I. The Magyar Law Office (seat: 1125 Budapest, Diós árok 23., Budapest Bar Association identification number: 571 hereinafter: Data Controller) manages data according to the Act CXII of 2011 on the right to information self-determination and freedom of information, to the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 (GDPR – General Data Protection Regulation) Council (EU) 2016/679. (hereinafter: GDPR), in addition to other legal provisions related to data processing, in particular the business secrets defined in Act V of 2013 on the Civil Code (hereinafter: the Civil Code) and the LXXVIII. (hereinafter: Üttv.) on the practices of the Magyar Law Office and the visitors of the website www.magyarugyvediiroda.hu (hereinafter collectively: the data subjects) among the personal data processed, provide the following information on the organizational and technical measures taken to protect personal data and on the exercise and enforcement of the data subjects’ rights in relation to data processing and, in addition, the relevant regulations on legal professional privilege:
II. Legislation underlying data management
– Act LXXVIII of 2017 on the practice of law. Act (Act),
– Article LII of 2017 on the implementation of financial and property restrictive measures ordered by the European Union and the United Nations Security Council. law,
– Act LIII of 2017 on the Prevention and Suppression of Money Laundering and Terrorist Financing. Act (Pmt.),
– Act CXII of 2011 on the right to information self-determination and freedom of information,
-Regulation 2016/679 / EU on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 (General Data Protection Regulation – GDPR).
III. Principles of data management
Subject to the guarantee requirements set out in Article 5 of the GDPR, personal data may only be processed for a specified purpose, in order to exercise a right and fulfill an obligation. At all stages of data management, it must comply with the purpose of data management, and data management cannot be continued in a manner incompatible with its purposes. The recording and processing of data must be lawful, fair and transparent to the data subject. Data processing ordered by law may only be carried out for the purpose specified in the law granting the authorization.
Only personal data that is essential for the purpose of data processing can be processed and is therefore suitable for achieving that purpose. Personal data may only be processed to the extent and for the time necessary to achieve the purpose.
Personal data retains this quality during data processing as long as its connection with the data subject can be restored. The connection with the data subject can be restored if the data controller has the technical conditions necessary for the restoration.
The data processing shall ensure the accuracy, completeness and, if necessary, the up-to-dateness of the data, and that the data subject can only be identified for the time necessary for the data processing.
The processing of data shall be carried out in such a way as to ensure the adequate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage, by means of appropriate technical and / or organizational measures.
Where possible, the processing of personal data should be avoided; if the processing of personal data is unavoidable, the Data Controller must at all times be able to demonstrate compliance with the principles set out in this section. Appropriate procedures must be established in order to prove the lawfulness of the processing of all personal data processed by the Data Controller.
In view of the above, the Data Controller guarantees a level of data security commensurate with the level of risk, including, where appropriate, the aliasing or encryption of personal data, taking into account the state of science and technology, the costs of implementation, the nature, scope, circumstances and objectives of the data processing and the potential risks.
The effectiveness of the technical and organizational measures taken to ensure the security of data processing must be regularly monitored and, if a deficiency is identified, action must be taken to remedy it as soon as possible.
With regard to the data processed within the framework of the activity of the Data Controller, it is the duty of the Data Controller to properly inform the data subjects before recording their data. The information shall be adequate if it is clear, detailed and complete, ie for all relevant circumstances of the processing, in particular its purpose, legal basis, duration, the controller and (if different from the controller) the processor, third party transmission, withdrawal of consent and possible consequences. The information should also cover the data subject’s rights and remedies in relation to the processing. In the case of mandatory data management, the information may also be provided by publishing a reference to the legal provisions containing the former information.
The purpose of the processing of the data must be clearly and precisely defined in the information provided to the data subject, in particular if the period of processing of the personal data is specified as the time for which the purpose of the processing is achieved without setting a specific deadline.
IV. The purpose of this privacy statement
V. Data of the Data Controller
The Data Controller is the Magyar Law Office. The contact details of the Data Controller are as follows:
a) Address of the data controller: registered office/seat: 1125 Budapest, Diós árok 23
b) Contact details of the data controller by telephone and fax: Telephone: +36 20 377 55 99, Fax: +36 1 700 43 40
c) Electronic contact of the data controller: firstname.lastname@example.org;
d) Website of the Data Controller: www.magyarugyvediiroda.hu
e) Identification number of the Data Controller at the Budapest Bar Association: 571
VI. Scope of data managed
1) The website can be visited free of charge, without providing personal data. On the website, Stakeholders can obtain information about the Services provided by the Data Controller without registration. The Data Subject is responsible for the data provided by the Data Subject and the content uploaded by them, therefore the Data Controller excludes its liability.
2) If the Data Subject uses the messaging function of the website, the handling of the provided data in this connection will be as follows:
– Stakeholders category: Stakeholders who send a message on the website using the messaging function,
– Category of data managed: Name, telephone number, e-mail address and data provided by the Data Subject in the “Message” field,
– Data source: Messaging of the data subject
– Legal basis for data processing: Article 6 (1) GDPR. Point (a): the data subject has consented to the processing of his or her personal data for one or more specific purposes
– Duration of data storage, date of deletion: 2 years from the visit
– Purpose of data management: Identification of the data subject, finding out the reason for contact.
When browsing the website, the technical data of the user, such as the type of browser, operating system and time of visit, are automatically recorded. This data does not constitute personal data in accordance with the relevant legislation and is not linked to the personal data of the Data Controller, nor is it accessible to the public.
3) Data processed during the automatic data collection related to the Website
– Stakeholder category: Users / stakeholders visiting the website,
– Category of data managed: IP address, country, type and version number of browser, device and operating system used, language settings, date of visit; Website traffic data (pages viewed, time spent, clicks, openings),
– Data source: Automatically collected by the Service Provider
– Legal basis for data processing: Article 6 (1) GDPR. Point (f): data processing is necessary for the legitimate interests of the controller
– Duration of data storage, date of deletion: 2 years from the visit
– Purpose of data management: Compilation of statistics, website development, user identification and acquaintance
The above data management is in the legitimate interest of the Data Controller’s business, because in this way the Data Controller can further develop the Website and make it more secure. The range of managed and collected data is not significant, the Data Controller uses them only anonymously to compile and analyze statistics, behavioral preferences are not collected and automated decision-making is not based on them, nor does the Data Controller send personalized offers to Stakeholders.
Consequently, the fundamental rights and freedoms of data subjects are not disproportionately affected by this data processing. When you visit the Website and use the services, we place cookies in the Browser and in the HTML-based e-mails in accordance with this data management information. Generally, a cookie is a small file made up of letters and numbers that is sent to the Stakeholders device from our server.
The cookie enables the recognition of when the Data Subject last logged in to the Website and the main purpose of the cookie is to allow the Data Subjects to make personalized offers and advertisements available to the Data Subjects, which personalize the User experience using the Website and expresses the personal needs of the Stakeholders.
The purpose of the cookies used by the Data Controller is:
a) Security: to support and enable security and to assist the Data Controller in detecting infringing conduct.
b) Preferences, features and services: cookies are able to tell the Data Controller which language the Data Subject prefers, what the Data Subject’s communication preferences are, and help them to fill in the Data Subject forms on the Website, making them easier.
c) Performance, Analytics and Research: Such cookies help the Data Controller to know how the Website is performing in different places.
4) Management of job applicant data
The Curriculum Vitae and other relevant data submitted by applicants for employment with the Data Controller are handled by the Data Controller as follows:
We would like to inform our applicants that by sending their CVs and job applications to our Law Office, they consent to the processing and storage of their personal data for recruitment, job posting, contact and identification purposes, and to sending messages and notifications to such contact details.
In the recruitment process, we will process the personal information you provide below, as well as any other personal information we collect about you, when applying for a specific position, during the recruitment process, and delete all data at the same time as the recruitment process.
If the recruitment process is protracted and lasts for more than a year, we will process your data for a maximum of one year from the date of submission, at the end of which we may ask you again if you wish to extend your processing for more than one year. If you do not answer this question within 30 days, or if you do not wish to extend the data processing period, we will delete your data. However, they also have the option to save and manage this data in our database for future recruitment and job posting purposes, regardless of the position they are applying for. We ask for your special consent. If you have given your consent to this, we are entitled to process your data in our own database for this purpose for another 2 years. The reason for the 2-year period is that we have to ensure the accuracy and topicality of the data provided, collected and managed by you, and after three years this can no longer be ensured, the data may become obsolete and lose their topicality. Before the end of the three years, we may contact you to provide a data management consent for another 2 years, and we recommend that you clarify and update your data.
If they do not consent to further data processing or do not make a statement within 30 days of the request being sent, their data will be deleted from the database. If we establish an employment relationship, the processing of this data is governed by the data processing period specified in our employee data management information, which we inform about at the same time as concluding the employment contract. The legal basis for data management is defined below separately for each data category and data management purpose:
Type of data managed: Curriculum vitae data (education, schools, jobs, professional experience, hobbies, etc.), telephone number, e-mail address, home address, place and time of birth, citizenship, photo, language skills, publications, social media data, during interview observed personality traits, references, honors, awards.
Data source: Stakeholder, employment agency, CV
Purpose of data management: Recruitment, bidding, contact, identification.
Legal basis for data processing: Article 6 (1) GDPR. Point (a): the data subject has given his or her consent to the processing of his or her personal data
Use of public data available on social media interfaces
If you apply for a job advertisement, we can view your profile on the social media interface, such as Facebook, LinkedIn, your activities, activities, posts, posts, comments to judge whether you are suitable for the position in the given job advertisement. We only view publicly available information about you on social media interfaces, and we do not conduct research in closed groups or other non- or restricted public places.
We do not save or store your social media profiles. We do not treat sensitive or special information about you based on social media profile information. We only look at the relevant information about the job advertisement and the position you want to fill on the social media pages.
VII. Purpose of data management
The Data Controller handles personal data in order to keep in touch with the visitors and to use the free services on the website by the visitors.
The Data Controller does not use personal data for purposes other than those indicated. The data thus provided will be processed with the voluntary consent of the data subjects.
VIII. Consent to data management
The data subjects expressly consent to the processing of their personal data by the Data Controller in accordance with the purpose of data processing by their clearly defined action (if applicable registration) during the contact with the Data Controller and the information provided by the Data Controller on the website.
For data processed during the automatic data collection related to the Website, the data subjects automatically acknowledge the data management arising during the automatic data collection by accessing the Website and using the functions of the Website without making any further legal notices.
IX. Legal basis for data management
Legal basis for data processing – subject to Article 6 (1) of the GDPR. (a) – the consent of the parties concerned.
X. Duration of data management
The personal data is processed by the Data Controller in accordance with point VI. for the time necessary to achieve the objective set out in point 1 or until the consent of the data subjects is withdrawn.
XI. Security of data management
The Data Controller shall ensure the secure storage of data provided by data subjects in accordance with Article 5 (f) and Article 25 of the GDPR. During the processing of the data, the Data Controller applies technical and organizational measures as well as procedural rules that ensure the prevention of unauthorized access to personal data, alteration, transmission, disclosure, deletion or destruction of the data, thus suitable for GDPR, Infotv. and to enforce other data and confidentiality rules.
XII. Who is entitled to manage data?
Only the Data Controller and its authorized employees, their agents and partners (data processors) in a contractual relationship with it are entitled to data management.
XIII. Data processing
During the processing of personal data, the Data Controller shall not make the personal data available to third parties without the consent of the data subjects, unless the data transfer is required by the legal obligation applicable to the Data Controller.
The following data processors process your data:
INTEGRITY Informatics Limited Liability Company (company registration number: 07-09-003739)
Purpose of data management: Server rental, server hosting, webhosting, hosting services.
Google LLC. (USA, Google Data Protection Office, 1600 Amphitheater Pkwy Mountain View, California 94043 – Google Analytics)
Purpose of data processing: Google Analytics service
XIV.Rights of data subjects and their enforcement
The data subject has the right to receive feedback from the Data Controller as to whether the processing of his / her personal data is in progress, and if so, to be informed about the data processed by the Data Controller or processed by the Data Controller. all relevant information concerning
The data subject may request that the Data Controller correct inaccurate personal data concerning him or her without undue delay.
The data subject may request the deletion of his / her personal data, unless the data processing is necessary for the fulfillment of the Data Controller’s legal obligations or for the submission, enforcement or protection of legal claims. The Data Controller and its data processors shall delete the personal data without undue delay if the processing of the data is illegal, incomplete or incorrect, the purpose of the data processing has ceased or the storage period has expired, or has been ordered by a court or authority and is necessary to fulfill a legal obligation.
The data subject may withdraw his consent at any time. Unless there is another legal basis for data processing, the Data Controller (and its data processors) will delete the personal data affected by the revoked consent.
The data subject has the right to restrict the data processing at the request of the Data Controller if the data subject disputes the accuracy of the personal data – for the time necessary to verify the accuracy;
the processing is unlawful, but the data subject opposes the erasure of the data and requests a restriction on its use;
the Data Controller no longer needs the personal data for the purpose of data processing, but the data subject requests it in order to submit, enforce or protect his / her legal claim.
During the restriction, the Data Controller and its data processors may not use the personal data for purposes other than storage.
The Data Controller shall, without undue delay, but not later than one month from the receipt of the request, inform the data subject free of charge of the action taken on his / her request related to the processing of his / her personal data or of its failure to do so, stating the reasons and remedies. If necessary, this time limit may be extended by two months in view of the complexity of the application or the number of applications. The Data Controller shall inform the data subject of any extension within one month of receiving the request.
Data subjects may object to the processing of their personal data in accordance with Article 21 (1) to (2) of the GDPR. The Data Controller shall examine the application as soon as possible, but not later than within one month from the submission of the protest, make a decision on the merits of the application and inform the applicant in writing of its decision. If the protest is justified, the Data Controller may not further process the personal data affected by the protest.
XV. Definitions, interpretative provisions
a) Data controller: The Magyar Law Office, which, as a legal entity established to perform the activity of an attorney, determines the purpose of data processing, makes and implements decisions on data management (including the means used), or implements it with the data processor.
(b) “Data management” means any operation or set of operations, irrespective of the procedure used, in particular the collection, recording, systematisation, storage, segmentation, alteration, use, consultation, communication, transmission, dissemination or other disclosure of data; or making available, coordinating or linking, restricting, deleting and destroying data and preventing further use of the data, taking photographs, sound or images and recording physical characteristics capable of identifying the person;
c) Data transfer: making the data available to a specific third party;
d) Consent: the voluntary, firm and unambiguous expression of the data subject’s consent, based on specific and appropriate information, by which he or she consents to the processing of personal data concerning him or her, in whole or in part, by acting in an unambiguous manner;
Consent shall be deemed to be consent if the data subject selects a check box or makes technical adjustments to this subject when viewing a website, as well as any other statement or action that clearly indicates his or her consent to the intended processing of the data subject’s personal data in that context.
e) Objection: a statement by the data subject objecting to the processing of his or her personal data and requesting the termination of the processing or the deletion of the processed data;
f) Deletion of data: making personal data unrecognizable in such a way that it is no longer possible to recover it;
g) Restriction on data processing: the identification of data for the purpose of limiting their further processing, definitively or for a specified period, during which time the data may only be stored;
h) Destruction of data: complete physical destruction of the data carrier’s containing the data;
(i) Data processing: the performance of technical tasks related to data management operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;
j) Data subjects: any specific natural person identified or identifiable, directly or indirectly, on the basis of personal data, all customers, partners of the Data Controller, natural and legal persons who contact the Data Controller electronically, by post or otherwise, and the Data Controller website visitors;
k) GDPR: Regulation (EU) 2016 / EU of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 (General Data Protection Regulation) 679th Regulation of 27 April 2016, which sets out the legal requirements for the protection of personal data and the provisions of which apply accordingly to this data protection prospectus.
l) Website: The website www.magyarugyvediiroda.hu;
m) Information Act (Infotv): on the right to information self-determination and freedom of information CXII. a law supplementing the statutory requirements for the protection of personal data of the GDPR, the provisions of which shall apply mutatis mutandis to this data protection prospectus;
n) Civil Code: Act V of 2013 on the Civil Code,
o) Üttv .: Act LXXVIII of 2017 on the activity of an attorney. a law setting out the legal requirements for legal professional privilege, the relevant provisions of which also apply to the contents of this data protection prospectus;
p) Personal data: information relating to an identified or identifiable natural person (data subject) which can be contacted, in particular the data subject’s name, identification mark and knowledge of one or more physical, physiological, mental, economic, cultural or social identities, and the conclusion to be drawn from the data concerning the data subject;
q) Business secret: The Civil Code. 2:47. § and Section XV of this Privacy Notice. secret set out in point.
r) Obligation of legal professional secrecy: The Data Controller is Section 9 and Section XVI of this Privacy Statement. obligation of confidentiality as set out in
XVI. Data management related to the prevention and deterrence of money laundering and terrorist financing (Pmt Act)
The Magyar Law Office according to Pmt. to Section 6, in order to fulfill its legal obligation, it is obliged to carry out a customer due diligence in accordance with the conditions specified therein, and in this context the Principals, their Contact Person entitled to their disposal and the actual owners of the natural person are Pmt. Section 7 (2) and Pmt. It handles the personal data specified in Section 8 (2).
In order for the Law Office to verify the identity of natural persons on the documents containing the above data – for the prevention and deterrence of money laundering and terrorist financing, proper fulfillment of the obligations specified in the Pmt., the full implementation of the client due diligence obligation and efficient performance – the Law Office makes a copy the required documents. The Law Office keeps a paper copy of the data obtained during client due diligence measures, records the fact of the due diligence in writing in the case file, handles a paper copy of the response separately from the case file in case of data request from the central register, and stores the response in electronic form and in the register kept by him, according to the Pmt. It indicates the data written in § 57. Pursuant to Section 56 (2) of the Pmt, the duration of data management depends on the Assignment Agreement, and is at least eight years from the data recording in the case of an ad hoc order and from the termination of the business relationship in the case of a long-term order. Pursuant to Section 58 (1) of the Pmt, at the request of the supervisory body, the financial information unit, the investigating authority, the prosecutor’s office and the court specified in § 5, for a period specified in the request, but not more than ten years from the termination of the business relationship or execution of the transaction order. If the data subjects do not consent to the recording of the data or do not provide data, the Law Office will refuse to cooperate.
XVII. Right of appeal
The Data Subject may submit his / her request related to data management to the e-mail address email@example.com or in the form of a postal item addressed to the Data Controller’s registered office.
The Data Subject may assert his / her rights to the protection of his / her personal data before a civil court – the court with jurisdiction over the Data Controller’s domicile (Metropolitan Court) or (at his option) the court with jurisdiction over the data subject’s domicile or residence) and the National Data Protection and Freedom of Information Authority ( address: 1125 Budapest, Szilágyi Erzsébet fasor 22 / c, postal address: 1530 Budapest, Pf .: 5, telephone number: +36 1 / 391-1400, e-mail address: firstname.lastname@example.org).
XVIII. The Business secret
Business secrets are facts, information, other data and a compilation of these, which are not easily accessible to all persons not known or engaged in the economic activity in question and contribution of the acquisition, utilization, disclosure of these for is the right of the rightholder and if these information would get to unauthorized persons it would harm or jeopardize its financial, economic or market interests, provided that the rightholder who lawfully possesses the obligation of professional secrecy is not held liable.
A technical, economic or organizational know-how, experience or a combination of such know-how are equally protected as the Ptk’s business secrets (hereinafter referred to as “proprietary knowledge”) recorded in an identifiable manner in accordance with its provisions shall be protected by business secrecy if it is acquired, exploited, disclosed in breach of good faith and integrity; with another or made public. Such protection may not be invoked against a person who has obtained proprietary knowledge or substantially similar knowledge through development independent of the rightholder or through examination and analysis of a lawfully obtained product or service, and no breach of business secrecy may be invoked. who has obtained the trade secret or proprietary knowledge from a third party in the course of trade in good faith and for consideration.
The Data Controller will treat all business secrets that come to its knowledge in accordance with the above.
XIX. Confidentiality obligation of the Data Controller
In addition to the above, the Data Controller is Subject to the provisions of Section 9, it shall be bound by the obligation of confidentiality with regard to all data, information and facts of which it has become aware in the course of the exercise of the activity of a lawyer. This obligation shall be independent of the existence of a legal relationship for the exercise of the profession of lawyer and shall continue indefinitely after the termination of the practice of the profession of lawyer or the termination of the legal relationship.
The obligation of confidentiality also extends to other documents prepared by the Data Controller and in its possession, if it contains facts, information and data falling within the scope of confidentiality. During the official investigation at the Data Controller, the Data Controller may not disclose the documents and data concerning his / her principal, but may not obstruct the authority’s proceedings.
The customer, his successor in title and his legal representative may waive the obligation of confidentiality. The lawyer may not be heard as a witness in the event of dismissal of a fact and data of which the Data Controller’s lawyer has become aware as a defense counsel.
The obligation of confidentiality applies to the Data Controller as a law firm and its employees, to the lawyers, their officials and employees, as well as to natural and legal persons who store, archive, preserve or process electronic or paper documents containing data covered by legal secrecy. appropriate.
The Üttv. A document prepared for the purpose of defense pursuant to Section 13 (2) may not be used as evidence in official, court or other public authority proceedings and may not be examined, seized or copied by public authorities, its presentation, transfer, access thereto may be refused. These rights may be waived by the data subject, unless the document relates to the protection of criminal matters.
XX. Other provisions
This Privacy Statement is effective from 13 May 2020 until revoked, the Data Controller reserves the right to amend this Privacy Statement.
In matters not regulated in this data protection statement, the rules of the GDPR and Hungarian law, in particular the Infotv. and other relevant legislation shall apply.
Budapest, 13 May 2020.