The purpose of this notice is to record
Dr. Szalai Adrienn Ügyvédi Iroda
headquarter: 1055 Budapest, Kossuth Lajos tér 13-15. middle stairway V/7.
Adószáma: 18289646-2-41
E-mail: info@jogivedelem.hu
Website: www.jogivedelem.hu
Phone number: +36 30 498 9637
hereinafter referred to as the Data Controller
the data protection and data management provisions applied by it, and to ensure that its partners involved in data management and visitors to the website it operates are provided with appropriate information on the management and protection of their personal data.
The Data Controller shall organise and perform the processing operations in such a way as to ensure the highest level of protection of the privacy of the data subjects to whom the personal data are processed. In particular, it shall protect the data against unauthorised access, alteration, disclosure, transmission, disclosure, erasure or destruction, accidental destruction or accidental damage, deterioration or accidental loss of data and inaccessibility resulting from changes in the technology used.
Upon regulating the Data Controller has taken particular account of.:
Data processing: the performance of technical tasks related to data processing operations.
Data processing: any operation or set of operations which is performed upon data, regardless of the procedure used, in particular collection, recording, recording, organisation, storage, alteration, use, consultation, disclosure, transmission, alignment or combination, blocking, erasure and destruction, as well as prevention of further use of the data, taking of photographs, audio or video recordings.
Data controller: a natural or legal person or a company having legal personality, which, alone or jointly with others, determines the purposes for which the data are to be processed, takes and implements decisions regarding the processing (including the means used) or has them implemented by a processor on its behalf.
Restriction of processing: the marking of stored personal data with the aim of limiting their processing in the future;
Transfer: making data available to a specified third party.
Erasure: rendering data unrecognisable in such a way that it is not possible to recover it.
Data breach: a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Data subject: a natural person whose personal data are affected by the processing.
Third party: a natural or legal person or any other body other than the Data Subject, the Controller, the Processor or the persons who, under the direct authority of the Controller or the Processor, are authorised to process personal data.
Consent: a voluntary and explicit indication of the data subject's wishes, based on appropriate information, by which he or she gives his or her unambiguous consent to the processing of personal data relating to him or her, whether in full or in part.
Joint processing: where the purposes and means of processing are determined jointly by two or more controllers, they are considered to be joint controllers.
Personal data data that can be associated with a specific natural person, in particular his or her name, identification mark and one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity, and any inference relating to the data subject which can be drawn from the data and which is not in the public interest or in the public domain. Personal data include, inter alia, name, address and e-mail address.
Objection: a statement by the Data Subject objecting to the processing of his or her personal data and requesting the cessation of processing or the erasure of the processed data.
The processing carried out by the Data Controller complies with the data processing principles of the GDPR, which are:
Lawfulness, fairness and transparency principle:personal data must be processed lawfully and fairly and in a transparent manner for the data subject.
Purpose limitation principle: Personal data must be collected only for specified, explicit and legitimate purposes and not processed in a way incompatible with those purposes.
Data minimisation principle: Personal data must be adequate, relevant and limited to what is necessary for the purposes for which they are processed.
Accuracy principle: Personal data must be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data which are inaccurate for the purposes of the processing are erased or rectified without undue delay.
Limited Retention principle: Personal data must be kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal data are processed.
Integrity and Confidentiality principle: Personal data must be processed in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, by using appropriate technical or organisational measures.
Accountability principle: The Data Controller is responsible for compliance with the Principles and must be able to demonstrate such compliance.
In addition to the principles of data management, the requirement of adequate information can be identified as a common requirement, as the Data Controller must inform Data Subjects of the processing for any legal basis for processing.
4.1. Contacting us via the Website
The Data Subject http://www.jogivedelem.hu/, http://www.drvedjegy.hu/ and http://www.drszalaiadrienn.hu/ may contact the Controller through these websites.
| Scope of data processed | the name, e-mail address and phone number of the Data Subject |
| Purpose of data processing | to ensure contact between the Data Subject and the Controller |
| Legal basis for processing | the Data Subject's voluntary consent (Article 6(1)(a) of the GDPR Regulation) |
| Duration of data processing | until the data subject's request for erasure |
4.2. Data processing during contract conclusion and performance
Where a contract is concluded between the Data Controller and a partner, the parties shall (may) indicate in the contract the contact individuals and their contact details.
| Scope of data processed | the Data Subject's name, email address, telephone number, date and place of birth, mother's name, address |
| Purpose of data processing | to ensure contact and performance of the contract |
| Legal basis for processing | the processing is necessary for the performance of a contract to which the Data Subject is a party or for the purposes of taking steps at the request of the Data Subject prior to entering into a contract (Article 6(b) GDPR) |
| Duration of data processing | until the termination of the contractual relationship or for the period required by the applicable legislation |
4.3. Cookies
A cookie is a small text file that is stored on the hard drive of the Data Subject's computer or mobile device for the expiry period set in the cookie and is reactivated on subsequent visits. Its purpose is to record information about the visit and personal preferences, but it cannot be linked to the visitor personally. It helps to design a user-friendly website and to enhance the online experience of the Data Subject. If the Data Subject does not consent to the Data Processor using cookies when the Data Subject browses the website, the website may not function fully.
| Scope of data processed | the Data Controller stores all analytical information without name or other personal data |
| Purpose of data processing | the storage of the data subject's personal preferences |
| Legal basis for processing | the Data Subject's voluntary consent (Article 6(1)(a) of the GDPR Regulation) |
| Duration of data processing | Data Subject can delete cookies stored on your computer or mobile phone at any time through your browser settings |
Cookies used on this site:
4.4. Customer due diligance
According to the applicable legislation, the Data Controller, as a law firm, is responsible for client due diligence, in the context of which personal data is processed.
| Scope of data processed | the name, surname, given name and nationality of the Data Subject, place and date of birth, mother's name at birth, address, or, failing that place of residence, type and number of identity document |
| Purpose of data processing | on the prevention of money laundering and terrorist financing prevention of money laundering and terrorist financing under Act LIII of 2017 (Pmt.) fulfilment of obligations |
| Legal basis for processing | legal obligations under the Pmt. and GDPR |
| Duration of data processing | the execution of the order pursuant to paragraphs (2) of Article 56 and (2) of Article 57 of the Pmt. 8 years after |
4.5. Client identification
According to the applicable legislation, the Data Controller, as a law firm, is entrusted with the tasks related to the identification of clients, in the framework of which personal data are processed.
| Scope of data processed | the data specified in Article 32 (3) and (9) and Article 33 (2) of Act LXXVIII of 2017 on the Activities of Lawyers (Act on the Activities of Lawyers) |
| Purpose of data processing | fulfilment of the obligations under the Act on the Activities of Lawyers |
| Legal basis for processing | the legal obligation under the the Act on the Activities of Lawyers and the GDPR |
| Duration of data processing | until the termination of the contractual relationship, or the relevant as provided for in the legislation (Üttv.) |
A személyes adatokhoz az Adatkezelő részére informatikai szolgáltatást nyújtó adatfeldolgozó szükség szerint hozzáférhet.
Data processors:
Tarhely.Eu Kft. (headquarter: 1144 Budapest, Ormánság utca 4. X. em. 241.; registered by: Fővárosi Törvényszék Cégbírósága; company identification number: 01-09-909968)
Obventio Kft. (headquarter: 2230 Gyömrő, Simon Mihály tér 3/C; registered by: Budapest Környéki Törvényszék Cégbírósága; company identification number: 13-09-168536)
ANDOCSEK Zrt. (headquarter: 1024 Budapest, Buday L. utca 12.; registered by: Fővárosi Törvényszék Cégbírósága; company identification number: 01-10-047892)
Modernity Group Kft. (headquarter: 5530 Vésztő, Móricz Zsigmond utca 55.; registered by: Gyulai Törvényszék Cégbírósága; company identification number: 04-09-015258)
The Data Controller shall not disclose personal data obtained by the Data Controller to third parties in any way without the prior consent of the Data Subject, except in cases where the Data Controller is required by law to disclose the data, such as in response to a request from a public authority.
The Data Controller stores the personal data mentioned above at the headquarters of the Law Firm (1055 Budapest, Kossuth Lajos tér 13-15., central staircase V/7.).
The Data Controllers undertake to ensure the security of the data in accordance with the GDPR.
In the operation of IT systems, the necessary access control, internal organisation and technical solutions ensure that data cannot be accessed by unauthorised persons, deleted, deleted from the system or modified by unauthorised persons. The data controller shall also enforce data protection and data security requirements in relation to data processors.
They shall keep records of any data protection incidents and, if necessary, inform the Data Subject of any such incidents and, if necessary, the National Authority for Data Protection and Freedom of Information (NAIH).
Pursuant to Section 9 of the Üttv., all facts, information and data of which the practitioner of the profession of lawyer becomes aware in the course of exercising that activity shall be considered to be a lawyer's secret. The practitioner of the profession of lawyer shall be obliged to maintain the secrecy of the lawyer.
The confidentiality obligation of the Data Controller as a law firm extends to the members of the law firm, but the members are not bound by any confidentiality obligation towards each other.
Right to information
The Data Controller must provide information in a reasonable way, in simple and accessible language that is easy to find (online or offline), on the relevant aspects of the processing. At the time of obtaining the personal data or, where the data subject subsequently requests information, at the time of providing that information, the data subject must be provided with the information notice and be asked to sign a declaration of acknowledgement, understanding and acceptance of the information contained therein.
The Data Subject shall have the right to request at any time information about the personal data relating to him or her processed by the Controller. The information may be requested by e-mail, by post or by telephone, as indicated in the information notice on the processing in question. The Controller shall provide the requested information within 30 days of the request.
Right to erasure
The Data Subject shall have the right to obtain from the Data Controller, upon his or her request, the erasure of personal data relating to him or her without undue delay and the Data Controller shall be obliged to erase personal data relating to the Data Subject without undue delay. Where the Controller has allowed third parties access to the data requested to be deleted, it shall inform all those to whom it has disclosed the data concerned to delete all references to or personal data held by them. The purpose of this is to ensure that, unless there is a legal or reasonable impediment, the data concerned "disappear" from the databases that can be found.
The erasure need not be carried out if the processing is
The Controller shall also delete personal data contained in its records relating to the data subject if the purpose for which the personal data were processed ceases to exist.
In the case of paper records, their destruction shall be recorded in a log file for the reason that it may be proved to the competent authority at a later stage.
Correction of data
The Data Subject may indicate that the data processed are inaccurate and request that they be replaced by what is indicated. The Data Controller is responsible for the accuracy of the data and it is therefore necessary to check its accuracy from time to time.
Right to restriction of processing:
The Data Subject may request the Controller to restrict the processing of his or her personal data, for example in the event of an unclear, contentious situation. Where processing is subject to restriction, such personal data may only be processed, except for storage, with the consent of the Data Subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the Union or of a Member State.
Right to data portability:
The Data Subject may request to receive the data processed concerning him or her in a structured, commonly used, machine-readable format (e.g. .doc, .pdf, etc.) and has the right to transfer these data to another Data Controller without hindrance from the original Data Controller. It makes it easier for the data subject to transfer his or her personal data from one Controller to another.
Right to object
The Data Subject has the right to object at any time to the processing of his or her personal data for a specified reason, if he or she has not given his or her consent to the processing of the data.
If the Data Subject wishes to exercise his or her rights, this will involve identification and communication with the Data Subject by the Data Controller as necessary, and therefore identification will require the provision of personal data (but identification will only be based on data that we otherwise process about you) and your complaints about the processing will be available in our email account within the time period specified in this Notice in relation to complaints.
We will respond to complaints about data processing promptly and no later than 30 days.
The Data Subject may exercise the rights set out above by sending an e-mail to the email address of the Data Controller as set out in this Notice or by sending a statement to the Data Controller and by post to its registered office.
The Data Subject is entitled to lodge a complaint with the NAIH (1125 Budapest, Szilágyi Erzsébet fasor 22/c.; www.naih.hu, phone number: +36 (1) 391-1400, fax: +36 (1) 391-1410, E-mail: ugyfelszolgalat@naih.hu) or to enforce his/her rights regarding the processing of personal data before the Court of competent jurisdiction pursuant to Act CXXX of 2016 on the Code of Civil Procedure.
If the Data Controller intends to carry out further processing of the collected data for purposes other than those for which they were collected, the Data Controller shall inform the Data Subject of the purposes of the processing prior to the further processing. The processing may only start after that and, where the legal basis for the processing is consent, the Data Subject must consent to the processing in addition to the information.
The Data Controller reserves the right to change this information and to amend it accordingly in the event of changes in Community or national legislation.
Present Notice is valid from 6 January 2025
