The purpose of this information is that the personal data provided by users of the Startion website (startion.io) and products hereinafter referred to as the Website) (hereinafter referred to as the User) and managed by the operator of the website (hereinafter referred to as the Data Manager) , and defines the principles and rules for handling other data.

In this document, the Data Controller also informs its customers, partners, as well as all natural and legal persons who have any – legally interpretable – relationship with the Data Controller and who are affected during its personal processing, about the rules for handling the personal data handled by it, and about the applied protection measures procedures and the method of data management.

The Data Controller considers the rules, provisions and obligations described in this Data Management Information Sheet to be legally binding on itself and applies them during its operation, and declares that the data protection rules and procedures described and applied in this document comply with the applicable national and European Union data protection legislation. The data controller also declares that it considers the right to informational self-determination important, especially with regard to personal data, and will take all available organizational, operational, regulatory and technological measures in order to observe and enforce these rights.

The current version of the Data Management Policy is available at https://startion.io/privacypolicy/. The Data Controller may change the Data Management Information at any time, in addition to the obligation to publish and inform the Users.

Data of the Data Controller

Name: Startion Software Technologies Kft.

Headquarters, postal address: 4025 Debrecen, Simonffy u. 4-6. fsz. 41.

Email: strg.official@gmail.com

Website: www.startion.io

Tax number: 32174429-1-09

Company registration number: 09-09-034725

Data management of the data controller and the managed personal data

Personal data to be provided during registration

The Data Subject’s name (surname, first name), email address, IP address and date of registration

purpose: identification, addressing, contacting, notification, information, sending out a newsletter

Data collected while using Startion

• The information and content you provide: information related to completing profiles, media content, links, membership information, event data.
• Time, duration and frequency of activity on the Startion site.
• Device information: device properties, device operations, identifiers, device signals, data from device settings, network data, cookie information

Technical data

Data that are mostly generated and recorded automatically during the operation of the Data Controller’s systems. Some technical data is stored by the system without a separate declaration or action by the Data Subject and is automatically logged in some cases. The technical data are not directly suitable for the identification of the Data Subject, however, they can be linked with user data, so identification is in principle possible. The Data Controller does not create such data connections, except in some cases where the Data Controller is obliged to do so by law. Only the Data Controller and its Data Processors have access to the technical data.

Browser Cookie – Cookie

An HTTP cookie is a small data package that is created during Internet browsing by the server containing the visited website using the client’s web browser, during the first visit, if this is enabled in the browser. Cookies are stored on the user’s computer in a predetermined location that varies by browser type. During subsequent visits, the browser returns the stored cookie to the web server, along with various information about the client. With the help of cookies, the server has the possibility to identify the given user, to collect various information about him and to analyze them. The main functions of cookies: collect information about visitors and their devices; they note the individual settings of the visitors, which will be used, e.g. when using online transactions, so you don’t have to type them in again; facilitate, simplify, make the use of the given website more convenient and smooth; they make it unnecessary to re-enter data that has already been entered; they generally improve the user experience. Data managed in data management: user ID, session ID, device ID, date and time.

Analytical cookies placed by third parties

The Data Controller also uses third-party cookies from Google Analytics on its website, the operation of which is governed by Google’s data management guidelines. (https://support.google.com/analytics/answer/6004245?hl=en) .

By using the Google Analytics service for statistical purposes, the Data Controller’s server collects information about how visitors use the website. The data is used for the purpose of developing the website and improving the user experience. These cookies also remain on the visitor’s computer or other device used for browsing, in their browser, until they expire or until the visitor deletes them.

The User has the option to set rules for certain types of cookies, e.g. to avoid the use of cookies, to disable cookies, etc., with the appropriate settings of the browser used. Information on the options for setting the selective or general prohibition of cookies can be found in the „Help” menu of the given browser. With the help of these cookies: The „Help” function in the menu bar of most browsers provides information on how cookies can be: generally disabled; set the way to accept cookies (automatic acceptance, ask for them one by one, etc.); disable individually; delete individually or in groups; perform other cookie-related operations.

Use of personal data

Use of data collected during use:

• personalization of content, development of recommendations, development of new functions,
• communication with the registered user, conducting a marketing campaign, providing information,
• testing and improving the operation of the site
• management of ads, personalization, targeting of third-party ads,
• exclusion and filtering of harmful behaviours, handling of unwanted content, fight against harmful behaviours, prevention of unwanted content,
• User identification, identification of individual sessions, identification of devices used for access, storage of certain specified data, storage and transmission of tracking and location information, storage and transmission of data required for analytical measurements, convenient, customized browsing of the website by the user, measurement of website visits.

Publicity of personal data

Of the personal data provided on the website, those that are clearly related to the music industry will be accessible to registered users, e.g. profile data, media content, audio materials, content linked to the profile page. These contents can be shared with or forwarded to anyone.

Personal data that have no relevance to the music industry, e.g. the user’s behavior within the platform or the data on the devices are not public and cannot be seen by other Users.

If the ownership or control rights of the website, or a part of them or the devices belonging to them, changes, we may transfer the information about you to the new owner.

Legal basis for data management

General data management guidelines.

The data controller manages personal data, in each case, for the purpose specified in the data management information sheet and on the basis of the legal basis specified therein, in accordance with the legislation listed below.

In all cases, personal data is processed with the voluntary consent of the User, which consent the User has the right to withdraw at any time.

The data management consents to the compliance with the User Terms and Conditions and the fulfillment of the contract.

Due to legal obligations, in certain cases and under certain unusual conditions, the Data Controller is obliged to handle, transfer, transmit and store certain personal data in a manner different from that described in the Data Management. In such cases, the Data Controller ensures that the User is notified, if the provisions of the relevant legislation allow this or are not expressly prohibited.

Legislation providing the legal basis for Data Management

The data controller manages personal data based on the following legislation:

GDPR Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016)

Act V of 2013 – on the Civil Code (Ptk.);

CXII of 2011 Act – on the right to self-determination of information and freedom of information (hereinafter: Infotv.)

XLVIII of 2008 Act – on the basic conditions and certain limitations of economic advertising (especially § 6.a)

XC of 2005. Act on Electronic Freedom of Information

Act C of 2003 on electronic communications (specifically § 155.a)

Retention of data

Retention period of data managed in data management:

Until the User unsubscribes: unsubscribing can be initiated at any time on the website

Data storage and security

The physical storage locations of the data

The data controller stores the personal data in its integrated IT system. No personal data is stored on the site of the Data Controller, all personal data involved in the data management listed in this information is stored in the database of the software that ensures the operation of the websites. Their geographical and physical location is as follows, according to the respective software and storage locations:

Hosting provider:

Startion.io

website: www.webdigital.hu

name: Icon Media Kft.

address: 6000 Kecskemét, Csóka u. 26.

e-mail: info@webdigital.hu 

App.Startion.io

website: aws.amazon.com

name: Amazon Web Services, Inc.

address: 410 Terry Avenue North, Seattle, WA98109

Email: abuse@amazonaws.com 

The IT storage method and logical security of the data

The data controller primarily handles personal data on a properly constructed and protected IT system. During the operation of the IT system, it ensures the appropriate level of the basic information security attributes of the data stored, processed and transmitted on it, such as the managed data:

• its integrity, the originality and immutability of the data are guaranteed.
• on its confidentiality (Confidentiality), only those entitled to it have access to an extent that does not exceed their rights.
• availability, the data is accessible and available to the right holders, during the expected availability period. The necessary IT infrastructure is available ready for operation.

The data manager protects the managed data with a structured system of information security protection measures. The data controller develops and operates the system of protection measures and the protection levels of the individual protection measures in proportion to the risks arising as a result of threats to the data to be protected. From a data protection point of view, the protective measures are primarily aimed at protection against accidental or intentional deletion, unauthorized access, intentional and bad faith disclosure, accidental disclosure, data loss, data destruction.

Data transmission, data processing, the circle of those familiar with the data

The Data Controller and its internal employees are primarily entitled to access the data, in accordance with the authorization rules, the authorization system and other internal regulations.

The Data Controller does not publish the data beyond what is listed and does not pass it on to other third parties.

Your rights are affected

In relation to his personal data managed by the Data Controller, the Data Subject may, among other things, exercise the rights described below.

The Data Subject’s right to access (GDPR Article 15) The Data Subject has the right to receive feedback from the data controller as to whether his personal data is being processed and, if such data processing is in progress, he is entitled to access the personal data and the following get access to information:

• the purposes of data management
• categories of Personal Data Subject
• the recipients or categories of recipients to whom or to whom the personal data has been or will be communicated, including in particular recipients in third countries and international organizations; the planned period of storage of personal data.

The data subject’s right to rectification, deletion or limitation of data processing, as well as to object to data processing; the right to file a complaint with the supervisory authority; if the data were not collected from the Data Subject, all available information about their source; the fact of automated decision-making, including profiling, as well as comprehensible information about the applied logic and the significance of such data management and the expected consequences for the Data Subject. makes available. For additional copies requested by the Data Subject, the Data Controller may charge a reasonable fee based on administrative costs. If the Data Subject submitted the request electronically, the Data Controller will provide the information in a widely used electronic format, unless the Data Subject requests otherwise, within a maximum of 30 days from the date of submission.

Right to rectification (GDPR Article 16) The data subject has the right to have inaccurate personal data corrected without undue delay at the request of the Data Controller, as well as the right to request the completion of incomplete personal data, taking into account the purpose of the data management.

Right to erasure (GDPR Article 17) The Data Subject has the right to have the Data Controller delete the personal data concerning him without undue delay at his request, and the Data Controller is obliged to delete the personal data concerning the Data Subject without undue delay if one of the following reasons exist:

• personal data are no longer needed for the purpose for which they were collected or otherwise processed.
• The data subject withdraws the consent that forms the basis of the data management, and there is no other legal basis for the data management
• the Data Subject objects to the data processing and there is no overriding legal reason for the data processing.
• personal data were handled illegally.
• personal data must be deleted in order to fulfill the legal obligation prescribed by EU or member state law applicable to the Data Controller.
• the collection of personal data took place in connection with the offering of services related to the information society.

Data deletion cannot be initiated if data management is necessary:

• for the purpose of exercising the right to freedom of expression and information
• for the purpose of fulfilling an obligation under EU or member state law applicable to the Data Controller requiring the processing of personal data, or for the execution of a task carried out in the public interest or in the context of the exercise of a public authority vested in the Data Controller
• based on the public interest in the field of public health
• for archival, scientific and historical research or statistical purposes based on public interest;
• for the presentation, enforcement and defense of legal claims.

The right to limit data processing (Article 18) At the Data Subject’s request, the Data Controller limits data processing if one of the following conditions is met:

• the Data Subject disputes the accuracy of the personal data, in which case the limitation applies to the period that allows the Data Controller to check the accuracy of the personal data;
• the data processing is illegal and the Data Subject opposes the deletion of the data and instead requests the restriction of its use;
• The Data Controller no longer needs the personal data for the purpose of data management, but the Data Subject requires them to present, enforce or defend legal claims; or
• the Data Subject objected to data processing; in this case, the restriction applies to the period until it is determined whether the Data Controller’s legitimate reasons take precedence over the Data Subject’s legitimate reasons.

If data management is subject to restrictions, personal data may only be processed with the consent of the Data Subject, with the exception of storage, or to submit, enforce or defend legal claims, or to protect the rights of another natural or legal person, or in the important public interest of the Union or a member state.

Right to data portability (Article 20) The Data Subject has the right to receive the personal data concerning him/her provided to the Data Controller in a segmented, widely used, machine-readable format and to transmit this data to another Data Controller.

Right to object (Article 21) The data subject has the right to object at any time to the processing of his personal data, including profiling based on the aforementioned provisions, for reasons related to his own situation. In this case, the Data Controller may no longer process the personal data, unless the Data Controller proves that the data processing is justified by compelling legitimate reasons that take precedence over the interests and rights of the Data Subject, or that are related to the submission, enforcement or defense of legal claims.

Automated decision-making in individual cases, including profiling (Article 22) The Data Subject has the right not to be covered by the scope of a decision based solely on automated data management, including profiling, which would have legal effects on him or similarly significantly affect him .

Right of withdrawal. The Data Subject has the right to withdraw his consent regarding his personal data at any time.

Remedies

In the event of a violation of their rights, the Data Subject may request information, redress, or file a complaint through the contact information provided in this information. If these are ineffective, the Data Subject is entitled to go to court or contact the National Data Protection and Freedom of Information Authority.

National Data Protection and Freedom of Information Authority (NAIH) contact information

Name: National Data Protection and Freedom of Information Authority (NAIH)

Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Mailing address: 1530 Budapest, Pf.: 5.

Phone: +36 (1) 391-1400

Fax: +36 (1) 391-1410

E-mail: ugyfelszolgalat@naih.hu

Website: http://www.naih.hu

Links

We may display third-party advertisements and other content that links to third-party websites. We cannot control the data protection practices of third parties or the content of third parties, and we cannot be held responsible in this regard. If you click on a third-party advertisement or link, you should be aware that you are leaving the Website Service and that the personal information you provide is not subject to this Policy. Read their privacy policy to find out how they collect and process personal data.

Children

We do not knowingly collect personal data relating to children aged 14 or under. If you are the parent of a minor and become aware that your child has provided personal information without your consent, please contact us.

Other provisions

In the event of an inquiry by an authority or other organization based on other legal obligations, the Data Controller may be obliged or may be obliged to release data. In such cases, the Data Controller endeavors to release only the amount and type of personal data that is absolutely necessary from the point of view of the obligation to release data.