The purpose of this prospectus is to provide general information to data subjects on the data processing performed by MÁV-START Zrt. as the data controller providing public passenger transport services, including the identity and contact details of the data controller, the contact details of the Data Protection Officer, the main rules on data processing and the basic concepts related to data protection.
If you would like to receive information regarding a specific data processings performed by MÁV-START Zrt., see the menu ’Privacy Policy’, which can also be accessed by clicking here [1].
If you would like to find out about your rights as a data subject and how to exercise your rights, please see the menu ’Rights of the data subject and their enforcement’, which you can also access by clicking here [2], where you will also find the forms to facilitate the exercise of rights.
The identity and contact details of the Data Controller
Firm name: |
MÁV-START Vasúti Személyszállító Zártkörűen Működő Részvénytársaság |
Headquarter: |
1091 Budapest, Üllői út 131. |
Postal address: |
1091 Budapest, Üllői út 131. |
Company registration number: |
01-10-045551 |
Tax number: |
13834492-2-44 |
E-mail: |
eszrevetel [KUKAC] mav-start.hu |
Contact details of the Data Protection Officer
E-mail: adatvedelem [KUKAC] mav-start.hu
Postal address: 1091 Budapest, Üllői út 131. - on the envelope, please indicate: "For the Data Protection Officer".
Key concepts for data processing
’Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); e.g. the name of the data subject, personal identification data (birth data, mother's name, number of identity documents), contact data (name, telephone number), data on the travel entitlement card, bank account data, sound and image of the data subject, etc.
’Data controller’: the – typically, but not exclusively – legal entity (e.g. MÁV-START Zrt.) that makes substantive decisions regarding data processing, e.g. defines the purpose and means of data processing, the cathegories of the processed data, decides on the duration of the data processing, ensures the rights of the data subject, determines the data security requirements with regard to the risks of data processing, etc.
’Data processor’: a person who performs data processing in the name and on behalf of the data controller and in accordance with its exclusive instructions, during which cannot make independent decisions on data processing, e.g. during the provision of IT services data storage, systematisation, deletion, etc.
Legislation and internal regulations on data processing
The most important legal regulations concerning the data processing performed by MÁV-START Zrt. Please note that the designation of the legislation is not exhaustive!
1. Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation/GDPR);
2. Act CXII of 2011 on the right to informational self-determination and on the freedom of information
3. Act XLI of 2012 on passenger transport services (PTS)
MÁV-START Zrt. applies the following internal regulations during its data processing:
4. CEO instruction no. 39/2024. (VIII. 08.) on the Privacy Policy (in Hungarian) [6];
Contact details of the Data Protection Supervisor Authority
With regard to the data processing performed by MÁV-START Zrt., the Hungarian National Authority for Data Protection and Freedom of Information has supervisory authority, to which the data subject may turn with a complaint at any of the following contact details.
Name: |
Hungarian National Authority for Data Protection and Freedom of Information |
Headquarter: |
1055 Budapest, Falk Miksa u. 9-11. |
Postal address: |
1363 Budapest, Pf. 9. |
Phone: |
(+36-1) 391-1400 / +36 (30) 683-5969 / +36 (30) 549-6838 |
Fax no.: |
(+36-1) 391-1410 |
E-mail: |
ugyfelszolgalat [KUKAC] naih.hu |
Website: |