A www.mediamusic.hu On the page www.mediamusic.hu the author indicated in the imprint on the service website as the Data Controller (hereinafter referred to as the "Data Controller"), acts in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and the relevant laws when processing personal data. The Data Controller respects your (hereinafter referred to as the "Data Subject") rights to the protection of your personal data. This notice summarises in a concise and simple manner what data we collect, how we may use it, and describes the tools we use and the Data Subject's data protection and enforcement options. Detailed regulations can be found in the aforementioned regulation; for further information, we recommend that you study the Regulation. Translated with DeepL.com (free version)
The Data Controller follows the following principles in its data processing activities:
- Personal data may only be obtained and processed fairly and lawfully.
- Personal data may only be stored for specific and lawful purposes and may not be used for any other purpose.
- Personal data must be proportionate to the purpose for which it is stored and must be adequate for that purpose; it must not exceed that purpose.
- Personal data must be stored in such a way that the Data Subject can only be identified for as long as is necessary for the purpose of storage.
- Appropriate security measures must be taken to protect personal data stored in automated data files against accidental or unlawful destruction or accidental loss, as well as against unauthorized access, alteration, or dissemination.
The scope of this data processing notice covers all data processing activities of the Data Controller, and accordingly covers – specifically, but not exclusively – the use of the www.mediamusic.hu website and the data security principles applied by the Data Controller in relation to the contact persons of business organizations that come into contact with the Data Controller in the course of their economic (business) activities, as Data Subjects.
Data controller contact details/ Impressum: / Impresszum:
Name: Antal Bodóczki
Adress: HUNGARY - 2081 Piliscsaba, Zrínyi u. 34.
Tax number: 91319238-1-33
Terms
| Personal data | Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. |
| Data processing | Any operation or set of operations performed on personal data or data files, whether automated or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. |
| Data controller | A natural or legal person, public authority, agency, or any other body that, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by Union or Member State law, Union or Member State law may also lay down specific criteria for the controller or for the designation of the controller. |
| Data processor | A natural or legal person, public authority, agency, or any other body that processes personal data on behalf of the data controller. |
| Recipient | The natural or legal person, public authority, agency, or any other body to whom or which personal data are disclosed, whether a third party or not. Public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients. |
| Third Party | A natural or legal person, public authority, agency, or any other body other than the data subject, controller, processor, or persons who, under the direct authority of the controller or processor, are authorized to process personal data. |
| Consent of the person concerned | The voluntary, specific, and clear expression of the data subject's will, based on adequate information, whereby the data subject indicates his or her consent to the processing of personal data concerning him or her by means of a statement or by a clear affirmative action. |
| Profile creation | Személyes adatok automatizált kezelésének bármely olyan formája, amelynek során a személyes adatokat valamely természetes személyhez fűződő bizonyos személyes jellemzők értékelésére, különösen a munkahelyi teljesítményhez, gazdasági helyzethez, egészségi állapothoz, személyes preferenciákhoz, érdeklődéshez, megbízhatósághoz, viselkedéshez, tartózkodási helyhez vagy mozgáshoz kapcsolódó jellemzők elemzésére vagy előrejelzésére használják. |
| Data protection incident | A breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. |
| Authority | National Authority for Data Protection and Information Security, www.naih.hu |
Purpose of data processing, scope of processed data, duration of data processing, persons entitled to access data in relation to Data Subjects using the Data Controller's services, use of the Data Controller's websites
The provisions of this chapter apply to the processing of personal data of all Data Subjects who use the services of the Data Controller.
Data processing
Personal data may only be processed for specific purposes, to the extent necessary, for the exercise of rights and the fulfillment of obligations. At all stages of data processing, the purpose of data processing must be complied with, and the collection and processing of data must be fair and lawful. Personal data may only be processed to the extent and for the period necessary to achieve the purpose. The data controller has regulated in internal instructions that only recipients involved in achieving the purpose of data processing and necessary for that purpose may process the data.
The processing of personal data is necessary for the performance of a contract to which the Data Subject is party, pursuant to Article 6(1)(b) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (27 April 2016) (hereinafter referred to as "GDPR").
The Data Controller processes the personal data of the Data Subject on the basis of legitimate interest in the following cases.
The purpose of personal data processing is the collection, storage, and processing of personal data by the Data Controller, and its use for billing purposes, contract conclusion (other tasks related to the ordered and provided services), including subsequent communication with the Data Subject (complaints, follow-up orders, etc.), as well as for the Data Controller's own marketing purposes, the provision of services, and sending information about products. The authorization also extends to communications sent by electronic means (e-mail, SMS, telemarketing).
The Data Subject shall be liable under civil law for any damage resulting from the use of inaccurate or outdated personal data provided by him/her.
The Data Controller processes Personal Data in accordance with legal requirements in the following cases: maintaining contact, fulfilling invoicing, accounting, and bookkeeping obligations (Act on Accounting, VAT Act, Art.).
The Data Controller processes personal data on the basis of the Data Subject's express and voluntary consent in the following cases: (a) Contacting – responding to inquiries made by the Data Subject via the website; (b) Marketing purposes, recording and collecting visitor habits – using anonymous user identifiers (cookies).
Handled data, duration of data processing, persons entitled to access data
In accordance with the above, we collect and process the following data for the specified retention period, based on the legal basis indicated.
DATA HANDLED ON THE BASIS OF LEGITIMATE INTEREST
| Data description | Storage time |
| Name, Shipping address, Phone number, Email address, IP address, Billing address | Storage period: 5 years after the legitimate interest ceases to exist or in accordance with the relevant legal provisions (Civil Code 6:22§) |
DATA HANDLED ON THE BASIS OF LEGAL REQUIREMENTS
| Data description | Storage time |
| Data from accounting documents | Storage period as stipulated by the relevant law |
DATA HANDLED WITH VOLUNTARY CONSENT
| Data description | Storage time |
| Name | Storage period until unsubscription |
| email adress | Storage period until unsubscription |
| phone number | Storage period until unsubscription |
| Start and end time of time spent on website – During website use | Until the expiration of the lifetime of the cookie used (technical or optional) or until the cookie is deleted by the Data Subject. |
| Depending on the settings of your computer, the type of browser and operating system – When using the website | Until the expiration of the lifetime of the cookie used (technical or optional) or until the cookie is deleted by the Data Subject. |
| Data relating to your activity on the Websites – Use of the Website | Until the expiration of the lifetime of the cookie used (technical or optional) or until the cookie is deleted by the Data Subject. |
The Data Subject can find information on how to unsubscribe in a later section of this document.
Collection, use, and forwarding of personal data
The data administrator
- In a timely manner, prior to the commencement of data processing, it shall inform the Data Subject of its data processing practices in the prescribed manner.
- It collects, stores, and uses personal data exclusively for specific purposes. The information collected is always appropriate for the purpose, relevant to that purpose, and proportionate.
- It shall take reasonable steps to ensure that the personal data of the Data Subject are complete, accurate, up-to-date, and reliable to the extent necessary for the purpose.
- For promotional purposes, we will only use your personal data with your consent and give you the opportunity to prohibit such communication.
- It shall take proportionate and prudent measures to ensure the protection of the Data Subject's personal data, including in cases where it is transferred to a third party. Data shall not be transferred to a third party without the prior, express consent of the Data Subject.
The Data Administrator uses the following Data Processor(s) for the processing of personal data for the specified activities:
| Data processor | Adress | Activity |
| KBOSS.hu Kft. Tárhely.Eu Szolgáltató Kft. | 1031 Budapest, Záhony utca 7. 1097 Budapest, Könyves Kálmán körút 12-14. | accounting and invoicing services hosting provider |
The data administrator shall transfer the data to the following recipients:
- Data controller's agents performing customer service tasks
- Data controller's employees and data processors performing accounting and tax-related tasks.
Cookies
The Data Controller informs visitors to the Website that by using the Website (in the absence of web contact), data collection and data processing is carried out using anonymous User IDs (cookies) and with the consent of the Data Subject. The essential characteristics of cookies are summarized below by the Data Controller.
The Data Controller may use information packets sent by the web server with variable content, alphanumeric, stored on the user's computer and stored for a predetermined period of validity, i.e. cookies, for the services and the Website. A cookie is a unique identification or profile information storage string that service providers place on the Data Subject's computer. It is important to note that such a string cannot identify the Data Subject in any way on its own, but is only capable of recognizing the Data Subject's computer. In the world of the Internet, personalised information and customised services can only be provided if service providers are able to uniquely identify their customers' habits and needs. Service providers use anonymous identification to learn more about their customers' information usage habits in order to further improve the quality of their services and to offer their customers customization options.
Cookies are used, for example, to store the preferences and settings of Data Subjects; they help with logging in; they can display personalized advertisements and analyze the functioning of the website. To do all this, we use services to collect and track data on activities like relevance, recommendations, searches, opens, and the most important and most frequently used features.
If the Data Subject does not want such an identifier to be placed on their computer, they can set their browser to not allow the placement of unique identifiers, and they can revoke their consent at any time and delete the unique identifier. in which case, however, it is possible that the Data Subject will not be able to access the services or will not be able to access them in the same form as if they had allowed the placement of identifiers.
The services are used by a large number of users in a variety of software and hardware environments, for different purposes and in different areas. The development of the services can best be tailored to the needs and capabilities of users if the website operator has a comprehensive picture of their usage habits and needs. However, due to the large number of users, in addition to personal inquiries and feedback, it is an effective complementary method for the website operator to collect and analyze data on their habits and the service operating environment using automated methods.
Data security
In accordance with its obligations under the Info Act, the Data Controller shall do everything in its power to ensure the security of the Data Subject's data, shall take the necessary technical and organizational measures, and shall establish the procedural rules necessary for the enforcement of the Info Act and other data protection and confidentiality rules. Only the Data Controller's representative with express authorization may access the data subject's data stored in the Data Controller's database.
Cloud-based applications are also part of the services. Cloud applications are typically international and cross-border in nature and serve, for example, data storage purposes when the data is stored not on the Data Controller's computer/company data center, but on a server center located anywhere in the world. The main advantage of cloud applications is that they provide highly secure, flexibly expandable IT storage and processing capacity that is essentially independent of geographical location.
The Data Controller selects its cloud service partners with the utmost care and does everything in its power to ensure data security.
It is possible that the Data Controller's Website contains references or links to websites maintained by other service providers (including login and share buttons and logos), over whose practices regarding the processing of personal data the Data Controller has no control. The Data Controller draws the attention of data subjects to the fact that clicking on such links may take them to the websites of other service providers. In such cases, we recommend that you read the privacy policy applicable to the use of these websites. This Data Processing Notice only applies to data processing carried out by the Data Controller. If you modify or delete any of your data on an external website, this will not affect the data processing carried out by the Data Controller; you must also make such modifications on the Website.
Access, modification, correction, and portability of personal data
- Access
The Data Subject shall have the right to obtain from the Data Controller confirmation as to whether or not Personal Data concerning him or her are being processed, and, where that is the case, access to the Personal Data and the following information: a) the purposes of the processing; b) the categories of Personal Data concerned; c) the recipients or categories of recipients to whom the Personal Data have been or will be disclosed.
- Modification, correction
The Data Subject shall have the right to obtain from the Data Controller, without undue delay, the rectification of inaccurate Personal Data concerning him or her. Taking into account the purposes of the processing, the Data Subject shall have the right to request that incomplete Personal Data be completed, including by means of providing a supplementary statement.
- Mobility
The Data Subject shall have the right to receive the Personal Data concerning him or her, which he or she has provided to a Data Controller, in a structured, commonly used and machine-readable format, and to transmit those data to another Data Controller without hindrance from the Data Controller to which the Personal Data have been provided, where: a) the processing is based on consent or on a contract to which the Data Subject is party; and b) the processing is carried out by automated means.
Right to deletion, restriction, and withdrawal of personal data
- Deletion
(1) The Data Subject shall have the right to obtain from the Data Controller the erasure of Personal Data concerning him or her without undue delay, and the Data Controller shall have the obligation to erase Personal Data concerning the Data Subject without undue delay if one of the following grounds applies: a) the Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed, b) the Data Subject withdraws their voluntary consent on which the data processing is based, and there is no other legal basis for the data processing, c) the Data Subject objects to the processing on grounds relating to his or her particular situation or for direct marketing purposes, and there are no overriding legitimate grounds for the processing, d) the Personal Data has been unlawfully processed, e) the Personal Data must be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject, f) the Personal Data has been collected in relation to the offering of information society services directly to children.
(2) If the Data Controller has made the Personal Data public and is obliged to delete it pursuant to paragraph (1), it shall take reasonable steps, taking into account the available technology and the costs of implementation, , including technical measures, to inform data controllers who process the data that the Data Subject has requested them to delete links to, or copies or replicas of, the Personal Data in question.
(3) Paragraphs (1) and (2) shall not apply if data processing is necessary: a) for exercising the right of freedom of expression and information, b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; c) for reasons of public interest in the area of public health or public health; d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, insofar as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or e) for the establishment, exercise or defense of legal claims.
- Restriction
(1) The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
a) The Data Subject disputes the accuracy of the Personal Data, in which case the restriction applies for a period enabling the Data Controller to verify the accuracy of the Personal Data, b) the processing is unlawful and the Data Subject opposes the erasure of the data and requests the restriction of their use instead, c) the Data Controller no longer needs the Personal Data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defense of legal claims; or d) the Data Subject has objected to the processing for reasons relating to his or her particular situation; in this case, the restriction shall apply for a period enabling the Controller to verify whether the legitimate grounds of the Controller override those of the Data Subject.
(2) Where processing is restricted pursuant to paragraph 1, such Personal Data shall, with the exception of storage, only be processed with the consent of the Data Subject or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
(3) The data controller shall inform the data subject whose data processing has been restricted pursuant to paragraph (1) at his or her request in advance of the lifting of the restriction on data processing.
- Protest
The Data Subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of Personal Data concerning him or her, where the processing is based on the exercise of official authority vested in the Data Controller or on the legitimate interests pursued by the Data Controller or by a third party, including profiling based on those provisions. In this case, the Data Controller may no longer process the Personal Data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defense of legal claims. Where Personal Data is processed for direct marketing purposes, the Data Subject shall have the right to object at any time to the processing of Personal Data concerning him or her for such purposes, including profiling to the extent that it is related to such direct marketing. If the Data Subject objects to the processing of Personal Data for direct marketing purposes, the Personal Data shall no longer be processed for such purposes.
User rights enforcement options
In the event of a violation of their personal rights, as well as in the cases specified in the Regulation, users may seek assistance from the National Authority for Data Protection and Freedom of Information, and are also entitled to bring legal action before the court of their place of residence or domicile, at their discretion:
Name: National Authority for Data Protection and Freedom of Information Postal address: 1530 Budapest, Pf.: 5.
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c. Telephone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
Web: naih.hu
E-mail: ugyfelszolgalat@naih.hu
Document changes
The Data Controller reserves the right to modify or update this Notice at any time without prior notice and to publish the updated version on its websites. Any modifications shall only apply to Personal Data collected after the publication of the modified version.