser. The visiting team’s cashier sees the personal data of those purchasing tickets for the away support sectors. Beyond this, only the match organiser (home club) and its current data processors have access to the personal data.
    3. At a ticket reseller: Personal data of supporters purchasing tickets through the national network of Ticket Expressz (TEX) is seen by data processors of TEX, acting as the data processor of the clubs (and the MLSZ), and they can be accessed by the organiser of the match and its data processors.
    4. Purchasing a ticket online: when purchasing tickets at meccsjegy.mlsz.hu the ticket purchaser provides their card number and PIN code to the system, the personal data is then requested from the data managing club by the club card register. Personal data is only saved when a ticket is purchased. When purchasing a ticket supporters themselves send their personal data to the match organiser. The club card issuing club (or the MLSZ in the instance of the Football card) may only receive statistical data on purchasing a ticket for an away match, and this only occurs if the supporter has consented to their data being handled for marketing purposes. Only the match organiser and its data processors have access to personal data.
  2. Matches organised by FTC or DVSC
    1. Tickets for the matches of the two clubs can be purchased via the clubs’ own ticket sales systems; the central ticketing system is used only by the visiting supporters. Only the match organiser (FTC or DVSC) and their data processors can see the data. The visiting club acts as a ticket agent (data processor) for FTC or DVSC, and thus act in order of the match organiser. Only the match organiser and their data processors (e.g. cashier, TEX) have access to personal data. When purchasing tickets the data follows the same path as in section I. d). You may ask for further information about data management at FTC and DVSC from the clubs themselves as Data Managers.
  3. Purchasing a ticket without a club card
    1. The cashier records and enters the personal data into the system, or the customer does so themselves online, which can be accessed only by the organiser and its data processors.


For how long is my data stored?

Should the stipulations of the authorities and the organising club not deviate, the personal data is stored for three working days following the expiry of the entry ticket, season ticket or club card. Personal data is immediately deleted upon the redemption or expiry of the ticket/season ticket or club card.

The photo provided to the data manager for printing the club card is automatically deleted upon being printed.

If the person, who requested a card on the online pre-registration website does not collect the card within 30 days, personal data is deleted. In addition, the card is destroyed if it has been printed.

Data is stored in the website system log for 365 days.

Returned Football cards are destroyed within no more than 10 days following the request to delete them. In the case of consent-based data management the declaration of consent will be destroyed as soon as possible after the consent is revoked.


Who else has access to my data?

In the interest of ensuring that a banned person may not be able to purchase a ticket, the ticket system checks the personal data supplied in the manner described below against the Sport Safety and Security Database managed by the policy based on 73 (6) b of the Sports Act. The organiser of the match sends the ticket purchaser’s personal data in encrypted form by a hash algorithm (stripped of any personal characteristic) to the police. The police encrypt the data stored in their database using the same hash algorithm, and establish based upon the comparison of the sent and recorded data, whether the person purchasing the ticket is subject to any ban. The system sends back the answer to the organiser. The police do not acquire knowledge of personal data of persons not subject to any ban.

On the basis of 72/B. § Para (5) of the Sports Act within three working days following the expiry of the ticket, season ticket or club card it is possible to forward the given spectator’s name, date and place of birth, mother’s name and address – for use as evidence in a criminal- or legal procedure – to the investigating authority, prosecution or court.

In the interest of exclusion, the stewards are to give the recorded personal data to the organiser

The organiser shall forward the name, the place and date of birth of the person they have excluded, as well as the time period of the exclusion, the name of the sports venue and the scope of events which is covered in the exclusion to the Sport Safety and Security Database within three days.


Which data security measures are used to ensure my personal data is protected?

When purchasing tickets online you can only access personal data with the correct combination of the card number and PIN code. Club cards may also be used at ticket offices without the PIN code so long as the cards are physically present.

The club, as data manager, and possibly their data processers may have access to personal data, but each club only sees the data of supporters purchasing tickets for that club’s matches, or of their own club-card holders. The MLSZ only sees data of those holding a Football card or of those purchasing tickets for the MLSZ’s events.

The systems communicate with each other via encrypted VPN (virtual private network) channels, with certification based encryption.

The data is forwarded to the Police via the afore-mentioned method following the application of a hash algorithm.


How can I ask for my data to be deleted or corrected?

Should you wish your data to be deleted, corrected or blocked, request information on the management of your data, or object to the data management, do so – if possible, in writing – to your data manager, that is, the card-issuer, in the instance of ticket purchasing, at the organiser of the sporting event, or in the instance of purchasing a season ticket, the issuing club.


To whom can I turn if I object to my personal data to be handled?

Should you have a problem regarding the management of data related to the club card, please contact the card-issuing data manager or contact the central club-card Customer Service.

In the event of your rights being infringed you may take the data manager to court. The court shall prioritise the case.


Above and beyond this you may turn to the National Authority for Data Protection and Freedom of Information with your complaint:

Name: Nemzeti Adatvédelmi és Információszabadság Hatóság (National Authority for Data Protection and Freedom of Information)
Registered seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal address: 1530 Budapest, Pf.: 5.
Telephone: 06-1-391-1400
Fax: 06-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
Homepage: www.naih.hu

Should you have any further questions, please contact MLSZ Customer Service.

Your browser is outdated

Please update your browser UPDATE NOW

×