Company logo
🇬🇧

Privacy policy

  1. Preamble: The purpose of this Policy is to establish the data protection and data management principles applied by the service provider as the operator of the website and as the data controller in accordance with the relevant legislation.www.hungarotonmusic.comIt also defines the legal operation of the records kept by the Service Provider, ensures the enforcement of data protection principles, data security requirements, and prevents unauthorized access, alteration, or disclosure of data.
    The purpose of this Policy is also to provide adequate information to the data subjects (users of the website and those using the services provided through the website) regarding all facts related to the processing of their data, including the purpose and legal basis of the data processing, the person authorized to process and handle the data, and the duration of the data processing.

    1.1. Relevant legislation under this Policy includes:
    • Act CXII of 2011 on Informational Self-determination and Freedom of Information (Infotv.)
    • Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR)
    • Act CVIII of 2001 on Electronic Commerce Services and Information Society-related Services
    • Act CLV of 1997 on Consumer Protection
  2. Értelmező rendelkezések:
    • Data Subject: Any identified or identifiable natural person based on personal data.
    • Personal Data (Infotv.): Data related to the data subject that allows identification, including the data subject’s name, identification mark, and characteristics that define their physical, physiological, mental, economic, cultural, or social identity.
    • Personal Data (GDPR): Any information relating to an identified or identifiable natural person.
    • Consent (Infotv.): The voluntary and explicit expression of the data subject’s will, which gives unequivocal consent for the handling of their personal data.
    • Consent (GDPR): The data subject’s voluntary, informed, and unambiguous declaration of will, expressing consent for the processing of their personal data.
    • Objection: A declaration by the data subject in which they object to the processing of their personal data and request the termination or deletion of the data.
    • Data Controller (Infotv.): The person or organization that determines the purposes and methods of data processing.
    • Data Controller (GDPR): The natural or legal person, public authority, agency, or other body that determines the purposes and means of the processing of personal data.
    • Data Processing (Infotv.): Any operation or set of operations performed on data, regardless of the method used, such as collecting, recording, storing, changing, or erasing data.
    • Data Processing (GDPR): Any operation or set of operations performed on personal data, whether automated or not.
    • Data Transfer: Making data available to a third party.
    • Public Disclosure: Making data accessible to anyone.
    • Data Erasure: Making the data unrecognizable so that restoration is no longer possible.
    • Data Marking: Marking data with an identifier to distinguish it.
    • Data Locking: Marking data with an identifier to restrict further processing.
    • Data Destruction: The complete physical destruction of the data carrier containing the data.
    • Data Processing Tasks: Technical tasks related to data processing, regardless of the method or tool used.
    • Data Processor (Infotv.): A natural or legal person that performs data processing based on a contract.
    • Data Processor (GDPR): A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
    • Third Party (Infotv.): A natural or legal person who is not the data subject, data controller, or processor.
    • Third Party (GDPR): A natural or legal person, public authority, or agency that is not the data subject, controller, or processor.
    • Data Breach: A breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data.
  3. The Service Provider as Data Controller (data controller details, contact information, etc.)The Service Provider, as data controller, provides the following information and data supply in accordance with Article 13 of the GDPR:
    • Company name: Fotexnet Kft.
    • Headquarters: 1126 Budapest, Nagy Jenő u. 12.
    • Website: www.hungarotonmusic.com
    • Contact person: Lőrincz Anna
    • Email: gdpr@hungaroton.hu
  4. Data Protection Requests:If you have any requests or questions regarding data processing, you can send your request via post or electronically to the postal or email address mentioned above. We will send our responses without delay, but no later than 30 days to the address you specified.
    • 4.1.Data Processing: The Service Provider does not engage a data processor for data management purposes.
    • 4.2.Foreign Data Transfer: No foreign data transfer occurs.
  5. The Service Provider's Data Processing, Data Processing Principles, and Legal Basis for Data Processing
    • 5.1.The Service Provider’s primary task, as a data controller, is to define the scope of personal data it processes concerning both natural and legal persons, determine the manner of data processing, ensure compliance with data protection principles and security requirements, and prevent unauthorized access, alteration, or disclosure of the data. The Service Provider records and stores personal data provided by the User, with voluntary and informed consent, and in accordance with applicable laws. After the period specified in the regulations, the Service Provider ensures automatic deletion of personal data. Personal data processed solely based on the User’s consent will be deleted immediately upon the User’s request.
      The Service Provider must act in good faith and cooperate with the data subjects. The Service Provider is obligated to exercise its rights and fulfill its obligations appropriately. Personal data retains its status as such as long as the relationship with the User can be restored. The Service Provider has the necessary technical means to restore this relationship.
      In handling and storing personal data, the Service Provider takes the utmost care. In the area of IT security, the Service Provider uses the most efficient and modern tools and procedures available. The Service Provider protects the data with appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as accidental destruction or damage, and ensures protection against inaccessibility due to technological changes.
      The Service Provider draws the User’s attention to the fact that the service system may contain links to websites not operated by the Service Provider, and the privacy policies of such websites may differ from this policy. The Service Provider assumes no responsibility for these privacy policies.
      The Service Provider declares that all data processing related to its activities complies with the requirements set out in this Privacy Policy and applicable laws.
    • 5.2.Prior Information: The User must be clearly, comprehensibly, and thoroughly informed of all facts related to the processing of their data, especially the purpose and legal basis of the processing, the authorized persons, the duration of the processing, and whether the data may be accessed by third parties. The information must also include the User’s rights and legal remedies regarding the data processing.
    • 5.3.Purpose Limitation: The Service Provider uses personal data necessary for the use of its services strictly for their intended purpose and processes them to exercise its rights and fulfill its obligations. In any case where the Service Provider intends to use the provided personal data for a purpose other than the original one, the User will be informed, and their prior, explicit consent will be obtained, or they will be given the opportunity to prohibit such use.
    • 5.4.Main Purposes of Data Processing
      • Handling, recording, and investigating complaints, reports, and requests, etc.
      • Enforcing claims arising from the legal relationship.
    • 5.5.GDPR Data Processing Principles:  The Service Provider respects the following principles for personal data processing, as set out in Article 5 of the GDPR:
      • Lawfulness, fairness, and transparency
      • Purpose limitation
      • Data minimization
      • Accuracy
      • Storage limitation
      • Integrity and confidentiality
      • Accountability
    • 5.6.Legal Basis for Data Processing:  The legal basis for data processing is primarily based on Section 5 (1) a) and b) of Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information, as well as on the User’s voluntary, informed consent in compliance with the GDPR and on the fulfillment of contractual obligations. Data processing is lawful only when at least one of the following conditions is met:
      • The User has consented to the processing of their personal data for one or more specific purposes;
      • The processing is necessary for the performance of a contract to which the User is a party, or to take steps at the User’s request prior to entering into a contract;
      • Data processing is necessary to fulfill a legal obligation imposed on the Service Provider;
      • Data processing is necessary to protect the vital interests of the User or another natural person;
      • Data processing is necessary for the legitimate interests of the Service Provider or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the User that require the protection of personal data, especially where the data subject is a child. /GDPR Article 6 (1)/
    • 5.7.Conditions for Consent:  If data processing is based on consent, the Service Provider must be able to demonstrate that the User has consented to the processing of their personal data.
      If the User gives consent within a written declaration that concerns other matters as well, the request for consent must be clearly distinguishable from those other matters, presented in a comprehensible and easily accessible form, using clear and simple language. Any part of such a declaration that violates the GDPR is not binding.
      The User has the right to withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of the data processing carried out before the withdrawal. Before giving consent, the User must be informed of this right. Withdrawing consent must be as easy as giving it.
  6. The scope, legal basis, purpose, method, and duration of data processing by the Service Provider for each type of personal data:  The Service Provider does not verify the personal data provided to it, and the accuracy of the data is the sole responsibility of the person providing it. When providing an email address, the User assumes responsibility that only they will use services or submit requests/complaints from that email. If the User provides someone else's personal data, it is their duty to obtain the consent of the individual concerned.
    The User is required to provide the personal data specified below for certain services; otherwise, the service cannot be used.
    During certain stages of website use, or during the Service Provider's activities, the following data will be processed:
    • 6.1.Technical data:  The automatically generated data of the User’s logging device during their visit to the website, which are logged automatically at login and logout without any specific statement or action by the User. These data cannot be connected to other personal user data, except in cases mandated by law. Only the Service Provider has access to this data.
      Some information about the visitor’s device will be recorded during the website visit. This includes the visitor’s IP address, browser type (e.g., Internet Explorer), and the referring webpage address. These data will be stored on the server for a maximum of one month.
      If these data cannot be linked to an identifiable individual, this process does not qualify as personal data processing.
    • 6.2.Newsletter and newsletter containing advertisements data processing:  According to Section 6 of Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities, the User may consent in advance and explicitly to be contacted by the Service Provider with promotional offers or other communications at the contact details provided during registration, and may consent to the Service Provider processing their personal data necessary for sending such offers. If the User subscribes to the Service Provider’s advertisement-containing newsletter on the website, they voluntarily agree to the processing of the following personal data:
      • Name
      • Email address
    • 6.3.Purpose of data processing:  Communication, sending promotional emails to the User, providing information on current news, products, promotions, new features, etc.
    • 6.4.Method of data processing:  Recording, storing
    • 6.5.Scope of affected persons:  Users who subscribe to the newsletter by providing their email address
    • 6.6.Duration of data processing:  The Service Provider processes the data provided during newsletter subscription for as long as the User does not unsubscribe by clicking on the ‘Click here to unsubscribe from the newsletter!’ link at the bottom of the newsletter or by requesting removal from the mailing list via email or postal mail. Upon unsubscription, the Service Provider will delete all personal data necessary for sending promotional messages or newsletters, and will no longer contact the User with further newsletters or offers.
      The email addresses are primarily used to identify the User and maintain communication, and emails will be sent for this purpose. The Service Provider places great emphasis on the lawful use of the electronic mail addresses it handles, using them only for purposes specified here (informational or promotional emails). The Service Provider may, in certain cases, send notifications electronically regarding changes in the services it provides or modifications to the General Terms and Conditions (ÁSZF). However, such notifications will not be used for promotional purposes.
  7. Data transfer and processing:The data handled by the Service Provider are primarily accessible to the Service Provider itself, and – under the instructions, guidance, control, and supervision of the Service Provider, and subject to confidentiality – the Service Provider's employees or agents. These data will not be made public or transferred to third parties. The Service Provider only transfers personal data to third parties with the User's prior informed consent, except in cases of mandatory data transfer required by law.
    The Service Provider is authorized and obligated to transfer any legally stored personal data to the competent authorities if required by law or a binding request or decision by a court or authority. The Service Provider cannot be held responsible for the consequences of such data transfers.
    The Service Provider reserves the right to engage a data processor on a permanent or occasional basis during its activities. Permanent data processing may be carried out primarily for tasks related to customer service, service provision, obligation fulfillment, and the maintenance of IT systems (e.g., system operator). When engaging a data processor, the provisions of applicable laws, especially Act CXII of 2011 on Informational Self-Determination and Freedom of Information, and the GDPR will apply. Data processing will only be carried out based on a written contract that includes the necessary elements.
    The rights and obligations of the data processor concerning personal data processing are determined by the Service Provider within the framework of applicable laws. The Service Provider is responsible for the legality of the instructions concerning data processing operations.
    The data processor is responsible for the processing, alteration, deletion, transfer, and disclosure of personal data within its scope of activity, as determined by the data controller. The data processor may not engage another data processor in the performance of its tasks.
    The data processor may not make substantial decisions regarding data processing, may only process personal data in accordance with the Service Provider's instructions, and may not process data for its own purposes. It must store and safeguard personal data in accordance with the Service Provider's instructions.
    The Service Provider ensures that the data processor's activities do not infringe on the rights of data subjects by including appropriate contractual guarantees and taking adequate organizational and technical measures.
  8. Data security:The Service Provider is obligated to design and execute data processing operations to ensure the privacy of Users and all affected individuals.
    The Service Provider, and any data processors it may engage, must ensure data security by implementing technical and organizational measures, as well as developing procedural rules, to enforce the applicable legal requirements.
    Data must be protected by appropriate measures against unauthorized access, alteration, transfer, disclosure, deletion, destruction, accidental loss, and damage, as well as against inaccessibility due to technological changes.
    To protect electronically stored data, suitable technical solutions must be implemented to ensure that the data stored in the registers cannot be directly linked or assigned to Users unless permitted by law.
    In the case of automated data processing, the data controller and processor must ensure:
    • Prevention of unauthorized data entry;
    • Prevention of unauthorized use of automated data processing systems through data transmission devices;
    • The ability to verify and determine which organizations have transmitted or may transmit personal data using data transmission devices;
    • The ability to verify and determine when and by whom personal data was entered into automated data processing systems;
    • Restoration of installed systems in the event of a malfunction;
    • Creation of reports on errors occurring during automated processing.
  9. When determining and applying data security measures, the Service Provider and data processors must consider the current state of technology. Of the possible data processing solutions, the one providing the highest level of personal data protection must be selected unless this would place an unreasonable burden on the data controller.
    • 9.1.Data stored on a computer network: The Service Provider ensures, in connection with its IT security tasks, particularly:
      1. Measures to protect against unauthorized access, including software and hardware protection, and physical protection (access protection, network protection);
      2. Measures ensuring the possibility of restoring data files, including regular security backups and secure handling of backups (mirroring, backup);
      3. Physical protection of data files and storage devices, including protection against fire, water damage, lightning strikes, other natural disasters, and restoration of damage caused by such events (archiving, fire protection).
    • 9.2.Virus protection: Continuous virus protection must be ensured on the network handling personal data.
    • 9.3.Access protection: The Service Provider operates the electronic registers using an IT program specifically developed for this purpose, which meets data security requirements. The program ensures that data can only be accessed for specific purposes under controlled conditions, and only by those individuals who need access to perform their tasks.
      The Service Provider strives, whenever possible, to adhere to the data minimization principle, ensuring that employees and others acting on behalf of the Service Provider only have access to the necessary personal data.
    • 9.4.Paper-based data processing: The Service Provider takes the necessary measures to protect paper-based records, especially regarding physical security and fire protection.
      Employees and others acting on behalf of the Service Provider must securely store and protect any data-containing storage media in their possession, regardless of the method of recording, from unauthorized access, alteration, transfer, disclosure, deletion, or destruction, as well as from accidental destruction or damage.
      The following measures must be taken to ensure the security of these data:
      1. Fire and asset protection: Documents must be stored in a well-secured room equipped with fire and asset protection measures.
      2. Access protection: Only authorized staff and their supervisors may access the processed documents.
  10. Data breach: The Service Provider must notify the data protection authority and the affected individuals of any data breach within 72 hours of becoming aware of it, unless the breach is unlikely to pose a risk to the rights and freedoms of natural persons.
  11. Records: The Service Provider maintains records of the data it processes.
  12. User rights, means of legal enforcement, compensation: The Service Provider facilitates the exercise of Users' rights.
    1. 12.1.User rights:
      1. 12.1.1.Right to transparent communication and information: The User has the right to request and receive information at any time about the processing of their personal data in a concise, transparent, understandable, and easily accessible form, clearly and plainly presented. The Service Provider must provide the information in writing or by other means – including electronic means if applicable – free of charge, without undue delay, but no later than one month from receipt of the request. Upon request, oral information may also be provided, provided that the data subject’s identity has been otherwise confirmed.
        The Service Provider informs the User of the actions taken following their request.
      2. 12.1.2.Right of access: The User has the right to receive confirmation from the Service Provider as to whether personal data concerning them is being processed, and, if so, to access the personal data and receive appropriate information about the purposes of the data processing, the categories of personal data involved, the recipients of the data, the duration of data processing, the User's rights, including the right to lodge a complaint.
        The Service Provider will provide a copy of the personal data undergoing processing. For any additional copies requested by the User, the Service Provider may charge a reasonable fee based on administrative costs. If the User submits their request electronically, the information must be provided in a widely used electronic format unless the User requests otherwise.
        The right to request copies may not adversely affect the rights and freedoms of others.
      3. 12.1.3.Right to rectification: The User has the right to request that the Service Provider correct inaccurate personal data concerning them without undue delay. Considering the purposes of the data processing, the User also has the right to request the completion of incomplete personal data, including by means of a supplementary statement.
      4. 12.1.4.Right to erasure (‘right to be forgotten’): The User has the right to request that the Service Provider delete personal data concerning them without undue delay, and the Service Provider is obligated to delete such personal data without undue delay if one of the following grounds applies:
        • The personal data is no longer necessary for the purpose for which it was collected or otherwise processed;
        • The User withdraws their consent, and there is no other legal basis for the processing;
        • The User objects to the processing, and there are no overriding legitimate grounds for the processing;
        • The personal data has been unlawfully processed;
        • The personal data must be erased to comply with a legal obligation in Union or Member State law;
        • The personal data was collected in connection with the offer of information society services.
      5. 12.1.5.Right to restrict processing: The User has the right to request the Service Provider restrict processing if any of the following applies:
        • The User contests the accuracy of the personal data; in this case, the restriction applies for a period enabling the Service Provider to verify the accuracy of the personal data;
        • The processing is unlawful, and the User opposes the deletion of the data and requests the restriction of its use instead;
        • The Service Provider no longer needs the personal data for processing, but the User requires it for the establishment, exercise, or defense of legal claims; or
        • The User has objected to processing; in this case, the restriction applies until it is determined whether the Service Provider's legitimate grounds override those of the User.
      6. 12.1.6.Right to data portability: The User has the right to receive the personal data concerning them, which they have provided to the Service Provider, in a structured, commonly used, and machine-readable format, and has the right to transmit those data to another controller without hindrance from the Service Provider, where:
        • The processing is based on consent or a contract; and
        • The processing is carried out by automated means.
      7. 12.1.7.When exercising the right to data portability, the User has the right to have the personal data transmitted directly from one controller to another, where technically feasible.
      8. 12.1.8.Right to object: The User has the right to object to the processing of their personal data if the processing is necessary for the performance of a task carried out in the public interest, the exercise of official authority, or the legitimate interests of the Service Provider or a third party. The User also has the right to object to the processing of their data for direct marketing purposes, opinion polling, or scientific research.
        If the User objects to the processing of their personal data for direct marketing purposes, the data may no longer be processed for this purpose. The User must be explicitly informed of their right to object at the time of first communication, and the information must be presented clearly and separately from any other information.
  13. Means of legal enforcement
    • 13.1.Complaint: If the Service Provider violates the law, the User may file a complaint with the National Authority for Data Protection and Freedom of Information:
      • National Authority for Data Protection and Freedom of Information
      • 1055 Budapest, Falk Miksa utca 9-11.
      • Mailing address: 1363 Budapest, P.O. Box 9.
      • Phone+36-1-391-1400
      • Fax: +36-1-391-1410
      • E-mail: ugyfelszolgalat@naih.hu
    • 13.2.Initiating judicial proceedings: If the User disagrees with any decision or action taken by the Service Provider, they may file a lawsuit within 30 days of notification or knowledge. The court will proceed expeditiously.
      Jurisdiction rests with the regional court. The lawsuit may be initiated at the court of the User's residence or place of stay. Even those without legal standing may be parties to the lawsuit. The Authority may intervene on behalf of the User's interest in the lawsuit.
      If the court upholds the request, the data controller will be ordered to provide the requested information, rectify the data, block or delete the data, invalidate the decision made by automated processing, or respect the User's right to object and release the requested data to the requesting party.
      If the court rejects the data requestor’s claim, the data controller must delete the User’s personal or health data within 3 days of notification. The controller must also delete the data if the data requestor does not file a lawsuit within the specified period. The court may order the publication of its judgment, including the data controller's identifying information, if this is required by data protection interests and the rights of a larger number of data subjects.
    • 13.3.Compensation: The Service Provider is liable for compensating damages caused by the unlawful processing of personal data or by the violation of data security requirements. The Service Provider is also responsible for damages caused by the data processor. The Service Provider is exempt from liability if it proves that the damage was caused by an unforeseeable event beyond the scope of the data processing.
      No compensation is required if the damage was caused by the intentional or grossly negligent behavior of the injured party.
  14. Other provisions: This Privacy Policy is effective as of May 25, 2018, until revoked.
    The current version of this Privacy Policy is continuously available on the www.hungarotonmusic.com website.
    The Service Provider reserves the right to unilaterally amend this Privacy Policy. The Service Provider will notify Users of any amendments by publishing the changes on the www.hungarotonmusic.com website.
    By continuing to use the service after the amendment's entry into force, the User accepts the amended Privacy Policy.
youtubespotifyappleamazontidaldeezeryoutubespotifyappleamazontidaldeezer

Contact

0 / 300
Pop Social media
Classical Social media
ImpressumCopyright
Company InfoFotexnet Kft.1025 Budapest, Palatinus utca 1.Hungary+36 (1) 487 3600
fotexnet-logoFotexnet Kft. 2000-2024 | © All rights reserved.