Privacy Policy

PRIVACY NOTICE INFORMATION TO CLIENTS AND THEIR CONTACT PERSONS

 

This Privacy Notice (“Notice”) is intended for clients of Dr. Nagy N. Lajos Law Firm (1053 Budapest, Károlyi u. 9. Central Palace 5. emelet; e-mail: info@yourlawyerinhungary.com; Tel: +36703351792; hereinafter: “We” or “Us” or “Our firm”, including all grammatical permutations of each of those words) who are natural persons and who serve as contact persons for clients that are legal persons, such as managers, employees and owners (collectively referred to below as , “contact persons” in the following). Information about natural person clients and contact persons is referred to as “personal data”. We act as a responsible controller of your personal data.

 

Why do we keep and use your personal data?

 

We need to use your data in order to

  1. a) provide legal services to you or the person by which you are employed or with which you work or to which you provide services, as our client (jointly referred to as “you”) including the provision of legal advice and ancillary services together with the provision and administration of client conferences and events; the administration of our client relationship and engagement with you; conducting conflict checks based on our legitimate interest;
  2. b) communicate with you for purposes such as providing you with information about events, services or news that may be of interest to you, which is in our legitimate interest to send and inform you;
  3. c) comply with our legal obligations to check the identity of new clients and to prevent money laundering and/or fraud; to comply with taxation obligations and record keeping obligations of attorneys. If you are a contact person, typically, we (i) would have information about your name, position and contact details such as e-mail address, telephone number and (ii) will not obtain or otherwise keep information that could be deemed to be “sensitive”. We will use the information about you only for purposes that are routine within our business relationship with you and your employer, such as regular contacts in respect of legal services, including information, as well as invitations to certain events or general information about us.

 

What kind of personal data do we process?

 

  • Personal data may be provided to us by clients, contact persons of clients or from other public sources (such as the company register). Such personal data may broadly be grouped into the following categories:
  • Identification data, such as name; representative’s name, place and date of birth; passport, tax ID and identification documents and their numbers and copies;
  • Contact details, such as address, e-mail address and telephone number(s);
  • Job related information, such as position and job title;
  • Contract information, such as the subject of the engagement and description of the economic transaction;
  • Banking details, such as bank account number and payment details;
  • Communication details, such as email content, business letter content and other business documents;
  • Sensitive data: in exceptional situations we may process personal data concerning health or personal data relating to criminal convictions and offences.

 

If this information is not provided, we may be unable to perform the engagement, provide services to you or to comply with the applicable legislation.

What is our legal basis for processing personal data?

 

We rely on the following legal bases in order to process your personal data:

  • Contract: If you are a natural person client, the normal basis for using personal data is the performance of the engagement or ancillary agreements between us and you or taking steps to enter into such agreements upon your request based on Article 6(1)(b) of the GDPR. Providing your personal data is voluntary; however, if you do not provide your data, we might not be able to enter into an engagement agreement with you or perform the relevant engagement.
  • Legitimate interests: if you personally are not our client, we have a legitimate interest to have ongoing contact with you (as a person employed, assigned or providing services to our client) in order to facilitate and monitor our attorney-client relationship with the person that is our client (pursuant to Article 6(1)(f) of the GDPR). On this basis, we process the business contact details of that entity’s contact persons. Our additional legitimate interests are listed in the next section; • Legal obligation: we may process your data on the basis of our obligations under taxation and/or accounting laws; and to prevent money laundering, fraud and terrorist financing (pursuant to Article 6(1)(c) and (e) of the GDPR).
  • We may process sensitive data either with your explicit consent (pursuant to Article 9(2)(a) of the GDPR) or if and to the extent necessary for the establishment, exercise or defense of legal claims (pursuant to Article 9(2)(f) of the GDPR).

 

If you as a legal person are our client, by providing personal data to us, including your contact person’s data, you warrant that: (i) you have been authorized by the contact person individual to provide such data; (ii) you have notified the contact person about the contents of this notice; and (iii) you will provide us with any updates or changes to that personal data.

 

The legitimate interests of the firm to process personal data

 

Data processing

Legitimate interest

 
Perform of engagement

The firm as a legal service provider has a legitimate interest in performing its obligations and exercise rights deriving from its engagement. For these purposes, it is necessary to use personal data of client contacts, including contact persons and the data of any third person (such as adverse party) who is relevant to the engagement.

 
Conflict checks It is a common legitimate interest of our Law Firm and also an obligation arising from the rules of the Bar, that we must avoid situations giving rise to conflicts of interest. Cooperating member law firms jointly maintain a conflict check database for this purpose, which lists all mandates/assignments (including the name, address, affiliation information and description of this mandate/assignment) undertaken by our Law Firm or cooperating law firms.

 

If you need more detailed information on our legitimate interests and the test’s results, please contact us via e-mail at yourlawyerinhungary.com

 

Who may have access to personal data?

 

We may transfer personal data in respect of client and their contact persons to third parties for the following reasons:

 

  • Service providers: our firm uses externally provided IT-systems or services provided by third party service providers to support our internal processes. Personal data may be made available to such service providers to be used for the purposes of the particular system or service, and subject to appropriate data processing agreements between the firm and the relevant service provider (hosting és support: Infosector Számítástechnikai Korlátolt Felelősségű Társaság, 2013 Pomáz, Kond utca 14., hosting: Microsoft Ireland Limited, South County Business Park, One Microsoft Place, Carmanhall and Leopardstown, Dublin, D18 P521, Ireland).

 

International data transfers

 

Personal data may be provided to persons in third countries that are located outside the European Economic Area (“EEA”). In such cases, we will ensure that the personal data is subject to measures that provide an equivalent level of protection as provided by data privacy laws in the EU (such as the EU General Data Protection Regulation; GDPR). Please contact us via the e-mail at yourlawyerinhungary.com if you would like to receive from us a copy of these measures that secure the adequacy of personal data transfers abroad.

 

How long do we retain personal data?

 

Your personal data processed for the purposes hereunder will be stored as long as you (you or the person by which you are employed or with which you work or to which you provide services) have a client relationship with us, as well as thereafter for a period of 10 years in line with the Hungarian Act on the Legal Profession. In relation to the data processing relative to our conflict check database, we will process your personal data until 10 years after the end of the client relationship with us or with any cooperative law firm (whichever occurs later).

 

We will retain your data during our relationship with you and thereafter, for varying periods of time, depending on the reason for which we are required to retain the particular data. There are several reasons for which we must retain various of your data, including: the statute of limitations under civil laws (which is five years under Section 6:22 (1) of the Hungarian Civil Code); tax law requirements (under which the statute of limitations on the right to commence a tax audit expires, which is generally five years from the last day of the year in which the tax return for the relevant period was due (under Sections 78(3) and 202 (1) of the Taxation Procedure Act); or accounting requirements (including contracts, communication and related business correspondence), the retention period for which is at least eight years from the closing of the relevant financial year (under Section 169 of the Accounting Act). Afterwards, we will remove your personal data from our systems and records and/or take steps to properly anonymize it so that you can no longer be identified from it.

What are the rights of private individuals?

 

Based on the applicable laws (i.e., the GDPR), you have the following rights:

 

  1. Right of access: You have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, to request access to the personal data. The access information includes – inter alia – the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipients to whom the personal data have been or will be disclosed. You have the right to obtain one copy of the personal data undergoing processing. If you request additional copies, we may charge a reasonable fee based on administrative costs.
  2. Right to rectification: You have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
  3. Right to erasure (right to be forgotten): You have the right to ask us to erase your personal data. Doing so may prevent us from being able to provide legal services to you or to the client you represent going forward.
  4. Right to restriction of processing: You have the right to request the restriction of processing your personal data. Doing so may prevent us from being able to provide legal services to you or to the client you represent going forward. In this case, the respective data will be marked and may only be processed by Us for certain purposes.
  5. Right to data portability: You have the right to receive the personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format and the right to transmit that personal data to another entity without hindrance from us.
  6. Right to object: You have the right to object, on grounds relating to your particular situation, at any time, to the processing of your personal data by us and we can be required to no longer process your personal data. Doing so may prevent us from being able to provide legal services to you or to the client you represent going forward. If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us. Exercising this right will not incur any costs.

 

Such a right to object may not exist, in particular, if the processing of your personal data is necessary to take steps prior to entering into a contract or to perform a contract already concluded. Please note that the aforementioned rights might be limited under the applicable national law. Accordingly, due to Attorney-Client privilege requirements, our client may prohibit us from providing you with access to you to your personal data. In case of complaints you also have the right to lodge a complaint with the competent supervisory authority in the particular Member State of your habitual residence for alleged infringement of the GDPR. If you reside in Hungary, that is the Hungarian Data Protection and Freedom of Information Authority (address: 1055 Budapest, Falk Miksa street 9-11., Telephone: +36-1-391-1400, Telefax: +36-1-391-1410, e-mail: ugyfelszolgalat@naih.hu)

 

Contact Us

 

To exercise your rights please contact Dr. Nagy N. Lajos attorney-at-law (PROVARIS, H-1053 Budapest, Károlyi u. 9. Central Palace 5. em.)

E-mail: yourlawyerinhungary.com

Tel: +36703351792

Last updated on 28 December 2022