regarding data processing related to the website https://hotsmusic.hu/
Petőfi Media Group Nonprofit Limited Liability Company (headquarters: 1053 Budapest, Károlyi utca 16., registered at the Metropolitan Court of Registration under the company registration number 01-09-393699, tax number: 27536623-4-41, hereinafter: Company/Service Provider) informs Users regarding data processing related to the website available under the URL https://hotsmusic.hu/ in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: GDPR) and Act CXII of 2011 on informational self-determination and freedom of information (hereinafter: Infotv.).
I. Explanatory provisions
- Personal data: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;
- Data processing: any operation or set of operations performed on personal data or sets of data, whether automated or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction;
- Data controller: a natural or legal person, public authority, agency, or other body that determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union or Member State law, the data controller or the specific criteria for its nomination may be provided for by Union or Member State law;
- Data processor: a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the data controller;
- Data destruction: the complete physical destruction of the data carrier containing the data;
- Data transmission: making data accessible to a specific third party;
- Data erasure: making the data unrecognizable in such a way that its restoration is no longer possible;
- User: a person who visits, browses, and utilizes the services available on the Portal (data subject);
- Portal: the website operated by the Company (https://hotsmusic.hu/).
II. General provisions regarding data processing
Anyone can access the Company’s Portal without providing personal data. On the Portal and its associated pages, users can freely and unrestrictedly obtain information about the activities of the Company and subscribe to the newsletter service. Users are solely responsible for any data they may provide; the Service Provider excludes its liability in this regard.
The Service Provider reserves the right to unilaterally modify the present data processing information at any time. The Service Provider will publish any modifications to the data processing information on the Portal by displaying relevant notifications. Users are advised to carefully read the data processing information on each visit to the Portal.
The present data processing information is continuously available on the Portal. Users can access, view, print and save the data processing information on the Portal, but they are not authorized to make any modifications. Only the Service Provider is entitled to make changes to it.
III. Scope, Purpose, Legal Basis, Method, and Duration of Personal Data Processing by the Service Provider
The legal bases for data processing are as follows:
- Based on Article 6(1)(a) of the GDPR, the user’s voluntary consent, which is based on appropriate information (hereinafter referred to as “Consent”).;
- Based on Article 6(1)(b) of the GDPR, the processing is necessary for the performance of a contract in which the data subject, as the user, is a party (hereinafter: “Contract Performance”);
- Based on Article 6(1)(c) of the GDPR, the processing is necessary for compliance with a legal obligation to which the data controller is subject (such as fulfilling accounting obligations – hereinafter: “Legal Obligation”);
- Based on Article 6(1)(d) of the GDPR, the processing is necessary to protect the vital interests of the data subject or another natural person (hereinafter: “Vital Interest”);
- Based on Article 6(1)(e) of the GDPR, the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller (hereinafter referred to as “Public Interest”);
- Based on Article 6(1)(f) of the GDPR, the processing is necessary for the legitimate interests pursued by the data controller or a third party (hereinafter: “Legitimate Interest”).
Data processing in relation with the Portal
|Affected||Type of processed data||Source of data||Aim of data processing||Legal basis of data processing||Duration of data storage,|
date of deletion
|User visiting the Portal||Country, browser used, type and version number of tool and operating system, language settings, date of visit||Affected user||Creation of statistics, Development of portal||Article 6(1)(f) of the GDPR: data management is necessary to assert the legitimate interests of the data controller||120 minutes from visit|
|Portal visit statistics||Affected user||Creation of statistics, Development of portal||Article 6(1)(f) of the GDPR: data management is necessary to assert the legitimate interests of the data controller||2 years from visit|
The above data processing is based on the legitimate business interest of the Service Provider, as it enables them to further develop and secure the Portal. The scope of the data collected and processed is not significant. The Service Provider uses this data in an anonymized form solely for the purpose of creating statistics and conducting analysis. It does not gather behavioral preferences, make automated decisions based on this data, or send personalized offers to Users. As a result, this data processing does not disproportionately affect the fundamental rights and freedoms of the User.
Google Analytics is a web analytics service provided by Google LLC (“Google”) that helps to understand how visitors use the Portal based on their browsing habits. Google Analytics aggregates information about the usage of the Portal such as the IP address which may be transmitted to Google and stored on its servers. The Service Provider uses this information, received in an anonymous form, to generate reports and improve the operation of the Portal. Additionally, cookies collect anonymous information about the number of visitors to the Portal as well as data related to the source from which visitors arrive at the Portal and the pages they view. More information about Google Analytics cookies can be found here: http://www.google.com/policies/privacy/.
If Users wish to disable the tracking by Google Analytics during their visit to the Portal, they can do so using the following link: http://tools.google.com/dlpage/gaoptout
Data processing related to newsletter subscription
|Affected||Type of processed data||Source of data||Aim of data processing||Legal basis of data processing||Duration of data storage,|
date of deletion
|Addressee of newsletter||E-mail address||Affected used||Sending electronic direct marketing messages and newsletters||Article 6(1)(a) of the GDPR: consent of data subject||Until withdrawal of consent|
The Service Provider sends newsletters to individuals who have expressly subscribed to the newsletter. Subscribing to the newsletter is possible on the Portal by checking the corresponding checkbox or pressing a button.
Subscribed individuals have the right to unsubscribe from the newsletter at any time, including by clicking the “unsubscribe” link provided at the bottom of each newsletter. Once unsubscribed from the newsletter, the Service Provider will no longer send newsletters to the individual. The withdrawal of consent does not affect the lawfulness of data processing prior to the withdrawal.
In the event of withdrawing consent, it is possible to provide consent again at any time. Providing consent is not a requirement for using any of the services. When giving consent, it is mandatory to provide an email address; without it, consent cannot be given. Providing an email address is also mandatory when withdrawing consent for the purpose of identification.
IV. Data controller and data processors
In relation with the data defined in point III., the data controller is the Service Provider:
Petőfi Media Group Nonprofit Limited Liability Company
|Headquarters:||1053 Budapest, Károlyi utca 16.|
|Registered by:||Metropolitan Court of Registration|
|Company registration number:||01-09-393699|
The employees of the Service Provider have access to the Users’ data to the extent necessary for the performance of their duties. Access rights to personal data have been established and documented in a strict internal policy.
For the processing and storage of User data, the Service Provider engages various businesses with whom data processing agreements are concluded. The following data processors are involved in the processing of User data:
|Name and address (headquarters) of data processor||Aim of data processing||Scope of data affected by data processing|
|Tigra Kft. (1118 Budapest, Budaörsi út 64.; cg.: 01-09-566107)||Storage service||Data according to point III.|
|Google Ireland Limited (Gordon House, Barrow Street, Dublin 4., Írország)||Google Analytics service||Data according to point III.|
|Tigra Kft. (1118 Budapest, Budaörsi út 64.; cg.: 01-09-566107)||Web development,|
|Data according to point III.|
The Service Provider is authorized and obligated to transmit any available and lawfully stored personal data to competent authorities if required by legislation or a legally binding official obligation. The Service Provider cannot be held responsible for such data transmission or any resulting consequences.
Addressees of data forwarding
According to this data processing information, the Service Provider does not transfer the processed data to any third party, as defined by the GDPR regulation. However, the Service Provider is authorized and obligated to transmit any available and lawfully stored personal data to competent authorities if required by legislation or a legally binding official obligation. The Service Provider cannot be held responsible for such data transmission or any resulting consequences.
Automated decision-making, profiling
V. Data protection guidelines applied by the Company
The Company respects the rights of Users as defined by the legislation.
In certain cases, such as official court or police requests, legal proceedings related to copyright, property, or other infringements, or suspicions thereof, endangerment of the Company’s interests, or based on court and other authority decisions – unless otherwise required by law – and with the prior explicit consent of the User, the Company may be required to make the User’s accessible data available to third parties.
The Company strives to ensure that the processing and handling of User data receive the protection defined by applicable laws and regulations.
VI. Protection of personal data
The Company complies with its obligations under the relevant data protection laws by:
- Safely storing and disposing of data;
- Not collecting or retaining excessive amounts of data;
- Protecting personal data from loss, misuse, unauthorized access, disclosure, and ensuring that appropriate technical measures are in place to safeguard personal data.
The Company takes appropriate technical and organizational measures to protect User’s personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorized disclosure or access, particularly in cases where data transmission is involved in processing, as well as against any other unlawful forms of processing.
Accordingly, the Company applies various levels of access rights to the data, ensuring that only individuals with the appropriate authorization have access to the data, and they are required to be knowledgeable about the data in order to fulfill their work-related or associated obligations.
VII. User rights
Under the data protection regulations, the User is entitled to:
- Request access to their personal data,
- Request the rectification of their personal data,
- Request the erasure of their personal data,
- Request the restriction of the processing of their personal data,
- Object to the processing of their personal data,
- Request data portability,
- Object to the processing of their personal data (including objection to profiling and other rights related to automated decision-making),
- Withdraw their consent and lodge a complaint with the competent supervisory authority.
a) Right to Access
The User has the right to obtain confirmation from the data controller as to whether or not personal data concerning them is being processed, and if so, to request access to their personal data.
The User is entitled to request a copy of their personal data undergoing processing. For the purpose of identification, the data controller may request additional information from the User or charge a reasonable fee for any additional copies.
b) Right to Rectification
The User is entitled to request the data controller to rectify any inaccurate personal data concerning them. Depending on the purpose of the processing, the User is entitled to request the completion of incomplete personal data, including by means of a supplementary statement.
c) Right to Erasure (“Right to be Forgotten”)
The User has the right to request the data controller to erase their personal data and the data controller is obliged to delete such personal data. In this case, the data controller will no longer be able to provide further services to the User.
d) Right to Restriction of Processing
The User has the right to request the restriction of the processing of their personal data. In this case, the data controller shall mark the relevant personal data, which may only be processed for certain purposes.
e) Right to Object
The User has the right to object, on grounds relating to their particular situation, at any time to the processing of their personal data by the data controller, including profiling, and may request that the data controller no longer process their personal data.
Furthermore, if the Company processes the User’s personal data based on legitimate interests, the User has the right to object at any time to the processing of their personal data for this purpose.
Additionally, the User has the right to request human intervention in relation to automated decision-making in individual cases. Please note that the data controller does not employ automated decision-making mechanisms.
f) Right to Data Portability
The User is entitled to receive their personal data provided to the Company in a structured, commonly used, and machine-readable format (i.e., in a digital format), and has the right to request the transmission of this data to another data controller, without hindrance from the Company, provided that the transmission is technically feasible.
g) Right to Withdraw Consent
If the processing of the User’s personal data is based on their consent, the User may withdraw their consent at any time without providing any justification by clicking on the link in the newsletters or by changing the settings of their Portal account or mobile device. The withdrawal of consent does not affect the lawfulness of the processing based on consent prior to withdrawal.
If the User withdraws their consent to the processing of their personal data by the Company, it may result in the Company not being able to provide the requested services at all or only partially.
h) Right to Lodge a Complaint with the Supervisory Authority
If the User believes that their personal data has been misused, they also have the right to contact and file a complaint with the local data protection authority, primarily in the member state of their habitual residence, place of work, or the alleged infringement.
In Hungary, the User can also contact the National Authority for Data Protection and Freedom of Information: H-1055, Hungary, Budapest, Falk Miksa utca 9-11.; phone: +36-1 391-1400; fax: +36-1 391-1410; e-mail: firstname.lastname@example.org).
VIII. Contact Information
If the User wishes to exercise their rights related to data protection or submit a complaint, they can send a letter to the email address provided below. In addition, they can also contact the Company by sending a letter to the addresses provided below.
Mailing address: 1053 Budapest, Károlyi utca 16.
IX. Other provisions
In the event of a data breach, the Company will report the data breach to the supervisory authority in accordance with the applicable laws within 72 hours of becoming aware of it and keep a record of such incidents. In cases defined by law, the affected users will also be informed about the breach.
The data controller regularly monitors its online platforms and the information provided on them, and takes all necessary measures to ensure that the information is up-to-date and accurate. However, it is possible to come across information on the online platforms that is no longer current. The Company does not assume any financial responsibility for such information.
Visitors and users of the Company’s online platforms may also visit other portals not operated by the Company. The Company is not responsible for the accuracy of the information provided on those platforms, the content of the websites, or the security of the data provided by visitors and users on the Company’s online platforms. Therefore, when using those websites, please review the privacy policies of the respective companies.