Name of entity (Controller): Dr. Nagy Dorottya egyéni ügyvéd
Registered seat of the Controller: 4025 Debrecen, Piac u. 43/A-B fsz.1.
Chamber registration number: 36081075
Telephone number of the Controller: +36 20 57 18 353
Email availability of the Controller: iroda@drnagydorottya.hu
Website of the Controller: www.drnagydorottya.hu

Preamble

Dr. Nagy Dorottya attorney at law (hereinafter: Data Controller or Controller) necessarily manages data in the course of its activities, however, it takes extra care to protect personal data, comply with mandatory legal provisions, and secure and fair data management. The Data Controller informs natural persons about the principles, process and guarantees of data management. The Data Controller recognizes the right of natural persons to dispose of their own personal data. At the same time, it draws attention to the fact that the right to the protection of personal data is not an absolute right, it must be taken into account in accordance with the principle of proportionality and balanced with other fundamental rights. Detailed information on individual data management activities can be found in this document. If you need more information about the data protection information, please contact the Data Controller at any of its contact details set forth herein. If you need more information about the data protection information, please contact the Data Controller at any of its contact details set forth herein.

1. Retainer shall mean an assignment for the provision of legal services (Section 28 paragraph (1) of the Act LXXVIII of 2017 on Attorney-at-law Activities– “Act on Legal Practices”). The Retainer Agreement shall be made in writing, except if it is only aimed at the provision of legal advice (Section 29 paragraph (1) of the Act on Legal Practices). The purpose of data processing related to the retainer is to perform the assignment; the purpose of data processing related to filling out the contact form available on the website of the Data Controller is to create an attorney-at-law retainer agreement, which data processing shall be governed by the rules of the retainer agreement, if it is created, and if not, see point 13 of this Policy regarding data deletion. In the course of performing the assignment, the rules of law in force concerning the content and performance of the assignment shall determine the scope of personal data that needs to be processed in the specific case.
2. The legal grounds for processing data related to the establishment of the Retainer and the performance thereof shall be the performance of a contract as well as to take steps at the request of the data subject prior to entering into a contract pursuant to Article 6 paragraph (1) point (b) of the GDPR Regulation (General Data Protection Regulation of the EU: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, that is directly applicable as from the 25th May 2018, hereinafter: “GDPR” or “GDPR Regulation”).
3. Personal data are managed in compliance with the provisions of Act CXII of 2011 on Informational Self-Determination Right and Freedom of Information (hereinafter: “Privacy Act”) and the General Data Protection Regulation of the European Union (GDPR).
4. The processing of the data of the relative requesting the provision of legal services on behalf of the client (Section 28 paragraph (2) of the Act on Legal Practices), the representative of the legal entity and the contact person thereof can be justified on grounds of compliance with a legal obligation to which the Controller is subject pursuant to Article 6 paragraph (1) point (c) of the GDPR Regulation, as well as of the performance of a contract and to take steps at the request of the data subject prior to entering into a contract pursuant to Article 6 paragraph (1) point (b) of the GDPR Regulation. The processing of the data of third parties– for example adverse parties, witnesses, experts, etc.– necessary for performing the assignment can also be justified on grounds of legal obligation and performance of the contract.
5. The prevailing legislation concerning the provision of legal services, thus, in particular, the provisions of Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing (Money Laundering Act), Act LXXVIII of 2017 on Attorney-at-law Activities (Act on Legal Practices), Act V of 2013 on the Civil Code (Ptk.), Act CXXX of 2016 on the Code of Civil Procedure (Pp.), Act CXLI of 1997 on Real Estate Registration (Inytv.) as well as Act V of 2006 on Public Company Information, Company Registration and Winding-up Proceedings shall apply to the scope of personal data that can be processed.
6. Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, publication, alignment or combination, blocking, restriction, erasure or destruction of data, as well as preventing the further use of the data, taking pictures, or making sound or video recordings.
7. For the purpose of data processing, the managed data shall be transmitted to our archiving and accounting service provider and– in case of electronic communications– to our IT service provider and IT system administrator. In the event a document is sent by mail, the address details are handed over to the Hungarian Post Plc. (Magyar Posta Zrt.) as well as the courier service.
8. The scope of recipients: The personal data– according to the purpose of the assignment and data processing– may be transmitted to the competent authorities, notaries, courts, adverse parties or third parties. In the course of the provision of legal services, Controller may use a substitute attorney-at-law (Section 17 of the Act on Legal Practices), and the data may be handed over to such substitute attorney-at-law. The data may be disclosed to the members and employees of the Controller. The personal data may be handed over to the people involved in the provision of the required legal services, as well as to other people whose engagement and involvement in connection with the performance of the assignment is necessary and such engagement has been approved by the client (in particular, translator, expert, notary, ministry, bank, photocopying shop).
9. Amennyiben a területi ügyvédi kamara az Ütv. 85. §-a alapján irodagondnokot jelöl ki, az irodagondnok jogosult az ügyvéd képviseletére és az iratokba betekinteni.
10. Controller shall manage the name, name at birth, address, mother’s name at birth, place and date of birth, nationality, identification card/passport/driving licence number, and the number of the address card, personal identification number, tax identification number and possibly the social insurance number of the principal on grounds of satisfying a legal obligation, for the purpose of screening and fully identifying the client, and performing the possible inspection of the safety of the transaction set forth in the Money Laundering Act due to the issuance of the power of attorney and retainer. Controller shall retain the data contained in the legal documents drawn up thereby or handed over thereto for the purpose of retention in a manner and for a period in accordance with the regulations (mandatory retention period concerning the documents, scrapping). In case of records kept of the cases, the personal data shall be stored at least for a period of 5 (five) years upon the termination of the assignment; where the document is countersigned, for a period of 10 (ten) years following the counter signature of the document; and in cases concerning the registration of the right in immovable property in the public register, for a period of 10 (ten) years upon the registration of the right (Section 53 of the Act on Legal Practices).
11. Where a document is countersigned, Controller shall retain the document countersigned thereby as well as the other related documents generated in the case– unless the regulations establish a longer retention period or a longer period is agreed on by the parties – for a period of 10 (ten) years upon the countersignature (Section 53 (5) of the Act on Legal Practices).
12. On grounds of satisfying a legal obligation, for the purpose of satisfying tax liabilities or accounting obligations (bookkeeping, taxation) as provided by law, Controller shall manage the name, address, tax number or tax identification number, and in case of foreigners, the identification number of the personal identification document of principal. The personal data shall be retained for a period of 8 (eight) years upon the termination of the legal basis for the relationship. The recipients of the personal data are the employees and data processors of the Controller performing taxation and bookkeeping task.
13. Personal data shall qualify as legal professional secret; therefore, Controller applies enhanced security measures for their retention

Information about the security of personal data

Taking into account the state of the art, the nature, scope, context and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of data subjects, the Controller shall implement and maintain continuously appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including the appropriate security and confidentiality of the personal data, protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, as well as unauthorised access to or use of personal data and the equipment used for the processing.

Mailing system (iroda@drnagydorottya.hu): Roundcube Webmail
1.5.2. The Data Controller Dr. Nagy Dorottya attorney at law uses a data processor to ensure the operation of the website www.drnagydorottya.hu (storage service, data entry on the website), with whom it concludes a data processing contract.

Data of the storage service provider (Data Processor): name: Sybell Informatika Korlátolt Felelősségű Társaság, registered seat: 1158 Budapest, Késmárk Street 7/B. 2nd floor door no. 206, company registration number: 01-09-293034, registered with the Company Court of the Metropolitan Tribunal, tax number: 25859502-2-42, statistical number sign: 25859502-6202-113-01, email: info@sybell.hu, information on their data management: https://sybell.hu/adatvedelmi-tajekoztato/). Data managed by the Data Processor: data uploaded to the website, data sent to the Data Controller via the website (data request, filling out the contact form).

If the affected third party fills out the contact form for the purpose of establishing an attorney-at-law Retainer Agreement, his/her name, telephone number and email address will be forwarded via the Data Processor to the Data Controller, who will process these personal data a.) in the event of a conclusion of an attorney-at-law Retainer Agreement in accordance with the rules governing the Retainer Agreement b.) the Data Controller shall delete the failed contact details within 1 (one) working day after becoming aware of the failed contact in the event that the assignment as per the attorney-at-law Retainer Agreement has not been established.

Accordingly, we ensure the encryption or pseudonymisation of personal data the ongoing confidentiality, integrity, availability and resilience of processing systems and services used for the processing of personal data; the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; as well as a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

14. Controller shall manage the data processed thereby only in connection with the assignment, in the form and with the content handed over thereto, and on the same grounds, it shall only transmit/hand over such data to the above-mentioned recipients, or transmit them to any third party with the express request and assignment of the data subject. As a general rule, the Data Controller does not transfer data to third countries. If such data transfer takes place on a case-by-case basis, the Data Controller transfers personal data to a third country that provides an adequate level of protection according to the Commission’s compliance decision, or if no compliance decision is available, the Data Controller only if the conditions according to Article 46 or 49 of the GDPR are met transmits personal data to a third country.
    Controller does not take any measures to update personal data with special regard to the fact that the managed personal data must be kept in the same condition as it was used during the provision of the legal services.
15. The rights of data subject concerning data processing:
    Pursuant to the provisions of the GDPR and the Privacy Act, the data subject may request preliminary information from the Controller with regard to his/her personal data prior to the data processing. The data subject may request (in writing) access to and rectification or erasure of personal data, the restriction of processing, and may object to processing, and shall have the right to data portability (in cases as per the GDPR). In case of such a request, Dr. Nagy Dorottya attorney at law shall examine whether it can satisfy what is contained in the request, its essential legitimate interest related to data processing is not damaged, and whether there is a right to enforcement connected thereto. Dr. Nagy Dorottya attorney at law shall inform the data subject about the outcome of the examination (interest balancing test).
16. Right related to data processing based on consent:
    Where the Controller manages the personal data of the data subject based on the consent thereof, the data subject shall have the right to withdraw his or her consent at any time. However, the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
17. Information provided in connection with statutory data processing:
    Where the legal basis for processing personal data is the provision of a rule of law governing the performance of the assignment, the data subject shall provide the specific personal data. In the absence thereof, Data Controller may not be able to satisfy its legal obligation provided for in the assignment.
18. Managing a personal data breach:
    Where there is personal data breach in connection with the data managed by the Controller or by the data processor on behalf of or at the request of Controller despite the data protection guaranteed by the Controller, and the personal data breach is likely to result in a risk, Controller shall notify the personal data breach to the supervisory authority and the data subject (including the EEA member state as well) without undue delay but not later than 72 hours after becoming aware of such personal data breach. Information shall be provided as to the nature of the personal data breach, the scope and the approximate number of data subjects concerned, as well as the scope and approximate number of personal data records concerned, the name and contact details of the contact point, and shall describe the possible consequences arising from the personal data breach and the measures taken or proposed to be taken by the Controller to address the personal data breach and to mitigate its possible adverse effects and other measures. Where it is not possible to provide all the above-mentioned data or information at the time when the authority is notified, the information may be provided when Controller becomes aware of it without undue delay.
    Controller shall guarantee that in the event of a physical or technical incident, the availability and access to personal data by Controller and the authorized people are restored in a timely manner. At the same time Controller takes the necessary measures and precautions in order to restore data protection security. (Personal data breach (incident): means a breach of security leading to the accidental or unlawful destruction, loss, alteration, amendment, unauthorised transmission or disclosure of, or access to personal data transmitted, stored or otherwise processed.)
19. Information regarding the cookies used on the website of the Controller:
    The www.drnagydorottya.huwebsite uses cookies in order to enhance the user experience and ensure the operation of the website. A cookie is a piece of data that the website sends to the affected person’s browser, thereby the browser stores certain data with which the original settings are restored when the website is visited again. When the data subject visits the website, he/she receives information about the cookies operating on the site. The data subject uses the website in possession of this information. The purpose of cookies is to enhance the user experience when using the website, and to provide the Data Controller with information to check the operation of the site. Some cookies are only temporary and disappear when you close your browser, while there are also persistent versions that remain on your computer for a long time. According to the law, cookies can be stored on the visitor’s device if this is absolutely necessary for the operation of our website. We need the visitor’s permission to use all other types of cookies. The www.drnagydorottya.huwebsite uses various cookies. Some of the cookies that appear on the website are placed by our third-party service providers. The cookies used are not suitable for identifying the data subject. Refusal to allow the use of cookies does not result in a disadvantage for the person concerned. Browsers allow you to change cookie settings. You can delete the use of cookies from the data subject’s own computer, or you can prohibit their use in your browser from the start. Depending on the browser, these options can typically be found in the Settings / Privacy menu. The Data Controller provides a “Cookie information” when entering the website

    For more information about the setting options, please see the cookie settings, instructions and help site of the most popular browsers:
    Firefox: https://support.mozilla.org/hu/kb/sutik-engedelyezese-es-tiltasa-amit-weboldak-haszn
    Microsoft Internet Explorer 11:
    http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-11
    Microsoft Internet Explorer 10:
    http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-10-win-7
    Microsoft Edge: http://windows.microsoft.com/hu-hu/windows-10/edge-privacy-faq
    Safari: https://support.apple.com/hu-hu/HT201265

20. Remedies that can be sought in connection with data processing:
    In accordance with the provisions of the Privacy Act, the data subject shall be entitled to − file a complaint with the supervisory authority (Hungarian National Authority for Data Protection and Freedom of Information; NAIH) (mailing address: 1363 Budapest, Pf.: 9.; address: 1055 Budapest, Falk Miksa utca 9-11.; Telephone: +36 (1) 391-1400; Fax: +36 (1) 391-1410; web: www.naih.hu, email: ugyfelszolgalat@naih.hu); − or seek judicial remedy (competent Tribunal).

This document was prepared in Hungarian and English languages, in case of any discrepancies or disputes the Hungarian version shall prevail.

Dated: Debrecen, 30th December 2024