Privacy Notice and Information on the Processing of Personal Data

Dr. Illés Géza Márton Ügyvédi Iroda (registered seat: 1024 Budapest, Lövőház utca 2-6.; tax number: 18200047-2-41; represented by dr. Illés Géza Márton attorney at law; hereinafter referred to as the Data Controller) operator of the website at https://igm.jogasz.hu/ (hereinafter referred to as Website) hereby disclose information on the processing of data related to the use of the Website.

 

When using the Website, users of the Website, in particular, users of the contact form (hereinafter referred to as: the User), are obliged to accept all terms and conditions set out in this Privacy Notice (hereinafter referred to as “Notice“). For the above reasons, the Data Controller calls upon the Users to thoroughly read this Notice before registration.

 

1) Information of the Data Controller

 

Name of the Data Controller: Dr. Illés Géza Márton Ügyvédi Iroda

Registered seat: 1024 Budapest, Lövőház utca 2.-6.

Phone number: + 36 1 210 79 10

E-mail address: geza.illes@igm.jogasz.hu

 

2) Scope of processed data

Contact us by filling in the contact form

In the event that the User wishes to contact the Data Controller by filing in the contact form on the Website, the User may provide his/her personal data (name, e-mail address, telephone number) and a description of his/her legal problem so that he/she can contact the Data Controller for the purposes of giving a quotation and negotiate the commission. In line with the above, the Data Controller shall be entitled to process the following personal data:

  • Name;
  • E-mail address;
  • Phone number;
  • Other data provided by the User in connection with the legal issue.

 

Only persons above the age of 18 are entitled to enter data during the usage of the Website.

 

3) Data Transmission and Processing 

The data in accordance with the data processing as per the above will not be transferred to third parties, and the Data Controller does not engage a data processor. 

 

4) Purpose and duration of data processing

In connection with the use of the Website, the Data Controller uses the data for the following purposes:

  • When contacting the Data Controller, the purpose of data processing is to manage, respond to and retrieve requests received by the Data Controller verbally, via telephone, in writing or via e-mail, in order to document the identity of the User, the exact time and content of the request.

 

The Data Controller shall process the personal data in the case of Inquiry for the duration of the purpose of the processing or until the User requests the deletion of his/her data or withdraws his/her consent to processing of his/her personal data.

 

5) Legal basis for processing personal data

By contacting us, the User consents to processing of his/her personal data by Data Controller as described in this Notice. Processing of personal data is based on the User’s voluntary consent given in the light of this information.

 

The Users shall exclusively provide their own personal data during Inquiry.

 

6) Persons entitled to access personal data, data processing

The Data Controller shall be entitled to access the personal data in accordance with applicable legislation.

 

In the absence of an explicit provision, the Data Controller shall only disclose personally identifiable information to third parties with the explicit consent of the data subject.

 

7) The User’s rights

Access to personal data

Upon the User’s request, the Data Controller shall inform the User whether the Data Controller is processing his/her personal data, and if so, give access to the User to his/her personal data, and inform the User of the following:

  • purpose(s) of data processing;
  • types of personal data involved in processing;
  • in case of transfer of the User’s personal data, recipient(s) and legal basis of data transmission;
  • expected duration of processing;
  • the rights of the User in relation to the rectification, erasure and restriction of data processing and right to object to the processing of personal data;
  • possibility of recourse in front of the Authority;
  • source of data;
  • names and addresses of data processors and their activities in connection with data processing.

 

The Data Controller shall provide User with a copy of the personal data subject to processing free of charge. For additional copies requested by User, the Data Controller shall be entitled to charge a reasonable fee based on administrative costs. If the request of the User was made via electronic means, the information shall be provided in a commonly used electronic format, unless the User requested such information otherwise.

 

The Data Controller shall provide the information in the form of plain language upon the User’s request without undue delay, but no later than 1 (one) month from the date of the request. the User’s request for access can be submitted using the contact details specified in Section 1.

 

Rectification of processed data

The User shall have the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning him or her (using the contact details specified in Section 1) Taking into account the purposes of the processing, the User shall have the right to have incomplete personal data completed. The rectification or completion of personal data can be carried out by the User himself/herself in his/her the User profile.

 

Erasure of processed data (right to be forgotten)

The User shall have the right to obtain from the Data Controller the erasure of personal data concerning him or her without undue delay and the Data Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: 

  1. the personal data are no longer necessary for the purposes in relation to the purposes for which they are collected or otherwise processed;
  2. User has withdrawn his or her consent and data processing lacks any other legal ground;
  3. User objects to the processing of personal data concerning him or her;
  4. personal data is processed unlawfully;
  5. personal data shall be erased in order to comply with a legal obligation which requires processing by Union or Member State law to which the controller is subject;
  6. the personal data were collected based on consent in connection with the provision of information society services for children.

 

If the Data Controller has disclosed (made available to third parties) the personal data and is obligated to delete it pursuant to the above, the Data Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the User has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

 

Personal data shall not be erased in cases where data processing is necessary:

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation under the laws which requires processing by Union or Member State law to which the controller is subject, and for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller;
  • for reasons of public interest in the area of public health; 
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes likely to render impossible or seriously impair the achievement of the objectives of that processing; or 
  • for the establishment, exercise or defence of legal claims.

 

Right to restriction of processing

The User shall have the right to obtain from the Data Controller restriction of processing where one of the following applies:

  • the accuracy of the personal data is contested by the User, for a period enabling the Data Controller to verify the accuracy of the personal data;
  • the processing is unlawful and the User opposes the erasure of the personal data and requests the restriction of their use instead;
  • the Data Controller no longer needs the personal data for the purposes of processing, but they are required by the User for the establishment, exercise or defence of legal claims; or
  • the User has objected to processing; pending the verification whether the legitimate grounds of the Data Controller override those of the User.

 

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the User’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

 

The User who has obtained restriction of processing shall be informed by the Data Controller before the restriction of processing is lifted.

 

Notification obligation regarding rectification or erasure of personal data or restriction of processing

The Data Controller shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The Data Controller shall inform the User about those recipients if the User requests it.

 

Right to object

The User shall have the right to object to processing of personal data concerning him or her, if data processing

  • is carried out in the public interest or in the exercise of official authority vested in the Data Controller;
  • is necessary to enforce the Data Controller’s or third persons’ rights.

 

If the User objects to processing, the Data Controller shall no longer process the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the User or for the establishment, exercise or defence of legal claims.

 

Where personal data are processed for direct marketing purposes or profiling to the extent that it is related to such direct marketing, the User shall have the right to object at any time to processing of personal data concerning him or her for such marketing. Where the User objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

 

Measures taken by the Data Controller in connection with the User’s request

The Data Controller shall provide information to the User without undue delay, but no later than 1 (one) month after receipt of the request, of the measures taken following the request for access, rectification, erasure, restriction, objection and data portability. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The Data Controller shall inform the User of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic means, the information shall be provided by electronic means where possible, unless otherwise requested by the User.

 

If the Data Controller does not take action on the request of the User, the Data Controller shall inform the User without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

 

Information and any communication and any actions taken shall be provided free of charge. Where requests from a User are manifestly unfounded or excessive, in particular because of their repetitive character, the Data Controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or refuse to act on the request. The Data Controller shall bear the burden of demonstrating the manifestly unfounded or excessive character of the request.

 

8) Security of personal data

The Data Controller undertakes to ensure the security of the data, to take technical and organizational measures and to establish procedural rules to ensure that the data recorded, stored or processed are protected and to prevent their destruction, unauthorized use or unauthorized alteration. The Data Controller also undertakes to require all third parties to whom it transfers or discloses data on the basis of the Users’ consent to comply with the requirement of data security.

 

The Data Controller shall ensure that the processed data cannot be accessed, disclosed, transmitted, modified or deleted by unauthorized persons. The processed data may only be accessed by the Data Controller and its employees and shall not be disclosed by the Data Controller to third parties who are not entitled to access the data.

 

The Data Controller shall make every reasonable effort to ensure that the data are not accidentally damaged or destroyed. The Data Controller shall impose the above commitment on its employees involved in the processing activities.

 

The User acknowledges and accepts that, in the event of providing his/her personal data on the Website, despite the fact that the Data Controller has state-of-the-art security measures in place to prevent unauthorized access to or the disclosure of such data, the protection of such data cannot be fully guaranteed on the Internet. In the event of unauthorized access or disclosure despite our best efforts, the Data Controller shall not be liable for such acquisition of personal data or unauthorized access or for any damage suffered by the User as a result thereof. In addition, the User may also provide its personal data to third parties who may use it for unlawful purposes or in an unlawful manner.

 

9) Notification of a personal data breach to the supervisory authority

A data breach is any and all incidents that result in the unlawful treatment or processing of personal data processed, transmitted, stored or managed by the Data Controller, in particular unauthorized or accidental access, alteration, disclosure, deletion, loss or destruction, accidental destruction or accidental damage to personal data.

 

In the case of a personal data breach, the Data Controller shall, without undue delay and not later than 72 (seventy-two) hours after having become aware of it, notify the personal data breach to the Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság in Hungarian, hereinafter referred to as NAIH), unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

 

The Data Controller shall inform the data subjects on the data breach within 72 (seventy-two) hours of the discovery of the data breach through the Data Controller’s website. 

 

The Data Controller keeps records of data breaches for the purpose of monitoring the measures taken in relation to the data breach and informing the data subjects. The register shall contain the following data:

  • scope of the personal data concerned;
  • scope and number of data subjects;
  • date of the personal data breach;
  • circumstances and effects of the personal data breach;
  • the measures taken to respond to the data breach.

 

The Data Controller shall keep the data included in the record for 5 years after the date of the data breach.

 

10) Cookies

The Website uses “cookies” to facilitate better use and provide you with a better user experience. Cookies are small packets of data stored by the User’s browser on the User’s computer’s hard drive, and their use is intended to ensure the quality of the use of the Website.

 

The Data Controller informs Users that cookies may be placed on the visitor’s browser by third parties while using the Website. Some of these, Google Analytics and Google Search Console use cookies to collect information and perform analyses on how the User accesses and uses the Website, therefore it serves statistical purposes.

 

The programs and services listed above can fully be trusted and are used in accordance with the requirements of the Data Protection Authority. The cookies used on the Website do not store any personal data or collect any personally identifiable information. You can delete cookies or permanently disable cookies in the browser settings of the computer (or any other device) you are using.

 

The purpose of data processing: to conduct web analytics, the proper operation of the Website.

 

Legal basis for processing: the data subject’s consent, which the User gives by clicking on the “I agree” button on the cookie warning that pops up, based on the appropriate information contained in this information notice. (5 (1) a) of the Act on the Right of Informational Self-Determination and on Freedom of Information and Article 6 (1) a) of the GDPR).

 

The types of data processed: ID number, date, time and the page previously visited.

 

Method of data storage: electronic.

 

Data transmission: no data transmission will take place.

 

11) Enforcement options

The Data Controller will take any and all necessary steps to ensure that processing of personal data is carried out in accordance with the law, however, if the User feels that this is not the case, he/she may write to the contact details indicated in Section 1.

 

If the User feels that his or her right to the protection of personal data has been infringed, he or she may seek remedy from the competent authorities in accordance with applicable legislation:

  • in front of the Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság in Hungarian) (registered seat: 1055 Budapest, Falk Miksa utca 9-11.; mailing address: 1374 Budapest, P.O. Box 603; e-mail: ugyfelszolgalat@naih.hu; www.naih.hu), or
  • in front of a court.

 

You can contact the National Media and Infocommunications Authority (Nemzeti Média- és Hírközlési Hatóság in Hungarian) (1015 Budapest, Ostrom u. 23-25, mailing address: 1525 Budapest P.O. Box 75.; telephone: +36-1-457-7100, e-mail: info@nmhh.hu) regarding advertising sent by electronic means.

 

12) Other provisions

This Information Notice is governed by Hungarian law, in particular by the provisions of Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information, and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and Repeal of Directive No 95/46/EC.

 

Budapest, January 10, 2023

Dr. Illés Géza Márton Ügyvédi Iroda

represented by: dr. Illés Géza Márton attorney-at-law

Data Controller