DATA PROCESSING INFORMATION LETTER
The Data Controller hereby informs you about the information concerning the processing of your personal data:
I. Data concerning the data controller
Name: Sisa and Joósz Law Office
Registered office: 1114 Budapest, Bartók Béla út 15. A., IV. floor 23., Hungary
Telephone number: +36 1 302 4010
Email address: firstname.lastname@example.org
hereinafter: “Data Controller”
Data of the representative of the data controller:
Name: Dr. Dániel Sisa, attorney-at-law
Address: 1114 Budapest, Bartók Béla út 15. A., IV. floor 23., Hungary
Email address: email@example.com
If you have any questions concerning this Information or you wish to exercise your rights under this Information, then please, contact us using any of the contact options above and we will gladly answer your questions.
II. Data protection commitments of the Data Controller
The Data Controller accepts the provisions of this Information as binding. The Data Controller agrees to comply with all the effective legal regulations concerning data processing, in this regard especially Regulation (EU) 2016/679 of the European Parliament and of the Council on data protection (“GDPR”). The Data Controller reserves the right to change this information at any time and shall notify you about possible changes in due time.
III. Information concerning data controlling
3.1. Cookie data processing of the www.sjlaw.hu website:
a) Purpose of data processing: identifying data subjects, tracking them and differentiating between them, identifying the current work sessions of the users, storage of data provided in the course of such work sessions, preventing data loss, web analytics.
b) Legal basis for data processing: your voluntarily given consent. However, you are entitled to revoke your consent at any time, although it does not concern the legality of data processing performed before the revocation.
c) Scope of controlled data: time, date, identifying number, websites visited earlier.
d) Addressees to whom your personal data is disclosed: -.
e) The Data Controller does not forward your personal data to third countries or to international organizations.
f) Duration of storing the personal data: until the revocation of consent. The data subject can delete the cookie from their own computer and can turn off cookies in their browser. Processing of cookies is generally available in the Tools/settings menu of browsers, under Data protection settings, under the name cookies.
g) The provision of your personal data is not based on legal regulations or contractual obligations, providing personal data is not a prerequisite for concluding a contract. Consequence of failure to provide data: you cannot use the website, its functions and services or can only use them in a limited manner.
h) The Data Controller does not use automated decision making in the course of managing your personal data.
IV. Your rights concerning data processing
You also have the following rights concerning the processing of your personal data:
4.1. Right to access:
You have the right to receive feedback from the Data Controller concerning whether the processing of your personal data is in progress, and if such data processing is in progress, then you have the right to receive access to personal data and the following information:
a) purposes of data processing;
b) categories of personal data involved;
c) categories of addressees to whom personal data are or will be disclosed, including especially addressees in third countries and international organizations;
d) planned duration of storing personal data, or if it cannot be determined accurately, then the criteria of determining such a period;
e) you can request from the Data Controller the correction, deletion of personal data concerning you or the limitation of the processing of the same, and might object to the processing of such personal data;
f) option to submit complaints addressed to a supervisory authority;
g) if data was not collected from you, then all available information concerning the source of data;
h) whether the Data Controller performs automated decision making or profiling and the logic applied in such cases and clear information concerning the significance of such data processing and the expected consequences for the data subject.
You have the right to receive information from the Data Controller about the appropriate data protection guarantees, if your personal data is forwarded to third countries or international organizations.
At your request the Data Controller provides for you a copy of the personal data being controlled. The Data Controller might charge a reasonable amount of fee for additional copies you might request, based on administrative costs. If you submitted the request electronically, information shall be provided in electronic format, except if you expressly request otherwise.
4.2. Right to correction
You have the right to have the inaccurate personal data concerning you corrected by the Data Controller without unreasonable delay at your request. Considering the purpose of data processing, you are also entitled to request the supplementation of incomplete personal data.
4.3. Right to deletion
You have the right to have the personal data concerning you deleted by the Data Controller without unreasonable delay at your request.
The Data Controller shall delete personal data concerning you without unreasonable delay if any of the following reasons exist:
a) the personal data is not necessary any more for the reason it was collected or otherwise managed;
b) you revoke your consent serving as basis for the data processing and data processing has no other legal basis;
c) you object to the processing of your data, and the appropriate requirements for deletion are met;
d) the Data Controller managed personal data illegally;
e) the personal data must be deleted for the performance of a legal obligation required by Union or member state laws applicable to the Data Controller;
f) collection of personal data was performed in connection with offering services connected to information society for children.
Right to be forgotten: If the Data Controller disclosed the personal data and shall delete it, it shall take the reasonably expected measures, considering the available technology and the costs of implementation, in order to inform other data controllers managing the data that you requested from them the deletion of links to the personal data in question or of the copy of such personal data or the duplicate of such personal data.
BE ADVISED! You do not have the right to deletion and to be forgotten if the data processing is necessary for the following:
a) for exercising the right to the freedom of expression and to getting informed;
b) for the performance of obligations requiring the processing of personal data under Union or member state law applicable to the Data Controller, or to perform tasks performed out of public interest or under exercising public powers delegated to the Data Controller;
c) for realizing public interests concerning the area of public health;
d) for archival out of public interest, for scientific or historical research or for statistical purposes if the right to deletion would probably make such data processing impossible or would seriously jeopardize it; or
e) for the submission, enforcement and defense of legal claims.
4.4. Right to the limitation of data processing
You have the right to have data processing limited by the Data Controller at your request if any of the following requirements is met:
a) you dispute the accuracy of personal data; in this case the limitation is for the period necessary for the Data Controller to check the accuracy of personal data;
b) the data processing is illegal and you do not request the deletion of data, requesting the limitation of using the same instead;
c) the Data Controller does not need the personal data any more for data processing purposes, yet you require such data for submitting, enforcing or defending legal claims; or
d) you objected to data processing; in this case the limitation is for the period necessary to establish whether the rightful reasons of the Data Controller enjoy priority over the rightful interests of the data subject.
If based on the above the data processing is limited, such personal data may only be managed (except for storage) with your consent, or to submit, enforce or defend legal claims or to protect the rights of other natural persons or legal entities, or out of public interest of the Union or any member state.
The Data Controller informs you beforehand about releasing the limitation of data processing.
4.5. Right to objection
BE ADVISED! You have the right to object to the processing of your personal data at any time due to reasons concerning your situation, but only in the case if
– the legal basis of data processing is the performance of tasks performed out of public interest or under exercising public powers delegated to the Data Controller, or
– the data processing is necessary for enforcing the rightful interests of the Data Controller or a third party, including profiling.
In this case the Data Controller may not manage the personal data any longer. In exceptional cases the Data controller may continue the processing of your data if it is proven that data processing is justified by such rightful and compelling reasons that enjoy priority over your interests and rights, or is connected to the submission, enforcement of defense of legal claims.
BE ADVISED! Besides the above you have the right (regardless of the above section) to object to the processing of personal data concerning you for such purposes (including profiling connected to direct marketing) at any time. If you object to the processing of personal data for direct marketing purposes, then the personal data cannot be managed for this purpose any longer.
If the personal data is managed for scientific or historical research purposes or for statistical purposes, you have the right to object to the processing of your personal data due to reasons concerning your situation. However, you do not have the right to object if the data processing is necessary for the performance of tasks performed out of public interests.
In connection with using services related to information society and different from the provisions of Directive 2002/58/EC the data subject may exercise the right to objection with automated tools based on technical requirements as well. Such an objection may be if you install a program that you use so that you cannot be tracked based on your browser, your location cannot be pinpointed, your IP address is not made public and your browser does not display advertisements, offers, etc.
4.6. Right to the mobility of data
You are only entitled to this right if the data processing is based on your consent or the contract concluded with the Data Subject, and the data processing is performed in an automated manner.
In such cases you have the right to receive the personal data that concern you and that you provided for the Data Controller in a tabulated, widely used format readable with a computer, and you have the right to forward such data to another data controller without the Data Controller preventing it. You also have the right to request – if it is technically feasible – direct forwarding of personal data between data controllers.
You, however, do not have the right to enforce your right to the mobility of data if the data processing is for public interests or if it is necessary for the performance of tasks performed under exercising public powers delegated to the Data Controller.
4.7. Procedural rules applicable to the Data Controller in the case of exercising your rights:
Please submit requests aimed at exercising your rights using the contact options indicated in Section I.
The Data Controller shall inform you about measures taken as the result of your request aimed at exercising your right without unreasonable delay but within one month at the most from the reception of the request. This deadline may be extended by an additional two months, considering the complexity of the request and the number of requests, if applicable, about which you shall be informed. The Data Controller shall inform you about the extension of the deadline within one month from receiving the request, indicating the reasons for the delay. If you submitted the request electronically, the information shall be given electronically if possible, except if you request otherwise.
If the Data Controller does not take measures as the result of your request, it shall inform you without delay, but within one month from receiving the request at the latest, about the reasons for not taking measures and about that you may file complaints at any supervisory authority and may exercise your right to judicial remedy.
The Data Controller provides the information and the measure taken free of charge. If your request is clearly unfounded or excessive – especially due to its repeated nature – the Data Controller, considering the administrative costs of providing the requested information or taking the requested measure, may charge a reasonable amount of fee for the administrative costs, or may refuse taking measures based on the request. Proving the clearly unfounded or excessive nature of the request is the burden of the Data Controller.
The Data Controller informs all addressees to whom the personal data was disclosed about all corrections, deletions or limitations of data processing, except if it proves impossible or would require a disproportionate amount of effort. At your request the Data Controller shall inform you about such addressees.
V. Your right to legal remedy
5.1. Complaint addressed to the Data Controller:
If you have any complaints concerning the processing of your personal data, then please contact us using any of the contact options indicated in Section I.
5.2. Complaint addressed to the Data Protection Authority:
You have the right to file a complaint at a supervisory authority – especially in the European member state according to your usual place of residence, your workplace or the location of the assumed infringement – if, in your opinion, the processing of personal data concerning you violates the GDPR regulation or other legal regulations. The supervisory authority to which the complaint was submitted shall inform you about the procedural developments concerning the complaint and the results of the same, including that you have the right to judicial remedy.
You can file complaints at the Hungarian National Authority for Data Protection and Freedom of Information as supervisory authority:
Name: Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság)
Registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mail address: 1530 Budapest, PO Box: 5.
Telephone: 06 1 391 1400
Fax: 06 1 391 1410
5.3. Right to compensation:
Every person who suffered losses as the result of violating the GDPR is entitled to financial compensation and/or grievance fees from the Data Controller or the data processor(s).
The data processor is only responsible for damages caused by data processing if it did not comply with the obligations specified in the GDPR that specifically burden the data processors or if it disregarded the rightful instructions of the Data Controller or acted contrary to them.
If multiple data controllers or multiple data processors are involved in the same data processing and are responsible for damages caused by data processing, every data controller or data processor has joint and several liabilities for the total damage.
The data controller or data processor is exempted from liability if it can prove that it bears no responsibility whatsoever for the event causing the damage.
5.4. Right to judicial remedy:
You have the right to turn to a court and to request effective judicial remedy from the court, if, according to your opinion your rights under GDPR were violated as the result of the processing of your personal data performed in a manner not in compliance with the legal regulations.
The procedure against the Data Controller or data processor shall be initiated before a court of the member state according to the place of activity of the Data Controller or data processor. Such a procedure can be initiated before a court of the member state according to your usual place of residence as well, except if the data controller or data processor is a public authority of a member state acting under its public power.
VI. Data security
The Data Controller obliges itself to employ adequate and efficient physical, IT, organizational and administrative measures to preserve confidential, intact and available condition of your personal data.
Budapest, 16 January 2019.
Sisa and Joósz Law Office