The purpose of this policy is to set out the data protection and data processing provisions applied by:
Dr. Szalai Adrienn Law Office
Registered office: 1055 Budapest, Kossuth Lajos tér 13-15. middle staircase V/7.
Tax number: 18289646-2-41
Electronic contact: info@drvedjegy.hu
Website: www.drvedjegy.hu
Central phone number: +36 30 4989637
hereinafter referred to as Data Controller
and to ensure that its partners affected by data processing, as well as visitors to the website operated by it, receive adequate information regarding the processing and protection of their personal data.
The Data Controller organizes and executes data processing operations in such a way as to ensure the highest level of protection for the privacy of those affected by the processing of personal data. It protects the data, in particular, against unauthorized access, alteration, transmission, disclosure, erasure, or destruction, as well as against accidental destruction and damage, data corruption and accidental loss, and against becoming inaccessible due to changes in the technology used.
When drawing up these rules, the Data Controller took particular account of:
Data processing (operations): the performance of technical tasks related to data processing operations;
Data processing: any operation or set of operations performed on data, regardless of the procedure applied, in particular collecting, recording, registering, organizing, storing, altering, using, querying, transferring, disclosing, coordinating or connecting, locking, erasing and destroying the data, as well as preventing its further use, taking photographs, sound or video recordings;
Data Controller: the natural or legal person, or entity without legal personality, who independently or jointly with others determines the purpose of data processing, makes and implements decisions concerning data processing (including the means used), or has them implemented by a data processor commissioned by them;
Restriction of processing: the marking of stored personal data with the aim of limiting their processing in the future;
Data transfer:making the data accessible to a specified third party;
Data erasure: making data unrecognizable in such a way that their restoration is not possible;
Data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;
Data subject: the natural person whose personal data is affected by the data processing;
Third party: a natural or legal person, or any other body, which is not the same as the data subject, the controller, the processor or those persons who, under the direct authority of the controller or processor, are authorized to process personal data;
Consent: a voluntary, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her, either in full or covering specific operations;
Filing system: any structured set of personal data which is accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis;
Személyes adat: any data that can be associated with a specific natural person – in particular, their name, identification mark, and one or more factors specific to their physical, physiological, mental, economic, cultural or social identity – as well as any conclusion that can be drawn from the data concerning the data subject, which does not qualify as data of public interest or data public in the public interest. Personal data includes, among other things, name, address, and e-mail address;
Objection: a statement by the data subject objecting to the processing of their personal data and requesting the termination of the data processing or the erasure of the processed data;
The data processing carried out by the Data Controller complies with the data processing principles of the GDPR, which are as follows:
Principle of lawfulness, fairness and transparencyPersonal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject. The Data Controller shall, on the one hand, always process personal data in a way that complies with the provisions of the relevant legislation and, on the other hand, shall act fairly and transparently during the processing.
Principle of purpose limitation: Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. The controller shall only process personal data to the extent and for the time necessary to achieve the purpose.
Principle of data minimisation: Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. The Data Controller only collects as much personal data from the Data Subject as is strictly necessary to achieve the stated purpose.
Principle of accuracy: Personal data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
Principle of storage limitation: Personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
Principle of integrity and confidentiality: Personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
Principle of accountability: The controller shall be responsible for, and be able to demonstrate compliance with, these principles.
In addition to the principles of data processing, the requirement of providing adequate information can be identified as a common requirement, as Data Controllers must inform Data Subjects about the data processing, regardless of the legal basis.
4.1. Contact via the Website
The Data Subject
http://www.drszalaiadrienn.hu/
has the opportunity to contact the Data Controller via the websites.
| Scope of data concerned | the Data Subject's name and email address |
Purpose of processing
| establishing contact between the Data Subject and the Data Controller |
| Legal basis for processing | the data subject's voluntary consent (Article 6(1)(a) of the GDPR Regulation) |
| Duration of processing | until the data subject's request for erasure |
4.2. Data processing during contracting and performance
If a contract is concluded between the Data Controller and a partner, the parties shall specify the contact natural persons and their contact details in the contract.
| Scope of data concerned | the Data Subject's name, place and date of birth, mother's name, address, phone number, and email address |
Purpose of processing
| maintaining contact, fulfillment of the terms of the contracts |
| Legal basis for processing | processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) of the GDPR Regulation) |
| Duration of processing | until the termination of the contractual legal relationship, or for the period prescribed in the relevant legislation. |
4.3. Cookies
A cookie is a small text file that is stored on the Data Subject's computer or mobile device's hard drive until the expiry date set in the cookie and is reactivated on subsequent visits. Its purpose is to record information related to the visit and personal settings, but this data cannot be linked to the visitor's person. It helps to create a user-friendly website and to enhance the Data Subject's online experience. If the Data Subject does not consent to the Data Processor using cookies when the Data Subject browses the website, the website may not function fully.
| Scope of data concerned | The Data Controller stores all analysis information without a name or other personal data |
| Purpose of processing | storing the data subject's personal settings |
| Legal basis for processing | The Data Subject's consent – the Data Subject has given consent to the processing of their personal data for one or more specific purposes (Article 6(1)(a) of the GDPR Regulation) |
| Duration of processing | the data subject can delete the cookies stored on their computer or mobile phone at any time via their browser settings |
4.3.1 List of Cookies (by Cookiebot)
4.4. Customer due diligence
In accordance with the relevant legislation, the Data Controller, as a law firm, is subject to customer due diligence tasks, within the framework of which personal data is processed.
| Scope of data concerned | the Data Subject's name, birth family and given name, citizenship, place and date of birth, mother's maiden name, residential address, or in its absence place of stay, type and number of identification document |
Purpose of processing
| fulfillment of the obligations set out in Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing (Pmt.) |
| Legal basis for processing | the legal obligation set out in the Pmt. and the GDPR |
| Duration of processing | 8 years following the completion of the engagement, based on Section 56(2) and Section 57(2) of the Pmt. |
4.5. Client identification
In accordance with the relevant legislation, the Data Controller, as a law firm, is subject to client identification tasks, within the framework of which personal data is processed.
| Scope of data concerned | the data specified in Section 32(3) and (9), and Section 33(2) of Act LXXVIII of 2017 on the Legal Profession (Ütv.) |
Purpose of processing
| fulfillment of the obligations set out in the Ütv. |
| Legal basis for processing | The legal obligation set out in the Ütv. and the GDPR |
| Duration of processing | until the termination of the contractual legal relationship, or for the period prescribed in the relevant legislation (Ütv.) |
The data processor providing IT services to the Data Controller may access the personal data as necessary.
Data processor:
Tarhely.Eu Kft. (registered office: 1144 Budapest, Ormánság utca 4. X. em. 241.; registered by the Metropolitan Court of Budapest as Court of Registration under Cg. 01-09-909968)
Obventio Kft. (registered office: 2230 Gyömrő, Simon Mihály tér 3/C; registered by the Budapest Environs Regional Court as Court of Registration under Cg. 13-09-168536)
ANDOCSEK Zrt. (registered office: 1024 Budapest, Buday L. utca 12.; registered by the Metropolitan Court of Budapest as Court of Registration under Cg. 01-10-047892)
Modernity Group Korlátolt Felelősségű Társaság (registered office: 5530 Vésztő, Móricz Zsigmond utca 55.; registered by the Gyula Regional Court as Court of Registration under Cg. 04-09-015258)
The Data Controller shall not transfer personal data that has come into its possession to any third party without the prior consent of the Data Subject, except in cases where the Data Controller is obliged to transfer the data by law.
The Data Controller stores the personal data specified above at the registered office of the Law Office (1055 Budapest, Kossuth Lajos tér 13-15. middle staircase V/7.).
The Data Controller undertakes to ensure the security of the data in accordance with the provisions of the GDPR.
During the operation of the IT systems, the necessary access management, internal organizational, and technical solutions ensure that your data cannot come into the possession of unauthorized persons, and that unauthorized persons cannot delete, extract from the system, or modify the data. The Data Controller also enforces data protection and data security requirements with respect to its data processors.
It maintains a register of any data breaches and, if necessary, informs the Data Subject of any incidents that arise, and, if necessary, the National Authority for Data Protection and Freedom of Information (NAIH).
Pursuant to Section 9 of the Üttv., any fact, information, and data of which the practitioner of the legal profession becomes aware during the practice of this activity qualifies as attorney-client privilege. The practitioner of the legal profession is obliged to maintain attorney-client privilege.
The Data Controller's, as a law firm's, obligation of confidentiality also extends to the members of the office; however, the members are not bound by confidentiality obligations towards each other.
Right to information
The Data Controller is obliged to provide information on the essential aspects of data processing in an appropriate manner, in simple and understandable language, and in an easily accessible form (online or offline). At the time of obtaining the personal data, or if the data subject subsequently requests information, the Data Processing Information (Privacy Policy) must be made available to the data subject upon providing this information, and a statement confirming that they have read, understood, and accepted its contents must be signed by them.
The Data Subject is entitled to request information at any time about the personal data concerning them managed by the Data Controller. Information can be requested at the e-mail address, postal address, or telephone number specified in the information notice for the given data processing. The Data Controller is obliged to provide the requested information within 30 days of the request.
Right to erasure
The Data Subject has the right to have the Data Controller erase personal data concerning them without undue delay upon their request, and the Data Controller is obliged to erase personal data concerning the data subject without undue delay. If the data controller has granted access to the requested data to third parties, it must inform all those to whom it has disclosed the data subject's data to delete all links to, or copies of, the personal data stored with them. The purpose of this is to ensure that – unless there is a legal or reasonable obstacle – the data subject's data "disappears" from the available databases.
The erasure does not have to be fulfilled if the data processing is necessary
The Data Controller shall also erase the personal data contained in its documentation concerning the data subject if the purpose for processing the personal data has ceased.
In the case of paper-based documentation, their destruction must be recorded in a protocol, so that this fact can be proven to the competent authority at a later date.
Right to rectification
The Data Subject may indicate that the processed data is inaccurate and request what should be entered instead. The Data Controller is responsible for the accuracy of the data, so it is necessary to check their accuracy from time to time.
Right to restriction of processing:
The Data Subject may request the restriction of the processing of their personal data by the Data Controller, for example, in an unresolved, disputed situation. Where processing is restricted, such personal data shall, with the exception of storage, only be processed with the Data Subject's consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
Right to data portability:
The Data Subject may request to receive the data processed concerning them in a structured, commonly used, machine-readable format (e.g., .doc, .pdf, etc.), and has the right to transmit this data to another data controller without hindrance from the original data controller. It facilitates the data subject's situation to transfer their personal data from one data controller to another.
Right to object
The Data Subject has the right to object at any time, for a specific reason, to the processing of their personal data, provided they have not given their consent to the processing.
If the Data Subject wishes to exercise their rights, this will involve their identification, and the Data Controller will necessarily have to communicate with the Data Subject, therefore, personal data will be required for identification (but identification can only be based on data that we already process about you), and your complaint regarding data processing will be available in our email account within the time period specified in this notice for complaints.
We will respond to data processing complaints immediately, but no later than 30 days.
The Data Subject may exercise their rights specified above by means of an electronic letter sent to the Data Controller's e-mail address info@drvedjegy.hu or by a declaration addressed to the Data Controller and sent by post to its registered office.
The Data Subject is entitled to turn to the NAIH (1125 Budapest, Szilágyi Erzsébet fasor 22/c.; www.naih.hu, Phone: +36 (1) 391-1400, Fax: +36 (1) 391-1410, E-mail: ugyfelszolgalat@naih.hu) with their complaint or to enforce their rights related to the processing of personal data before the Court with jurisdiction and competence according to Act CXXX of 2016 on the Code of Civil Procedure.
If the Data Controller wishes to carry out further data processing in relation to the collected data for a purpose other than that for which it was collected, it shall inform the Data Subject of the purpose of the data processing prior to the further processing. The data processing may only begin after this, and if the legal basis for the data processing is consent, the Data Subject must also consent to the data processing in addition to being informed.
The Data Controller reserves the right to change this policy and to amend the policy accordingly in the event of changes in European Union or Hungarian legislation.
This Data Processing Information is valid from July 1, 2025.
