PRIVACY NOTICE
Last modified on 16 May 2024.
This Privacy Notice summarizes the data processing activities of Hegyi Áron Antal Law Firm (registered seat: 1071 Budapest, Damjanich utca 48.; hereinafter referred to as the "Data Controller") in relation to visitors of the www.hegyiaron.hu website.
Please read this Privacy Notice carefully and if you have any questions regarding the processing of your personal data, please contact us at one of the contact details below.
1. The Data Controller
Data Controller: Hegyi Áron Antal Law Firm
Seat: 1071 Budapest, Damjanich utca 48.
Postal address: 1071 Budapest, Damjanich utca 48.
Email: central@hegyiaron.hu
2. Personal data processed
2.1 Contacting us
Purpose of data processing: The purpose of data processing is to enable the Data Controller to respond to your questions and requests, and thus to fulfil the terms of your request as far as possible.
Legal basis for processing: Consent of the data subject, Article 6 (1) a) GDPR
Scope of data processed: Any personal data that you, as the data subject, provide to the Data Controller during the contact, typically name, telephone number, email address.
Duration of processing: The Data Controller will process your personal data until the question has been answered or until the settlement of the claim made by you or until your consent is withdrawn. After that, all personal data provided by you will be permanently and irretrievably deleted.
Recipients with whom we share the data: As a general rule, we will not share the personal data you provide when you contact us with third parties.
Measures taken to ensure the security of your data: Only those colleagues who are authorised to do so will have access to your data collected during the contact. Personal data are processed electronically.
2.2 Processing of data for the purpose of keeping in touch with you about events, network entries, interesting facts
Purpose of data processing: The purpose of data processing is to inform you about relevant content, events and entries of the Data Controller.
Legal basis for processing: Consent of the data subject, Article 6 (1) a) GDPR
Scope of data processed: Email address.
Duration of processing: The Data Controller processes personal data on the basis of consent as the legal basis until the purpose of the processing is fulfilled or until the consent is withdrawn.
Recipients with whom the data are shared: The data are not shared with third parties.
Measures taken to ensure data security: Personal data will be kept until consent is withdrawn, but at the latest for a period of 5 years from the date of their collection.
2.3 Cookie processing
Purpose of data processing: The Data Controller uses cookies on its website, or the service providers used by the Data Controller may place cookies on the visitor's computer in order to display targeted advertisements to the visitor and to analyze the use of the website.
Legal basis for processing: Legitimate interest of the Data Controller in relation to cookies necessary for the operation of the website, Article 6 (1) (f) GDPR. Consent of the data subject in relation to analytical and marketing cookies, Article 6 (1) (a) GDPR.
Scope of the data processed: Data of the user's computer; IP address used by the visitor, browser type, operating system characteristics of the browsing device.
Duration of processing: The Data Controller processes personal data until the withdrawal of consent (turning off the use of cookies on the browser) or for a maximum period of 2 years. After that period, the personal data will be deleted.
Recipients with whom the data is shared: Google Ireland Ltd, Meta Platforms Ltd.
Measures taken to ensure the security of the data: data is processed for 2 years from the last visit to the website.
3. Data processors, data transfers
The hosting of the hegyiaron.hu website is provided by Rackhost Zrt. (headquarters: 6722 Szeged, Tisza Lajos körút 41.), i.e. the data stored on the website are stored on the hosting of the service provider.
In addition to the above, the Data Controller may transfer the personal data provided by you to the competent authority, court, supervisory body or applicant in the event of a request by a public authority or court, or in justified cases in order to protect the rights and freedoms of the Data Controller or others.
4. General data security measures
In order to ensure an adequate level of data security, the Data Controller has assessed the risks associated with its processing and evaluated them according to different criteria of severity and likelihood of occurrence.
The Data Controller shall ensure, in the operation of its IT systems, that the necessary access control, internal organisation and technical solutions are in place to prevent unauthorised persons from obtaining access to its data and to prevent unauthorised persons from deleting, removing or modifying data. We also enforce data protection and data security requirements through prior assessment and data processing contracts with our data processors.
We keep a record of any data protection incidents and, if necessary, we will inform you of any incidents that occur.
End-to-end encrypted internet communications between the Data Controller and the person visiting the Data Controller's website are encrypted via https (http+ssl).
The Data Controller uses password protection on its computers, and its IT equipment is protected against intrusion.
The computers owned by the Data Controller shall be password-protected and their storage media shall be destroyed on the basis of a disposal protocol designed for this purpose.
5. Rights of data subjects
At any time, you have the right to request information about the personal data we process concerning you by post, electronically or by telephone, using the contact details indicated in this notice.
We will inform you on request:
about the data processed,
the purposes of the processing,
the legal basis of the data,
duration of the processing,
the purposes for which and by whom your data are being or have been collected.
The information will be provided in writing, on paper or electronically depending on the form in which the request is made, within one month of the request.
You may object to the processing of your personal data at any time. We will examine the objection within the shortest possible time from the date of its lodging, but not later than one month, decide whether it is justified and inform you of the decision.
At any time, you have the right to request the erasure of personal data processed by us or the rectification of incorrectly recorded personal data.
In addition, we will block your personal data if you request it or if we have information available to us that suggests that deletion would harm your legitimate interests. We will process the blocked personal data for as long as the processing purpose or legitimate interest that precluded the deletion of the personal data persists.
The data subject may, through the contact details provided in this notice, request that the Controller restricts the processing of his or her personal data (by clearly indicating the restriction and ensuring that the processing is kept separate from other data) where.
- contests the accuracy of his or her personal data (in which case the Controller will limit the processing for the time necessary to verify the accuracy of the personal data);
- the processing is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use;
- the controller no longer needs the personal data for the purposes of the processing but the data subject requires them for the establishment, exercise or defence of legal claims; or
- the data subject has objected to the processing (in which case the restriction applies for a period of time until it is established whether the legitimate grounds of the controller override the legitimate grounds of the data subject).
You have the right to obtain, through the contact details provided in this notice, personal data concerning you which you have provided to the Data Controller in a structured, commonly used, machine-readable format, and the right to transmit such data to another data controller without the Data Controller's hindrance.
Requests for access, erasure, rectification, restriction, blocking and blocking will be complied with and notified as soon as practicable, but not later than one month. If we have not been able to comply with your request, we will still notify you within one month.
If we have transferred the data to another person with your consent, we will also notify the recipient of the transfer of the necessary steps.
Where we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time. You may withdraw your consent by contacting the Data Controller at the contact details set out in this notice or, where otherwise justified, the Data Controller will ensure that you can withdraw your consent to the processing in a simpler way.
If you are visually impaired or elderly, you may request the Data Controller to provide you with the content of the Privacy Notice in word (text) or large print format, using the contact details set out in this Privacy Notice.
You also have the right to lodge a complaint with the
National Authority for Data Protection and Freedom of Information
1055 Budapest, Falk Miksa utca 9-11;
www.naih.hu,
Phone: +36 (1) 391-1400
E-mail: ugyfelszolgalat@naih.hu)
or to enforce your rights concerning the processing of personal data before a court having jurisdiction and competence pursuant to Act CXXX of 2016 on Civil Procedure.
The competent court can be found at the link below:
https://birosag.hu/birosag-kereso
You may exercise the rights listed in this notice at any time by contacting the Data Controller by e-mail or otherwise in writing. In the context of your request, you may be asked to identify yourself or provide other information relating to your person which may be used to establish your entitlement. The request will be handled in the manner set out in the "Contacting us" section of this Privacy Notice.
You can contact the Data Controller using the contact details set out in point 1.
Hegyi Áron Antal Law Firm
Data Controller