Data privacy

Our privacy notice

This website (“Website”) is owned and operated by AZS Partners, András and Zsigmond Law Firm (registered seat: 1126 Budapest, Tartsay Vilmos u. 3. II. floor; e-mail address: This email address is being protected from spambots. You need JavaScript enabled to view it.; registered by Budapest Bar Association) („Law Firm” or „Our Law Firm”).

I. Preamble, designation of the Data Controller

The present privacy notice provides information on the data processing of third parties by AZS PARTNERS András and Zsigmond Law Firm (hereinafter: “AZS PARTNERS” or “Data Controller”), including your rights in connection with data processing.

AZS PARTNERS is a law firm based in Hungary.
Seat: 1126 Budapest, Tartsay Vilmos u. 3. II. floor
Email address: This email address is being protected from spambots. You need JavaScript enabled to view it.
Represented by: the respective managing partners.

You may check the relevant data of the law firm at any time in the publicly available registry of the Hungarian Bar Association of legal practitioners, in Hungarian language.

The definitions not set out in the main text shall have the meaning defined in the Chapter titled “Legal background” at the bottom of the page.


 II. Scope of the privacy notice

This privacy notice concerns the personal data of our clients, business partners, and other persons contacting and visiting us and of the representatives thereof, and it applies to data collected through our website, www.azspartners.com, as well as to all other personal data we collect through email or other off-line contacts.

 

III. Purposes, grounds for processing, categories of personal data and retention periods

In the context of your interaction with AZS PARTNERS, you, as a natural person, may be subject to the data processing activities that we perform. Thus, we use your below defined categories of personal data in the following cases, for the purposes and grounds and for the period set out below:


1. If you are a client or potential client of AZS PARTNERS

Activity Purposes Categories of personal data Grounds for processing
Providing legal, services requested from us We use your relevant personal data in order to prepare and provide the services requested from us. We will retain this data for the durations set out by the Hungarian Bar Association’s regulation as seen below. The data provided directly by you. For instance, in preparing materials required during the course of litigation proceedings, we may have to rely on your personal data of relevance for your case, which might include special categories of data. Performance of our agreement [GDPR Art. 6. (1) b)] In the event of special categories of personal data, the additional legal basis is the necessity for the establishment, exercise or defence of legal claims [GDPR Art. 9 (2) f)]
Communicating with you We use your contact details in order to communicate with you with respect to your requests and any other relevant business-related matters. We will retain this data for the applicable statute of limitations (5 years under Section 6:22 of the Civil Code) after the end of the business relationship. Contact details provided directly by you. E.g. name; e-mail address; phone number; address. Performance of our agreement [GDPR Art. 6. (1) b)]
Maintaining accounting records According to Section 169 of Act C of 2000 on Accounting, we must retain the documents (e.g. contracts) certifying the validity of our invoices for 8 years following the financial year. The data provided directly by you, which is indicated in the service contract or on the invoice. E.g. name; tax registration number; billing address. Fulfilling legal obligation [GDPR Art. 6 (1) c)]
Prevention of money laundering record keeping obligations   This obligation applies only when registering into public records or above certain transaction values. We will provide further information if this applies to your situation. According to Section 57 of Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing, the data must be retained for 8 years after the business relation is terminated. Name, birth name; nationality; birth place and date; mother’s maiden name; address; ID card type and number; source of financing; publicly exposed status. Fulfilling legal obligation [GDPR Art. 6 (1) c)]
Records keeping obligation imposed by the Hungarian Bar Association’s regulation concerning legal practitioners According to Chapter 3 of HBA Regulation No. 16/2018. (XI. 26.), if the retaining period is not set out by another law, legal practitioners must keep the documents for the following periods: Corporate documents – 10 years after submission; Court or authority proceedings – 5 years after the final decision; Deposited documents – until the termination of the deposit agreement; Deposit agreements – 10 years following termination; Legal counsel contract – until the statute of limitation (5 years following termination); Any other document – 1 year following receipt except if otherwise agreed upon or if it can be used as evidence during claim enforcement. The data contained in the documents which must be retained. For example, at the very least the name of the parties are always indicated in these documents. Corporate documents also contain address; tax registration number; birth date; mother’s maiden name; ID card type and number. Court and authority proceeding documents could also include special categories of data. The data are either provided by you, or by the other party in the proceeding, or by the court or authority in the course of the proceeding. Fulfilling legal obligation [GDPR Art. 6 (1) c)] In the event of special categories of personal data, the additional legal basis is the fact that the processing is necessary for the establishment, exercise or defence of legal claims [GDPR Art. 9 (2) f)]
Records keeping obligation imposed by the Hungarian Bar Association’s guidance for legal practitioners concerning remote identification According to the HBA’s guidance, if a client requests online remote identification for the countersigning process, the attorney-at-law shall record the sound and image of the remote identification process and keep the record for the retention period applicable to the countersigned document. The sound and image of the remote identification process, including your name; ID card type and no.; birth place and date; mother’s maiden name; address. Fulfilling legal obligation [GDPR Art. 6 (1) c)]
Sending newsletters (optional) We may use your contact details in order to provide to you in electronic form our specialized newsletters on relevant developments in the legislation, case law, and authorities’ practice. We will retain this data for the applicable statute of limitations (5 years under Section 6:22 of the Civil Code) after the end of the business relationship, or until you object to the processing or withdraw your consent. Your name and email address. Our legitimate interest [GDPR Art. 6. (1) f)] to process personal data for direct marketing purposes as set out in Section (47) of the GDPR’s preamble; or Your consent in the event that you requested to be added to our mailing list. [GDPR Art. 6 (1) a)] You can always object to this processing or withdraw your consent by clicking “Unsubscribe” or by writing at This email address is being protected from spambots. You need JavaScript enabled to view it. or by contacting any of our colleagues.

 

2. If you are a representative, contact person, employee or other collaborator (e.g. contractor or freelancer) of AZS PARTNERS’s client or potential client

Activity Purposes Categories of personal data Grounds for processing
Providing legal, services requested from us We use your relevant personal data in order to prepare and provide the services requested from us by the client. We will retain this data for the durations set out by the Hungarian Bar Association’s regulation as seen below. The data provided directly by you or the client. For instance, in preparing materials required during the course of litigation proceedings, we may have to rely on your personal data of relevance for the client’s case. We rely in this case on the legitimate interest in providing our services according to our area of activity, provided that the personal data is relevant to the service. Legitimate interest to provide services [GDPR Art. 6. (1) f)] In the event of special categories of personal data, the additional legal basis is the necessity for the establishment, exercise or defence of legal claims [GDPR Art. 9 (2) f)]
Communicating with you and the client We use your contact details in order to communicate with you with respect to your requests and any other relevant business-related matters. We will retain this data for the applicable statute of limitations (5 years under Section 6:22 of the Civil Code) after the end of the business relationship. The data provided directly by you or the client. Contact details (name; position; employer; phone number; email address and mailing address if necessary) We also rely in this case on the legitimate interest in providing our services according to our area of activity, provided that the personal data is necessary for correspondence. Legitimate interest to remain in contact [GDPR Art. 6. (1) f)]
Maintaining accounting records According to Section 169 of Act C of 2000 on Accounting, we must retain the documents (e.g. contracts) certifying the validity of our invoices for 8 years following the financial year. The data provided directly by you or the client, which is indicated in the service contract or on the invoice. E.g. name; email address; phone number; mailing address. Fulfilling legal obligation [GDPR Art. 6 (1) c)]
Prevention of money laundering record keeping obligations   This obligation applies only when registering into public records or above certain transaction values. We will provide further information if this applies to your situation. According to Section 57 of Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing, the data must be retained for 8 years after the business relation is terminated. Name; birth name; nationality; birth place and date; mother’s maiden name; address; ID card type and number; source of financing; publicly exposed status.  Fulfilling legal obligation [GDPR Art. 6 (1) c)]
Records keeping obligation imposed by the Hungarian Bar Association’s regulation concerning legal practitioners According to Chapter 3 of HBA Regulation No. 16/2018. (XI. 26.), if the retaining period is not set out by another law, legal practitioners must keep the documents for the following periods: Corporate documents – 10 years after submission; Court or authority proceedings – 5 years after the final decision; Deposited documents – until the termination of the deposit agreement; Deposit agreements – 10 years following termination; Legal counsel contract – until the statute of limitation (5 years following termination); Any other document – 1 year following receipt except if otherwise agreed upon or if it can be used as evidence during claim enforcement. The data contained in the documents which must be retained. For example, at the very least the name of the parties are always indicated in these documents. Corporate documents also contain address, tax registration number; birth date; mother’s maiden name; ID card type and number. Court and authority proceeding documents could also include special categories of data. The data are either provided by you, or by the other party in the proceeding, or by the court or authority in the course of the proceeding. Fulfilling legal obligation [GDPR Art. 6 (1) c)] In the event of special categories of personal data, the additional legal basis is the fact that the processing is necessary for the establishment, exercise or defence of legal claims [GDPR Art. 9 (2) f)]
Records keeping obligation imposed by the Hungarian Bar Association’s guidance for legal practitioners concerning remote identification According to the HBA’s guidance, if a client requests online remote identification for the countersigning process, the attorney-at-law shall record the sound and image of the remote identification process and keep the record for the retention period applicable to the countersigned document. The sound and image of the remote identification process, including your name; ID card type and no.; birth place and date; mother’s maiden name; address. Fulfilling legal obligation [GDPR Art. 6 (1) c)]
Sending newsletters (optional) We may use your contact details in order to provide to you and the client in electronic form our specialized newsletters on relevant developments in the legislation, case law, and authorities’ practice. We will retain this data for the applicable statute of limitations (5 years under Section 6:22 of the Civil Code) after the end of the business relationship, or until you object to the processing or withdraw your consent. Your name and email address. Our legitimate interest [GDPR Art. 6. (1) f)] to process personal data for direct marketing purposes as set out in Section (47) of the GDPR’s preamble; or Your consent in the event that you requested to be added to our mailing list. [GDPR Art. 6 (1) a)] You can always object to this processing or withdraw your consent by clicking “Unsubscribe” or by writing at This email address is being protected from spambots. You need JavaScript enabled to view it. or by contacting any of our colleagues.

 

3. If you are a business partner or a service provider of AZS PARTNERS

Activity Purposes Categories of personal data Grounds for processing
Maintaining our contractual relationship with you and relevant correspondence We use your relevant personal data in order to maintain our contractual relationship with you and to communicate with you with respect to our requests and any other relevant business-related matters. We will retain this data for the applicable statute of limitations (5 years under Section 6:22 of the Civil Code) The data provided directly by you or the business partner or service provider. Contact details (name; position; employer; phone number; email address and mailing address if necessary) The performance of the contract. [GDPR Art. 6. (1) b)]
Maintaining accounting records According to Section 169 of Act C of 2000 on Accounting, we must retain the documents (e.g. contracts) certifying the validity of our invoices for 8 years following the financial year. The data provided directly by you or the client, which is indicated in the service contract or on the invoice. E.g. name; email address; phone number; mailing address. Fulfilling legal obligation [GDPR Art. 6 (1) c)]

 

4. If you are a representative, contact person, employee or other collaborator (e.g. contractor or freelancer) of AZS PARTNER’s business partner or service provider

Activity Purposes Categories of personal data Grounds for processing
Communicating with you and the business partner or service provider We use your contact details in order to communicate with you with respect to your requests and any other relevant business-related matters. We will retain this data for the applicable statute of limitations (5 years under Section 6:22 of the Civil Code) The data provided directly by you or the business partner or service provider. Contact details (name; position; employer; phone number; email address and mailing address if necessary) We rely in this case on the legitimate interest in providing our services according to our area of activity, provided that the personal data is necessary for correspondence. Legitimate interest to remain in contact [GDPR Art. 6. (1) f)]
Maintaining accounting records According to Section 169 of Act C of 2000 on Accounting, we must retain the documents (e.g. contracts) certifying the validity of our invoices for 8 years following the financial year. The data provided directly by you or the client, which is indicated in the service contract or on the invoice. E.g. name; email address; phone number; mailing address. Fulfilling legal obligation [GDPR Art. 6 (1) c)]

 

5. If you are a job/internship applicant to AZS PARTNERS

Activity Purposes Categories of personal data Grounds for processing
Recruitment process to fill a position within AZS PARTNERS We use your personal data in order to carry out the recruitment process, to evaluate and process your application, to determine if your application is suitable for an open position within AZS PARNTERS. The personal data provided directly by you in your application. E.g. name; email address; phone number; mailing address; education and training; professional qualifications and experience; spoken languages etc. The volume and nature of the categories of personal data that we will process during the recruitment process may differ, depending on the position within AZS PARTNERS for which you applied / for which we analysed your application. By sending the application, you grant your consent to the data processing of the data provided for the recruitment process. [GDPR Art. 6 (1) a)] The recruitment process shall take no longer than three months. You can always withdraw your consent by writing at This email address is being protected from spambots. You need JavaScript enabled to view it. or by contacting any of our colleagues. If you are selected to hold a position within AZS PARTNERS, in order to complete the necessary formalities for initiating the employment or contractual relationship with you, we will process your personal data based on the agreement that will be concluded with you [GDPR Art. 6. (1) b)] in accordance with our separate privacy notice for employees.

 

6. If you are a user of our website

Activity Purposes Categories of personal data Grounds for processing
Monitoring website traffic and ensuring proper function and its improvement We use the personal data we collect from you when you visit our website www.azspartners.com in order to monitor the traffic and improve the content of the website. For these purposes, we use cookies, as detailed in the Cookies Policy. The categories of data processed in this context are the hour and date of accessing the website and type, screen size IP address of the device from which our website was accessed. We rely on your consent for this data processing activity, in order to ensure the proper functioning of our website, as well as its improvement. [GDPR Art. 6 (1) a)] You can grant or withdraw your consent at any time in the Cookie Settings.

 

7. If your personal data are provided by our client/potential client

Activity Purposes Categories of personal data Grounds for processing
Providing legal, services requested from us We use your relevant personal data in order to prepare and provide the services requested from us by the client. We will retain this data for the durations set out by the Hungarian Bar Association’s regulation as seen below. The categories of data processed in this context are your name, as well as other relevant personal data which may be provided by the client/potential client or accessed from public sources, as required by the client, as the case may be. In addition, in preparing materials required during the course of litigation and arbitration proceedings, we may have to rely on your personal data of relevance for that case. We rely in this case on the legitimate interest of our client to establish, enforce and defend its claims and our legitimate interest in providing our services according to our area of activity, provided that the personal data is relevant to the service. Legitimate interest to provide services [GDPR Art. 6. (1) f)] In the event of special categories of personal data, the additional legal basis is the necessity for the establishment, exercise or defence of legal claims [GDPR Art. 9 (2) f)]
Records keeping obligation imposed by the Hungarian Bar Association’s regulation concerning legal practitioners According to Chapter 3 of HBA Regulation No. 16/2018. (XI. 26.), if the retaining period is not set out by another law, legal practitioners must keep the documents for the following periods: Corporate documents – 10 years after submission; Court or authority proceedings – 5 years after the final decision; Deposited documents – until the termination of the deposit agreement; Deposit agreements – 10 years following termination; Legal counsel contract – until the statute of limitation (5 years following termination); Any other document – 1 year following receipt except if otherwise agreed upon or if it can be used as evidence during claim enforcement. The data contained in the documents which must be retained. For example, at the very least the name of the parties are always indicated in these documents. Corporate documents also contain address, tax registration number; birth date; mother’s maiden name; ID card type and number. Court and authority proceeding documents could also include special categories of data. The data are provided by our client, or by the other party in the proceeding, or by the court or authority in the course of the proceeding. Fulfilling legal obligation [GDPR Art. 6 (1) c)] In the event of special categories of personal data, the additional legal basis is the fact that the processing is necessary for the establishment, exercise or defence of legal claims [GDPR Art. 9 (2) f)]

 

8. If you exercise the rights provided under GDPR in your capacity as data subject

Activity Purposes Categories of personal data Grounds for processing
Managing data subjects rights provided under GDPR We process your data in the context of managing requests regarding data subjects rights provided under GDPR, until the request is fulfilled. The categories of data processed in the context of our relationship with you are your identification data, as well as other personal data you may provide directly to us, as needed to fulfil these purposes. By sending the request, you grant your consent to the data processing of necessary to fulfil such request. [GDPR Art. 6 (1) a)] We will respond to your request within one month of receipt, this time limit may be extended to three months if necessary due to the complexity or number of requests. We will notify you with the justification within one month of receipt if an extension is necessary. You can always withdraw your consent by writing at This email address is being protected from spambots. You need JavaScript enabled to view it. or by contacting any of our colleagues, however, keep in mind that in this event your request cannot be fulfilled.

 

IV. Disclosure of your personal data

While as a rule we shall not disclose your personal data to any third parties, we may:

  • use data processors for certain data processing activities or engage third parties acting as data controllers to fulfil the requested legal services (for more details, see under the Chapter titled “Our data processors and other recipients”);
  • if in your interest and necessary, disclose relevant personal data to courts of law and arbitration panels or relevant authorities, in the context of providing the services you have requested from us;
  • disclose relevant personal data to the clients who provided your personal data in the context of providing the services requested from us, if it is necessary to fulfil these purposes;
  • disclose your personal data upon your specific request and expressed consent to the third parties determined by such request.



V. Our data processors and other recipients

During our data processing activities, we may render the services of data processors to fulfil our obligations. We would like to note that all of our data processors are bound by both a contractual and a statutory confidentiality obligation (in accordance with Section 11 (1) of Act LXXVIII of 2017 on legal practitioners) to keep confidential all personal data and legally privileged client-attorney data they might access in connection with the data processing.

Currently, AZS PARNTERS is engaged with the following data processors, for the data processing activities set out below:

Data processor Data processing activities
DEEPBLUE System Kft. Registered seat: HU-1064 Budapest, Vörösmarty utca 67., Hungary Company reg. no.: 01-09-874425 Represented by: The respective managing director DEEPBLUE is a professional IT service provider engaged by AZS PARTNERS to store all its electronic data. Furthermore, DEEPBLUE provides general IT support to AZS PARTNERS and is responsible for electronic data security. Consequently, DEEPBLUE is a data processor for all digital data processing activities of AZS PARTNERS.
Microsoft Group We use Outlook for our emailing system and our emails are stored in Microsoft Exchange, as a result, Microsoft is a data processor for all data processing activities using email. In addition, we use Microsoft Teams and SharePoint to organize and hold online meetings, as well as to record and store the online remote identification process.
“NEW-ADÓ-ART” Kft. registered seat: 6400 Kiskunhalas, Gárdonyi Géza u. 2. I. em. 4. company re. no: 03-09-105332 “NEW-ADÓ-ART” Kft is the accountant engaged by AZS PARTNERS, therefore “NEW-ADÓ-ART” Kft. shall be considered a data processor for maintaining the accounting records of AZS PARTNERS.

 


Furthermore, in order to provide the requested legal services, AZS PARTNERS may have to rely on the services of third parties who shall act as data controllers on the basis of their own legitimate interest to provide services:

Other recipient Necessary services or data processing activities
Certified translators AZS PARTNERS may engage certified translators in the event that a certified translation is required in the legal proceeding for the requested legal service. Should this be necessary, we will notify you concerning the details of the engaged translator.
Public notaries AZS PARTNERS may engage public notaries in the event that this is a statutory obligation for the requested legal service. Should this be necessary, we will notify you concerning the details of the engaged public notary.
Other law firms AZS PARTNERS may engage other law firms in the event that the requested legal service falls outside the practice areas of AZS PARTNERS. Should this be necessary, we will notify you concerning the details of the engaged law firm.


Since these other recipients shall act as data controllers in their own rights, the details of the data processing and rights in connection thereof shall be contained within their own privacy policies.



VI. Your rights

You may exercise your below rights and find out more about such rights by contacting us, as Data Controller, by emailing us at This email address is being protected from spambots. You need JavaScript enabled to view it. or by contacting one of our colleagues by other means or by a written request at HU-1126 Budapest, Tartsay Vilmos utca 3. II. em.

In case of any request to exercise your below rights, the Data Controller shall provide information on action taken on a request to the data subject without undue delay and in any event within one month of receipt of the request. This period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The Data Controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay.

If the Data Controller does not take action on the request of the data subject, the Data Controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.


Right of access

The data subject shall have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

  1. the purposes of the processing;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  5. the existence of the right to request from the Data Controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. where the personal data are not collected from the data subject, any available information as to their source;
  8. the existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

If the personal data are transferred to a third country or to an international organisation, the data subject shall also have the right to be informed of the appropriate safeguards relating to the transfer.

If requested by the data subject, the Data Controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the Data Controller may charge a reasonable fee based on administrative costs. If the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.

The right to obtain a copy referred to above shall not adversely affect the rights and freedoms of others, therefore the Data Controller shall:

  1. redact any personal data or confidential information not relating to the data subject or to which the data subject is not legally entitled;
  2. in case of any doubt concerning the identity of the data subject, request proof of identity prior to fulfilling such request.

Exception: in accordance with GDPR Art. 23 (1), the rights of the data subject may be restricted by the local law the Data Controller is subject to. In this regard, we would like to note in particular that we shall not fulfil an access or copy request in the event that such restriction is necessary for the protection of the rights and freedoms of others or the enforcement of civil law claims, i.e. if the data subject’s personal data was provided by a client of the Data Controller in connection with a pending legal case and therefore considered legally privileged client-attorney communication under Section 9 (2) of Act LXXVIII of 2017 on legal practitioners, or a trade secret or know-how under Section 1 of Act LIV of 2018 on trade secrets.


Right to rectification

The data subject shall have the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning him or her, by providing and certifying the correct personal data. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.


Right to erasure

The data subject shall have the right to obtain from the Data Controller the erasure of personal data concerning him or her without undue delay and the Data Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  2. the personal data have been unlawfully processed;
  3. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject;
  4. if the legal basis for the data processing is the consent of the data subject, the data subject withdraws consent on which the processing is based and there is no other legal ground for the processing;
  5. if the legal basis is the legitimate interest of the Data Controller or a third party and the data subject objects to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects to direct marketing purpose processing.

Exceptions: the erasure request cannot be fulfilled if one of the following grounds applies:

  1. the legal ground for processing is compliance with a legal obligation which requires processing by Union or Member State law to which the Data Controller is subject; or
  2. if the processing is necessary for the establishment, exercise or defence of legal claims.


Right to restriction of processing

The data subject shall have the right to obtain from the Data Controller restriction of processing where one of the following applies:

  1. the accuracy of the personal data is contested by the data subject, for a period enabling the Data Controller to verify the accuracy of the personal data;
  2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  3. the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  4. the data subject has objected to processing based on legitimate interest, pending the verification whether the legitimate grounds of the Data Controller override those of the data subject.

In the event that the processing has been restricted under the right to restrict, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.


Right to data portability

If the legal ground for processing the personal data is consent of the data subject or the performance of a contract in which the data subject is a contracting party, the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Data Controller to which the personal data have been provided, or may request the Data Controller to transmit the personal data to another controller.


Right to object

If the legal ground for processing the personal data is the legitimate interest of the Data Controller or a third party, the data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her. The Data Controller shall no longer process the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

If the data subject objects to processing for direct marketing (i.e. sending newsletters) purposes, the personal data shall no longer be processed for such purposes.


Right of remedy

If the data subject considers that the Data Controller has breached applicable data protection requirements when processing his or her personal data, he or she may lodge a complaint with the National Data Protection and Freedom of Information Authority (address: HU-1055 Budapest, Falk Miksa utca 9-11., Hungary; postal address: 1363 Budapest, Pf. 9. email: This email address is being protected from spambots. You need JavaScript enabled to view it. ; phone number: +36 (1) 391 1400), or may go to court to protect his or her data, and the court shall hear such cases as a matter of priority. In this case, the data subject may bring the action before the regional court having territorial jurisdiction over his domicile (permanent address) or place of residence (temporary address), or the seat of the Data Controller, according to his choice. The regional court having territorial jurisdiction over the data subject's Hungarian domicile or place of residence can be found at https://birosag.hu/birosag-kereso . According to the seat of the Data Controller, the Budapest-Capital Regional Court has jurisdiction over the lawsuit.


VII. Legal background

We process your personal data in accordance with the principles set forth in the data protection legislation applicable in Hungary, including:

  • (EU) Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”);
  • Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (“Info Act”);
  • HBA Regulation No. 16/2018. (XI. 26.) on the retention periods applicable to legal practitioners and the relevant guidance of the Hungarian Bar Association;
  • The relevant Hungarian statues determining the retention periods applicable to our data processing activities, i.e. Act V of 2013 on the Hungarian Civil Code (“Civil Code”), Act C of 2000 on Accounting, and Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing, as well as the statutes determining confidential information, i.e. Act LXXVIII of 2017 on legal practitioners and Act LIV of 2018 on trade secrets;
  • The legal practice of, and guidance provided by the Hungarian supervisory authority and the European Data Protection Board.

***

Effective as of: 1 September 2021.