NEIZER Law Office intends to ensure the lawfulness of data processing in respect of personal data it manages. In accordance with this, the Data Subject, with regard to the processing of their personal data, is hereby informed about the processing of personal data, in this Privacy Notice (hereinafter: "Notice"), in compliance with the protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing Regulation (EC) No 95/46 (General Data Protection Regulation) ("GDPR") adopted by the European Parliament and the Council (EU) 2016/679 Regulation of 27 April 2016.
1. CONTROLLER'S DATA
NEIZER Law Office Registered office: 1139 Budapest, Teve u. 24-28. A. building III/5.
Branch office: 1024 Budapest, Margit körút. 31-33. 1st floor 1.
Website: www.nzrugyved.hu
Email: iroda@nzrugyved.hu
Phone: +36 1 796 5228
Representative: Dr. Norbert Neizer, managing lawyer (hereinafter: "Controller")
2. PURPOSE, LEGAL BASIS, SCOPE OF PROCESSED DATA, TRANSFER OF DATA, PERIOD AND METHOD OF DATA PROCESSING
2.1. Data processing related to the fulfilment of mandates
If a legal representation agreement has been concluded between the Controller and the Data Subject, the Controller processes the following personal data for the purpose of fulfilling this agreement:
• personal data of the Data Subject, the client's representative, the opposing parties, witnesses, experts, and other natural persons concerning the specific mandate.
In the case of the above mentioned under point 2.1., the legal basis for data processing is Article 6 (1) (b) of the GDPR (fulfillment of a contract), Article 6 (1) (c) of the GDPR (compliance with a legal obligation), and Section 1 (1) of Act LXXVIII of 2017 on Advocacy (hereinafter: "Advocacy Act").
The designation of individuals (positions) who have access to the data: members, trainees, and invoicing staff of the Controller (law firm), depending on the nature of the mandate, access is limited to certain office members or employees.
IT processors providing data processing services to the Controller may have access to the data as required.
Data transfer takes place as required by the case (e.g., sending the data of an opposing party, witness, or expert to a client outside the EEA who is represented in court proceedings).
The period of data processing is 5 years or 10 years (Section 53 (3) and (5) of the Advocacy Act). Data related to the mandate not covered in this section shall be kept until the expiry of the limitation period.
2.2. Data processing related to customer identification
If the legal regulations require it, the Data Controller processes the following data related to customer identification:
• Data specified in Section 32 (3) and (7) and Section 33 (2) of the Public Procurement Act (hereinafter: "Üttv.")
In the case of the provisions set forth in Section 2.2, the legal basis for data processing is Article 6 (1) (c) of the GDPR (compliance with a legal obligation) and Sections 32-33 of the Üttv.
The following individuals (positions) have access to the data: members of the Data Controller (law firm), trainee lawyers, and billing staff.
In cases required by the Üttv., the data is transmitted to the financial information unit operating within the National Tax and Customs Administration (hereinafter: "NAV") (Sections 30-31 of the Public Procurement Act).
The data is not transmitted outside the European Economic Area (hereinafter: "EEA").
The Data Controller retains the data for the period specified in Section 112 (2) of the Üttv. for data specified in Section 32 (3) and for eight years from the completion of the mandate for data specified in Section 33 (2) of the Üttv. (Section 33 (7) of the Üttv., Section 56 (2) and Section 57 (2) of Act LIII of 2017 on the prevention and combating of money laundering and terrorist financing (hereinafter: "Pmt.")).
2.3 Data processing related to customer due diligence
If the legal regulations require it, the Data Controller processes the following data related to customer due diligence:
• Data specified in Section 7 (2) and (8) of the Pmt.
In the case of the provisions set forth in Section 2.3, the legal basis for data processing is Article 6 (1) (c) of the GDPR (compliance with a legal obligation) and Sections 7-11, and, where applicable, Sections 17-21 of the Pmt.
The following individuals (positions) have access to the data: members of the Data Controller (law firm), trainee lawyers, and billing staff.
In cases required by the Pmt., the data is transmitted to the territorial chamber on the basis of Section 74 (1) of the Pmt. and to the financial information unit operating within the National Tax and Customs Administration on the basis of Section 75 (1) of the Pmt.
The data is not transmitted outside the EEA.
The Data Controller retains the data for eight years from the completion of the mandate (Section 56 (2) and Section 57 (2) of the Pmt.).
2.4. Data processing related to registry keeping
If required by law, the Data Controller processes the following data related to customer identification:
• Data specified in Section 53 (2) of the Act C of 2003 on Electronic Communications (ECA).
The legal basis for processing data recorded in this section 2.4 is Article 6(1)(c) of the GDPR (compliance with a legal obligation) and Section 53(1) of the ECA.
The job titles of those who have access to the data are: members of the Data Controller (law firm), trainee lawyers, and invoicing staff.
The data may be forwarded in cases required by the ECA (Section 53(4)), but the data will not be forwarded outside the EEA.
The Data Controller retains the data for 5 or 10 years (Sections 53(3) and (5) of the ECA).
2.5. Data processing related to business partners
If a contract has been concluded between the Data Controller and your employer, the Data Controller processes the following personal data of you as a contact person (provided to the Data Controller by your employer) for the performance of the contract:
your last name, first name, position, phone number, and email address.
The legal basis for processing data recorded in this section 2.5 is Article 6(1)(f) of the GDPR (legitimate interests of the Data Controller or your employer).
The job titles of those who have access to the data are: members of the Data Controller (law firm), trainee lawyers, and invoicing staff.
The data will not be forwarded.
The Data Controller retains the data for up to 1 year from the date of the change of the contact person.
2.6. Applicants for job advertisements
If you consent, the Data Controller processes your following data related to job applications:
• Data sent in your resume, such as surname, first name, phone number, address, email address, photograph, description of professional experience, spoken language(s).
The legal basis for data processing in this section 2.6. is your consent under Article 6(1)(a) of the GDPR.
The Data Controller can only consider your application if you give your consent to the processing of your personal data contained in your resume for job advertisement purposes by the Data Controller.
The job titles of those who have access to the data: Members of the Data Controller (law firm), recruitment staff responsible for the recruitment process.
The data will not be transmitted to third parties.
If you are not the successful candidate for the advertised position, the Data Controller will immediately delete your personal data after the decision to fill the position has been made, unless you consent to the further processing of your personal data for a period of 6 months after being informed of the decision.
2.7. Contact
The Data Controller informs you that, in the course of scheduling and coordinating a personal consultation with the Data Controller, the following data will be processed:
• Personal data provided during contact (surname, first name, phone number, email address).
The legal basis for data processing in this section 2.7. is your consent (Article 6(1)(a) of the GDPR).
The job titles of those who have access to the data: Members of the Data Controller (law firm), trainee lawyers, secretarial staff of the Data Controller.
The Data Controller will not use or be able to use your personal data for purposes other than those defined in this section 2.7.
No data transmission will take place.
The Data Controller will process the data until the purpose of the contact is achieved or until a contract is concluded with the contacting party.
2.8. Data processing on the website and social media (Facebook, LinkedIn) maintained by the Data Controller.
Disclosure of personal data of any natural person on the website (hereinafter: "Website") and social media platforms maintained by the Data Controller is possible without revealing the identity of the individual concerned.
Part of the links on the Website and social media platforms may direct to websites maintained and/or operated by other data controllers, for which the Data Controller assumes no responsibility for the content and any damage arising from the use of such information.
Furthermore, the Data Controller informs that visitors of the Website and social media platforms may contact the Data Controller electronically (by providing their name and e-mail address).
The Data Controller uses the following social media platforms:
The Data Controller informs you that it maintains a Facebook and Instagram page at www.facebook.com/nzrugyved and www.instagram.com/nzrugyved. The Data Controller primarily publishes its own intellectual property (articles, opinions, statements) on its Facebook page, while it displays images, videos, and short professional content on its Instagram page, and anyone can comment on such posts regardless of whether the Facebook and Instagram pages are liked. The Data Controller further informs that visitors to the Facebook and Instagram pages may also contact the Data Controller directly via Messenger and Instagram messages.
Regarding the Facebook and Instagram pages, the Data Controller informs you that it is considered a joint data controller with Facebook (1601 S. California Ave, Palo Alto, CA 94304, USA) as the operator. The Data Controller informs that Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin, Ireland) is responsible for the operation of Facebook and Instagram in Europe. The Data Controller's Facebook and Instagram pages operate within the data protection regulations of Facebook and Instagram, which can be accessed at the following link: https://www.facebook.com/policy.php and https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect.
The Data Controller informs you that it maintains a LinkedIn profile at https://www.linkedin.com/company/37002599/admin/.
The Data Controller primarily publishes posts and articles on its LinkedIn profile, to which anyone can comment regardless of whether they like the LinkedIn page or not. The Data Controller can be contacted via messaging on the LinkedIn page.
Regarding the LinkedIn page, the Data Controller hereby informs you that it qualifies as a joint data controller with LinkedIn (2029 Stierlin Court Mountain View, CA 94043, USA) as the operator. The Data Controller informs that the operator of LinkedIn in Europe is LinkedIn Ireland (Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland) responsible for the operation of LinkedIn. The Data Controller's LinkedIn page operates within the framework of LinkedIn's privacy policy. The Data Controller's LinkedIn page operates in accordance with LinkedIn's data management policy, which can be found at the following link: https://www.linkedin.com/legal/privacy-policy.
3. DATA PROCESSING
The Data Controller uses the data processors indicated in this Information in connection with its activities.
4. DATA TRANSMISSION
In connection with its activities, the Data Controller uses data processors or makes the personal data it needs to manage available or transferred to the data processor it uses.
To ensure the necessary IT background for its operations, the Data Controller uses the data processing services of MEDIAPORTAL Kft. (Headquarters: Székely Bertalan Street 22, Szekszárd 7100, Hungary, Company registration number: 17-09-007742).
To comply with Act C of 2000 on Accounting (hereinafter: "Accounting Act"), the Data Controller provides data required by the Accounting Act to the accountant responsible for the Data Controller's accounting activities. The Data Controller's accounting tasks are currently being carried out by Taxcorp Hungary Kft (Headquarters: Bécsi út 126-128. I. em. A-107, 1034 Budapest, Hungary, Company registration number: 01 09 389208).
The Data Controller, in connection with its electronic invoicing, uses the Billingo invoicing program operated by Octonull Ltd. (registered office: Árbóc street 6., Budapest 1133, company registration number: 01-09-198177) as a data processor.
The Data Controller, in connection with its activities, uses an online storage service provider for email correspondence. The online storage service is provided by Incore Team Ltd. (registered office: Akácos street 4., Csomád 2161) as a data processor.
The Data Controller performs certain types of tasks jointly with other law firms or individual lawyers or other experts as data processors, who are informed about their involvement in the engagement agreement or in other written form provided to the clients.
The data processor(s) may only process the personal data provided by the Data Controller, exclusively in accordance with the instructions of the Data Controller and solely for the purpose specified above, based on a written agreement with the Data Controller.
The Data Controller only uses data processor(s) who provide appropriate guarantees for compliance with GDPR requirements and for implementing adequate technical and organizational measures to ensure the protection of personal data.
5. DATA SECURITY
The Data Controller takes all reasonable technical precautions to ensure the secure and inaccessible storage of stored data by third parties.
Your personal data is stored by the Data Controller at its registered office (1st floor, Margit boulevard 31-33., Budapest 1024). The storage of your personal data is protected due to the main technical and organizational measures taken for data security.
The Data Controller takes all necessary protective and technical measures to ensure that the collected, stored, and processed data is protected, and does everything in its power to prevent its destruction, unauthorized use, and unauthorized modification.
The Data Controller provides adequate protection for the personal data it processes, both in paper-based and electronic data storage.
6. RIGHTS OF THE DATA SUBJECTS RELATED TO DATA PROCESSING
Regarding the processing of personal data, the following rights apply to the data subjects:
7. REMEDY
The Data Controller takes all necessary steps to ensure that the processing of personal data is lawful and carried out in the highest possible security. If you consider the Data Controller's data processing to be in breach of regulations, it is advisable to contact the Data Controller directly using the contact information provided in section 1 of this Notice before resorting to any other legal remedy.
If you still find the data processing to be in breach of regulations even after being informed by the Data Controller, you can file a complaint with the National Data Protection and Freedom of Information Authority or bring legal action before the competent court. You may initiate legal proceedings against our decision regarding the protest within 30 days from the communication of the decision or the last day of the deadline.
8. GLOSSARY
9. FINAL PROVISIONS
The Data Controller undertakes to ensure that all data processing related to its activities complies with the provisions of this Information and the expectations set forth in the applicable laws.
The Data Controller reserves the right to unilaterally and at any time amend this Information. The processing of personal data in the course of the Data Controller's activities is based on the following legislation:
Budapest, 15 May 2023.
NEIZER Law Firm
Dr. Norbert Neizer
Managing Partner