PRIVACY POLICY

regarding data processing related to the website https://hotsmusic.hu/

Petőfi Media Group Nonprofit Limited Liability Company (headquarters: 1053 Budapest, Károlyi utca 16., registered at the Metropolitan Court of Registration under the company registration number 01-09-393699, tax number: 27536623-4-41, hereinafter: Company/Service Provider) informs Users regarding data processing related to the website available under the URL https://hotsmusic.hu/ in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: GDPR) and Act CXII of 2011 on informational self-determination and freedom of information (hereinafter: Infotv.).

This Privacy Policy applies to the handling of personal data provided by the User to the Company in connection with the Portal as well as to all personal data collected by the Company through the Portal’s online interfaces or through the use of cookies by the Company.

I. Explanatory provisions

In the application of the present Privacy Policy:

  • Personal data: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;
  • Data processing: any operation or set of operations performed on personal data or sets of data, whether automated or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction;
  • Data controller: a natural or legal person, public authority, agency, or other body that determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union or Member State law, the data controller or the specific criteria for its nomination may be provided for by Union or Member State law;
  • Data processor: a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the data controller;
  • Data destruction: the complete physical destruction of the data carrier containing the data;
  • Data transmission: making data accessible to a specific third party;
  • Data erasure: making the data unrecognizable in such a way that its restoration is no longer possible;
  • User: a person who visits, browses, and utilizes the services available on the Portal (data subject);
  • Portal: the website operated by the Company (https://hotsmusic.hu/).

II. General provisions regarding data processing

Anyone can access the Company’s Portal without providing personal data. On the Portal and its associated pages, users can freely and unrestrictedly obtain information about the activities of the Company and subscribe to the newsletter service. Users are solely responsible for any data they may provide; the Service Provider excludes its liability in this regard.

The Service Provider reserves the right to unilaterally modify the present data processing information at any time. The Service Provider will publish any modifications to the data processing information on the Portal by displaying relevant notifications. Users are advised to carefully read the data processing information on each visit to the Portal.

The present data processing information is continuously available on the Portal. Users can access, view, print and save the data processing information on the Portal, but they are not authorized to make any modifications. Only the Service Provider is entitled to make changes to it.

III. Scope, Purpose, Legal Basis, Method, and Duration of Personal Data Processing by the Service Provider

The legal bases for data processing are as follows:

  1. Based on Article 6(1)(a) of the GDPR, the user’s voluntary consent, which is based on appropriate information (hereinafter referred to as “Consent”).;
  2. Based on Article 6(1)(b) of the GDPR, the processing is necessary for the performance of a contract in which the data subject, as the user, is a party (hereinafter: “Contract Performance”);
  3. Based on Article 6(1)(c) of the GDPR, the processing is necessary for compliance with a legal obligation to which the data controller is subject (such as fulfilling accounting obligations – hereinafter: “Legal Obligation”);
  4. Based on Article 6(1)(d) of the GDPR, the processing is necessary to protect the vital interests of the data subject or another natural person (hereinafter: “Vital Interest”);
  5. Based on Article 6(1)(e) of the GDPR, the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller (hereinafter referred to as “Public Interest”);
  6. Based on Article 6(1)(f) of the GDPR, the processing is necessary for the legitimate interests pursued by the data controller or a third party (hereinafter: “Legitimate Interest”).

Data processing in relation with the Portal

AffectedType of processed dataSource of dataAim of data processingLegal basis of data processingDuration of data storage,
date of deletion
User visiting the Portal
Country, browser used, type and version number of tool and operating system, language settings, date of visitAffected userCreation of statistics, Development of portalArticle 6(1)(f) of the GDPR: data management is necessary to assert the legitimate interests of the data controller120 minutes from visit
Portal visit statisticsAffected userCreation of statistics, Development of portalArticle 6(1)(f) of the GDPR: data management is necessary to assert the legitimate interests of the data controller2 years from visit

The Service Provider uses cookies and other programs on the Portal in order to anonymously understand the needs of the Portal’s Users and improve the Portal based on those needs.

The above data processing is based on the legitimate business interest of the Service Provider, as it enables them to further develop and secure the Portal. The scope of the data collected and processed is not significant. The Service Provider uses this data in an anonymized form solely for the purpose of creating statistics and conducting analysis. It does not gather behavioral preferences, make automated decisions based on this data, or send personalized offers to Users. As a result, this data processing does not disproportionately affect the fundamental rights and freedoms of the User.

Google Analytics

Google Analytics is a web analytics service provided by Google LLC (“Google”) that helps to understand how visitors use the Portal based on their browsing habits. Google Analytics aggregates information about the usage of the Portal such as the IP address which may be transmitted to Google and stored on its servers. The Service Provider uses this information, received in an anonymous form, to generate reports and improve the operation of the Portal. Additionally, cookies collect anonymous information about the number of visitors to the Portal as well as data related to the source from which visitors arrive at the Portal and the pages they view. More information about Google Analytics cookies can be found here: http://www.google.com/policies/privacy/.

If Users wish to disable the tracking by Google Analytics during their visit to the Portal, they can do so using the following link: http://tools.google.com/dlpage/gaoptout

Data processing related to newsletter subscription

AffectedType of processed dataSource of dataAim of data processingLegal basis of data processingDuration of data storage,
date of deletion
Addressee of newsletterE-mail addressAffected usedSending electronic direct marketing messages and newslettersArticle 6(1)(a) of the GDPR: consent of data subjectUntil withdrawal of consent

The Service Provider sends newsletters to individuals who have expressly subscribed to the newsletter. Subscribing to the newsletter is possible on the Portal by checking the corresponding checkbox or pressing a button.

Subscribed individuals have the right to unsubscribe from the newsletter at any time, including by clicking the “unsubscribe” link provided at the bottom of each newsletter. Once unsubscribed from the newsletter, the Service Provider will no longer send newsletters to the individual. The withdrawal of consent does not affect the lawfulness of data processing prior to the withdrawal.

In the event of withdrawing consent, it is possible to provide consent again at any time. Providing consent is not a requirement for using any of the services. When giving consent, it is mandatory to provide an email address; without it, consent cannot be given. Providing an email address is also mandatory when withdrawing consent for the purpose of identification.

IV. Data controller and data processors

In relation with the data defined in point III., the data controller is the Service Provider:

Petőfi Media Group Nonprofit Limited Liability Company

Headquarters:1053 Budapest, Károlyi utca 16.
Registered by:Metropolitan Court of Registration
Company registration number:01-09-393699
Tax number:27536623-4-41
E-mail address:info@hotsmusic.hu

The employees of the Service Provider have access to the Users’ data to the extent necessary for the performance of their duties. Access rights to personal data have been established and documented in a strict internal policy.

Data processors

For the processing and storage of User data, the Service Provider engages various businesses with whom data processing agreements are concluded. The following data processors are involved in the processing of User data:

Name and address (headquarters) of data processorAim of data processingScope of data affected by data processing
Tigra Kft. (1118 Budapest, Budaörsi út 64.; cg.: 01-09-566107)Storage serviceData according to point III.
Google Ireland Limited (Gordon House, Barrow Street, Dublin 4., Írország)Google Analytics serviceData according to point III.
Tigra Kft. (1118 Budapest, Budaörsi út 64.; cg.: 01-09-566107)Web development,
application operation		Data according to point III.

The Service Provider is authorized and obligated to transmit any available and lawfully stored personal data to competent authorities if required by legislation or a legally binding official obligation. The Service Provider cannot be held responsible for such data transmission or any resulting consequences.

Addressees of data forwarding

According to this data processing information, the Service Provider does not transfer the processed data to any third party, as defined by the GDPR regulation. However, the Service Provider is authorized and obligated to transmit any available and lawfully stored personal data to competent authorities if required by legislation or a legally binding official obligation. The Service Provider cannot be held responsible for such data transmission or any resulting consequences.

Automated decision-making, profiling

The Service Provider does not carry out automated decision-making or profiling based on the data processed according to this Privacy Policy.

V. Data protection guidelines applied by the Company

The Company respects the rights of Users as defined by the legislation.

The personal data provided by Users in relation to the Portal is used by the Company solely within the framework of the legal bases and purposes specified here. The Company uses the personal data of Users specified in point III. solely in the manner and for the purposes defined in this Privacy Policy.

As the data controller, the Company undertakes to handle the obtained data in accordance with the provisions of the GDPR, the Infotv., as well as other relevant regulations and the provisions set forth in this Privacy Policy. The Company does not disclose such data to any third party, except for the designated data processors as defined in this Privacy Policy. An exception to this provision is the use of data in statistically aggregated and anonymized form, which does not contain any form of personal identification and therefore does not qualify as data processing or data transfer.

In certain cases, such as official court or police requests, legal proceedings related to copyright, property, or other infringements, or suspicions thereof, endangerment of the Company’s interests, or based on court and other authority decisions – unless otherwise required by law – and with the prior explicit consent of the User, the Company may be required to make the User’s accessible data available to third parties.

The Company strives to ensure that the processing and handling of User data receive the protection defined by applicable laws and regulations.

VI. Protection of personal data

The Company complies with its obligations under the relevant data protection laws by:

  • Safely storing and disposing of data;
  • Not collecting or retaining excessive amounts of data;
  • Protecting personal data from loss, misuse, unauthorized access, disclosure, and ensuring that appropriate technical measures are in place to safeguard personal data.

The Company takes appropriate technical and organizational measures to protect User’s personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorized disclosure or access, particularly in cases where data transmission is involved in processing, as well as against any other unlawful forms of processing.

Accordingly, the Company applies various levels of access rights to the data, ensuring that only individuals with the appropriate authorization have access to the data, and they are required to be knowledgeable about the data in order to fulfill their work-related or associated obligations.

VII. User rights

Under the data protection regulations, the User is entitled to:

  1. Request access to their personal data,
  2. Request the rectification of their personal data,
  3. Request the erasure of their personal data,
  4. Request the restriction of the processing of their personal data,
  5. Object to the processing of their personal data,
  6. Request data portability,
  7. Object to the processing of their personal data (including objection to profiling and other rights related to automated decision-making),
  8. Withdraw their consent and lodge a complaint with the competent supervisory authority.

a) Right to Access

The User has the right to obtain confirmation from the data controller as to whether or not personal data concerning them is being processed, and if so, to request access to their personal data.

The User is entitled to request a copy of their personal data undergoing processing. For the purpose of identification, the data controller may request additional information from the User or charge a reasonable fee for any additional copies.

b) Right to Rectification

The User is entitled to request the data controller to rectify any inaccurate personal data concerning them. Depending on the purpose of the processing, the User is entitled to request the completion of incomplete personal data, including by means of a supplementary statement.

c) Right to Erasure (“Right to be Forgotten”)

The User has the right to request the data controller to erase their personal data and the data controller is obliged to delete such personal data. In this case, the data controller will no longer be able to provide further services to the User.

d) Right to Restriction of Processing

The User has the right to request the restriction of the processing of their personal data. In this case, the data controller shall mark the relevant personal data, which may only be processed for certain purposes.

e) Right to Object

The User has the right to object, on grounds relating to their particular situation, at any time to the processing of their personal data by the data controller, including profiling, and may request that the data controller no longer process their personal data.

Furthermore, if the Company processes the User’s personal data based on legitimate interests, the User has the right to object at any time to the processing of their personal data for this purpose.

Additionally, the User has the right to request human intervention in relation to automated decision-making in individual cases. Please note that the data controller does not employ automated decision-making mechanisms.

f) Right to Data Portability

The User is entitled to receive their personal data provided to the Company in a structured, commonly used, and machine-readable format (i.e., in a digital format), and has the right to request the transmission of this data to another data controller, without hindrance from the Company, provided that the transmission is technically feasible.

g) Right to Withdraw Consent

If the processing of the User’s personal data is based on their consent, the User may withdraw their consent at any time without providing any justification by clicking on the link in the newsletters or by changing the settings of their Portal account or mobile device. The withdrawal of consent does not affect the lawfulness of the processing based on consent prior to withdrawal.

If the User withdraws their consent to the processing of their personal data by the Company, it may result in the Company not being able to provide the requested services at all or only partially.

h) Right to Lodge a Complaint with the Supervisory Authority

If the User believes that their personal data has been misused, they also have the right to contact and file a complaint with the local data protection authority, primarily in the member state of their habitual residence, place of work, or the alleged infringement.

In Hungary, the User can also contact the National Authority for Data Protection and Freedom of Information: H-1055, Hungary, Budapest, Falk Miksa utca 9-11.; phone: +36-1 391-1400; fax: +36-1 391-1410; e-mail: ugyfelszolgalat@naih.hu).

VIII. Contact Information

If the User wishes to exercise their rights related to data protection or submit a complaint, they can send a letter to the email address provided below. In addition, they can also contact the Company by sending a letter to the addresses provided below.

E-mail: info@hotsmusic.hu

Mailing address: 1053 Budapest, Károlyi utca 16.

IX. Other provisions

In the event of a data breach, the Company will report the data breach to the supervisory authority in accordance with the applicable laws within 72 hours of becoming aware of it and keep a record of such incidents. In cases defined by law, the affected users will also be informed about the breach.

The data controller regularly monitors its online platforms and the information provided on them, and takes all necessary measures to ensure that the information is up-to-date and accurate. However, it is possible to come across information on the online platforms that is no longer current. The Company does not assume any financial responsibility for such information.

Visitors and users of the Company’s online platforms may also visit other portals not operated by the Company. The Company is not responsible for the accuracy of the information provided on those platforms, the content of the websites, or the security of the data provided by visitors and users on the Company’s online platforms. Therefore, when using those websites, please review the privacy policies of the respective companies.

The present Privacy Policy is effective as of April 25, 2023.