Data protection information
1. Data controller and contact details
The present prospectus contains the information of the Vikor Áron Dávid Law Office (registered office: 1034 Budapest, Viador utca 11., tax number: 19164261-2-41, tel: www.vikorlaw.com)(hereinafter “Law Firm”) on the processing of personal data of current, former and prospective clients and related persons (hereinafter collectively referred to as “client” or “clients”) .
The purpose of this notice is to set out the data protection and data management principles and the data protection and data management policy of the OWNERSHIP.
THE GDPR 37. The CUSTODIAN OFFICE is not obliged to appoint a Data Protection Officer under Article 3(1).
2. Scope of the legislation on which the processing is based
– on the Prevention and Combating of Money Laundering and Terrorist Financing 2017. LIII. Act (“Pmt.”),
– 2017 on the implementation of the financial and property restrictive measures imposed by the European Union and the United Nations Security Council LII. Act,
– the 2017 Act on the activities of lawyers. LXXVIII. Act (“Act”),
– on the right of information self-determination and freedom of information of 2011. CXII. Act (“Infotv.”),
– Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (“GDPR”).
3. Principles of data management
The OWNERSHIP AGENCY undertakes to ensure that all data processing in relation to its activities complies with the requirements set out in this notice, the GDPR and applicable national legislation. The CUSTOMER’S OFFICE will do its utmost to protect the personal data of its customers and the personal data they provide and the rights of the data subjects. The CUSTOMER’S OFFICE treats personal data confidentially and takes all security, technical and organisational measures to guarantee the security of the data.
In the framework of the foregoing, the CUSTODIAN OFFICE shall take appropriate measures to ensure that personal data relating to customers are at all times
– lawfully and fairly and on an appropriate legal basis (legality, fairness and transparency);
– only for specified, explicit and legitimate purposes and not to process them in a way incompatible with those purposes;
– adequate and relevant for the purposes for which the data are processed and limited to what is necessary (data minimisation);
– be accurate and, where necessary, kept up to date; where possible, inaccurate personal data should be promptly deleted or rectified (accuracy);
– store the personal data in a form which permits identification of customers only for the time necessary to achieve the purposes for which the personal data are processed; personal data should be stored for longer periods only for statistical purposes, subject to the implementation of appropriate technical and organisational measures (limited storage);
– be processed in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage (integrity and confidentiality), by implementing appropriate technical or organisational measures.
At the same time, clients are obliged to ensure that the data subjects, including the contact persons and persons acting on behalf of the client as set out in the engagement agreement or other persons whose personal data is transferred to the CUSTOMER’S OFFICE, comply with GDPR 13. of the European Parliament and of the Council.
4. Concepts:
-
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
-
“processing” means any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
-
“restriction of processing” means the marking of stored personal data for the purpose of restricting their future processing;
-
“controller” means a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or specific criteria for the designation of the controller may also be determined by Union or Member State law;
-
“processor” means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
-
“third party”: a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data;
-
“the data subject’s consent” means a freely given, specific, informed and unambiguous indication of his or her wishes by which the data subject signifies, by a statement or by an act expressing his or her unambiguous consent, that he or she signifies his or her agreement to the processing of personal data concerning him or her;
-
“data breach” means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
-
“Client” means any person who inquires about the services of the OCCUPATIONAL OFFICE in person, on the website, by telephone or in any other way, or who enters into a contract of agency with the OCCUPATIONAL OFFICE.
5. Scope of personal data, purpose, legal basis and duration of processing
5.1 The processing of data by the CUSTOMER’S OFFICE is based on contractual or legal obligations or on voluntary consent.
5.2 The CUSTOMER BROKER processes the following personal data of customers for the purposes of the processing listed below:
5.2.1 Inquiry about legal services on the website, in person, by telephone or otherwise
(a) name; Data necessary to identify the customer
(b) e-mail address, telephone number; Data essential for contacting the customer at a later stage
(c) the subject of the enquiry (e.g.: details of the proposed transaction, other data relating to the matter); the data necessary to clarify the customer’s enquiry and to provide an appropriate, personalised response, based on the customer’s own information
The legal basis for processing is the consent of the interested party. The processing lasts for the period indicated by the person who has given his or her consent or until the consent is withdrawn.
5.2.2 Individual request for proposal
(a) name; Data necessary to identify the customer
(b) e-mail address, telephone number; Data essential for contacting the customer at a later stage
(c) the subject of the enquiry (the circumstances of the matter to which the possible order relates); the data necessary to clarify the client’s enquiry and to provide an appropriate, personalised response, based on the client’s own information.
The legal basis for processing is the consent of the interested party. The processing lasts for the period indicated by the person who has given his or her consent or until the consent is withdrawn.
5.2.3 Conclusion and performance of the lawyer engagement contract
(a) name; Data necessary to identify the customer
(b) e-mail address, telephone number; Data essential for contacting the customer at a later stage
(c) data relating to the subject matter of the contract (e.g.: details of the property concerned, marital status, personal circumstances); Definition of the subject matter of the contract, data and circumstances necessary for the performance of the contract, performance of the assignment
(d) a Pmt. and the Ütv. Data required to be recorded by law (e.g. natural person identification data, copies of identity cards, data on prominent public figures, natural person identification data of beneficial owners) – Data required to be recorded by law.
The legal basis for the processing of data is the performance of the contract and the settlement of any disputes arising in connection therewith, and the Pmt. and the Ütv. mandatory requirements.
The period of data processing is the performance of the contract plus five years (general civil law enforcement period), the retention period for the documents generated, which cannot be scrapped, is unlimited, the Pmt. and the Ütv. 10 years from the date of termination of the mandate, which may be extended in exceptional cases provided for by law.
6. Profiling
The AGENCY does not use automated decision-making and does not profile data subjects from the available data, nor does it use data subjects’ data for direct marketing purposes.
7. Recipients and categories of recipients of personal data
The CUSTOMER’S OFFICE generally shares client personal data with the following third parties on a data controller to data controller basis:
– with the BUSINESS BROKER or with organisations providing services to customers (e.g. insurance company, audit or IT service provider, etc.);
– with third parties involved in the performance of the contract of engagement (counterparties, public authorities, courts, experts, legal or other service providers engaged by the client or by us, notaries);
– supervisory authorities and other authorities, other regulatory authorities and bodies.
Customers may request personal information about the processing of personal data relating to them by the OCCUPATIONAL OFFICE (the purpose of the processing, the legal basis, the scope of the data, the transfer of data, the duration of the processing), by e-mail: info@vikorlaw.com, tel.: +36-30-4980444, address: 1307 Budapest, Pf. 54.
8. How personal data are stored and the security of processing
The law firm’s computer systems and other data storage locations are located at its headquarters, on the lawyer’s mobile devices and on its respective servers.
The COMPANY selects and operates the IT tools used to process personal data in the course of providing the service in such a way that the data processed:
– accessible only to authorised persons;
– authenticity and verification;
– is unchanged;
– be protected against unauthorised access.
The CUSTOMER PROVIDER shall take appropriate measures to protect the data against, in particular, unauthorised access, alteration, disclosure, disclosure, deletion or destruction, accidental destruction, damage or loss, and loss of access resulting from changes in the technology used.
The CUSTOMER’S OFFICE shall ensure the security of data processing by taking technical, organisational and organisational measures to provide a reasonable level of protection appropriate to the risks associated with the processing, taking into account the state of the art.
However, we inform data subjects that electronic messages transmitted over the Internet, regardless of the protocol (e.g. email, web, etc.), are vulnerable to network threats that could lead to fraudulent activity, contract disputes, or disclosure or modification of information. To protect you from such threats, the OWNERSHIP AGENCY will take all reasonable precautions.
The data processed by our law firm is primarily accessible to our competent internal staff (lawyers, trainee lawyers, law firm employees, etc.) and will not be disclosed to third parties, except in connection with the assignment of a lawyer or for other legitimate interests (e.g. debt collection), legal obligations or with the prior express consent of the data subject.
9. International data transfers to third countries
Customers’ personal data may also be transferred to controllers and processors in countries outside the European Economic Area if this is necessary for the fulfilment of the order or if the customer has given his or her explicit and prior informed consent (Article 49 GDPR).
The ACCOUNTING AGENCY shall inform the customer prior to the conclusion of the contract that the data transferred are adequately protected with regard to the recipient outside the European Union to whom the customer’s data are transferred:
(a) the Commission’s decision under Article 93 of the GDPR. by means of general data protection clauses adopted in accordance with the examination procedure referred to in Article 4(2);
(b) the supervisory authority’s acceptance and the Commission’s approval of the data in accordance with Article 93 of the GDPR. by means of general data protection clauses approved in accordance with the examination procedure referred to in Article 4(2);
c) GDPR 40. an approved code of conduct pursuant to Article 16, together with a binding and enforceable commitment by the controller or processor in the third country to apply appropriate safeguards, including with respect to the rights of data subjects; or
d) GDPR 42. together with a binding and enforceable commitment by the controller or processor in the third country to apply appropriate safeguards, including with regard to the rights of data subjects. In this context, the CUSTODIAN OFFICE will seek to have the contractual data protection model clauses approved by the European Commission/NSAIH adopted by its third country partners.
10. Rights of the customer
10.1 Customer access rights
The customer has access to their personal data. If the customer requests feedback from the CUSTOMER’S OFFICE on whether the CUSTOMER’S OFFICE is processing his/her personal data, the CUSTOMER’S OFFICE is obliged to provide information within the limits set by law.
In some cases, the CUSTOMER OFFICE does not receive personal data from the data subject. In such cases, we will presume that the person from whom we received the data was entitled to provide it to us. If we do not receive the data from the data subject, our obligation to inform the data subject is limited.
Nevertheless, the CUSTOMER’S OFFICE is at all times at the disposal of the data subject upon request and will provide the requested information within the limits of the law.
The customer’s right to receive feedback on whether or not the CUSTOMER’S OFFICE is processing his/her personal data covers personal data relating to him/her, but does not cover personal data not relating to him/her.
The CUSTODIAN OFFICE shall provide access to and a copy of the personal data of the requesting client upon request. If the customer requests an additional/repeat copy of his/her personal data, the CUSTOMER’S OFFICE may charge a reasonable fee for the administrative costs incurred in connection with the execution of the request, which fee shall be borne by the customer.
10.2 Customer’s right to rectification
The customer has the right to rectify his/her personal data. This right extends to personal data concerning him or her; and does not extend to personal data not concerning him or her.
The CUSTOMER’S OFFICE shall, upon the customer’s request and acting within the limits of the law, correct or complete the customer’s personal data as appropriate and inform the recipients of such personal data (if any) of the rectification of the customer’s personal data, unless informing the recipients would prove impossible or would involve a disproportionate effort.
10.3 Customer’s right to cancellation
Under certain conditions, the customer has the right to have their personal data deleted.
The CUSTOMER’S OFFICE shall delete the personal data of the customer without undue delay if the CUSTOMER’S OFFICE processes such personal data and the customer requests the deletion of his/her personal data and the personal data are not necessary for the purposes for which the CUSTOMER’S OFFICE processes the personal data.
The OCCUPATIONAL OFFICE shall delete the client’s personal data without undue delay if the OCCUPATIONAL OFFICE processes the client’s personal data and the client requests the deletion of his/her personal data and the client withdraws the consent on which the processing of his/her data is based and there is no other legal basis for the further processing of the client’s data.
The OWNER shall delete the customer’s personal data without undue delay if the processing is necessary for the purposes of the legitimate interests pursued by the OWNER or a third party and the customer objects to the processing of his/her personal data by the OWNER and the legitimate grounds for processing such personal data do not override the customer’s objection.
The OWNERSHIP shall delete the personal data of the client without undue delay if the client requests the deletion of his/her personal data and the processing of such data by the OWNERSHIP is not unlawful or the deletion is mandatory under the applicable legislation or the client’s data is collected in relation to information society services.
The CUSTOMER’S OFFICE will inform the recipients of such personal data (if any) of the deletion of the customer’s personal data, unless informing the recipients would be impossible or would require a disproportionate effort.
10.4 Customer’s right to restriction of processing
The customer may, within the limits of the law, request the restriction of the processing of his/her personal data.
A customer’s right to request restriction of the processing of his or her personal data covers personal data relating to him or her; and does not cover personal data not relating to him or her.
The CUSTOMER’S OFFICE shall limit the processing of the client’s personal data for the period during which it verifies the accuracy of such data, if the client requests the limitation of the processing of his/her personal data and the client contests the accuracy of such data.
The CUSTOMER’S OFFICE shall restrict the processing of the customer’s personal data if the customer requests the restriction of the processing of data whose processing is unlawful and the customer objects to the deletion of such data.
The CUSTOMER’S OFFICE shall restrict the processing of the client’s personal data if the client requests the restriction of the processing of his/her personal data and the CUSTOMER’S OFFICE no longer needs these data for the purposes of its processing and the client requires the data for the establishment, exercise or defence of a legal claim.
The OWNERSHIP shall restrict the processing of the client’s personal data if the client objects to the processing of his/her personal data that is necessary for the legitimate interests of the OWNERSHIP and the client is waiting for confirmation that the OWNERSHIP has a legitimate ground for processing the client’s personal data which overrides the client’s objection.
The CUSTOMER’S OFFICE will inform the recipients of such personal data (if any) of the restriction on the processing of the customer’s personal data, unless informing the recipients would be impossible or would require a disproportionate effort.
If the CUSTOMER’S OFFICE restricts the processing of the customer’s personal data, it may.
– store such personal data,
– may process such personal data on the basis of the customer’s consent,
– may process personal data for the establishment, exercise or defence of legal claims or the defence of the rights of any person.
10.5 Customer’s right to data portability
The customer has the right to receive personal data concerning him or her which he or she has provided to a controller in a structured, commonly used, machine-readable format and the right to have those data transmitted to another controller without hindrance (where technically possible) by the controller to whom the personal data have been provided, if the processing is based on consent or is necessary for the performance of a contract and the processing is carried out by automated means.
The customer’s right to data portability covers personal data relating to him or her; and does not cover personal data not relating to him or her.
11. Data protection incident
If a potential data protection incident within the OCCUPIED INSTITUTION system is likely to result in a high risk to the rights and freedoms of natural persons, the OCCUPIED INSTITUTION shall inform the data subject of the data protection incident without undue delay.
12. Customer relationship
If you have any comments, questions or concerns about our privacy practices or the use of our services, you can contact us using the contact details on our website.
13. Links to other websites
The Site contains(s) links to other service providers that are not covered by this Privacy Statement. When you leave the CUSTOMER OFFICE website, we encourage you to carefully read the privacy policies of all linked websites that collect personal information.
14. Other
OUR OFFICE reserves the right to unilaterally modify this Privacy Policy by informing the data subjects.
We inform our customers that the investigating authority, the National Authority for Data Protection and Freedom of Information, or other bodies authorised by law may contact the OCCUPATIONAL OFFICE to provide information, data, or documents.
15. Rules of Procedure
The data controller has 30 days to provide information about the personal data and to delete or rectify them. If the controller does not comply with such a request, it shall provide the reasons for the refusal in writing within 30 days.
16. Data protection authority, remedies
You can lodge a complaint with the National Authority for Data Protection and Freedom of Information:
National Authority for Data Protection and Freedom of Information
Head office: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal address: 1530 Budapest, Pf.: 5.
Phone: +36.1.391.1400,
Fax: +36.1.391.1410
E-mail: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu
The data subject also has the right to take legal action against the controller as described in the Infotv.