Privacy policy for media content provider activities

Direkt36 Journalism Center Nonprofit Ltd. (hereinafter referred to as the “Data Controller”) publishes and operates the Direkt36 (www.direkt36.hu) online news portal press product. In the course of its activities as a media content provider, the Data Controller processes only personal data that is necessary for the purpose of the processing and is suitable for the achievement of the purpose, in order to ensure the fundamental rights to information and to freedom of expression. It processes personal data only to the extent and for the duration necessary for the purposes for which they are collected. The Data Controller shall take all reasonable steps to protect the data processed and shall not disclose them to unauthorized persons.

1. The Data Controller

Name: Direkt36 Journalism Centre Nonprofit Limited Liability Company
Registered office: 1137 Budapest, Pozsonyi út 10. 2. em. 8.
Tax number: 25004582-2-41
Company registration number: 01-09-194184
Statistical number: 25004582-6312-572-01
European Unique Identifier: HUOCCSZ.01-09-194184
Represented by: Gergő Sáling, Managing Director
Electronic contact: info@direkt36.hu
Website: www.direkt36.hu

2. Data Subjects and data processed

In the course of its media content editing activities, the Data Controller processes the data of all natural persons who have contributed to the production of the content, either as a source or by being referenced in the edited content. In this case, the personal data most regularly processed by the Data Controller may include: the name, position, job title, age, place of residence of the data subject, or other data indicating how the data subject relates to the subject matter of the edited content. Specific personal data will be processed by the Data Controller where the data subject has given his or her explicit consent, or where the data subject has made them explicitly public, or where the processing is necessary for reasons of substantial public interest under Union or Member State law and is proportionate to the aim pursued.

3. Principles of processing

The Data Controller, in accordance with Articles 5 to 11 of the General Data Protection Regulation (GDPR), only processes data that are necessary for the effective provision of media content services. The Data Controller shall ensure that the data processed reflect the true information throughout the processing, that the processing is transparent and fair, and that the data subjects are adequately informed. The data controller shall ensure the protection of the privacy of data subjects and the effective enforcement of the related rights, in accordance with the principles of good faith and cooperation.

4. The legal basis for the processing is the fundamental rights to information and to freedom of expression, pursuant to Article 6(1)(e) and (f) of the General Data Protection Regulation.

(e) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. The activity of the Controller in providing media content and information is an activity carried out in the public interest, and the processing of data in relation to such an activity is processing carried out for a task carried out in the public interest. The Fundamental Law of Hungary recognizes the right to the protection of personal data [Article VI (3)], the right of public access to data of public interest [Article VI (3)], the freedom and diversity of the press [Article IX (2)]. Article 10 of Act CIV of 2010 on Freedom of the Press and the Fundamental Rules on Media Content (Act on the Freedom of the Press and the Fundamental Rules on Media Content) stipulates that the press has the duty to inform the public on matters of public interest. Pursuant to Article 6(1) of the Media Content Act, a media content provider and any person employed by or having other legal employment relations with the media content provider are entitled, as defined by law, to keep the identity of any person providing information to the media content provider in connection with the media content provider’s activities confidential in court and official proceedings and to refuse to hand over any document, record, object or data carrier that could be used to identify the source of the information.

(f) Processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child. In the case of processing based on legitimate interests, the Controller shall carry out a prior interest assessment, in which it shall determine the legitimate interest, its impact on the data subject, the necessity and proportionality of the processing, and weigh the relationship between the legitimate interest and the right concerned and its primacy.

5. Purpose of data processing

Fulfilling the mission of the press, exercising the rights deriving from the freedom of the press, informing the public in public matters, informing the readers of Direkt36.hu news portal, discussing democratic issues. Article 10 of the Press Act stipulates that the press organs have a public interest task to inform the public about local, national and European public matters and events of importance to the citizens of Hungary and the Hungarian nation.

6. Potential personnel entitled to access the data: the Data Controller’s manager and his/her designated staff.

7. Duration of the processing of the data

The Data Controller shall process personal data to the extent and for the duration necessary to achieve the information purpose related to the freedom of the press. In the case of processing based on legitimate interest, the duration of the processing of the data shall last until the Controller’s legitimate interest is established.

8. Data security

The Data Controller shall endeavor to protect its data against unauthorized access and use, loss and unautzorised disclosure by means of organizational and technological measures in accordance with the legal requirements and in line with the objective of data security. The Data Controller shall use at its headquarters and at its premises for the electronic storage of personal data means owned by the Data Controller. The Controller shall take into account the state of the art and developments in science and technology in its data management and related organizational activities. It shall endeavor to use the most secure technology possible to maintain data security and to guarantee data security appropriate to the level of risk to protect the rights and freedoms of natural persons.

9. The rights of Data Subjects

In relation to personal data, the data subject has the rights set out in law:

a) right of access (to know the data, the fact whether processing is taking place): by exercising the right of access, the data subject may request information on the personal data processed, the processing thereof, the purposes of the processing, the processing operations;
(b) where the controller processes personal data of the controller which are inaccurate or incomplete, the controller may request the controller to correct the inaccurate personal data without delay, or to complete the incomplete personal data without delay on the basis of the data supplied and verified by the controller, by providing the correct data at the same time;
(c) erasure (only in case of processing based on consent); pursuant to Article 17(3)(a) of the GDPR, erasure may be refused for the purposes of exercising the right to freedom of expression and information or where the processing of personal data is authorized by law, or for the establishment, exercise or defense of legal claims;
(d) restriction of processing: an objection to processing based on the legitimate interests of the data subject or for reasons of public interest, in which case the restriction shall apply for a period of time until it is established whether the legitimate grounds of the controller override those of the data subject;
e) the transfer of personal data to a third-party service provider or the prohibition thereof;
(f) request a copy of any personal data processed by the Controller; or
(g) object to the processing of personal data: the data subject may object at any time, on grounds relating to his or her particular situation, to processing for reasons of public interest or legitimate interest. In the event of an objection, the Controller may no longer process the personal data unless it is shown that the processing is justified by compelling legitimate grounds which override the interests, rights and freedoms of the data subject or are related to the establishment, exercise or defense of legal claims.

10. Profiling

No profiling is carried out in the course of the processing of data by the Data Controller in the context of its information obligations.

11. Information on redress

Please send your data protection questions regarding the media content provider’s activities to the managing director of Direkt36 Kft., Gergő Sáling, email: info@direkt36.hu.

As a Data Subject, you have the right to lodge a complaint regarding the processing of personal data at the National Authority for Data Protection and Freedom of Information (1055 Budapest, Falk Miksa utca 9-11., postal address: 1363 Budapest, Pf. 9., phone: +36 (1) 391-1400, fax: +36 (1) 391-1410, e-mail: ugyfelszolgalat@naih.hu). In addition, you may take legal action if you consider that your personal data have been processed in breach of the provisions on the processing of personal data laid down by law or by a legally binding act of the European Union. The Data Subject may, at his or her option, bring an action before the competent court in the place where he or she resides or is domiciled.

Direkt36 Journalism Centre Nonprofit Ltd.
Data Controller