Apponyi Law Firm
Policy takes into effect: 1 February, 2019.
- General provisions and contacts
Seat: 1055 Budapest, Nyugati sqr. 6.;
Represented by: Dániel Apponyi dr. jur.
Contact of the data controller, through which the Data subject can exercise the rights in this Policy:
Telephone: +36 20 522 9767
- Data protection principles
Personal data shall be:
- a) processed lawfully, fairly and in a transparent manner in relation to the Data subject (‘lawfulness, fairness and transparency’);
- b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with GDPR Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);
- c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
- d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
- e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with GDPR Article 89(1) Data subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
- f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’).
- Update the Policy
The data controller reserves the rights to modify the Policy uniliterally. Regarding this, it is recommended regularly to visit the webpage http://www.apponyiestarsai.hu/ for that purpose and to monitor the changes. The current content of the Policy can be read and saved here. If your email address is at our disposal, we will email you about any changes to your request.
Upon request, we will send you a copy of the current Policy.
- Know and accept the Policy
By providing us your personal data, the data subject declares that he / she has recognized and explicitly accepted the version of this Policy valid at the time the data was made available.
- The scope of data and the purpose of data managment
In order to provide the Data Controller with data, we may request information about you, and you may voluntarily provide us with certain data while communicating with the Data Controller. Part of data we collect is part of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – (“GDPR”) according to Article 4 (1) “personal data”.
Scope of the data, purpose of data management, legal basis of data managment, and the duration of data managment:
|Purpose of data management||Legal basis of data management||Data Category||Duration of data management, deadline for deletion|
|The data subject (the person who request a bid, appointment) has the opportunity to send message to the Data controller via the web site.
The purpose of data management sending of personalized offer and appointment.
|GDPR Article 6 (1) (b) Conclusion of Contract||Data subject:
|5 years after the message has been received, personal data will be deleted.|
|The data subject has the opportunity to apply for a vacancy announcement periodically advertised by the Data Controller.
The purpose of the data management is to hire, identify and maintain a person appropriate to the position specified in the job advertisement.
|GDPR Article 6 (1)(a) Consent||Data subject:
personal information provided voluntarily by resume
Your personal data voluntarily provided in any document attached to your CV
|Until the withdrawal of the Data Subject is concerned, in the absence thereof, after the application for a job posting, personal data will be deleted 1 year later.|
|The Data Controller manages these data in the performance of his attorney’s activity with relation to the data subject. (client, adversary, other participants in the procedure, personal contributor)
The purpose of data management is to identify the data subject, in case of countersigning using „JÜB” system, identification, fulfillment of the contract, liaison, fulfillment of statutory obligation legal and claim enforcement
|GDPR Article 6 (1)(b) Conclusion of Contract
using „JÜB” system: fulfillment of legal obligation (GDPR Article 6. (1)(c),
Adversary, other participants in the procedure, personal contributor: legitimate interest pursued by the data controller (GDPR Article 6. (1)(f),
|Data subject (client, adversary, other participants in the procedure):
Date and place of birth
personal identification number
other details of the case and procedure
Personal contributor to a legal entity:
8 years after the case has expired, personal data will be deleted.
Who can access the data:
- the Data controller’s colleagues;
- the Data Processing colleagues as specified below;
- some authorities may request information in the course of official procedures and the data controller is obliged to provide them the data;
- employees of the debt management company entrusted by the Data Controller to handle the expired debts;
- other persons on the basis of the express consent of the data subject.
The Data controller undertakes a strict confidentiality obligation with respect to the personal data he or she manages without any restriction on time, and may not be disclosed to a third party – except when the data subject gives permission.
The revocation of the consent does not affect the legitimacy of the previous data handling.
- Persons entitled to data processing
The Data controller uses the data processors listed in the table below to perform the technical tasks related to the data management operations. The rights and obligations of the data processor regarding the processing of personal data are determined by the Data Controller within the framework of the GDPR and the special laws on data management. The data controller is responsible for the legality of the instructions given by him. The data processor may not make any substantive decision on data management, process personal data that he or she is aware of, only processed by the Data Controller, for the purpose of processing data for his own purposes, and for storing and retaining personal data according to the provisions of the Data Controller.
|Data processors’ name and address||Personal data recognized by the data processor, and activities performed during data processing|
|EZIT Korlátolt Felelősségű Társaság
Address: 1132 Budapest, Victor Hugo utca 18-22.
|Personal information provided by the Data Subject.
Has access to all personal data handled by the data controller on the basis of this notice. The task is to store personal data handled by the Data Controller.
(seat: 2500 Esztergom Lombos út 6/A)
|Responsible for bookkeeping, access for the necessary dates.|
|Google LLC. (USA, Google Data Protection Office, 1600 Amphitheatre Pkwy Mountain View, California 94043 – Google Analytics)||Google Analytics can provide detailed information about how Google Analytics can handle this data (http://www.google.com/analytics)|
- Cookies and web beacons, anonymous informations through the use of our websites
The data subject agrees to insert the file (cookie) containing data on the data subject machine. Cookies are designed to identify recurring people, support Affected Services, and support the convenience of a website.
The Data Controller uses the cookies of external service providers (Google) exclusively on the Website. Cookies are short text files that are sent by the Website to the hard disk of the data subject computer and contain relevant information about the data subject.
The Data controller uses the services of the Google Analytics system in connection with the Website. Google Analytics-managed cookies help you measure visibility and other webanalytical data on the Website. Information collected by cookies is forwarded and stored to external servers run by Google. Google uses these informations for the Data Controller primarily to track the site visit and make analyzes of activities on the Website.
Google may disclose these informations to third parties if this is required by law. Google also has the right to forward this information to third parties who have access to the data. Google Analytics can provide detailed information about how Google Analytics can handle this data (http://www.google.com/analytics).
Data Controller ads are displayed on third-party (Google) web sites. These are stored by external service providers (Google) using cookies that the Data Subject has previously visited the Data Controller’s Website and, on this basis, posts the ads to the Data Subject (that is, they are doing remarketing activity).
You can disable Google cookie by using the Ad Settings (for more information http://www.google.com/policies/privacy/ads/). The Data Subject by the Network Advertising Initiative (http://www.networkadvertising.org/choices/) opt-out page, can also block external service providers’ cookies.
Data management for the abovementioned external service providers is governed by the data protection regulations set forth by these service providers and the Data controller does not take any responsibility for such data handling.
You can set your web browser to accept all cookies, reject them, or notify you when a cookie is coming to your machine. Each web browser is different so please. use the “Help” menu of your search engine to change cookie settings. For example, in Microsoft Internet Explorer, you can either delete or disable cookies by selecting “Tools/Internet Options” and modifying your security settings. For more information on the nature of cookies and their deactivation, visit http://www.youronlinechoices.com/. The Website is designed to work with cookies so that disabling them may affect the usability of the Website and prevent you from taking advantage of all of its benefits.
Cookies used on this site:
- Analitika, follower
- Data subject indentification session cookie
We do not exchange cookies with third party web sites or with third parties.
- The Data controller’s presence on social networking sites (Facebook)
The data controller is available on Facebook.
On the data controller’s facebook page the visitor can subsricbe to the news feed with the like button and can unscribe with the dislike button.
Persons under the age of 16 years can not give personal data of themselves, unless they are granted permission from a parent or guardian.
The Data subject who is under the age 14 years his / her legal representative, guardian can give personal information, and may make a legal statement on his / her behalf.
The person who has reached the age of 14 but who has not reached the age of 18 can only provide personal data with the consent of his / her legal representative and guardian, and may make a legal statement with his or her consent.
By providing this information, you declare and warrant that you will take into account the above, your ability to act with regard to the provision of information is not limited. If you do not have the right to provide the information yourself, you are required to obtain the consent of the third parties concerned – for example legal representative, guardian-. In this context, you are required to consider whether or not a third party’s consent is required in relation to the provision of that information. Your Data controller may not contact you personally, so you have to comply with this clause and the data controller is not liable in this context.
We will make every reasonable effort to discontinue any information that is unlawfully made available to us and to ensure that this information is not transmitted or used by us for any purpose (neither for advertising nor for any other purpose). Please let us know immediately if you find that a child has made unauthorized information about himself. You can contact with us on phone and e-mail that you find at the begining of this policy.
- Data security measures
The Data Controller shall take all reasonable steps to ensure the security of the data, and shall ensure an adequate level of protection, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction and accidental destruction and damage. The Data Controller ensures the security of the data through appropriate technical (eg logic protection, in particular encryption of passwords and communication channels) and organizational measures (physical protection, in particular data security training for data controllers, restriction of access to information).
Please help us protect the information by not using a clear login name or password, as well as changing your password regularly, and also make sure that your password is not made available to other persons.
- Rights and remedies of the Data subject
11.1 Access Rights of the Data subject
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
|(a)||the purposes of the processing;|
|(b)||the categories of personal data concerned;|
|(c)|| the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in
third countries or international organisations;
|(d)|| where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to
determine that period;
|(e)|| the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing
of personal data concerning the data subject or to object to such processing;
|(f)||the right to lodge a complaint with a supervisory authority;|
|(g)||where the personal data are not collected from the data subject, any available information as to their source;|
|(h)|| the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) and, at least in those
cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such
processing for the data subject.
Where personal data are transferred to a third country, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
A copy of the personal data which the subject of the data managment to the data is provided by the data controller for the data subject. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form, expect if the Data subject ask otherwise.
11.2 Right of rectification
The Data subject shall have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the Data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
11.3 Right to erasure (‘right to be forgotten’)
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- a) the personal data are no longer necessary in relation to the purposes for which we were collected or otherwise processed;
- b) the data subject withdraws consent on which the processing is based, and where there are no other legal grounds for the processing;
- c) the data subject objects to the processing pursuant, and there are no overriding legitimate grounds for the processing;
- d) the personal data have been unlawfully processed;
- e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject; or
- f) the personal data have been collected in relation to the offer of information society service.
(2) Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
(3) Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
- a) for exercising the right of freedom of expression and information;
- b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- c) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- d) for the establishment, exercise or defence of legal claims.
11.4 Right to restriction of processing
(1) The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
- a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
- b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or
- d) the data subject has objected to processing; pending the verification whether the legitimate grounds of the controller override those of the data subject.
Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
We will notify the user before we discontinue the disclosure limitation.
11.5 Notification obligation regarding rectification or erasure of personal data or restriction of processing
The data controller shall communicate any rectification or erasure of personal data or restriction of processing carried out, to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The data controller shall inform the data subject about those recipients if the data subject requests it.
11.6 Right to data portability
(1) The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
- a) the processing is based on consent pursuant or on a contract pursuant; and
- b) the processing is carried out by automated means.
In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
11.7 Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her including profiling. In this case we shall no longer process the personal data unless we demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
Where personal data are processed for scientific or historical research purposes or statistical purposes, the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
11.8 Right to lodge a complaint with a supervisory authority
Under the GDPR and the Hungarian Civil Code the data subject may enforce their rights in court, as well as to the The Hungarian National Authority for Data Protection and Freedom of Information (1125 Budapest, Szilágyi Erzsébet fasor 22/C; post address: 1530 Budapest, Pf. 5; telephone: +36 1 391 1400; e-mail: firstname.lastname@example.org) in the event of a complaint about data management practices in the data controller. Detailed rights and remedies for data management are described in detail in GDPR articles 77, 79. and 82 thereof.
11.9 Right to an effective judicial remedy against a supervisory authority
The data subject shall have the right to an effective judicial remedy against a legally binding decision of a supervisory authority concerning them.
The data subject shall have the right to an effective judicial remedy where the supervisory authority which is competent, does not handle a complaint or does not inform the data subject within three months on the progress or outcome of the complaint lodged.
Proceedings against a supervisory authority shall be brought before the courts of the Member State where the supervisory authority is established.
11.10 Right to an effective judicial remedy against a controller or processor
The data subject shall have the right to an effective judicial remedy where he or she considers that his or her rights under the GDPR have been infringed as a result of the processing of his or her personal data in non-compliance with the GDPR.
Proceedings against a controller or a processor shall be brought before the courts of the Member State where the controller or processor has an establishment. Alternatively, such proceedings may be brought before the courts of the Member State where the data subject has his or her habitual residence.
Before initiating a procedure, it is advisable for the data controller to submit the complaint.
 secure data framework