GDPR :: Békés Ügyvédi Iroda

en

hu
en

GDPR

BÉKÉS LAW FIRM

The day of this policy's coming into force: 25th May 2018

1) General provisions and contacts
This data control and processing policy (hereinafter: "Policy") concerns those personal data, which are handled and processed by Békés Law Firm (seat of business: Báthory street 7, Budapest 1054; tax number: 18120237241) (hereinafter: "Controller") about You (hereinafter: "Concerned party").
Seat of business of the Controller: Báthory street 7, Budapest 1054
Legal representative of Controller: Dr. Adam Békés
Tax number: 18120237241
Contact information of the Controller on which the Concerned party can exercise his/her rights mentioned in this policy:
E-mail: iroda@bekes-legal.hu
Phone number: +36 1 373 0260
2) Principles relating to processing of personal data
Personal data shall be:
a) processed lawfully, fairly and in a transparent manner in relation to the data subject ('lawfulness, fairness and transparency');
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be incompatible with the initial purposes ('purpose limitation')
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ('data minimisation')
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay ('accuracy')
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR Regulation in order to safeguard the rights and freedoms of the data subject ('storage limitation')
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures ('integrity and confidentiality')
g) The Controller shall be responsible for and be able to demonstrate compliance with the above-mentioned principles ('accountability').
3) The update of the Policy
The Controller
Controller reserves the right to modify this Policy unilaterally.
Based on this, it is advised to make frequent visits to https://bekeslegal.hu webpage in order to be up-to-date with the changes. The applicable content of this Policy can be constantly found on this webpage and can be downloaded. If your email address is available for us, per your request, we will send you notifications about the changes via email.
We will send You anytime a copy of the in-force version of this Policy if you request it.
4) Getting to know this Policy and accepting it
As You give us your personal data, You declare that you are familiar with and accept the content of this Policy (with the in-force version at the time when You gave your personal data).
5) The scope of the processed data and the goals of data processing
In order to ensure the services given by Controller, we can ask for information related to you. Moreover, you are entitled to voluntarily give data to us during your communication with the Controller. Data processed by us is "personal data" in accordance with Article 4. point 1 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
You can get information about the Controller's activity, staff, articles and research papers while using the webpage. The purpose of data processing is to give You information and to update the webpage.
The legal basis for data processing: Controller's legal rights (Article 6, paragraph (1), point f) of GDPR).
The range of processed data is Your:
IP address
country
type of web browser
date of visiting
The duration of data processing, the deadline for deleting data: 2 years after using the website, your personal data will be deleted.
You (person asking for proposal or appointment) can send a message to the Controller on the website. The purpose of data processing is giving proposal and appointment.
The legal basis for this is the fulfilment of contract (Article 6. paragraph (1), b) point of GDPR)
The scope of the processed date is Your:
Surname
Given name
E-mail address
message
The duration of data processing, the deadline for deleting data: 5 years after the incoming message, personal data will be deleted.
You have the opportunity to apply for a job, periodically announced by the Controller. The purpose of data processing is to hire the right person for the announced position, to identify that person and to keep in touch.
The legal basis for data processing is Your consent (Article 6., paragraph (1), a) point of GDPR)
The scope of the processed date is Your:
Surname
Given name
E-mail address
personal data given voluntarily in your CV concerning your personal details
personal data given voluntarily in any document as attachment to your CV concerning your personal details.
The duration of data processing, the deadline for deleting your data is valid until You withdraw your consent; otherwise your personal data will be deleted after 1 year from your job application.
You can subscribe to the Controller's marketing newsletter. According to this, Controller has the right to send regularly newsletters about the Controller's activity and awareness-raising information for those who subscribed to it. The Controller can send this newsletter to the given - and in some cases later modified - email address.
The legal basis for data processing, according to Paragraph 6. §, point (1) of the XLVIII. statute 2008 ("Grt.") about the economic conditions of advertising and some of its limitations is Your preliminary, clear and pronounced permission and your permission in accordance with Article 6, paragraph (1), point a) of GDPR.
The scope of the processed date is Your:
Surname
Given name
E-mail address
until You withdraw your earlier given permission.
The Controller processes the following data during its legal work in connection with You (client, counter party, other participants of the procedures).
The purpose of data processing is Your identification, in the case of countersigning, validifying and identifying your personal data through "JÜB" system, performance of the contract, keeping in contact, fulfilment of statutory obligations, law enforcement and enforcement of claims.
Legal grounds: execution of contract (Article 6. paragraph (1), point b) of GDPR).
In the case of using JÜB system: fulfilment of legal obligations (Article 6. paragraph (1) point c) of GDPR)
Counter party, other participant of the procedure, in the case of personal contributor: legitimate interest of Controller (Article 6, paragraph (1) point f) of GDPR).
The scope of the processed data about You (client, counter party, other participants of the procedures):
name
place and time of birth
mother's name
address
identification card number
address card number
tax identification number
personal identification number
billing information
E-mail address
phone number
your data concerning the case and other proceedings
Legal person's personal contributor:
Surname
Given name
E-mail address
phone number
position
The duration of data processing, the deadline for deleting data: 8 years after finishing the case, personal data will be deleted.
The scope of those people who might get access to data
the staff of Controller
the staff of Data Processors in the following list
data requested by some authorities in the course of their official procedure and data which legally must be passed by Controller;
employees of the debt management company entrusted by the data controller to handle the expired debts;
other people based on Your specific consent.
Controller undertakes a strict confidentiality obligation with no time limit for the personal data it manages. Controller cannot pass that data on to third parties without Your consent. The withdrawal of Your consent does not concern the legality of the previous data processing.
6) People authorized to process data
Controller uses the following data processors for completion of the technical tasks of data management. Controller determines the rights and obligations of data processors concerning personal data processing within the frame of GDPR and
The rights and obligations of the data processor regarding the processing of personal data are defined by the Controller within the framework of the GDPR and the specific laws on data processing. The Controller is responsible for the legality of the instructions given by him. The data processor may not make any substantive decision on data management, can only process personal data based on Controller's instructions, it cannot process personal data for its own purposes, and keeping and securing personal data must be in accordance with the provisions of Controller.
The name and contact information of Data Processor
Vass and Antal Accountant Ltd.
(phone number: 06-1-312-4631)
Takes care of the bookkeeping tasks, can get access to data in connection with accounting.
Google LLC. (USA, Google Data Protection Office, 1600 Amphitheatre Pkwy Mountain View, California 94043 - Google Analytics) Google Analytics can give you detailed description about its data processing. (https://www.google.com/analytics)
7) Cookies and web beacons, anonymous information through using our websites
You give your consent to the fact that Controller inserts data file (cookie) on Your computer. Cookies are designed to identify recurring people, support the convenience of the website for You and to provide services to You. Controller only uses external service provider's (Google) cookies on its website. Cookies are short text files that are sent by the website to Your computer's hard drive and they contain information regarding you.
The Data Manager uses the services of the Google Analytics system in connection with the Website. The cookies processed by Google Analytics help the website's visiting and other web analytics measurements. Information gathered by the cookies will be sent to and stored on external servers run by Google. Google uses this information for the Controller, primarily to track Your site visit and make analyzes of site activities.Google may disclose this information to third parties if this is required by law. Google also has the right to forward this information to third parties who were hired by them to help data processing. Google Analytics can provide you with detailed information on how Google Analytics can handle your data (https://www.google.com/analytics).
The advertisements of the Controller will be shown by external service provider (Google) on internet sites. These external service providers (Google) store, with the help of cookies, the fact that You visited Controller's webpage previously, and based on this, personalized advertisements will be shown to You (namely they do remarketing activities).
You can disable Google's cookies usage with the help of Advertisement settings (for further information: https://www.google.hu/policies/privacy/ads/). You can disable on the unsubscribe page of Network Advertising Initiative (https://www.networkadvertising.org/choices/) the external service providers' cookies too.
Data management for the aforementioned third-party service providers is governed by the data protection regulations defined by these providers and the Controller does not take any responsibility for such data handling.
You can set your browser to accept all the cookies, or to deny all of them, or to notify You in case a cookie comes to your computer. Every web browser is different; thus we ask you to use your search bar's "Help" menu to modify your cookies setting. For example, in the case of Microsoft Internet Explorer, You can delete or turn off the cookies with choosing the "Tools/Internet settings" option and can modify Your security settings. For further information about the nature of cookies and how to turn them off, please go to https://www.youronlinechoices.com/hu/
The website is designed to work with cookies so disabling them may affect the usability of the website and prevent you from taking advantage of all of its benefits.
Used cookies on the website:
analytics, follower
relevant identifier session cookie
We do not change cookies with websites run by third parties and with third parties.
8) Controller's presence on social media sites (Facebook)
Controller is available on Facebook. Visitors can follow Controller's newsfeed posts by subscribing to Controller's page by clicking on like and can unfollow Controller's page by clicking on the same page on dislike.
9) Information concerning children
People under the age of 10 are not allowed to give personal data about themselves with the exception if any of his or her parents or legal guardian gives permission to it.
In the case of people who are not yet 14 years old, the legal guardian or warden can give personal data and can make a legal statement on their behalf.
In case of people between the age of 14 and 18, they can only give personal data and make a legal statement with the consent of their legal guardian or warden.
Making these data available, you declare and guarantee that you proceed as above listed, your legal capacity is not restricted in connection with giving information. In case You are not permitted to give information individually, You are obliged to ask for permission from the concerned third parties (etc. legal guardian, warden). In this context, You must consider whether it is necessary to get any permission from a concerned third party in connection with giving that specific information. It might happen that Controller will not get in personal touch with you, thus, you are obliged to assure to be in accordance with this point, Controller does not have any responsibilities with this.
We make every reasonable effort in order to delete all the information which was given to us unlawfully, and we assure you that this information neither will be sent to anyone else, nor will be processed by us (neither marketing, nor other reasons). Please, let us know immediately if you experience that a child gave personal data about himself/herself unlawfully. You can get in touch with us through our contact information stated at the beginning of this Policy.
10) Data security arrangements
Controller does every possible measure in order to keep data safe, takes care of its proper security, especially concerning unauthorized access, making changes, forwarding, disclosure, deletion or destruction, chance annihilation and damage. Controller arranges the security of data with proper technical (etc. logical security, especially encrypting passwords and communication channels) and organizational arrangements (physical security, especially the staff's data security training, restriction of data access).
Please, help us keeping information safe with not using obvious log in name and password and with changing your password regularly. Furthermore, we ask you to not make your password available to another person.
11) Rights of You as data subject and legal remedy
11.1 Right of access by the data subject
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
f) the right to lodge a complaint with a supervisory authority;
g) where the personal data are not collected from the data subject, any available information as to their source;
h) the existence of automated decision-making, including profiling, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards.
The Controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the Controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
The right to obtain a copy referred to before shall not adversely affect the rights and freedoms of others.
11.2 Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
11.3 Right to erasure ("right to be forgotten")
You have the right to obtain from Controller the erasure of personal data concerning you without undue delay if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, your consent subject to the data processing was withdrawn, the data processing is objected by you, the possibility of personal data have been unlawfully processed, or the erasure of the data concerned is necessary for compliance with a legal obligation, Controller shall without undue delay erase the data concerned.
The 'right to be forgotten' means that if you request the erasure of your data and Controller has made any of your personal data public, then Controller - taking account of available technology and the cost of implementation - shall take reasonable steps, including technical measures, to inform the controllers which are processing your personal data concerned that You have requested the erasure of by such controllers of any links to, or copy or replication of the data concerned.
11.4 Right to restriction of processing
You have the right to obtain from Controller restriction of data processing where one of the following applies:
- You contest the accuracy of the personal data, in that case restriction applies for a period enabling Controller to verify the accuracy of the personal data concerned;
- the possibility of unlawful processing occurs, and You oppose the erasure of the personal data and request the restriction of their use instead;
- although Controller no longer needs the personal data for the purposes of the processing, but they are required by You for the establishment, exercise or defence of legal claims;
- You have objected to processing, in that case restriction applies for the period during which it is verified whether the legitimate grounds of Controller may override those of You.
Please be informed that where data processing has been restricted due to the above reasons, such personal data shall, with the exception of storage, only be processed based on the following reasons:
- with Your consent, or
- for the establishment, exercise or defence of Controller's legal claims, or
- for the protection of the rights of another natural or legal person, or
-for reasons of important public interest of the Union or of a Member State.
If You have obtained the restriction of data processing according to the above, Controller shall inform You prior to the restriction being allegedly lifted.
11.5 Notification obligation regarding rectification or erasure of personal data or restriction of processing
Please note that Controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with the above to each recipient to whom the personal data concerned have been disclosed, unless this proves impossible or involves disproportionate effort. You may also request Controller to inform You about those recipients and Controller shall without undue delay inform You about it.
11.6 Right to data portability
You have the right to receive or claim the transmission of the personal data provided by You in a structured, commonly used and machine-readable format. and have the right to transmit those data to another controller without hindrance from the Controller to which the personal data have been provided, where
a) the processing is based on consent or on a contract
b) the processing is carried out by automated means.
In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
11.7 Right to object
You shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, including profiling. The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of You or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, You shall have the right to object at any time to processing of personal data concerning You for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where You object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, You may exercise you right to object by automated means using technical specifications.
Where personal data are processed for scientific or historical research purposes or statistical purposes, You, on grounds relating to your particular situation, shall have the right to object to processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
11.8 Information on Remedies
Please be informed that pursuant to Article 56 the supervisory authority of the main establishment or of the single establishment of the controller or processor shall be competent to act as lead supervisory authority for the cross-border processing carried out by that controller or processor. Therefore, as Controller's seat of business is in Hungary, the Hungarian supervisory authority is entitled to proceed as lead supervisory authority. Accordingly, in general the Hungarian authorities and courts are entitled to proceed concerning the data control/processing activities of Controller.
The supervisory authority in Hungary is:
Hungarian National Authority for Data Protection and Freedom of Information:
address: HU-1125 Budapest, Szilágyi Erzsébet fasor 22/C.
email address: ugyfelszolgalat@naih.hu
Judicial remedy:
Pursuant to the provisions of the Hungarian Code of Civil Procedure (Act CXXX of 2016) cases related to data protection fall within the scope of regional courts. Litigation depending from the plaintiff's choice may be initiated before the regional court competent for the plaintiff's permanent or habitual residence.
Right to compensation and liability:
Please be informed that in case You have suffered material or non-material damage as a result of an infringement of any data protection and processing legal obligation(s) - especially deriving from the above cited provisions of GDPR and Privacy Act - by Controller, You shall have the right to receive compensation for the damage suffered, moreover in case of violation of your rights relating to personality You may claim restitution as well from Controller or from the affected data processor(s).
Any controller involved in processing shall be liable for the damage caused by unlawful data processing. Affected data processors shall be liable for the damage caused by processing only if they have not complied with obligations of GDPR specifically directed to data processors or where they have acted outside or contrary to lawful instructions of Controller.
Controller or processor shall only be exempt from the above liability if it has been proven that it was not in any way responsible for the event giving rise to the damage.