Privacy Policy

Privacy Notice on the Rights of the Data Subject as a Natural Person in Relation to the Processing of Personal Data

Dear Data Subject,

I, the undersigned, Dr. Gábor Takács, attorney-at-law, as Data Controller – registered office: 3000 Hatvan, Kossuth tér 16. 1/7; tax number: 53121392-1-30; Bar Association ID: KASZ_36069934 – hereby provide the following information on the processing of your personal data pursuant to Article 12 of Directive 95/46/EC:

You have consented to the processing of your personal data by completing, or having completed, and signing the form provided to you by the Data Controller.

The Data Controller processes your personal data solely and exclusively for the purposes indicated on the form.

Dear Data Subject, pursuant to Directive 95/46/EC, you are entitled to the following rights:

Right to transparent information:
The data subject must be informed of the circumstances of data processing and of the rights granted to them in a concise, transparent, intelligible and easily accessible form, using clear and plain language, free of charge. If the data subject requests information, it must be provided without undue delay, and in any event within no more than 30 days.

Right of access:
The data subject shall have the right to obtain confirmation from the Data Controller as to whether or not personal data concerning them are being processed, and where such processing is taking place, the data subject shall have the right to access the personal data and the information specified in Article 15.

Right to data portability:
The data subject shall have the right to receive the personal data concerning them, which they have provided to a data controller, in a structured, commonly used and machine-readable format, and shall have the right to transmit those data to another data controller without hindrance from the data controller to whom the personal data were provided.

Right to rectification:
The data subject shall have the right to obtain from the Data Controller, without undue delay, the rectification of inaccurate personal data concerning them.

Right to erasure:
The data subject shall have the right to request that the Data Controller erase personal data concerning them without undue delay.

Right to restriction of processing:
The data subject shall have the right to request that the Data Controller restrict the processing of their personal data.

Right to withdraw consent to data processing:
The data subject may withdraw their declaration of consent to data processing at any time.

Right to lodge a complaint:
The data subject has the right to lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information.

In relation to the processing of your personal data, I provide the following information pursuant to Article 13 of Directive 95/46/EC:

Data Controller
Company name; representative; contact details:
Dr. Gábor Takács, attorney-at-law; registered office: 3000 Hatvan, Kossuth tér 16. 1/7; telephone: +36 30 593 7317

Purpose of the intended processing of personal data:
Contact keeping

Legal basis for data processing:
Consent of the data subject pursuant to Article 6(1)(a)

Categories of personal data concerned:
Name, address, telephone number, email address

Duration of data storage:
For an indefinite period, until withdrawal of consent


3a. Contact details of natural person representatives of legal entity clients

Data Controller
Company name; representative; contact details:
Dr. Gábor Takács, attorney-at-law; registered office: 3000 Hatvan, Kossuth tér 16. 1/7; telephone: +36 30 593 7317

Purpose of the intended processing of personal data:
Performance of the contract concluded with the Data Controller, business contact keeping; legal basis: consent of the data subject.

Legal basis for data processing:
Consent of the data subject pursuant to Article 6(1)(a)

Categories of personal data concerned:
Name, address, telephone number and email address of the natural person.

Duration of data storage:
For 5 years following the termination of the business relationship or the representative status of the data subject.

Recipients of personal data:
Data processor providing IT services

Dear Data Subject, your data are processed and used by the Data Controller solely and exclusively for the purpose of fulfilling the rights and obligations specified in the contract, and only to the extent necessary for the fulfilment of such rights and obligations.

Dear Data Subject, pursuant to legal requirements, the Data Controller discloses your data to the following authorities or recipients:

Data processor providing IT services

Recipient of personal data:
Rackhost Zrt.

Purpose of the intended processing of personal data:
Fulfilment of rights and obligations arising from the contractual relationship

Legal basis for data processing:
Performance of a contract pursuant to Article 6(1)(b)

Categories of personal data concerned:
Name, address, place and date of birth, mother’s birth name, tax identification number or tax number

Duration of data storage:
For 5 years following the termination of the business relationship or the representative status of the data subject

Dear Data Subject, you may withdraw your consent to data processing at any time. You may submit your clear declaration of withdrawal through the contact details of the Company or to the data protection officer. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Dear Data Subject, you may lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) if you consider that the processing of your personal data does not comply with legal requirements.

The contact details of the NAIH are as follows:
Postal address: 1530 Budapest, P.O. Box 5
Registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Telephone: +36 (1) 391-1400
Email: ugyfelszolgalat@naih.hu
Website: http://naih.hu

Dr. Gábor Takács, attorney-at-law

Registered office: 3000 Hatvan, Kossuth tér 16. 1/7

Tax number: 53121392-1-30

as Data Controller hereinafter referred to as the Data Controller

For the purpose of complying with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, General Data Protection Regulation, and for the purpose of defining the internal rules of the Data Controller’s data processing activities, the Data Controller applies the following Data Processing Policy.

Done at Hatvan, 23 May 2018

Dr. Gábor Takács
attorney-at-law
Data Controller


I. GENERAL PROVISIONS

1. Statement of the Data Controller

The Data Controller declares that it carries out its data processing activities by adopting appropriate internal rules and technical and organisational measures in such a way that, under all circumstances, such activities comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, General Data Protection Regulation, hereinafter referred to as the Regulation, as well as with the provisions of Act CXII of 2011 on Informational Self-Determination and Freedom of Information, hereinafter referred to as the Privacy Act.

2. Purpose of the Policy

The purpose of this Policy is to establish internal rules and lay down measures ensuring that the activities of the Data Controller comply with the provisions of the Regulation and the Privacy Act.

The further purpose of this Policy is to serve as proof of the Data Controller’s compliance with the Regulation and with the principles relating to the processing of personal data set out therein, in particular Article 5.

3. Scope of the Policy

The scope of this Policy extends to the processing by the Data Controller of personal data relating to natural persons.

For the purposes of this Policy, sole proprietors, sole-proprietor companies and primary agricultural producers shall be considered natural persons.

The scope of this Policy does not extend to the processing of personal data relating to legal persons, including the name and legal form of the legal person and data relating to the contact details of the legal person. GDPR Recital 14.

The Data Controller reserves the right to review this Data Processing Policy and its annexes where necessary and to amend their content in accordance with the current legal requirements and the scope of the data processed, in order to ensure that the conditions set out in this Policy always reflect the current method of processing personal data and compliance with the applicable legislation.


4. Definitions

For the purposes of this Policy, the applicable definitions are set out in Article 4 of the Regulation. Accordingly, the main definitions are highlighted below:

“Personal data” means any information relating to an identified or identifiable natural person, the “data subject”. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific natural person without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

“Filing system” means any structured set of personal data which is accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

“Recipient” means a natural or legal person, public authority, agency or another body to which personal data are disclosed, whether or not a third party. Public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients. The processing of such data by those public authorities shall comply with the applicable data protection rules according to the purposes of the processing.

“Third party” means a natural or legal person, public authority, agency or other body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

“Consent of the data subject” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which the data subject, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to them.

“Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or unauthorised access to, personal data transmitted, stored or otherwise processed.


II. ENSURING THE LAWFULNESS OF DATA PROCESSING

1. Data processing based on the consent of the data subject

In the case of data processing based on consent, the consent of the data subject to the processing of their personal data shall be requested on the data request form set out in Annex 1.

Consent shall also be deemed to have been given if, during the visit to the Data Controller’s website, the data subject ticks a box for this purpose, makes technical settings for information society services, or makes any other statement or action which clearly indicates, in the given context, the data subject’s consent to the intended processing of their personal data. Silence, a pre-ticked box or inactivity shall therefore not constitute consent.

Consent shall cover all data processing activities carried out for the same purpose or purposes. Where processing serves several purposes at the same time, consent shall be given for all processing purposes.

Where the data subject gives consent in the context of a written declaration which also concerns other matters, such as the conclusion of an engagement contract, the request for consent shall be presented in a manner clearly distinguishable from those other matters, in an intelligible and easily accessible form, using clear and plain language. Any part of such a declaration containing the consent of the data subject which infringes the Regulation shall not be binding.

The Data Controller may not make the conclusion or performance of a contract conditional upon consent to the processing of personal data which are not necessary for the performance of the contract.

Withdrawal of consent shall be made possible in the same easy manner as the giving of consent.

Where personal data have been collected with the consent of the data subject, the Data Controller may, unless otherwise provided by law, process the collected data for the purpose of fulfilling a legal obligation applicable to the Data Controller without further separate consent, and even after the withdrawal of the data subject’s consent.

The Data Controller shall make the general privacy notice set out in Annex 2 available to data subjects in the footer of its website. The purpose of this notice is to inform data subjects, in a publicly accessible form, clearly and in detail before and during the processing of data, of all facts relating to the processing of their data, in particular the purpose and legal basis of the processing, the person authorised to process and process the data, the duration of processing, whether the personal data of the data subject are processed by the Data Controller pursuant to Section 6(5) of the Privacy Act, and who may access the data.

The information shall also cover the rights and remedies of the data subject in relation to data processing. This privacy notice shall be made accessible by a separate link at each of the most important data processing steps, for example before registration and during the registration process. Data subjects shall be informed of the availability of this notice.

Data processing based on the legal basis of fulfilling a legal obligation is independent of the data subject’s consent, as the processing is prescribed by law. In this case, the data subject must be informed before the start of data processing that the processing is mandatory. Furthermore, before the start of data processing, the data subject must be clearly and thoroughly informed of all facts relating to the processing of their data, in particular the purpose and legal basis of the processing, the person authorised to carry out the processing and the data processing, the duration of processing, whether the personal data of the data subject are processed by the Data Controller on the basis of a legal obligation applicable to the Data Controller, and who may access the data.

The information shall also cover the data subject’s rights and remedies in relation to data processing. In the case of mandatory data processing, information may also be provided by making public reference to the legal provisions containing the above information.


2. Contact details of natural person representatives of legal entity clients

Scope of personal data that may be processed:
name, address, telephone number and email address of the natural person.

Purpose of processing personal data:
performance of the contract concluded with the Data Controller, business contact keeping; legal basis: consent of the data subject.

Recipients of personal data or categories of recipients:
processors providing IT services.

Duration of storage of personal data:
for 5 years following the termination of the business relationship or the representative status of the data subject.

The sample data collection form is included in Annex 4 of this Policy.

The declaration must be retained for the duration of the data processing.


3. DATA PROCESSING BASED ON CONTRACT

1. Processing and registration of clients’ data

The Data Controller processes the following data of persons entering into an engagement contract with it on the legal basis of performance of the engagement contract, for the purposes of concluding, performing and terminating the contract and providing contractual discounts:

  • name,
  • address,
  • place and date of birth,
  • mother’s birth name,
  • tax identification number or tax number.

Such processing shall also be considered lawful where the processing is necessary in order to take steps at the request of the data subject prior to entering into the contract.

Recipients of personal data:
the IT service provider of the Data Controller, as processor.

Duration of storage of personal data:
5 years after termination of the contract.

Before the commencement of data processing, the natural person data subject shall be informed that the processing is based on the legal basis of performance of the contract; such information may also be provided in the contract. The data subject shall be informed of the transfer of their personal data to the processor.

The wording of the data processing clause relating to a contract concluded with a natural person is included in Annex 3 of this Policy.


2. Visitor data processing on the Data Controller’s website – Information on the use of cookies

Cookies are short data files placed on the user’s computer by the website visited. The purpose of cookies is to make the given infocommunication or internet service easier and more convenient to use. There are many types of cookies, but they can generally be divided into two main categories. One type is the temporary cookie, which is placed on the user’s device by the website only during a given session, for example during the security identification of internet banking. The other type is the persistent cookie, for example the language setting of a website, which remains on the computer until the user deletes it.

According to the guidelines of the European Commission, cookies, except where they are strictly necessary for the use of the given service, may only be placed on the user’s device with the user’s permission.

In the case of cookies that do not require the user’s consent, information must be provided during the first visit to the website. It is not necessary for the full text of the cookie notice to appear on the website; it is sufficient for the website operators to briefly summarise the essence of the information and to refer to the full notice through a link.

In the case of cookies requiring consent, the information may also be linked to the first visit to the website if the data processing associated with the use of cookies begins upon visiting the site. If the use of a cookie is linked to the use of a function expressly requested by the user, the information may also appear in relation to the use of that function. In this case, too, it is not necessary for the full text of the cookie notice to appear on the website; a short summary of the essence of the information and a link to the full notice shall be sufficient.

Visitors must be informed of the use of cookies on the website in the privacy notice set out in Annex 2. Through this notice, the Company ensures that the visitor may become aware, before using and at any time during the use of the information society services of the website, of the data processing purposes for which the Company processes which types of data, including the processing of data that cannot be directly linked to the user.


3. Appointment booking on the Data Controller’s website

A natural person booking an appointment on the website may give consent to the processing of their personal data by ticking the relevant box. Pre-ticking the box is prohibited.

Scope of personal data that may be processed:
the natural person’s name, surname and first name, telephone number and email address.

Purpose of processing personal data:

  • performance of the appointment booking service provided on the website;
  • contacting the data subject by electronic, telephone and SMS communication.

The legal basis of data processing is the performance of a contract pursuant to Article 6(1)(b).

Recipients of personal data or categories of recipients:
as processor, the employees of the Data Controller’s IT service provider performing hosting services.

Duration of storage of personal data:
until the service exists or until the withdrawal of the data subject’s consent, meaning the request for erasure.


4. Community guidelines / Data processing on the Data Controller’s LinkedIn page

The Data Controller maintains a LinkedIn page for the purpose of presenting and promoting its services.

A question submitted on the Data Controller’s LinkedIn page shall not be considered an officially submitted complaint.

The Company does not process personal data published by visitors on the Data Controller’s LinkedIn page.

Visitors are subject to LinkedIn’s Privacy Policy and Terms of Service.

In the event of unlawful or offensive content being published, the Data Controller may exclude the data subject from the members or delete their comment without prior notice.

The Data Controller shall not be liable for unlawful data content or comments published by LinkedIn users. The Data Controller shall not be liable for any error, malfunction or problem arising from the operation of LinkedIn or from changes to the operation of the system.


4. DATA PROCESSING BASED ON LEGAL OBLIGATIONS

1. Data processing for the fulfilment of tax and accounting obligations

The Data Controller processes, on the legal basis of fulfilling a legal obligation and for the purpose of fulfilling tax and accounting obligations prescribed by law, the data defined by law of natural persons entering into a business relationship with it as clients.

The processed data include, in particular, pursuant to Sections 169 and 202 of Act CXXVII of 2017 on Value Added Tax:

  • tax number,
  • name,
  • address,
  • tax status,

and pursuant to Section 167 of Act C of 2000 on Accounting:

  • name,
  • address,
  • identification of the person or organisation ordering the economic transaction,
  • the signature of the authorising person and the person certifying performance, and, depending on the organisation, the signature of the controller,
  • on inventory movement documents and cash management documents, the signature of the recipient; on counter-receipts, the signature of the payer,
  • pursuant to Act CXVII of 1995 on Personal Income Tax: number of the entrepreneurial certificate, number of the primary producer certificate,
  • tax identification number.

The duration of storage of personal data is 8 years following the termination of the legal relationship giving rise to the legal basis.

Recipients of personal data:
the Data Controller’s processor performing taxation, accounting, payroll and social security tasks, and the National Tax and Customs Administration.


2. Data processing for the fulfilment of anti-money laundering obligations

The Data Controller processes, on the legal basis of fulfilling a legal obligation and for the purpose of preventing and combating money laundering and terrorist financing, the data of its clients, their representatives and beneficial owners as defined in Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing.

In the case of a natural person, these data include:

  • family and first name,
  • birth family and first name,
  • nationality,
  • place and date of birth,
  • mother’s birth name,
  • address, or in the absence thereof, place of residence,
  • type and number of identity document,
  • number of official address card,
  • copies of the documents presented.

Legal references: Section 7; MÜK Regulation No. 10/2019 VI. 24., clause 11.1; Section 75(1) of the Anti-Money Laundering Act.

Recipients of personal data:
National Tax and Customs Administration, Bar Association.

Duration of storage of personal data:
8 years from the termination of the engagement or the performance of the transaction engagement, pursuant to Section 56(2) of the Anti-Money Laundering Act.


3. Data processing for the performance of attorney engagement

The Data Controller processes, on the legal basis of performing attorney-at-law activities, the data of its clients and their representatives specified in the engagement contract and required for the performance of the engagement, as determined by law:

  • family and first name of the natural person,
  • birth family and first name,
  • nationality,
  • place and date of birth,
  • mother’s birth name,
  • address, or in the absence thereof, place of residence,
  • type and number of identity document,
  • number of official address card,
  • copies of the documents presented,
  • number of tax identification document,
  • personal identification number,
  • tax identification number,
  • tax number,
  • number of entrepreneurial or primary producer certificate,
  • bank account number.

Recipients of personal data:
parties involved in the transaction; courts; authorities; the substitute attorney of the Data Controller; the Bar Association; the processor performing IT tasks for the Data Controller; the substitute attorney of the Data Controller, their employees and processors.

Duration of storage of personal data:
without time limit.


5. DATA SECURITY MEASURES

1. Data security measures

In relation to all data processing activities, regardless of purpose and legal basis, the Data Controller is obliged, in the interest of the security of personal data, to take the technical and organisational measures and establish the procedural rules necessary to enforce the Regulation and the Privacy Act.

The Data Controller protects the data by appropriate measures against accidental or unlawful destruction, loss, alteration, damage, unauthorised disclosure or unauthorised access.

The Data Controller classifies and handles personal data as confidential data. The Data Controller imposes a confidentiality obligation on office staff regarding the processing of personal data, for which the clause set out in Annex 3 shall apply. Access to personal data is restricted by the Data Controller through the allocation of authorisation levels.

The Data Controller protects its IT systems with a firewall and provides virus protection.

The Data Controller carries out electronic data processing and record keeping through a computer program that complies with data security requirements. The program ensures that data may be accessed only for a specific purpose, under controlled circumstances, and only by persons who need access for the performance of their duties.

The Data Controller ensures the monitoring of incoming and outgoing electronic communication in order to protect personal data.

Only the Data Controller and the substitute attorney may access documents relating to ongoing work and documents under processing.

The appropriate physical protection of data and the devices and documents carrying such data must be ensured.


6. MANAGEMENT OF PERSONAL DATA BREACHES

1. Definition of a personal data breach

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or unauthorised access to, personal data transmitted, stored or otherwise processed. Article 4(12) of the Regulation.

The most commonly reported incidents may include, for example:

  • loss of a laptop or mobile phone,
  • insecure storage of personal data, for example payslips thrown into the bin,
  • insecure transmission of data,
  • unauthorised copying or forwarding of client data,
  • attacks against servers,
  • hacking of the website.

2. Handling and remedying personal data breaches

The prevention and handling of personal data breaches and compliance with the relevant legal requirements are the responsibility of the head of the Company.

Accesses and access attempts to IT systems must be logged and continuously analysed.

A personal data breach may be reported through the Company’s central email address or telephone number, through which data subjects may report the underlying events and security weaknesses.

In the event of a report of a personal data breach, the Data Controller, with the involvement of the IT specialist, shall examine the report without delay. During this examination, the incident must be identified, and it must be decided whether it is a genuine incident or a false alarm.

The following must be examined and established:

  • the date and place of the incident,
  • the description, circumstances and effects of the incident,
  • the scope and quantity of data compromised during the incident,
  • the group of persons affected by the compromised data,
  • the description of measures taken to remedy the incident,
  • the description of measures taken to prevent, remedy or reduce damage.

In the event of a personal data breach, the affected systems, persons and data must be identified and isolated, and evidence supporting the occurrence of the incident must be collected and preserved. Thereafter, restoration of the damage and restoration of lawful operation may begin.


3. Register of personal data breaches

A register must be kept of personal data breaches, containing:

  • the scope of the personal data concerned,
  • the group and number of persons affected by the personal data breach,
  • the date of the personal data breach,
  • the circumstances and effects of the personal data breach,
  • the measures taken to remedy the personal data breach,
  • any other data specified in the legal regulation prescribing the data processing.

Data relating to personal data breaches included in the register must be retained for 5 years.

Data Request Form for the Processing of Personal Data Based on Consent

I, the undersigned,

Name:

Address:

by signing this document, hereby consent to Dr. Gábor Takács, attorney-at-law, processing the following personal data of mine pursuant to Article 6(1)(a) and Article 7 of Directive 95/46/EC:

Name:

Address:

Telephone number:

Email address:

I have consented to the processing of my data for the following purpose:

contact keeping

This consent to the processing of personal data shall remain valid until withdrawn.

By signing this declaration of consent, I declare that I have received the notice containing my rights in relation to data processing and that I have familiarised myself with its contents before signing this declaration of consent.

I have read and duly understood this declaration of consent and, being aware of my rights relating to the processing of my personal data, I have signed it by hand and with approval.

Hatvan, ………………… year ……………………… month ………… day

……………………………………
Consenting Party


Annex: Privacy Notice on the Rights of the Data Subject as a Natural Person in Relation to the Processing of Personal Data

Privacy Notice on the Rights of the Data Subject as a Natural Person in Relation to the Processing of Personal Data

Dear Data Subject,

I, the undersigned, Dr. Gábor Takács, attorney-at-law, as Data Controller – registered office: 3000 Hatvan, Kossuth tér 16. 1/7; tax number: 53121392-1-30; Bar Association ID: KASZ_36069934 – hereby provide the following information on the processing of your personal data pursuant to Article 12 of Directive 95/46/EC:

You have consented to the processing of your personal data by completing, or having completed, and signing the form provided to you by the Data Controller.

The Data Controller processes your personal data solely and exclusively for the purposes indicated on the form.

Dear Data Subject, pursuant to Directive 95/46/EC, you are entitled to the following rights:

Right to transparent information:
The data subject must be informed of the circumstances of data processing and of the rights granted to them in a concise, transparent, intelligible and easily accessible form, using clear and plain language, free of charge. If the data subject requests information, it must be provided without undue delay, and in any event within no more than 30 days.

Right of access:
The data subject shall have the right to obtain confirmation from the Data Controller as to whether or not personal data concerning them are being processed, and where such processing is taking place, the data subject shall have the right to access the personal data and the information specified in Article 15.

Right to data portability:
The data subject shall have the right to receive the personal data concerning them, which they have provided to a data controller, in a structured, commonly used and machine-readable format, and shall have the right to transmit those data to another data controller without hindrance from the data controller to whom the personal data were provided.

Right to rectification:
The data subject shall have the right to obtain from the Data Controller, without undue delay, the rectification of inaccurate personal data concerning them.

Right to erasure:
The data subject shall have the right to request that the Data Controller erase personal data concerning them without undue delay.

Right to restriction of processing:
The data subject shall have the right to request that the Data Controller restrict the processing of their personal data.

Right to withdraw consent to data processing:
The data subject may withdraw their declaration of consent to data processing at any time.

Right to lodge a complaint:
The data subject has the right to lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information.

In relation to the processing of your personal data, I provide the following information pursuant to Article 13 of Directive 95/46/EC:

Data Controller — company name, representative, contact details:
Dr. Gábor Takács, attorney-at-law; registered office: 3000 Hatvan, Kossuth tér 16. 1/7; telephone: +36 30 593 7317

Purpose of the intended processing of personal data:
Contact keeping

Legal basis for data processing:
Consent of the data subject pursuant to Article 6(1)(a)

Categories of personal data concerned:
Name, address, telephone number, email address

Duration of data storage:
For an indefinite period, until withdrawal of consent

Recipients of personal data:


3a. Contact Details of Natural Person Representatives of Legal Entity Clients

Data Controller — company name, representative, contact details:
Dr. Gábor Takács, attorney-at-law; registered office: 3000 Hatvan, Kossuth tér 16. 1/7; telephone: +36 30 593 7317

Purpose of the intended processing of personal data:
Performance of the contract concluded with the Data Controller, business contact keeping; legal basis: consent of the data subject.

Legal basis for data processing:
Consent of the data subject pursuant to Article 6(1)(a)

Categories of personal data concerned:
Name, address, telephone number and email address of the natural person.

Duration of data storage:
For 5 years following the termination of the business relationship or the representative status of the data subject.

Recipients of personal data:
Data processor providing IT services

Dear Data Subject, your data are processed and used by the Data Controller solely and exclusively for the purpose of fulfilling the rights and obligations specified in the contract, and only to the extent necessary for the fulfilment of such rights and obligations.

Dear Data Subject, pursuant to legal requirements, the Data Controller discloses your data to the following authorities or recipients:

Data Processor Providing IT Services

Recipient of personal data:
Rackhost Zrt.

Purpose of the intended processing of personal data:
Fulfilment of rights and obligations arising from the contractual relationship

Legal basis for data processing:
Performance of a contract pursuant to Article 6(1)(b)

Categories of personal data concerned:
Name
Address
Place and date of birth
Mother’s birth name
Tax identification number or tax number

Duration of data storage:
For 5 years following the termination of the business relationship or the representative status of the data subject

Dear Data Subject, you may withdraw your consent to data processing at any time. You may submit your clear declaration of withdrawal through the contact details of the Company or to the data protection officer. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Dear Data Subject, you may lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) if you consider that the processing of your personal data does not comply with legal requirements.

The contact details of the NAIH are as follows:
Postal address: 1530 Budapest, P.O. Box 5
Registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Telephone: +36 (1) 391-1400
Email: ugyfelszolgalat@naih.hu
Website: http://naih.hu

Should you have any further questions, please do not hesitate to contact us.

Yours sincerely,

……………………………………
Dr. Gábor Takács
attorney-at-law
Data Controller


Annex: Data Processing Clause for Contracts Concluded with Natural Persons

Data Processing Clause for Contracts Concluded with Natural Persons

Dear Data Subject,

I, the undersigned, Dr. Gábor Takács, attorney-at-law, as Data Controller – registered office: 3000 Hatvan, Kossuth tér 16. 1/7; tax number: 53121392-1-30; Bar Association ID: KASZ_36069934 – hereby provide the following information on the processing of your personal data pursuant to Article 12 of Directive 95/46/EC:

Dear Data Subject, as Contracting Party, you have entered into a contract, hereinafter referred to as the Contract, with Dr. Gábor Takács, attorney-at-law, as Data Controller. By signing the Contract, you have consented to the Data Controller processing your data in accordance with the contents of this data processing clause.

Dear Data Subject, pursuant to Directive 95/46/EC, you are entitled to the following rights:

Right to transparent information:
The data subject must be informed of the circumstances of data processing and of the rights granted to them in a concise, transparent, intelligible and easily accessible form, using clear and plain language, free of charge. If the data subject requests information, it must be provided without undue delay, and in any event within no more than 30 days.

Right of access:
The data subject shall have the right to obtain confirmation from the Data Controller as to whether or not personal data concerning them are being processed, and where such processing is taking place, the data subject shall have the right to access the personal data and the information specified in Article 15.

Right to data portability:
The data subject shall have the right to receive the personal data concerning them, which they have provided to a data controller, in a structured, commonly used and machine-readable format, and shall have the right to transmit those data to another data controller without hindrance from the data controller to whom the personal data were provided.

Right to rectification:
The data subject shall have the right to obtain from the Data Controller, without undue delay, the rectification of inaccurate personal data concerning them.

Right to erasure:
The data subject shall have the right to request that the Data Controller erase personal data concerning them without undue delay.

Right to restriction of processing:
The data subject shall have the right to request that the Data Controller restrict the processing of their personal data.

Right to withdraw consent to data processing:
The data subject may withdraw their declaration of consent to data processing at any time.

Right to lodge a complaint:
The data subject has the right to lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information.

In relation to the processing of your personal data, I provide the following information pursuant to Article 12 of Directive 95/46/EC:


Data Processing Based on Contract

Processing and Registration of Client Data

Data Controller — company name, representative, contact details:
Dr. Gábor Takács, attorney-at-law; registered office: 3000 Hatvan, Kossuth tér 16. 1/7; telephone: +36 30 593 7317

Purpose of the intended processing of personal data:
Fulfilment of rights and obligations arising from the contractual relationship, including conclusion, performance and termination of the contract, and provision of contractual discounts.

Fulfilment of statutory and legal requirements.

Legal basis for data processing:
Performance of a contract pursuant to Article 6(1)(b);
fulfilment of a legal obligation pursuant to Article 6(1)(c)

Categories of personal data concerned:
Name
Address
Place and date of birth
Mother’s birth name
Tax identification number or tax number

Duration of data storage:
5 years after termination of the contract

Recipients of personal data:
As processor, the employees of the Data Controller’s IT service provider performing hosting services.

Dear Data Subject, your data are processed and used by the Data Controller solely and exclusively for the purpose of fulfilling the rights and obligations specified in the contract, and only to the extent necessary for the fulfilment of such rights and obligations.

Dear Data Subject, pursuant to legal requirements, the Data Controller discloses your data to the following authorities or recipients:

Employees of the Data Controller’s IT Service Provider Performing Hosting Services, as Processor

Recipient of personal data:
Rackhost Zrt.

Purpose of the intended processing of personal data:
Fulfilment of rights and obligations arising from the contractual relationship

Legal basis for data processing:
Performance of a contract pursuant to Article 6(1)(b)

Categories of personal data concerned:
Name
Address
Place and date of birth
Mother’s birth name
Tax identification number or tax number

Duration of data storage:
5 years


Appointment Booking on the Data Controller’s Website

Data Controller — company name, representative, contact details:
Dr. Gábor Takács, attorney-at-law; registered office: 3000 Hatvan, Kossuth tér 16. 1/7; telephone: +36 30 593 7317

Purpose of the intended processing of personal data:
Performance of the appointment booking service provided on the website.

Contacting the data subject by electronic, telephone and SMS communication.

Legal basis for data processing:
Performance of a contract pursuant to Article 6(1)(b);
fulfilment of a legal obligation pursuant to Article 6(1)(c)

Categories of personal data concerned:
Name of the natural person, surname and first name, telephone number, email address

Duration of data storage:
Until the service exists or until the withdrawal of the data subject’s consent, meaning the request for erasure.

Recipients of personal data:
As processor, the employees of the Data Controller’s IT service provider performing hosting services.

Dear Data Subject, your data are processed and used by the Data Controller solely and exclusively for the purpose of fulfilling the rights and obligations specified in the contract, and only to the extent necessary for the fulfilment of such rights and obligations.

Dear Data Subject, pursuant to legal requirements, the Data Controller discloses your data to the following authorities or recipients:

Data Processor Providing IT Services

Recipient of personal data:
Rackhost Zrt.

Purpose of the intended processing of personal data:
Fulfilment of rights and obligations arising from the contractual relationship

Legal basis for data processing:
Performance of a contract pursuant to Article 6(1)(b)

Categories of personal data concerned:
Name
Address
Place and date of birth
Mother’s birth name
Tax identification number or tax number

Duration of data storage:
6 years


Data Processing Based on Legal Obligations

Data Processing for the Fulfilment of Tax and Accounting Obligations

Data Controller — company name, representative, contact details:
Dr. Gábor Takács, attorney-at-law; registered office: 3000 Hatvan, Kossuth tér 16. 1/7; telephone: +36 30 593 7317

Purpose of the intended processing of personal data:
Fulfilment of tax obligations

Legal basis for data processing:
Fulfilment of a legal obligation pursuant to Article 6(1)(c);
Sections 169 and 202 of Act CXXVII of 2017; Section 167 of Act C of 2000

Categories of personal data concerned:
name,
address,
identification of the person or organisation ordering the economic transaction,
the signature of the authorising person and the person certifying performance, and, depending on the organisation, the signature of the controller,
on inventory movement documents and cash management documents, the signature of the recipient; on counter-receipts, the signature of the payer,
pursuant to Act CXVII of 1995 on Personal Income Tax: number of the entrepreneurial certificate, number of the primary producer certificate,
tax identification number.

Duration of data storage:
8 years following the termination of the legal relationship giving rise to the legal basis.

Recipients of personal data:
Éva Ádám, accountant
National Tax and Customs Administration

Dear Data Subject, your data are processed and used by the Data Controller solely and exclusively for the purpose of fulfilling the rights and obligations specified in the contract, and only to the extent necessary for the fulfilment of such rights and obligations.

Dear Data Subject, pursuant to legal requirements, the Data Controller discloses your data to the following authorities or recipients:

National Tax and Customs Administration

Recipient of personal data:
National Tax and Customs Administration

Purpose of the intended processing of personal data:
Fulfilment of tax obligations

Legal basis for data processing:
Fulfilment of a legal obligation pursuant to Article 6(1)(c)

Categories of personal data concerned:
name,
address,
identification of the person or organisation ordering the economic transaction,
the signature of the authorising person and the person certifying performance, and, depending on the organisation, the signature of the controller,
on inventory movement documents and cash management documents, the signature of the recipient; on counter-receipts, the signature of the payer,
pursuant to Act CXVII of 1995 on Personal Income Tax: number of the entrepreneurial certificate, number of the primary producer certificate,
tax identification number.

Duration of data storage:
8 years following the termination of the legal relationship giving rise to the legal basis.

Éva Ádám, Accountant

Recipient of personal data:
Éva Ádám, sole proprietor

Purpose of the intended processing of personal data:
Fulfilment of tax obligations

Legal basis for data processing:
Fulfilment of a legal obligation pursuant to Article 6(1)(c)

Categories of personal data concerned:
name,
address,
identification of the person or organisation ordering the economic transaction,
the signature of the authorising person and the person certifying performance, and, depending on the organisation, the signature of the controller,
on inventory movement documents and cash management documents, the signature of the recipient; on counter-receipts, the signature of the payer,
pursuant to Act CXVII of 1995 on Personal Income Tax: number of the entrepreneurial certificate, number of the primary producer certificate,
tax identification number.

Duration of data storage:
8 years following the termination of the legal relationship giving rise to the legal basis.


Data Processing for the Fulfilment of Anti-Money Laundering Obligations

Data Controller — company name, representative, contact details:
Dr. Gábor Takács, attorney-at-law; registered office: 3000 Hatvan, Kossuth tér 16. 1/7; telephone: +36 30 593 7317

Purpose of the intended processing of personal data:
Fulfilment of a legal obligation, for the purpose of preventing and combating money laundering and terrorist financing.

Legal basis for data processing:
Fulfilment of a legal obligation pursuant to Article 6(1)(c);
Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing

Categories of personal data concerned:
family and first name of the natural person,
birth family and first name,
nationality,
place and date of birth,
mother’s birth name,
address, or in the absence thereof, place of residence,
type and number of identity document; number of official address card; copies of the documents presented; number of tax identification document,
personal identification number.

Duration of data storage:
8 years from the termination of the engagement or the performance of the transaction engagement, pursuant to Section 56(2) of the Anti-Money Laundering Act.

Recipients of personal data:
Authorities supervising anti-money laundering compliance

Dear Data Subject, your data are processed and used by the Data Controller solely and exclusively for the purpose of fulfilling the rights and obligations specified in the contract, and only to the extent necessary for the fulfilment of such rights and obligations.

Dear Data Subject, pursuant to legal requirements, the Data Controller discloses your data to the following authorities or recipients:

National Tax and Customs Administration

Recipient of personal data:
National Tax and Customs Administration

Purpose of the intended processing of personal data:
Within the scope of its analytical and evaluation activities, it is entitled to access and process data handled by the attorney, including attorney-client privileged information, to the extent necessary for the performance of its duties.

Legal basis for data processing:
Fulfilment of a legal obligation pursuant to Article 6(1)(c), Section 75(1) of the Anti-Money Laundering Act

Categories of personal data concerned:
family and first name of the natural person,
birth family and first name,
nationality,
place and date of birth,
mother’s birth name,
address, or in the absence thereof, place of residence,
type and number of identity document; number of official address card; copies of the documents presented; number of tax identification document,
personal identification number.

Duration of data storage:
8 years from the termination of the engagement or the performance of the transaction engagement, pursuant to Section 56(2) of the Anti-Money Laundering Act.

Bar Association

Recipient of personal data:
Bar Association

Purpose of the intended processing of personal data:
Performance of inspection and supervisory activities

Legal basis for data processing:
Fulfilment of a legal obligation pursuant to Article 6(1)(c), MÜK Regulation No. 10/2019 VI. 24., clause 11.1

Categories of personal data concerned:
family and first name of the natural person,
birth family and first name,
nationality,
place and date of birth,
mother’s birth name,
address, or in the absence thereof, place of residence,
type and number of identity document; number of official address card; copies of the documents presented; number of tax identification document,
personal identification number.

Duration of data storage:
8 years from the termination of the engagement or the performance of the transaction engagement, pursuant to Section 56(2) of the Anti-Money Laundering Act.


Data Processing for the Performance of Attorney Engagement

Data Controller — company name, representative, contact details:
Dr. Gábor Takács, attorney-at-law; registered office: 3000 Hatvan, Kossuth tér 16. 1/7; telephone: +36 30 593 7317

Purpose of the intended processing of personal data:
Performance of attorney-at-law activities

Legal basis for data processing:
Performance of a contract pursuant to Article 6(1)(b);
fulfilment of a legal obligation pursuant to Article 6(1)(c)

Categories of personal data concerned:
family and first name of the natural person,
birth family and first name,
nationality,
place and date of birth,
mother’s birth name,
address, or in the absence thereof, place of residence,
type and number of identity document; number of official address card; copies of the documents presented; number of tax identification document,
personal identification number,
tax identification number,
tax number,
number of entrepreneurial or primary producer certificate,
bank account number.

Duration of data storage:
For an unlimited period

Recipients of personal data:
Parties involved in the transaction
Courts
Authorities
Dr. András Veres, substitute attorney
Bar Association

Dear Data Subject, your data are processed and used by the Data Controller solely and exclusively for the purpose of fulfilling the rights and obligations specified in the contract, and only to the extent necessary for the fulfilment of such rights and obligations.

Dear Data Subject, pursuant to legal requirements, the Data Controller discloses your data to the following authorities or recipients:

Parties Involved in the Transaction

Recipient of personal data:
Parties involved in the transaction

Purpose of the intended processing of personal data:
To produce the legal effect related to the transaction

Legal basis for data processing:
Performance of a contract pursuant to Article 6(1)(b);
fulfilment of a legal obligation pursuant to Article 6(1)(c)

Categories of personal data concerned:
family and first name of the natural person,
birth family and first name,
nationality,
place and date of birth,
mother’s birth name,
address, or in the absence thereof, place of residence,
type and number of identity document; number of official address card; copies of the documents presented; number of tax identification document,
personal identification number,
tax identification number,
tax number,
number of entrepreneurial or primary producer certificate,
bank account number.

Duration of data storage:
For an unlimited period

Courts

Recipient of personal data:
Courts

Purpose of the intended processing of personal data:
To produce the legal effect related to the engagement

Legal basis for data processing:
Performance of a contract pursuant to Article 6(1)(b);
fulfilment of a legal obligation pursuant to Article 6(1)(c)

Categories of personal data concerned:
family and first name of the natural person,
birth family and first name,
nationality,
place and date of birth,
mother’s birth name,
address, or in the absence thereof, place of residence,
type and number of identity document; number of official address card; copies of the documents presented; number of tax identification document,
personal identification number,
tax identification number,
tax number,
number of entrepreneurial or primary producer certificate,
bank account number.

Duration of data storage:
For an unlimited period

Authorities

Recipient of personal data:
Authorities

Purpose of the intended processing of personal data:
To produce the legal effect related to the engagement

Legal basis for data processing:
Performance of a contract pursuant to Article 6(1)(b);
fulfilment of a legal obligation pursuant to Article 6(1)(c)

Categories of personal data concerned:
family and first name of the natural person,
birth family and first name,
nationality,
place and date of birth,
mother’s birth name,
address, or in the absence thereof, place of residence,
type and number of identity document; number of official address card; copies of the documents presented; number of tax identification document,
personal identification number,
tax identification number,
tax number,
number of entrepreneurial or primary producer certificate,
bank account number.

Duration of data storage:
For an unlimited period

Dr. András Veres, Attorney-at-Law, as Substitute Attorney

Recipient of personal data:
Dr. András Veres, attorney-at-law

Purpose of the intended processing of personal data:
Performance of attorney-at-law activities related to the attorney engagement in the event that the Data Controller is prevented from acting.

Legal basis for data processing:
Performance of a contract pursuant to Article 6(1)(b);
fulfilment of a legal obligation pursuant to Article 6(1)(c);
Section 17(1) and Section 10(4) of Act LXXVIII of 2017

Categories of personal data concerned:
family and first name of the natural person,
birth family and first name,
nationality,
place and date of birth,
mother’s birth name,
address, or in the absence thereof, place of residence,
type and number of identity document; number of official address card; copies of the documents presented; number of tax identification document,
personal identification number,
tax identification number,
tax number,
number of entrepreneurial or primary producer certificate,
bank account number.

Duration of data storage:
For an unlimited period

Bar Association

Recipient of personal data:
Bar Association

Purpose of the intended processing of personal data:
Conducting official proceedings of the Bar Association

Legal basis for data processing:
Performance of a contract pursuant to Article 6(1)(b);
fulfilment of a legal obligation pursuant to Article 6(1)(c)

Categories of personal data concerned:
family and first name of the natural person,
birth family and first name,
nationality,
place and date of birth,
mother’s birth name,
address, or in the absence thereof, place of residence,
type and number of identity document; number of official address card; copies of the documents presented; number of tax identification document,
personal identification number,
tax identification number,
tax number,
number of entrepreneurial or primary producer certificate,
bank account number.

Duration of data storage:
For an unlimited period

Dear Data Subject, you may not withdraw your consent to this data processing; however, you may request restriction of the processing.

Dear Data Subject, you may lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) if you consider that the processing of your personal data does not comply with legal requirements.

The contact details of the NAIH are as follows:
Postal address: 1530 Budapest, P.O. Box 5
Registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Telephone: +36 (1) 391-1400
Email: ugyfelszolgalat@naih.hu
Website: http://naih.hu

This data processing clause forms an inseparable annex to the contract specified in Section 1.

Hatvan, ………………… year ……………………… month ………… day

……………………………………
Dr. Gábor Takács
attorney-at-law
Data Controller

I have received this data processing clause in 1 one copy:

Hatvan, ………………… year ……………………… month ………… day

……………………………………
Data Subject


Annex: Declaration of Consent to the Processing of Contact Details of Natural Person Representatives of Legal Entity Contracting Partners

Declaration of Consent to the Processing of Contact Details of Natural Person Representatives of Legal Entity Contracting Partners

I, the undersigned, ………………………………………………. name, resident at …………………………………………………………………, as the representative of …………………………………………………. company name, registered office: …………………………………………………., company registration number: ……………………………….…, tax number: …………………………..………, by signing this document, hereby consent to the processing of my following personal data,

on the basis of the contract concluded on ………………………………………. between ………………………………………………………………… company name and Dr. Gábor Takács, attorney-at-law, as Data Controller, registered office: 3000 Hatvan, Kossuth tér 16. 1/7; tax number: 53121392-1-30; Bar Association ID: KASZ_36069934,

having regard to Article 12 of Directive 95/46/EC:

name:

address:

telephone number:

email address:

postal address:

I have consented to the above data processing pursuant to Article 6(1)(b) of Directive 95/46/EC, with regard to the performance of the contract, for the purpose of enforcing the rights and fulfilling the obligations specified in the contract concluded between the Contracting Parties.

This declaration of consent forms an inseparable annex to the contract specified above.

Having read and duly understood this document, and as being in full accordance with my will, I have signed it before witnesses:

Hatvan, ………………… year ……………………… month ………… day

……………………………………
Data Subject

Before us, as witnesses:

1. Witness:
Name:
Address:
Identity card number:

Signature: ________________________________

2. Witness:
Name:
Address:
Identity card number:

Signature: ________________________________

Data Processing Clause for Contracts Concluded with Natural Persons

Dear Data Subject,

I, the undersigned, Dr. Gábor Takács, attorney-at-law, as Data Controller – registered office: 3000 Hatvan, Kossuth tér 16. 1/7; tax number: 53121392-1-30; Bar Association ID: KASZ: 36069934 – hereby provide the following information on the processing of your personal data pursuant to Article 12 of Directive 95/46/EC:

Dear Data Subject, as Contracting Party, you have entered into a contract, hereinafter referred to as the Contract, with Dr. Gábor Takács, attorney-at-law, as Data Controller. By signing the Contract, you have consented to the Data Controller processing your data in accordance with the contents of this data processing clause.

Dear Data Subject, pursuant to Directive 95/46/EC, you are entitled to the following rights:

Right to transparent information:
The data subject must be informed of the circumstances of data processing and of the rights granted to them in a concise, transparent, intelligible and easily accessible form, using clear and plain language, free of charge. If the data subject requests information, it must be provided without undue delay, and in any event within no more than 30 days.

Right of access:
The data subject shall have the right to obtain confirmation from the Data Controller as to whether or not personal data concerning them are being processed, and where such processing is taking place, the data subject shall have the right to access the personal data and the information specified in Article 15.

Right to data portability:
The data subject shall have the right to receive the personal data concerning them, which they have provided to a data controller, in a structured, commonly used and machine-readable format, and shall have the right to transmit those data to another data controller without hindrance from the data controller to whom the personal data were provided.

Right to rectification:
The data subject shall have the right to obtain from the Data Controller, without undue delay, the rectification of inaccurate personal data concerning them.

Right to erasure:
The data subject shall have the right to request that the Data Controller erase personal data concerning them without undue delay.

Right to restriction of processing:
The data subject shall have the right to request that the Data Controller restrict the processing of their personal data.

Right to withdraw consent to data processing:
The data subject may withdraw their declaration of consent to data processing at any time.

Right to lodge a complaint:
The data subject has the right to lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information.

In relation to the processing of your personal data, I provide the following information pursuant to Article 12 of Directive 95/46/EC:


Data Processing Based on Contract

Processing and Registration of Client Data

Data Controller — company name, representative, contact details:
Dr. Gábor Takács, attorney-at-law; registered office: 3000 Hatvan, Kossuth tér 16. 1/7; telephone: +36 30 593 7317

Purpose of the intended processing of personal data:
Fulfilment of rights and obligations arising from the contractual relationship, including the conclusion, performance and termination of the contract, and the provision of contractual discounts.

Fulfilment of statutory and legal requirements.

Legal basis for data processing:
Performance of a contract pursuant to Article 6(1)(b);
fulfilment of a legal obligation pursuant to Article 6(1)(c)

Categories of personal data concerned:
Name
Address
Place and date of birth
Mother’s birth name
Tax identification number or tax number

Duration of data storage:
5 years after termination of the contract

Recipients of personal data:
As processor, the employees of the Data Controller’s IT service provider performing hosting services.

Dear Data Subject, your data are processed and used by the Data Controller solely and exclusively for the purpose of fulfilling the rights and obligations specified in the contract, and only to the extent necessary for the fulfilment of such rights and obligations.

Dear Data Subject, pursuant to legal requirements, the Data Controller discloses your data to the following authorities or recipients:


Employees of the Data Controller’s IT Service Provider Performing Hosting Services, as Processor

Recipient of personal data:
Rackhost Zrt.

Purpose of the intended processing of personal data:
Fulfilment of rights and obligations arising from the contractual relationship

Legal basis for data processing:
Performance of a contract pursuant to Article 6(1)(b)

Categories of personal data concerned:
Name
Address
Place and date of birth
Mother’s birth name
Tax identification number or tax number

Duration of data storage:
5 years


Appointment Booking on the Data Controller’s Website

Data Controller — company name, representative, contact details:
Dr. Gábor Takács, attorney-at-law; registered office: 3000 Hatvan, Kossuth tér 16. 1/7; telephone: +36 30 593 7317

Purpose of the intended processing of personal data:
Performance of the appointment booking service provided on the website.

Contacting the data subject by electronic, telephone and SMS communication.

Legal basis for data processing:
Performance of a contract pursuant to Article 6(1)(b);
fulfilment of a legal obligation pursuant to Article 6(1)(c)

Categories of personal data concerned:
Name of the natural person, surname and first name, telephone number, email address

Duration of data storage:
Until the service exists or until the withdrawal of the data subject’s consent, meaning the request for erasure.

Recipients of personal data:
As processor, the employees of the Data Controller’s IT service provider performing hosting services.

Dear Data Subject, your data are processed and used by the Data Controller solely and exclusively for the purpose of fulfilling the rights and obligations specified in the contract, and only to the extent necessary for the fulfilment of such rights and obligations.

Dear Data Subject, pursuant to legal requirements, the Data Controller discloses your data to the following authorities or recipients:


Data Processor Providing IT Services

Recipient of personal data:
Rackhost Zrt.

Purpose of the intended processing of personal data:
Fulfilment of rights and obligations arising from the contractual relationship

Legal basis for data processing:
Performance of a contract pursuant to Article 6(1)(b)

Categories of personal data concerned:
Name
Address
Place and date of birth
Mother’s birth name
Tax identification number or tax number

Duration of data storage:
6 years


Data Processing Based on Legal Obligations

Data Processing for the Fulfilment of Tax and Accounting Obligations

Data Controller — company name, representative, contact details:
Dr. Gábor Takács, attorney-at-law; registered office: 3000 Hatvan, Kossuth tér 16. 1/7; telephone: +36 30 593 7317

Purpose of the intended processing of personal data:
Fulfilment of tax obligations

Legal basis for data processing:
Fulfilment of a legal obligation pursuant to Article 6(1)(c);
Sections 169 and 202 of Act CXXVII of 2017; Section 167 of Act C of 2000

Categories of personal data concerned:
name,
address,
identification of the person or organisation ordering the economic transaction,
the signature of the authorising person and the person certifying performance, and, depending on the organisation, the signature of the controller,
on inventory movement documents and cash management documents, the signature of the recipient; on counter-receipts, the signature of the payer,
pursuant to Act CXVII of 1995 on Personal Income Tax: number of the entrepreneurial certificate, number of the primary producer certificate,
tax identification number.

Duration of data storage:
8 years following the termination of the legal relationship giving rise to the legal basis.

Recipients of personal data:
Éva Ádám, accountant
National Tax and Customs Administration

Dear Data Subject, your data are processed and used by the Data Controller solely and exclusively for the purpose of fulfilling the rights and obligations specified in the contract, and only to the extent necessary for the fulfilment of such rights and obligations.

Dear Data Subject, pursuant to legal requirements, the Data Controller discloses your data to the following authorities or recipients:


National Tax and Customs Administration

Recipient of personal data:
National Tax and Customs Administration

Purpose of the intended processing of personal data:
Fulfilment of tax obligations

Legal basis for data processing:
Fulfilment of a legal obligation pursuant to Article 6(1)(c)

Categories of personal data concerned:
name,
address,
identification of the person or organisation ordering the economic transaction,
the signature of the authorising person and the person certifying performance, and, depending on the organisation, the signature of the controller,
on inventory movement documents and cash management documents, the signature of the recipient; on counter-receipts, the signature of the payer,
pursuant to Act CXVII of 1995 on Personal Income Tax: number of the entrepreneurial certificate, number of the primary producer certificate,
tax identification number.

Duration of data storage:
8 years following the termination of the legal relationship giving rise to the legal basis.


Éva Ádám, Accountant

Recipient of personal data:
Éva Ádám, sole proprietor

Purpose of the intended processing of personal data:
Fulfilment of tax obligations

Legal basis for data processing:
Fulfilment of a legal obligation pursuant to Article 6(1)(c)

Categories of personal data concerned:
name,
address,
identification of the person or organisation ordering the economic transaction,
the signature of the authorising person and the person certifying performance, and, depending on the organisation, the signature of the controller,
on inventory movement documents and cash management documents, the signature of the recipient; on counter-receipts, the signature of the payer,
pursuant to Act CXVII of 1995 on Personal Income Tax: number of the entrepreneurial certificate, number of the primary producer certificate,
tax identification number.

Duration of data storage:
8 years following the termination of the legal relationship giving rise to the legal basis.


Data Processing for the Fulfilment of Anti-Money Laundering Obligations

Data Controller — company name, representative, contact details:
Dr. Gábor Takács, attorney-at-law; registered office: 3000 Hatvan, Kossuth tér 16. 1/7; telephone: +36 30 593 7317

Purpose of the intended processing of personal data:
Fulfilment of a legal obligation, for the purpose of preventing and combating money laundering and terrorist financing.

Legal basis for data processing:
Fulfilment of a legal obligation pursuant to Article 6(1)(c);
Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing

Categories of personal data concerned:
family and first name of the natural person,
birth family and first name,
nationality,
place and date of birth,
mother’s birth name,
address, or in the absence thereof, place of residence,
type and number of identity document; number of official address card; copies of the documents presented; number of tax identification document,
personal identification number.

Duration of data storage:
8 years from the termination of the engagement or the performance of the transaction engagement, pursuant to Section 56(2) of the Anti-Money Laundering Act.

Recipients of personal data:
Authorities supervising anti-money laundering compliance

Dear Data Subject, your data are processed and used by the Data Controller solely and exclusively for the purpose of fulfilling the rights and obligations specified in the contract, and only to the extent necessary for the fulfilment of such rights and obligations.

Dear Data Subject, pursuant to legal requirements, the Data Controller discloses your data to the following authorities or recipients:


National Tax and Customs Administration

Recipient of personal data:
National Tax and Customs Administration

Purpose of the intended processing of personal data:
Within the scope of its analytical and evaluation activities, it is entitled to access and process data handled by the attorney, including attorney-client privileged information, to the extent necessary for the performance of its duties.

Legal basis for data processing:
Fulfilment of a legal obligation pursuant to Article 6(1)(c), Section 75(1) of the Anti-Money Laundering Act

Categories of personal data concerned:
family and first name of the natural person,
birth family and first name,
nationality,
place and date of birth,
mother’s birth name,
address, or in the absence thereof, place of residence,
type and number of identity document; number of official address card; copies of the documents presented; number of tax identification document,
personal identification number.

Duration of data storage:
8 years from the termination of the engagement or the performance of the transaction engagement, pursuant to Section 56(2) of the Anti-Money Laundering Act.


Bar Association

Recipient of personal data:
Bar Association

Purpose of the intended processing of personal data:
Performance of inspection and supervisory activities

Legal basis for data processing:
Fulfilment of a legal obligation pursuant to Article 6(1)(c), MÜK Regulation No. 10/2019 VI. 24., clause 11.1

Categories of personal data concerned:
family and first name of the natural person,
birth family and first name,
nationality,
place and date of birth,
mother’s birth name,
address, or in the absence thereof, place of residence,
type and number of identity document; number of official address card; copies of the documents presented; number of tax identification document,
personal identification number.

Duration of data storage:
8 years from the termination of the engagement or the performance of the transaction engagement, pursuant to Section 56(2) of the Anti-Money Laundering Act.


Data Processing for the Performance of Attorney Engagement

Data Controller — company name, representative, contact details:
Dr. Gábor Takács, attorney-at-law; registered office: 3000 Hatvan, Kossuth tér 16. 1/7; telephone: +36 30 593 7317

Purpose of the intended processing of personal data:
Performance of attorney-at-law activities

Legal basis for data processing:
Performance of a contract pursuant to Article 6(1)(b);
fulfilment of a legal obligation pursuant to Article 6(1)(c)

Categories of personal data concerned:
family and first name of the natural person,
birth family and first name,
nationality,
place and date of birth,
mother’s birth name,
address, or in the absence thereof, place of residence,
type and number of identity document; number of official address card; copies of the documents presented; number of tax identification document,
personal identification number,
tax identification number,
tax number,
number of entrepreneurial or primary producer certificate,
bank account number.

Duration of data storage:
For an unlimited period

Recipients of personal data:
Parties involved in the transaction
Courts
Authorities
Dr. András Veres, substitute attorney
Bar Association

Dear Data Subject, your data are processed and used by the Data Controller solely and exclusively for the purpose of fulfilling the rights and obligations specified in the contract, and only to the extent necessary for the fulfilment of such rights and obligations.

Dear Data Subject, pursuant to legal requirements, the Data Controller discloses your data to the following authorities or recipients:


Parties Involved in the Transaction

Recipient of personal data:
Parties involved in the transaction

Purpose of the intended processing of personal data:
To produce the legal effect related to the transaction

Legal basis for data processing:
Performance of a contract pursuant to Article 6(1)(b);
fulfilment of a legal obligation pursuant to Article 6(1)(c)

Categories of personal data concerned:
family and first name of the natural person,
birth family and first name,
nationality,
place and date of birth,
mother’s birth name,
address, or in the absence thereof, place of residence,
type and number of identity document; number of official address card; copies of the documents presented; number of tax identification document,
personal identification number,
tax identification number,
tax number,
number of entrepreneurial or primary producer certificate,
bank account number.

Duration of data storage:
For an unlimited period


Courts

Recipient of personal data:
Courts

Purpose of the intended processing of personal data:
To produce the legal effect related to the engagement

Legal basis for data processing:
Performance of a contract pursuant to Article 6(1)(b);
fulfilment of a legal obligation pursuant to Article 6(1)(c)

Categories of personal data concerned:
family and first name of the natural person,
birth family and first name,
nationality,
place and date of birth,
mother’s birth name,
address, or in the absence thereof, place of residence,
type and number of identity document; number of official address card; copies of the documents presented; number of tax identification document,
personal identification number,
tax identification number,
tax number,
number of entrepreneurial or primary producer certificate,
bank account number.

Duration of data storage:
For an unlimited period


Authorities

Recipient of personal data:
Authorities

Purpose of the intended processing of personal data:
To produce the legal effect related to the engagement

Legal basis for data processing:
Performance of a contract pursuant to Article 6(1)(b);
fulfilment of a legal obligation pursuant to Article 6(1)(c)

Categories of personal data concerned:
family and first name of the natural person,
birth family and first name,
nationality,
place and date of birth,
mother’s birth name,
address, or in the absence thereof, place of residence,
type and number of identity document; number of official address card; copies of the documents presented; number of tax identification document,
personal identification number,
tax identification number,
tax number,
number of entrepreneurial or primary producer certificate,
bank account number.

Duration of data storage:
For an unlimited period


Dr. András Veres, Attorney-at-Law, as Substitute Attorney

Recipient of personal data:
Dr. András Veres, attorney-at-law

Purpose of the intended processing of personal data:
Performance of attorney-at-law activities related to the attorney engagement in the event that the Data Controller is prevented from acting.

Legal basis for data processing:
Performance of a contract pursuant to Article 6(1)(b);
fulfilment of a legal obligation pursuant to Article 6(1)(c);
Section 17(1) and Section 10(4) of Act LXXVIII of 2017

Categories of personal data concerned:
family and first name of the natural person,
birth family and first name,
nationality,
place and date of birth,
mother’s birth name,
address, or in the absence thereof, place of residence,
type and number of identity document; number of official address card; copies of the documents presented; number of tax identification document,
personal identification number,
tax identification number,
tax number,
number of entrepreneurial or primary producer certificate,
bank account number.

Duration of data storage:
For an unlimited period


Bar Association

Recipient of personal data:
Bar Association

Purpose of the intended processing of personal data:
Conducting official proceedings of the Bar Association

Legal basis for data processing:
Performance of a contract pursuant to Article 6(1)(b);
fulfilment of a legal obligation pursuant to Article 6(1)(c)

Categories of personal data concerned:
family and first name of the natural person,
birth family and first name,
nationality,
place and date of birth,
mother’s birth name,
address, or in the absence thereof, place of residence,
type and number of identity document; number of official address card; copies of the documents presented; number of tax identification document,
personal identification number,
tax identification number,
tax number,
number of entrepreneurial or primary producer certificate,
bank account number.

Duration of data storage:
For an unlimited period

Dear Data Subject, you may not withdraw your consent to this data processing; however, you may request restriction of the processing.

Dear Data Subject, you may lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) if you consider that the processing of your personal data does not comply with legal requirements.

The contact details of the NAIH are as follows:
Postal address: 1530 Budapest, P.O. Box 5
Registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Telephone: +36 (1) 391-1400
Email: ugyfelszolgalat@naih.hu
Website: http://naih.hu

This data processing clause forms an inseparable annex to the contract specified in Section 1.

Dr. Gábor Takács
attorney-at-law
Data Controller