Data Protection Policy

See the Data Protection Policy of Racz Law Firm. The highest level of personal data protection is particularly important for Rácz Law Firm.
1. Preamble
The highest level of personal data protection is particularly important for Rácz Law Firm (in Hungarian: Dr. Rácz Zoltán Ügyvédi Iroda; office: East- West Business Center, 1088 Budapest, Rákóczi út 1-3.; seat: 1138 Budapest, Viza u. 7/a 7/1.; az „Law Firm”).
The purpose of this Data Protection Policy is to inform the visitors of www.raczlawfirm.hu webpage („Webpage”) on data processing related to the operations of The Law Firm, in line with the provisions of Act CXII of 2011 on Informational Self-determination and on the Freedom of Information („Information Act”).
Please note that it is possible to visit the Webpage without providing any personal data. The Webpage does not contain behaviour-based advertisements (so-called cookies). Nevertheless, in case the visitor intends to receive information on the events organized by The Law Firm, subscribes to the Newsletter or provides contact data to The Law Firm for business development and cooperation purposes, the following provisions shall apply.
2. Definitions
personal data: any information relating to a natural person directly or indirectly identifiable, as well as conclusions drawn from the data with regard to the data subject. In the course of data processing, the data in question shall be treated as personal as long as the data subject remains identifiable through it. The data subject shall - in particular – be considered identifiable if the data controller is in possession of the technical requirements which are necessary for the identification.
sensitive data: personal data revealing racial origin or nationality, political opinions and any affiliation with political parties, religious or philosophical beliefs or trade-union membership, personal data concerning sex life, health, pathological addictions, or criminal record.
data subject: any natural person who can be identified, directly or indirectly by reference to specific personal data.
data processing: any operation or the totality of operations performed on data, irrespective of the procedure applied; in particular, collecting, recording, registering, classifying, storing, modifying, using, querying, transferring, disclosing, synchronising or connecting, blocking, deleting and destructing data, as well as preventing their further use, taking photos, making audio or visual recordings, as well as registering physical characteristics suitable for personal identification.
data controller: a natural or legal person, or organisation without legal personality, which – alone or jointly with others – determines the purposes and means of processing of data; makes and executes decisions concerning data processing or have it executed by a data processor.
data process: performing technical tasks in connection with the data processing operations.
data processor: any natural or legal person or organisation without legal personality processing data based on a contract concluded with the data controller, including contracts concluded pursuant to legal provisions.
data transfer: ensuring access to the data for third party.
the data subject’s consent: any freely and expressly given specific and informed indication of the will of the data subject by which he gives his agreement to personal data relating to him being processed fully or to the extent of specific operations. In case of sensitive data, written consent is required.
providing adequate information: Prior to data processing being initiated, the data subject shall be informed whether his consent is required or the data processing is mandatory. In addition, the data subject shall be clearly informed of all aspects of the processing of his personal data, such as the purpose for which his data is required and the legal basis, the person entitled to control the data and to carry out the processing, the duration of the proposed processing operation and the persons to whom his data may be disclosed. Information shall also be provided on the data subject’s rights and remedies.
the data subject’s objection: a declaration made by the data subject objecting to the processing of their personal data and requesting the termination of data processing, as well as the deletion of the data processed.
data security: system of technical and organizational solutions against the unlawful acquisition, modification and destruction of data.
data deletion: making data unrecognisable in a way that it can never again be restored.
blocking of data: marking data with a special ID tag to indefinitely or definitely restrict its further processing.
third country: any country that is not a member of the European Economic Area.
3. General provisions
The controllers of the personal data under the scope of this Data Protection Policy is The Law Firm.
The legal ground of processing personal data is the data subject’s consent. The Law Firm does not process sensitive data under the scope of this Data Protection Policy. The Law Firm processes the given personal data only as long as the purpose of data processing persists, but no longer than the withdrawal of the consent of the data subject.
The personal data will not be forwarded to further data controllers. Only the members of The Law Firm and those employees are entitled to access the personal data, whose access is absolutely necessary to achieve the purpose of data processing.
For the purpose of ensuring data security, The Law Firm implements all appropriate technical and organizational measures that are requested to protect personal data, as well as all adequate procedural rules to enforce the provisions of the Information Act and other national and international data protection regulations. The Law Firm protects the processed personal data against unauthorized access, alteration, transmission, public disclosure, deletion or destruction, as well as damage and accidental loss, and ensure that stored data cannot be corrupted and rendered inaccessible.
4. Specific provisions on each data processing
4.1. Sending legal newsletters
The Law Firm provides its clients, other business partners and potentially interested other parties, who gave their preliminary, freely given and explicit consent, with legal newsletters. For this purpose, The Law Firm holds a record of the names, e-mail addresses, phone numbers, company names and positions of the data subjects.
The data processor defined in the annex of this policy (hereinafter: „Data Processor”) is entitled to execute technical tasks relating to the editing and sending legal newsletters upon a written data process agreement.
The Data Processor may use its own servers located in a third country during the data process. Considering that the Data Processor is on the „safe harbour list” defined in the 2000/520/EC Decision of the Commission of the European Communities, the adequate protection of the personal data is ensured in line with Section 8 § (1) b) of the Information Act.
The registration number of the data processing: NAIH-90834/2015.
4.2. Providing documents in connection with professional events organized by The Law Firm
The Law Firm regularly organizes professional events for its clients, business partners and other invited persons. On the grounds of the preliminary, freely given and explicit consent of the data subjects, The Law Firm sends invitations and other documents, and for this purpose, The Law Firm holds a record of the names, phone numbers, e-mail addresses, company names and positions of the data subjects.
The registration number of the data processing: NAIH-90836/2015.
4.3. Personal data processed for the purpose of business development
For the purpose of business development, in addition to processing client data, The Law Firm collects and processes – both in a paper-based and in an electronic form – contact data (phone number, e-mail address) and other „business card” data of further persons, on the ground of the data subject’s consent.
The registration number of the data processing: NAIH-90835/2015.
5. Data subject’s rights
Upon the data subject’s request, The Law Firm provides information concerning the data relating to him, including those processed by a data processor on its behalf or according to his notice, the sources from where they were obtained, the purpose, legal ground and duration of processing, the name and address of the data processor and on its activities relating to data processing.
The Law Firm complies with requests for information, and provides the information requested in an intelligible form, in writing at the data subject’s request, without any delay but within thirty days at the latest. The information is provided free of charge for any category of data once a year.
The data subject may request the rectification, deletion and blocking of personal data. The Law Firm blocks the personal data instead of deleting it, if there is reasonable ground to believe that the deletion would affect the legitimate interests of the data subject. Blocked data shall be only processed for the purpose which prevented its deletion.
In addition, the data subject has the right of objection, and is also entitled to file a court claim or to contact the National Authority for Data Protection and for the Freedom of Information.
The provisions of the Information Act shall apply for questions not covered in this Data Protection Policy.
Rácz Law Firm