©2019 budapestfilmorchestra represented by clmusic Ltd.

PRIVACY POLICY

DATA PROTECTION NOTICE

The purpose of this Data Protection Statement is to define the principles and rules applicable to the processing of personal data and other data entered by users of the CL Music website in the course of using the website and processed for the website managers.

This data processing policy refers to the storage and processing of data entered by visitors on the clmusic.hu website by voluntary consent in connection with requests for offers. Personal data is processed in compliance with the following principles:

i) Personal data is only processed for a specified purpose, in the interests of exercising a right or fulfilling an obligation. The data processing shall, in all its phases, comply with the purpose of the data processing, and recording and processing of data must be fair and legal.

ii) Only such personal data may be processed as is strictly indispensable for the realisation of the purpose of the data processing, and that is suitable for this purpose. The personal data may only be processed to the extent and for the period of time required for the realisation of the purpose.

iii) Personal data shall be deemed to be personal data in the course of processing for as long as its connection to the data subject can be restored. Connection with the data subject can be restored if the controller possesses the technical conditions required for such restoring.

iv) In the course of processing, accuracy and completeness of data must be ensured, as well as – if necessary for the purpose of the data processing – its up-to-date nature, and that the data subject may only be identified for the time necessary in respect of the purpose of the data processing.

I. GENERAL PROVISIONS

 

Name/Company name: CL Music Ltd

Registered office: H-1174 Budapest, Szilárd u. 15.

Company registration number: 01-09-936277

Tax number: 22623599-2-42.

Website: www.clmusic.hu

Website: www.budapestfilmorchestra.com

Representative: József Csaba Lőkös, Kinga Lőkös

Legal basis for the data processing: the data subject’s consent based on Section 5(1)(a) of Act CXII of 2011 on Informational Self-Determination and Freedom of Information
Categories of data subjects whose data is processed: Those requesting GDPR guidelines
Consent to the processing: In the course of registration, Users expressly consent that their personal data be processed by the Controller as described in this notice.
Purpose of the data processing: sending notice by e-mail, contact (in the case of consent).
Method of data processing: automated data processing

2. CATEGORIES OF PERSONAL DATA PROCESSED:

In the course of the user’s voluntary provision of data, he or she may enter the following data (which is voluntary, but indispensable for using the service) in order to use the contact form available on the website:

  • Name, company name, e-mail address, phone number: information necessary for contact with the data subject’s consent, following presentation of an offer, to be deleted in the case of non-realisation;

  • A letter/reservation can only be sent to the company by marking the acceptance of the Data Protection Notice.

 

3. DATA PROCESSORS (THOSE WHO PERFORM TECHNICAL TASKS RELATING TO THE DATA PROCESSING OPERATIONS):

Name/Company name: CL Music Ltd

Registered office: H-1174 Budapest, Szilárd u. 15.

Company registration number: 01-09-936277

Tax number: 22623599-2-42.

Website: www.clmusic.hu

Website: www.budapestfilmorchestra.com

Representative: József Csaba Lőkös, Kinga Lőkös

 

4. DURATION OF THE DATA PROCESSING:

The Controller processes the data entered indefinitely or until the data subject’s consent is withdrawn.

5. TRANSFER OF DATA ABROAD:

No data is transferred.

6. RIGHTS OF THE DATA SUBJECTS:

The data subject may request the Controller
a) to provide information about the processing of his or her personal data,
b) to rectify his or her personal data, and
c) to erase or block his or her personal data, except where data processing is mandatory.
 

At the data subject’s request, the Controller shall provide information about the data subject’s data processed by it or based on its instruction by its contracted processor, their source, purpose, legal basis, duration of data processing, name and address of the data processor and its data processing activity, circumstances, impacts of a personal data breach and measures taken to eliminate it, as well as the legal basis of any data transfer – in case the data subject’s personal data is transferred – and recipient of such transfer.


The Controller – if it has an internal data protection officer, via the internal data protection officer – shall keep records in order to control the measures relating to personal data breaches and for the purpose of informing the data subject; such records shall contain the categories of personal data concerned, categories and number of data subjects affected by the personal data breach, time of the personal data breach, its circumstances, impacts and measures taken to eliminate it, as well as any other data required by the legal regulation that stipulates the data processing.
The Controller is obliged to provide the information within the shortest time possible from submission of such request, but no later than 25 days, in an easy-to-understand form, in writing, if so requested by the relevant person. Provision of such information is free of charge if the person requesting such information has not yet submitted to the Controller a request for information about the same data during the same year. Otherwise the Controller may charge costs.

The Controller shall erase the personal data if

a) its processing is illegal;

b) the data subject requests so;

c) it is incomplete or erroneous – and this situation cannot be remedied legally – assuming that the erasure is not excluded by law;

d) the purpose of processing has ceased or the statutory term for storing data has expired;

e) ordered by court or the Authority.

 

Rectification, blocking, marking and erasure must be notified to the data subject, as well as all the persons to whom the data has been previously transferred for data processing purposes. Such a notification may be omitted if it does not violate the data subject’s legitimate interests, considering the purpose of data processing.

If the Controller does not comply with the data subject’s request for rectification, blocking or erasure, within 30 days following receipt of the request it shall communicate in writing or – with the data subject’s consent – electronically, the factual and legal reasons for refusing the request for rectification, blocking or erasure. In the event of refusing the request for rectification, erasure or blocking, the Controller shall inform the data subject about the possibility of legal remedy in court or turning to the Authority.

7. OBJECTING TO THE PROCESSING OF PERSONAL DATA:

The data subject may object to the processing of his or her personal data:

a) if the processing or transmission of the personal data is required for compliance with a legal obligation referring solely to the Data Controller or enforcement of the legitimate interest of the Data Controller, data recipient or third party, except if the data processing is mandatory;

b) if the use or transmission of personal data takes place for purposes of direct business acquisition, public opinion polling or scientific research; and

c) in other cases specified by the law.

Within the shortest time from submission of the request, but no later than 15 days, the Controller shall examine the objection, and shall adopt a decision on whether or not it is substantiated, and shall inform the applicant about its decision in writing.

If the Controller finds that the data subject’s objection is justified, the Controller shall discontinue the data processing, including any further data recording and data transmission, and shall block the data and shall communicate the objection and actions taken on its basis to all parties to whom it has previously transmitted the personal data to which the objection refers, who are obliged to take action in order to enforce the right to objection.

If the data subject does not agree with the Controller’s decision or if the Controller misses the above deadline, the data subject may take the matter to court, within 30 days from communication of the decision or the last date of the deadline.

If the data subject objects to the processing of his or her personal data or uses legal remedy in court, or if a request is received from a third party for disclosure of data which is not based on the data subject’s consent, then in the scope required for examining the legality of the above, the data may be disclosed to the legal representatives appointed by the Controller.

8. LEGAL REMEDY IN COURT:

We ask the Users that if they believe the Controller has violated their rights relating to the protection of personal data, they should contact us so that we can remedy any violation of rights.

We also inform the Users that the data subject may take action in court against the Controller if his or her rights are violated. The court shall consider the matter on an extraordinary basis. The case falls within the jurisdiction of regional courts. The legal action can be brought before the regional court with competence over the controller’s registered office or – at the data subject’s choice – that with competence over the data subject’s domicile or place of residence. A person who otherwise has no trial capacity can be a party to the legal action.

If the Controller causes damage to others by the unlawful processing of the data subject’s data or violating the requirements of data security, it is obliged to compensate such damages. If the Controller violates the data subject’s personality rights by any unlawful processing of the data subject’s personal data or by a violation of data security requirements, the data subject may claim compensation for grievance from the Controller. The Controller shall be exempt from liability for damages caused and the obligation to pay compensation for grievance if it can prove that the damage or violation of the data subject’s personality rights was caused by an inevitable cause outside the scope of the data processing. Damages need not be paid and no compensation for grievance may be claimed to the extent that the damages or the violation of rights caused by violation of personality rights was a result of the data subject’s wilful misconduct or gross negligence.

9. PROCEDURE OF THE AUTHORITY:

The data subject may file a complaint or request information from the Authority, as well:

Name: National Authority for Data Protection and Freedom of Information
Registered office: H-1125 Budapest, Szilágyi Erzsébet fasor 22/c.
Postal address: H-1530 Budapest, Pf.: 5.
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
Website: http://naih.hu

II. DETAILED DATA PROCESSING PROVISIONS

​​

1. USE OF E-MAIL ADDRESSES FOR MARKETING PURPOSES:

The Controller shall only send e-mails containing advertisements to the e-mail address entered during the registration if the User has expressly consented to this in advance. The statement of consent may be withdrawn any time without restriction and reason, using the link placed at the bottom of the e-mail containing the advertisement.​