PRIVACY NOTICE
OF
RÉTI, VÁRSZEGI & PARTNERS LAW FIRM
ON DATA PROCESSING RELATED TO LEGAL SERVICES AND OTHER
PROFESSIONAL ACTIVITIES
1.1 Name and contact details of Data Controller
Name of data controller: Réti, Várszegi & Partners Law Firm (hereinafter the “Data
Controller”)
Registered seat: 1055 Budapest, Bajcsy-Zsilinszky út 78.
E-mail address: rvp.central@hu.pwclegal.com
Phone number: (+36 1) 461 9888
Website: retivarszegipartners.hu
Appointed contact persons of the Data Controller:
Name:
Dr. Zoltán Várszegi, law firm managing partner
Dr. András Csenterics, attorney at law, data protection officer
Postal address: 1055 Budapest, Bajcsy-Zsilinszky út 78.
E-mail address:
zoltan.varszegi@pwc.com
andras.csenterics@pwc.com
Phone number: (+36 1) 461 9888
1.2 Scope of the processed personal data, purpose, legal basis of the data
processing, the period for which the personal data are retained
A) Processing of the personal data of natural persons (i.e. individuals)
| Categories of personal data |
Purpose of data processing |
Legal basis of data processing |
Period for which the personal data are stored |
| Personal data required to prepare and conclude the engagement, including the type, data content and copy of the personal identification documents1 as well as the data requested in relation to the restrictions on the engagement; in this regard, the personal data could be obtained from public databases (e.g. registries on the address and personal data of citizens). In case of client identification via video conference call, the data we process includes the data content of the personal identification document(s) presented via the electronic communications network (Skype for Business) and recorded by us in the form of video recording, as well as the image and voice of the data subject. For this type of client identification, the entire video conference call is recorded by us. During the client identification, the natural person’s surname and forename, surname and forename at birth, nationality, place and date of birth, mother’s birth name, address, in the absence of that, place of residence and the type and number of the identification document is mandatorily recorded. The declaration of the client on whether it is acting in its own name or on behalf of a beneficial owner, in the latter case, the personal data of the beneficial owner is processed. The declaration on politically exposed person status as well as close relative or close associate of a politically exposed person status is also processed. If such declaration is made in the affirmative, or the client is otherwise regarded a high risk entity based on our internal risk assessment, the information on the source of funds and source of other assets could be recorded as well. Information found in negative media news, public sources or sanctions lists. The clients’ risk rating |
Preparation and conclusion of the engagement | Preparation and performance of the contract on the provision of legal services, legal obligation prescribed by the Hungarian act on attorney services |
8 years from the completion of the engagement or the termination of the business partnership; 10 years in the case of mediation or the countersigning of documents or electronic documents or the registration of rights over real properties in public registries. These retention periods may be extended if the personal data is required for the purpose of an ongoing or future legal procedure. In the latter case, the retention period extends until the final and binding decision concluding the procedure in question or until the proceedings fails. In the case of signing a document during a recorded videoconference or recognizing a signature in this way for the purpose of an attorney’s countersignature (so-called remote signature, remote signing) and fulfilling client identification obligations by way of a recorded videoconference (remote identification), the attorney must keep the record for 10 years. |
| Client identification performed in accordance with Sections 6-10 and 73 of the AML Act, updating registry on identified persons |
Obligations prescribed by the Hungarian legal acts on the prevention of money laundering and financing of terrorism and on attorney services |
||
| Transfer of the data of the AML-compliant client identification procedure to other service provider(s) in order for the other service provider to conduct its own client identification procedure. |
The explicit consent of the data subject | ||
| In order to determine if we can provide legal services to the client, the completion of risk assessment and client identification (KYC – Know Your Client) procedures, checks on restrictions on the provision of legal services, obtainment of permission to provide legal services is necessary based on our cooperation with the PricewaterhouseCoopers network. |
The legitimate interest of the Law Firm related to complying with the risk management and client identification (KYC – Know Your Client) requirements based on its cooperation with the PricewaterhouseCoopers network and to determining whether it is possible to provide legal services to a potential client. |
||
| Personal data provided in relation to the engagement (especially the name, address, mother’s name, name by birth, tax identification number, identity card number, passport number, personal identification number, place of temporary residence/postal address) |
Provision of legal services, especially the preparation, submission and registration of documents with the competent authority, representation in court or other official proceedings, enforcement of claims arising from the services, defending of legal position |
Preparation and performance of the contract on the provision of legal services, legal obligation prescribed by the Hungarian act on attorney services. The enforcement of claims arising from the service, our legitimate interest in defending our legal position. |
For the statutory retention period applicable to attorneys2 |
| Data on the specifics of the case (statement of facts), especially data on assets | Provision of legal services, the enforcement of claims arising from the service, defending of legal position |
Preparation and performance of the contract on the provision of legal services, legal obligation prescribed by the Hungarian act on attorney services. The enforcement of claims arising from the service, our legitimate interest in defending our legal position. |
For the statutory retention period applicable to attorneys |
| Contact details (phone number, e-mail address) In the case of a video conference call, the image, the voice of the data subject and other information of personal nature that is within the sight of the camera during a call. |
Liaison during the legal services rendered under our contract |
Preparation and performance of the contract on the provision of legal services |
Until the business partnership established for the provision of legal services is terminated, except if the contact data are part of the documents that include the data processed for the above purposes (in this case, the abovementioned retention periods shall be applied) |
| Personal data necessary for the issuance of invoices, statements |
Fulfilment of tax obligations, completion of orders, issuance of invoices/statements |
Fulfilment of obligations arising from tax law and accounting regulations |
8 years from the date of the invoice |
| Name, address, telephone number, email address of private clients |
Client management in the context of providing legal services (via the Salesforce system) | Our legitimate interest related to processing client data in a system introduced by the PricewaterhouseCoopers international group of firms, allowing for safe and unified client management, efficient provision of services and sharing information within the network |
During the existence of the client contact |
1. When making copies of the certificate of domicile, the side of the certificate containing the personal identification number is not stored by our law firm. However, the personal identification number is processed by the law firm in all cases when it requests information relating to persons of Hungarian citizenship and / or residence through the data reporting framework for the security of legal transactions based on Section 32 of the AA Act (Act on Attorney Activities, “AA Act”). This personal data, together with the number of the certificate of domicile and the personal identification document is required for making requests from said framework, in which case the legal basis for data processing is our legitimate interest related to the feasibility of making the given request.
2. 10 years in the case of mediation or the countersigning of documents or electronic documents or the registration of rights over real properties in public registries, 5 years in any other cases. In special cases prescribed by law or upon the parties’ specific agreement, some documents containing the personal data might not be discarded.
B) Processing of the personal data of natural persons acting for legal entities
(representative, authorized proxy, contact person, etc.)
| Categories of personal data |
Purpose of data processing |
Legal basis of data processing |
Period for which the personal data are stored |
| Contact data (especially the name, e-mail address, phone number, title) In the case of a video conference call, the image, the voice of the data subject (typically the client’s representative or a designated contact person) and other information of a personal nature that is within the sight of the camera during a call. |
Initiating and maintaining business liaison |
Our legitimate interest related to the maintenance of the business partnership and the performance of the contract concluded with the legal entity client |
Until the termination of the business partnership or if it happens earlier, until the data subject’s legal relationship with the legal entity is terminated, provided that the Data Controller learns about this |
| Personal identification data (in relation to the representative, authorized proxy and beneficial owner of the legal entity)3 Information found in negative media news, public sources or sanctions lists. The clients’ risk rating. In the case of client identification in a video conference call, the data we process includes the data content of personal identification document(s) presented via the electronic communications network (Skype for Business) and recorded by us in the form of video recording, as well as the image and the voice of the data subject. For this type of client identification, the entire video conference call is recorded by us. |
Client identification performed in accordance with Sections 6 and 73 of the AML Act, updating registry on identified persons |
Obligations prescribed by the Hungarian legal acts on the prevention of money laundering and financing of terrorism and on attorney services |
8 years from the completion of the engagement or the termination of the business partnership. 10 years in the case of mediation or the countersigning of documents or electronic documents or the registration of rights over real properties in public registries. These retention periods may be extended if the personal data is required for the purpose of an ongoing or future procedure. In the latter case, the term of the retention period extends until the final and binding decision concluding the proceedings in question or until the proceedings fail. In the case of signing a document during a recorded videoconference or recognizing a signature in this way for the purpose of an attorney’s countersignature (so-called remote signature, remote signing) and fulfilling client identification obligations by way of a recorded videoconference (remote identification), the attorney must keep the record for 10 years. |
| Transfer of the data of the AML-compliant client identification procedure to other service provider(s) in order for the other service provider to conduct its own client identification procedure |
Legitimate interest of the legal entity client related to the facilitation of its identification by another service provider |
||
| Provision of legal services (especially the preparation, submission and registration of corporate documents with the competent authority) |
Legitimate interest related to the performance of the contract concluded with a legal entity. The enforcement of claims arising from the service, our legitimate interest in defending our legal position. |
||
| In order to determine if we can provide legal services to the client, completion of risk assessment and client identification (KYC – Know Your Client) procedures, checks on restrictions on the provision of legal services, obtainment of permission to provide legal services is necessary based on our cooperation with the PricewaterhouseCoopers network |
Our legitimate interest related to compliance with the restrictions and rules of the PricewaterhouseCoopers global group of companies on providing services to audit clients and our legitimate interest related to complying with the risk management and client identification (KYC – Know Your Client) requirements based on our cooperation with the PricewaterhouseCoopers network and determining whether it is possible to provide legal services to a potential client. |
||
| Name, title within the client’s organizational system, telephone number and email address of private persons acting as representatives of the client |
Client management in the context of providing legal services (via the Salesforce system) | Our legitimate interest related to processing client data in a system introduced by the PricewaterhouseCoopers international group of firms, allowing for safe and unified client management, efficient provision of services and sharing information within the network |
During the existence of the client contact |
3 According to the AA Act and the AML Act, the following data must be recorded in connection with the representative or authorized proxy of the client: person’s surname and forename, surname and forename at birth, nationality, place and date of birth, mother’s birth name, address, in the absence of that, place of residence, the type and number of the identification document, in cases falling within the scope of the AML Act, the copy of the ID card, except for the side of the certificate of domicile containing the personal identification number. However, the personal identification number is processed by the law firm in all cases when it requests information relating to persons of Hungarian citizenship and / or residence through the data reporting framework for the security of legal transactions based on Section 32 of the AA Act (Act on Attorney Activities, “AA Act”). This personal data, together with the number of the certificate of domicile and the personal identification document is required for making requests from said framework, in which case the legal basis for data processing is our legitimate interest related to the feasibility of making the given request.
We are required to process the following relating to the beneficial owner of a legal entity or
organizations not having a legal personality: person’s surname and forename, surname and
forename at birth, nationality, place and date of birth, address, in the absence of that, place of
residence, nature and rate of ownership interest.
Declaration on whether the beneficial owner qualifies as a politically exposed person.
C) Processing of the personal data of the beneficial owner of the client
| Categories of personal data |
Purpose of data processing |
Legal basis of data processing |
Period for which the personal data are stored |
| Personal identification data: person’s surname and forename, surname and forename at birth, nationality, place and date of birth, address, in the absence of that, place of residence, nature and rate of ownership interest, further, declaration of the client pertaining to politically exposed person status as well as close relative or close associate of a politically exposed person status. Copy of identification document (etc. passport, ID). Information found in negative media news, public sources or sanctions lists relating to the ultimate beneficial owner. |
Client identification performed in accordance with Sections 6 and 73 of the AML Act, keeping registry on identified persons |
Obligations prescribed by the Hungarian laws on the prevention of money laundering and financing of terrorism and on attorney activities |
8 years from the completion of the engagement or the termination of the business partnership. This retention period may be extended if the personal data is required for the purpose of an ongoing or future legal procedure. In the latter case, the retention period extends until the final and binding decision concluding the procedure in question or until the proceedings fails. |
| Transfer of the data of the AML-based client identification procedure to other service provider(s) so that they can conduct their own client identification procedure |
Legitimate interest of the legal entity client related to the facilitation of its identification by another service provider |
||
| In order to determine if we can provide legal services to the client, the completion of risk assessment and client identification (KYC – Know Your Client) procedures, checks on restrictions on the provision of legal services, obtainment of permission to provide legal services is necessary based on our cooperation with the PricewaterhouseCoopers network. |
Our legitimate interest related to compliance with the restrictions and rules of the PricewaterhouseCoopers global group of companies on providing services to audit clients and our legitimate interest related to complying with the risk management and client identification (KYC – Know Your Client) requirements based on our cooperation with the PricewaterhouseCoopers network and determining whether it is possible to provide legal services to a potential client. |
D) Other data processing
| Categories of personal data |
Purpose of data processing |
Legal basis of data processing |
Period for which the personal data are stored |
| Personal identification and other transactional data (the source of the data is our client or the data subject) of the other party involved in the contract or litigation, or its representative. |
Performance of legal services (e.g. the preparation of contract) |
Our legitimate interest related to performing our services agreement, legal obligation prescribed by the Hungarian act on attorney services |
For the period applicable to attorney services1 |
| The plate number of vehicles of the persons visiting our office, if they wish to use the underground garage of the office building |
Provision of parking space | The explicit consent of the data subject | Until the end of the visit |
| The content of the telephone calls or videoconferences related to the performance of the engagement, if it is recorded by us. |
Proving the content of the consultation, using it in case of enforcement of legal claims | Our legitimate interest related to the proving of said the content |
5 years from the termination of the engagement |
| Data of the contact persons (name, email address) provided by organizations (student organizations, university student organizations, universities) cooperating with us in order to enable the cooperation, and the name of the persons (e.g. groups of students) visiting our office as part of the cooperation |
Enabling the maintaining of contact, identification of the persons visiting the office, enabling access to the office building |
Legal interest related to maintaining contact, organizing joint events, and organizing visits |
Until the existence of professional cooperation or a change in the person of the contact person (if we become aware of this change). In connection with the list of visitors until the end of the visit. |
| Data required for participation in professional events organized by us (name, email address, name of delegating organization and the title held there, if applicable, in the case of a parking request, the plate number of the vehicle)4 |
Maintaining contact related to the event, organizing the event In the case of such a request, provision of parking space in the underground garage of the office building |
In case our events are subject to a participation fee, the performance of the contract (natural person clients) or our legal interest related to the performance of the contract (non-natural person clients) In case our events are not subject to a participation fee, our legal interest related to organizing the events In the case of plate number of the vehicle, the explicit consent of the data subject |
The general civil law statutory limitation period (5 years) from the event Until the end of the visit in connection with the plate number |
| The image of the data subject on photographs and video recordings for marketing purposes |
Publishing the record on the website and the social media platforms of our law firm |
The explicit consent of the data subject | 1 year from the recording. If the data subject withdraws his or her consent, the record will be erased and removed from our platform by us. |
4 Note: video and audio recordings may be made at our events, however, in all cases we strive to ensure that the participants do not appear in the recordings at all or appear only in an unidentifiable manner. The recordings are occasionally published on the media platforms of the law firm and PwC Hungary.
If you do not wish to appear in the recordings even in an unidentifiable manner, please take a seat in one of the back rows in the hall where the event takes place. We ensure that back rows are not recorded in any form.
E) Data processing related to the website HTTPS://WWW.RETIVARSZEGIPARTNERS.HU
| Categories of personal data |
Purpose of data processing | Legal basis of data processing |
Period for which the personal data are stored |
| Personal data provided by the visitor on the website through the “Contact” option |
Responding to persons contacting the Data Controller via the “Contact” option on the website |
If the Data Controller is contacted in relation to the preparation of an engagement with the data subject, the legal basis for the data processing will be taking the steps necessary to enter into the engagement. If the purpose of contacting the Data Controller differs from the above, the legal basis for data processing will be the Data Controller’s legitimate interest related to responding to messages it receives through “Contact” |
If the Data Controller is contacted in relation to taking the steps necessary to enter into an engagement, the personal data involved will be processed until the end of the general civil law statutory limitation period (5 years.) If the Data Controller is contacted for any purpose other than the above, the personal data involved will be processed until the end of the communication started as a result of contacting the Data Controller. |
| The data recorded by the cookies operating on the website |
Please note that our office has a separate cookie privacy policy, which is available at the following link: https://www.retivarszegipartners.hu/en/cookie/ We also note that the IP address of the device used to browse our website may be recorded on the website. Based solely on the IP address, we are not able to identify the person using the given device, nevertheless, the cookie policy also contains information on the collection of IP addresses. |
||
In regard to the above cases of data processing, the Data Controller hereby notes that the provision of the data of data subjects that the Data Controller processes on the basis of legal
obligations, contracts to be concluded with the Data Controller, the preparation or
performance of the business partnership is mandatory in respect of the establishment of the
engagement or certain obligations arising from the engagement on the provision of legal services.
Without the necessary data, the Data Controller cannot comply with its contractual or legal
obligations; in certain cases (especially in relation to client identification performed on the basis of
8 Réti, Várszegi & Partners Law Firm PwC Legal the AML Act), if the necessary data are not provided, we cannot even accept or complete the engagement.
In respect of data processed on the basis of the Data Controller’s or third person’s legitimate
interest, the Data Controller specifically notes that data subjects are granted the right to object to
data processing (additional rules are laid down in Point 1.5 E).
1.3 Recipients of personal data, categories of recipients
Recipients are organizations to which our Law Firm may transfer personal information in certain
cases.
Data processor:
| Name of data processor | Category of personal data transferred to recipients |
Activity requiring the involvement of the data processor |
| PwC Könyvvizsgáló Kft. | Personal data stored on IT servers (especially e-mails, electronic documents, invoices). | The data processor performs the operations that the Data Controller has specified to provide full scope IT and accounting services (including the supply of the accounting software). |
| Providers of software or other IT services to the Law Firm. |
Personal data processed during the use of the software or use of the service (in particular, data recorded by the software or stored as part of a given IT service). |
Providing certain technical conditions necessary for the operation of the Law Firm (e.g. remote authentication, data storage, use of virtual data room, encrypted sending of confidential documents, support for client identification operations). |
Independent data controllers:
| Name of independent data controller |
Category of personal data transferred to recipients |
Activity that the independent data controller performs |
| Cooperating attorneys, law firms | Client identification, contact and case-related data (statement of facts) |
Professional participation in the provision of the Data Controller’s legal services |
| PwC Könyvvizsgáló Kft. | Conflict of interest data (audit client status or other) In case of consent, the data of client identificationData required for the joint provision of services |
Checking restrictions on services that may be provided to clients, enabling the provision of services |
| PwC Magyarország Kft. | In case of consent, the data of client identification Data required for the joint provision of services |
Checking restrictions on services that may be provided to clients, enabling the provision of services |
| PwC European Regional Center | Identification data of natural person clients, data of representatives, members and beneficial owners of legal entities |
Regional risk assessment and management, permission of services, carrying out and registering client identification (KYC – Know Your Client) processes at the regional level |
| Authorities, courts, other official bodies |
Personal data incorporated in documents to be submitted to the competent authority/court, personal data necessary for the performance of the engagement |
Conduct of the related legal procedures or proceedings |
| Notaries | Documents containing personal data that are essential for the performance of the given notarial activity (e.g. verification of signature, notarization) |
Enabling the provision of services (if the services of the notary are required at the request of the client or in accordance with the provisions of law) |
| Judicial or private experts | If the engagement requires the involvement of an expert, the personal data in the documents to be provided to the expert |
Preparation of expert’s opinion |
| Budapest Bar Association | All the data subject to attorney services |
Exercise of disciplinary powers or supervisory audits |
1.4 Processing of special categories of personal data
The Data Controller only processes special categories of personal data if it is absolutely required for the provision of legal services (e.g. legal representation in a lawsuit related to the medical conditions of the client). In such cases, the Data Controller is entitled to process the data on the basis of Section 9 (2) Point f) of the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council) directly applicable in Hungary, as the data processing is required for the establishment, exercise and defence of legal claims. If said point is not applicable, we may process special categories of personal data only on the basis of Section 9 (2) Point a) of the same Regulation, based on the explicit consent of the data subject.
1.5 Rights of data subjects
The data subject may request the Data Controller to grant access to his/her personal data, the
rectification of inaccurate personal data, the erasure of personal data, and in certain cases, the
restriction of the processing, and may object to the processing of his/her personal data. The data
subject is also granted the right to data portability, the right to file a complaint with the supervisory
authority and the right to an effective judicial remedy. In the case of automated decision-making
applied in specific cases, the data subject is granted the right to not be subject to the decision or the right to request human intervention. However, this right is mentioned only for the sake of
completeness as our Law Firm does not carry out automated decision-making during the course of
the data processing.
During the course of the consent-based data processing, the data subject is also entitled to withdraw his/her consent at any time, however the withdrawal has no impact on the lawfulness of the data processing performed prior to the withdrawal.
A) Right to access
The data subject is entitled to request information at any time about whether and how the Data
Controller processes his/her personal data, including the purposes of the data processing, the
recipients to whom the data have been disclosed or the period for which the personal data will be
stored, any right of the data subject, in addition, information on automated decision-making,
profiling, and in the case of transferring personal data to any third countries or any international
organization, information on the related guarantees. During the exercise of the right to access, the
data subject is also entitled to request copies of the personal data; in the case of requests submitted electronically, the Data Controller, in lieu of a request from the data subject that says otherwise, provides the requested information electronically (in pdf format). If the right to access of the data subject has detrimental effects on the rights and freedoms of other persons, especially the business secrets or intellectual property of others, the Data Controller is entitled to refuse to comply with the request to the necessary and proportionate extent. If the data subject requests several copies of the personal data, the Data Controller charges HUF 200 per copy/page as a reasonable amount of fee that is proportionate to the administrative costs of preparing the additional copies.
B) Right to rectification
At the request of the data subject, the Data Controller corrects or completes the personal data of the data subject. If any doubt arises from the corrected data, the Data Controller may request the data subject to certify the corrected data to the Data Controller appropriately, primarily by documents. If the Data Controller has disclosed such personal data of the data subject that are subject to this right to other persons (e.g. the recipient as data processor), the Data Controller shall immediately inform the affected persons after correcting the data, provided that such notification is possible or it does not require a disproportionate amount of effort from the Data Controller. At the request of the data subject, the Data Controller informs him/her about these recipients.
C) Right to erasure (“right to be forgotten”)
If the data subject requests the erasure of any or all of his/her personal data, the Data Controller shall erase such data without unjustified delay if
- the Data Controller does not need the personal data in question any more for the purpose for which the data were collected or otherwise processed;
- the request affects data processing that was based on the consent of the data subject, but the data subject has withdrawn the consent and the data processing has no other legal basis;
- the request affects data processing that had been based on the legitimate interests of the Data Controller or any third party but the data subject has objected to the data processing and, with the exception of objection to data processing for direct marketing purposes, there are no legitimate grounds for the data processing that would take priority;
- the Data Controller processed the personal data unlawfully, or
- the erasure of personal data is necessary for the fulfilment of legal obligations.
If the personal data under this right have been disclosed by the Data Controller to another party (e.g. the recipient as, for example, the data processor), the Data Controller shall immediately inform such persons after the erasure, provided that such notification is possible or it does not require a disproportionate amount of efforts from the Data Controller. At the request of the data subject, the Data Controller informs them about these recipients. The Data Controller is not required to delete personal data in all the cases, especially if, for example, the data processing is necessary for the establishment, exercise or defence of legal claims.
D) Right to restriction of data processing
The data subject may request the restriction of the processing of his/her personal data in the
following cases:
- the data subject contests the accuracy of the personal data – in this case, the restriction
affects the period during which the data controller is able to check the accuracy of personal data; - the data processing is unlawful, but the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the data controller no longer needs the personal data for the purposes of the processing, but the personal data are needed for the establishment, exercise or defence of legal claims; or
- the data subject has objected to the data processing – in this case, the restriction affects the period until which it is verified whether the legitimate grounds of the Data Controller override those of the data subject.
The restriction of data processing means that the Data Controller will not process the personal data
subject to the restriction except for storage, or such data are only processed to the extent to which
the data subject consented, or even if without such consent, the Data Controller may process those
personal data that are necessary for the establishment, exercise or defense of legal claims or for the protection of the rights of other natural persons or legal entities, or that are necessary for the
important public interests of the European Union or any European Union member state. The Data
Controller informs the data subject in advance about releasing the restriction on the data processing.
If personal data under this right have been disclosed to other persons (e.g. the recipient, for example, as the data processor), the Data Controller shall immediately inform such persons about the restriction of data processing, the Data Controller shall immediately inform such persons after the erasure, provided that such notification is possible or it does not require a disproportionate amount of efforts from the Data Controller. At the request of the data subject, the Data Controller informs them about these recipients.
E) Right to object
If the legal basis for the data processing related to the data subject is the legitimate interest of the
Data Controller or any third party, the data subject is entitled to object to the data processing. The
Data Controller is not required to accept the objection if the Data Controller can evidence that
- the data processing is justified by legitimate and compelling causes that take precedence over the interests, rights and freedoms of the data subject, or
- the data processing relates to the data for the establishment, enforcement or defence of Data Controller’s legal claims.
F) Right to data portability
In certain cases, the data subject has the right to receive the personal data concerning him or her,
which he or she has provided to the Data Controller in a commonly used and machine-readable
format or to transmit those data to another controller designated by the data subject. This is called
the right to data portability. Taking into account the data processing of our Law Firm, the data subject may exercise the right to Data Portability in the following cases:
- if the legal basis of the data processing is the consent of the data subject, hence in the case of
- o the data processing related to the AML-related client identification procedure specified in point 1.2. A), further,
- o the data processing related to the plate number of the vehicle of visitors to our office and the marketing purposes specified in point 1.2. D)
of this Privacy Notice;
- if the legal basis of the data processing is the performance and preparation of the contract concluded with the data subject, hence in the case of
- o the data processing related to the provision of legal services and maintaining contact specified in point 1.2. A),
- o the data processing related to our events subject to participation fee and provision of parking spaces specified in point 1.2. D),
- o the data processing related to inquiries via our website specified in point 1.2 E) of this Privacy Notice.
When exercising the right to data portability, the Data Controller provides the personal data in pdf
file format to the data subject or transmits the data to another data controller designated by the data subject.
Please note that our legal practice is subject to strict professional secrecy obligations.
Therefore, in the case of exercising the right to data portability we can transmit personal data classified as attorney-client privilege as per the rules of Act LXXVIII of 2017 on Attorney Activities5 only if we have been exempted from our confidentiality obligation in advance and to the extent necessary for the data transfer by the data subject as the person entitled to grant exemption from such obligation
5 Section 9. § (1) of the AA Act: All facts, information and data of which the practitioner of the legal profession has become aware in the course of the exercise of this activity shall be considered as attorney-client privilege
G) Right to lodge a complaint, right to an effective judicial remedy
If the data subject comes to the conclusion that the processing of his/her personal data by the Data
Controller infringes the applicable data protection regulations, especially the General Data
Protection Regulation, the data subject has the right to file a complaint with the competent data
protection supervisory authority in the Member State of his/her habitual residence, place of work orthe place of the alleged infringement. In Hungary, this authority is the Hungarian National Authority for Data Protection and Freedom of Information (“NAIH”). The contact details of NAIH are as follows:
Website: http://naih.hu/
Address: 1055 Budapest, Falk Miksa utca 9-11.
Mail address: 1374 Budapest, Pf.:603.
Telephone: +36-1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
The data subject, regardless of his/her right to file a complaint, may also bring proceedings before a court for such infringement. The data subject is entitled to bring proceedings against the binding
decision of the supervisory authority concerning the data subject. The data subject is also entitled to an effective judicial remedy if the supervisory authority fails to address the complaint or does not inform the data subject within three months on the progress or outcome of the complaint lodged.
1.6 Automated decision-making, profiling
No automated individual decision-making or profiling is performed in the course of the data
processing of the Data Controller concerning the data subjects.
* * *
Effective from 25 May 2018
Last review: 8 July 2022