Privacy and Data Processing Policy
Effective date: 25 May 2018
AMC Networks Central Europe Kft. (1139 Budapest, Lomb u. 21-25., company registry number: 01-09-183155) is committed to respect your personality rights. You can rest assured that your personal data is processed with due care and in line with the applicable data protection and data security laws.
This Privacy and Data Processing Policy (“Policy”) contains the principles for the processing of personal data submitted by the users, contains information about the way we process your personal data when you use our products and services and when these products and services are provided to you. The Policy sets out how and why AMC Networks Central Europe Kft. („Data controller”) processes your personal data submitted to us and also contains your options.
This Policy is applicable to the visitors of the websites of AMC Networks Central Europe Kft. and its affiliates.
The following laws are applicable for the purposes of this Policy:
Regulation no. 2016/679 of the European Parliament and of the Commission (General Data Protection Regulation/”GDPR”);
Act no. CXII of 2011 on the right of informational self-determination and on the freedom of information („DP Act”);
Act no. V of 2013 on the Civil Code („HCC”);
Act no. XLVIII of 2008 on the basic requirements and certain restrictions of business advertising activities („Advertising Act”).
What do we mean by personal data?
Personal data includes all information that directly or indirectly identifies a natural person, e.g. an employee or user.
any data or information based on which a natural person User becomes identifiable directly or indirectly;
irrespective of the its method, any operation or set of operations, including the collection, recording, structuring, storage, transformation, modification, use, query, inspection, disclosure, transfer, dissemination of Personal data or the making of Personal data accessible, publication of same, combination or alignment, restriction, deletion or destruction of Personal data;
activities of a data processor
performing the technical tasks concerning the data processing activities, irrespective of the method or tools applied for the activities and irrespective of the place of application, provided that the technical measures are carried out concerning personal data;
rendering the data accessible for certain third persons;
a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
For the purposes of this Policy, Data controller is AMC Networks Central Europe Korlátolt Felelősségű Társaság (1139 Budapest, Lomb utca 21-25., company registry number: 01-09-183155, tax number: 24801991-2-44)
a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
For the purposes of this Policy Data processor may be:
- Company name: S&T Consulting Hungary Kft., seat: Hungary – 2040 Budaörs, Puskás Tivadar út 14., company registry number: 13-09-119660, tax number: 11779177-2-13
- Company name: Telekom New Media Zrt., seat: Hungary – 1222 Budapest, Nagytétényi út 29., company registry number: 01-10-046367, tax number: 14745199-2-43
a natural person who uses our services and provides us with his/her personal data enlisted in this Policy for this purpose;
services operated by data controller or provided by data controller that are available on our website;
This Privacy and Data Protection Policy of Data controller
Data processing principles
Personal data may be processed if the data subject provided his/her unambiguous, expressly given, prior, voluntary, actual, informed consent as a result of his/her active conduct (act), e.g. written, including electronic, or oral statements for the processing of personal data concerning the natural person. User, when the data processing is based on his/her consent, is entitled to withdraw the consent at any time but this shall have no effect on the lawfulness of the data processing taken place before the withdrawal. Data controller uses the Personal data only for the communicated purposes. Data controller processes the Personal data only for the purposes set out in this Policy or set out by applicable laws. The scope of processed Personal data is proportional to the purposes of the data processing and shall not expand beyond that.
In any case, AMC Networks Central Europe Kft. does not collect special categories of personal data.
The provisions of this Policy pertaining to the protection of data processing and User personal data apply only to natural persons.
Good faith, fairness and transparency.
What kinds of personal data are processed?
We process the following personal data, depending on prior information or consent, if applicable.
If the User visits the website, then Data controller’s system automatically records the User’s IP address. The IP address will be recorded without any specific consent of the User, based on the legitimate interest of the Data controller concerning the provision of the Service and for the purposes of the lawful provision of the Service (e.g. detection of unlawful use or contents).
Contact data – includes the information enabling the identification of User or the communication with User. Such information includes the name, nickname, home address, place of temporary residence, post code, place and date of birth, phone number, e-mail address, username and password, IP address of the last login, time of last login.
If User sends an e-mail to any of the Services, then the Data controller stores the User’s e-mail address and processes it for the extent and period necessary for the provision of the Service.
AMC Networks Central Europe Kft. does not collect the personal data of persons under 16 (sixteen) years of age, unless the parents or the guardians explicitly gave their consent. Therefore, either we require that all the Users are at least of that age, or we enable the verification mechanism of the authorization of their parents or guardians. If we find out that a User is less than 16 (sixteen) years old and we are not certain that we have obtained valid authorization from their parents or guardians, we will immediately eliminate all the information associated with such User. This will be without prejudice to other capacity requirements (e.g.: legal age) for establishing the concrete relationship. Data controller is not in the position to verify the authorization of the consenting person or the validity of his/her statement, therefore the User or the person exercising the parental rights is responsible for that the consent is in line with the laws.
For what purposes do we process personal data? What is the legal basis of the data processing?
We process the User-related data in connection with our services.
The purposes of the processing activities of Data controller:
- online content service provision;
- identification of User authorizations (Services available for the User);
- identification of the User, communication with the User;
- services ordered by the User, and the facilitation of the customization of the adverts, use of convenience functions;
- preparation of statistics, analyses;
- direct marketing communications (e.g. newsletter);
- providing a platform for the publication of content generated by the User (e.g. chat, comments);
- in certain cases, organization and arrangement of prize competitions, information to the winners and handing out the prizes;
- protection of User rights;
- enforcing the legitimate interest of the Data controller;
- for community services (comments concerning posts, certain blogs) ensuring that the Users can identify each other, enabling their communication;
Data controller shall not use the submitted personal data for any other purposes than detailed above.
Beyond the voluntary consent of the User, the legal basis for the data processing within the content service or in connection therewith may be the substantial legitimate interest of the Data controller or the granting of the fundamental rights concerning the freedom of information and expression within the limits set by the laws. When the legal basis of the data processing is the in substantial legitimate interest of the Data controller, then the Data controller carries out the balancing test in line with the applicable GDPR rules and may continue to carry out such tests in the future. This test checks whether the legitimate interest of the Data controller concerning the given data processing overrides the rights and freedoms of the data subject concerning the data processing. At User’s request, the Data controller provides information concerning this paragraph in line with this Policy.
Upon providing his/her e-mail address or any other data upon the registration, the User assumes liability for ensuring that only the given User uses the services with that e-mail address and with the data submitted by him/her. With a view to this representation and warranty, all liability concerning the logins with a given e-mail address and/or other data shall be borne exclusively by the User who registered the e-mail address and provided the data.
TO WHOM IS YOUR PERSONAL DATA IS COMMUNICATED?
The companies with whom we regularly cooperate, may access your personal data but only for procedural or technical purposes. Furthermore, we can transfer your data to the members of our community group or others. The members of both recipient groups may be located outside of the European Economic Area, especially may include companies in the United States. In all such cases the AMC makes sure that the recipients ensure an adequate level of data protection in all necessary ways and that your personal data will be processed confidentially.
Except in the circumstances described below, we will not disclose User information to third parties.
WITH THE CONSENT OF THE USER: we may share and transfer User data whenever the Users ask for it or authorize us for it.
AMONG GROUP COMPANIES: Your User data may be shared with our affiliates and companies in joint ventures in the fields of media and entertainment and/or data research, for the purposes of further processing activities and for the analysis and storage of User data, but in each case in line with this Policy.
TO TRUSTED THIRD PARTY DATA PROCESSOR(S): We engage third party service providers to perform a variety of services and functions for us. We may share the User’s information with such service providers subject to confidentiality obligations consistent with this Policy and on the condition that the third parties use your information only on our behalf and pursuant to our instructions.
TO COMPLY WITH LEGAL REQUIREMENTS AND TO PROTECT THE USER, AMC OR OTHERS: Notwithstanding anything in contrary in this Policy, we reserve the right to retain and disclose the User’s information if we believe, in good faith, that such retention and disclosure is necessary to (a) comply with relevant laws or to respond to subpoenas, warrants or similar process served on us; (b) protect and defend our rights or property, the Users, or third parties; or (c) ensure the safety and security of our services, systems and of our customers and third parties.
IN CONNECTION WITH A BUSINESS TRANSFER: if business transition takes place, such as a merger, acquisition by another company, reorganization or sale of all or a portion of our assets, the Users’ information may be transferred as part of that transaction in accordance with the GDPR.
IF THE INFORMATION HAS BEEN ANONYMIZED: We may share or disclose information that has been anonymized, otherwise does not identify the User or information that the User chose to make public. This Policy does not limit our use or disclosure of anonymous information in any way, and we reserve the right to use and disclose such information to third parties.
INTERNATIONAL TRANSFERS: The information we collect from the User may be transferred to countries that are currently regarded as countries which do not provide a level of protection of personal data that may be equivalent to the one afforded under the relevant European Union data protection laws and regulations (in particular, the United States). To carry out this transfer, the appropriate legal guarantees have been adopted so that the User has enforceable rights and effective legal actions, specifically model clauses. User can obtain more information about this by contacting the Data Protection Officer (at email@example.com).
Activities of data processors
Data processors do not make independent decisions and they are entitled to proceed only in line with the contract concluded with Data controller and based on Data controller’s instructions. The Data processors record and process the data shared by Data controller and the data processed by them in line with the GDPR requirements and Data processors make a declaration concerning this towards the Data controller. The Data controller supervises the work of the Data processors. The Data processor may employ another Data processor with the approval of Data controller.
How do we protect personal data?
We are committed to protecting the security of User information. We use a variety of industry-standard security technologies and procedures to help protect the User information from unauthorized access, use or disclose. These measures are compliant with the requirements under the law, vary based on the sensitivity of the information that we collect, and they are updated as technology advances.
How long do we keep personal data?
Automatically stored IP addresses are kept by the Data controller for 14 days after their recording.
E-mail addresses of e-mails sent by the User, if User does not have a registration with us, are deleted by the Data controller 3 months after the completion of the case, unless the legitimate interest of the Data controller makes it necessary to store the Personal data for longer in certain cases, then in this until the existence of the legitimate interest of Data controller.
Personal data submitted by the User will be processed until the User terminates the service under the given user name or otherwise requests the deletion of the Personal data.
If unlawful or misleading Personal data is used or the User commits a crime, or the system is attacked, then the Data controller shall be entitled to cancel the registration of the User and to delete his/her personal data simultaneously, however, the Data controller is also entitled to keep the Personal data for any legal proceedings if a crime is suspected or civil liability issues may arise.
If a court or authority orders the deletion of Personal data in a final and binding decision, then the Data controller performs the deletion. Instead of deletion, the Data controller restricts the use of the Personal data and informs the User on same, if this is requested by the User or it may be presumed based on the available information that the deletion would harm the legitimate interests of the User. The Data controller will not delete the personal data as long as the data processing purpose exists that prevented the deletion of the personal data.
What are „cookies”?
„Cookies” are small text files stored by the User’s internet browser in order to provide a customized service. Your browser collects data, such as type of the browser, of the operation system, the visited websites, time of visits, viewed content and adverts and other “clickstream” data.
The purpose of cookies is to enable the optimum operation of the site, to provide personalized services and to enhance user experience. With the help of cookies, we can measure the traffic on our website, including the visited sites, number of visitors and their chosen routes.
The User may manually block or allow cookies on his/her PC, mobile or other devices. Most browsers provide an opportunity for accepting or blocking certain cookies or to block or delete all cookies. The required steps depend on the type of browser you use. For the use of this function, please read the instructions of your browser, however, the blocking or restriction of the cookies may have unfavourable effects on the operability of websites.
What rights do you have? How can you exercise them?
EXERCISE OF RIGHTS: If applicable in accordance with the applicable regulations, the Users may exercise their rights as provided in this Policy and in the terms established by such regulations. In such condition, the Users may:
- Access the information we process, and that personally identifies them;
- Request rectification or deletion of incorrect or inaccurate data;
- Request deletion of personal data when, among other reasons are no longer necessary for the purposes for which they are collected;
- Require the limitation of data use in certain circumstances (for instance, in case the User challenges the accuracy of their data, while verifying the accuracy thereof);
- Request portability of their information (that is, to receive personal data in a structured format, commonly used and mechanically read, and transmit them to another data controller in accordance with the applicable legislation);
- Oppose the processing of his personal data, at any time, for reasons related to his particular situation, in case the processing is based on the legitimate interest of AMC or a third party. In this case, AMC will stop that processing, except for accreditation of legitimate reasons to continue with it;
- Revoke the consent given, as the case may be;
- Submit a claim to the supervisory authority, especially when he has not obtained satisfaction in the exercise of his right.
The Users may exercise their rights, subject to prior accreditation of their identity by providing copy of commonly accepted identifying document, by contacting AMC by: (i) email at firstname.lastname@example.org or email@example.com, or (ii) post to the following address: AMC Networks Central Europe Kft., 1139 Budapest, Lomb utca 21-25. In the maximum term of 30 (thirty) days, the User will have a response to such request.
DATA PROTECTION OFFICER: the appointed data protection officer of the company group is Isabel Ensico (Calle Saturno 1, 28224 Pozuelo de Alarcón, Madrid, Spain; email address: firstname.lastname@example.org)
COMMERCIAL COMMUNICATIONS: If the Users have given consent for the receipt of commercial communications, at any time they may revoke it. When the Users receive promotional communications, they may indicate a preference to stop receiving further promotional communications from us, and will have the opportunity to “opt-out” by following the unsubscribe instructions provided on the commercial email received or by contacting us directly at email@example.com or firstname.lastname@example.org Despite the Users indicated e-mail marketing preferences, we may still send them non-marketing emails related to their relationship with us, including, for example, administrative confirmations and notices of updates to our Policy, if we choose to provide such notices to the Users in this manner
When we request data from the visitors on the website, the visitor is free to decide whether s/he provides the requested data after s/he has read and understood the necessary information. The visitor must be aware that if s/he does not provide his/her personal data, then it might occur that s/he will not be able to use certain services depending on the provision of personal data.
This Policy applies to the protection of personal data of visitors that are not intended to be published. If someone voluntarily publishes his/her personal data or any part thereof, then the Policy shall not be applicable to such information.
If a registration is required for the visitor to certain parts of the website, then we always indicate what data and for what purpose and under what conditions we require „mandatorily”. In this case the term „mandatory” does not mean that it is obligatory to perform the registration but that without completing certain fields in the form, the registration may prove to be unsuccessful and it may be rejected.
The personal and other data provided by the Users may be completed or combined with data from other sources, if the consent of the User is available for this purpose.
If the website is produced or managed by companies in business relationship with AMC Networks Central Europe Kft. and personal data are collected in connection with such services, then this does not change the fact that the data belong to the use and data processing authority of AMC Networks Central Europe Kft., just like when the information is collected and stored directly by AMC. Within the framework of such cooperation, the operating partner acts on behalf of AMC Networks Central Europe Kft. and collects the personal data for AMC Networks Central Europe Kft. and this Policy applies to such cases, as well. The person of the Data controller will be clearly indicated for the purposes of the data processing during the data supply and if a data processor is engaged, then also the person of the Data processor will be indicated.
Modification of the Privacy and Data Protection Policy
We may change this Policy for time to time. If we make changes, we will notify the User by posting the updated policy and revising the “Effective Date” above. If we make any material changes to this Policy, we will also notify the User. We encourage the User to review the Policy to stay informed about our information practices and the choices available.
Exercise of rights
Should you have any questions or remarks concerning this Policy or the data processing, then send a message to our privacy colleagues to the e-mail addresses email@example.com or firstname.lastname@example.org.
You may directly contact the Hungarian National Authority for Data Protection and Freedom of Information concerning your complaint pertaining to the data processing (1125 Budapest, Szilágyi Erzsébet fasor 22/c.; Phone: 0036-1-391-1400; e-mail: email@example.com).
If your rights are breached, then you may choose the judicial route. Data protection-related lawsuits belong to the regional court level. A lawsuit may be filed, upon the choice of the data subject, also at the court with geographical jurisdiction according to the home address or temporary residence of the data subject. At User’s request the Data controller informs him/her about the legal remedies and the available proceedings.
Budapest, 24 May 2018