Privacy Policy
IMPORTANT! Please make sure you read the information below before using this website, and by expressly clicking on the accept button at the bottom of the page, to explicitly accept our processing rules, so that you understand the purposes and conditions under which we process the data you provide when you use our services. Instead of using the legal term of the data subject as client, we address you personally (hereinafter ‘you’). If you do not agree with this information and our rules, please do not use our service. Controller: Dr. Zorkóczy Tamás Law Office; (registered office: 1133 Budapest, Váci út 78/B; represented by Dr. Tamás Zorkóczy attorney-at-law; e-mail address: office@zorkolegal.com; phone: 06 70 367 6617; website: www.zorkolegal.com)
BRIEF DESCRIPTION: You provide your data, the purpose of the processing of which is to enable the controller to send newsletters to the persons registered on the website in the course of its operation. The legal ground for processing is your explicit consent. The details of processing are explained in detail below, please read carefully, and if you have any questions, please contact us at office@zorkolegal.com. You may withdraw your consent to processing at any time under the conditions set out in this notice. As a data subject, you are not obliged to provide any personal data or specific sensitive data, and failure to do so will not have any adverse consequences. However, as it is meaningless and therefore impossible to use the functions of the service without providing data, it is not possible to register and use the service without providing data. You can exercise your right to lodge a complaint with a supervisory authority at any time. For your information, you may at any time request us to correct, supplement or delete inaccurate personal data without delay or, in the case of processing without legal ground, to delete it.
1. DEFINITIONS:
1. Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
2. ‘processing’: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transfer, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
3. ‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;
4. ‘profiling’: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
5. ‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
6. ‘record system’ means any structured set of personal data, which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;
7. Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
8. ‘processor’ means a natural or legal person, public authority, agency or other body, which processes personal data on behalf of the controller;
9. ‘recipient’ means a natural or legal person, public authority, agency or any other body to whom or with which personal data are disclosed, whether or not a third party. Public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
10. ‘third party’: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
11. ‘consent of the data subject’: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
12. ‘personal data breach’: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
13. ‘genetic data’: personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question;
14, ‘biometric data’: any personal data relating to the physical, physiological or behavioural characteristics of a natural person obtained by means of specific technical procedures which allow or confirm the unique identification of a natural person, such as facial image or dactyloscopic data;
15. ‘health data’: personal data concerning the physical or mental health of a natural person, including data relating to the provision of health services to a natural person, which contains information about the health of the natural person;
16. “Privacy by default”: a privacy policy which implies that the basic ‘by default’ attitude of Controllers is that they take into account privacy considerations in all circumstances and act accordingly in their processing operations.
17. ‘website’: the website www.zorkolegal.com operated by the Controller
18. ‘child’: the consent or subsequent approval of a legal representative is not required for the validity of the declaration of consent of a minor data subject over the age of 16, however, according to our terms of use, minors under the age of 18 are not allowed to register on the website! If the Controller Service Provider becomes aware that a minor under the age of 18 has registered on the site, the user’s profile will be deleted.
2. The processed data and objectives:
We may process your data on the basis of your consent or on the basis of a legal authorisation. We record your voluntary consent, which you can withdraw at any time.
2.1. For identification purposes, the Controller may process personal data of its related clients. Anonymous information that is collected by the Controller in a way that excludes personal identifiability and that cannot be linked to a natural person and therefore cannot be linked to a natural person is not personal data. The Controller informs the user that the IP address of their computer and the starting time of the visit are logged. This data is retained for the sole purpose of preventing unauthorised access (temporarily blocking access in the event of a disproportionate number of unsuccessful logins) and to comply with the legal obligation to retain data for a total of 60 days, are further processed and used by the Controller and are not combined with other personal data. The period of processing is 5 years after the termination of the contract.
Scope of processed data Identification
Name Identification, contact, invoicing.
E-mail Identification, contact.
Phone Identification, contact.
Registration date Technical information operation.
IP address Technical information operation.
2.2. For the purposes of the provision of the service, the Controller processes data as technically necessary, to the extent and for the duration necessary, for the purposes of creating, defining the content of, amending, performing the contract, invoicing the fees arising from it and enforcing claims related to it. Contacting you and sending you a confirmation e-mail is strictly necessary for the purposes of contacting you and providing you with the service, the legal ground of which is your consent. The data subjects of processing are our contractual clients. Data is processed until the contract is terminated or consent is withdrawn. You can withdraw your consent to processing at any time by sending an e-mail to the contact e-mail address. The data will be erased when consent to processing is withdrawn. You can change or delete your data at any time by sending an e-mail to the contact e-mail address. The Controller and its employees are entitled to access the data. Data are stored electronically. The user can give their consent to the processing of their personal data by deliberately ticking the ‘accept’ button, expressly designed for this purpose, on the website. You have the right to object to the processing of your personal data, and you have the right to a procedure under the law as described in this notice.
Scope of processed data performance of the service
Name Identification, contact, invoicing.
Address Identification, contact, invoicing.
E-mail Identification, contact.
Phone Identification, contact.
Registration date Technical information operation.
IP address Technical information operation.
2.3. The Controller may process your data for the purpose of invoicing the charges. The legal grounds of data processing is your consent. For invoicing, processing is based on a legal requirement. The purpose of the processing is to issue and send an (electronic) invoice as an e-mail attachment or by post. The legal grounds of data processing is mandatory processing based on legal regulation. The processed data subjects are the service provider’s customer partners. Processing is a legal requirement, or is performed until consent is withdrawn. You can withdraw your consent to processing at any time by sending an e-mail to the contact e-mail address. The data will be erased when consent to processing is withdrawn. You can change or delete your data at any time by sending an e-mail to the contact e-mail address. The erasure of invoicing data may be performed on the basis of legal requirements. The Controller and its employees are entitled to access the data. Data are stored electronically. The user can give their consent to the processing of their personal data by deliberately ticking the ‘accept’ button, expressly designed for this purpose, on the website.
Scope of processed data invoicing
Name Identification, contact, invoicing.
Address Identification, contact, invoicing.
E-mail Identification, contact.
Phone Identification, contact.
Invoice data Identification of the invoice.
Invoice issue date Technical information operation.
2.4. For the purpose of sending you a newsletter, please note that when subscribing to a newsletter, the e-mail address does not need to contain any personally identifiable information. E.g., it is not necessary for the e-mail address to include your name. You are entirely free to choose whether or not to provide a name or email address that contains information that identifies you. The e-mail address – which is used to contact you – is absolutely necessary to ensure that any newsletter or information promoting or advertising a service sent to you will be received. As the website operator, we declare that when subscribing to the newsletter, we are not in a position to verify the authenticity of the contact details or to establish whether the details provided relate to an individual or a company. The purpose of the processing is to send you professional brochures, electronic messages containing advertising, information and newsletters, from which you can unsubscribe at any time without any consequences. You can also unsubscribe without any consequences if someone has provided us with your contact details. The legal grounds of data processing is your consent. Please note that if you would like to receive a newsletter from us, you must provide the necessary information, as we will not be able to send you a newsletter if you do not provide this information.
You can withdraw your consent to processing at any time by sending an e-mail to the contact e-mail address, or by following the link in the newsletters you receive. The data will be erased when consent to processing is withdrawn. You can change or delete your data at any time by sending an e-mail to the contact e-mail address. The Controller and its employees are entitled to access the data. Data are stored electronically. The user can give their consent to the processing of their personal data by expressly ticking the checkbox on the website, which is specifically designed for this purpose.
The processor employed:
MailChimp
The Rocket Science Group, LLC
675 Ponce de Leon Ave NE
Suite 5000
Atlanta, GA 30308 USA
http://mailchimp.com/contact/
Scope of processed data sending a newsletter
Name Identification, contact.
E-mail Identification, contact.
Subscription date Technical information operation.
IP address Technical information operation.
2.5. Cookies are placed on your computer by the providers of the websites you visit, with simultaneous notification. The website sends a small file (cookie) consisting of letters and numbers to the browser cookie file on your computer’s hard drive, which can be used to determine the fact and time of your visit or to contain information, e.g., the page settings or login status. By saving browsing data, they improve the user experience and optimise email messages, online services, advertising and interactive applications. Cookies help the website remember your website settings and offer you locally relevant content. The data subjects involved in processing are the visitors of the website. The purpose of processing is to provide additional services, identification and tracking of visitors. The user’s consent is not required if the use of cookies is strictly necessary for the service provider. The scope of the data is a unique identification number, the time, setting data. You can delete cookies from your browsers or restrict their use at any time by going to Settings. By using cookies, no personal data is processed by the Controller. Data storage method: electronic. For more information on this topic, visit http://www.allaboutcookies.org.
Scope of processed data for cookie usage
Name Identification, contact.
E-mail Identification, contact.
Subscription date Technical information operation.
IP address Technical information operation.
2.6. Google Analytics is used by the website. Google Analytics uses internal cookies to compile reports for us on the habits of website users. Google will use this information on behalf of the website operator to evaluate how users use the website. As an additional service, it generates reports related to website activity for the website operator to provide additional services. Data is stored on Google’s servers in encrypted format to make it more difficult and prevent misuse.
(Operator: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.)
Detailed information on how to disable Google Analytics can be found at the website https://support.google.com/analytics/answer/6004245?hl=hu.
Google Privacy Policy: https://policies.google.com/privacy?hl=hu
Scope of processed data for google analytics usage
Name Identification, contact.
E-mail Identification, contact.
Subscription date Technical information operation.
IP address Technical information operation.
4. Responsibility for the processing of other persons’ data lies with the person who uses it without authorisation. If any person becomes aware that personal data relating to them has been made available on the site, they may notify the Controller. If the involvement is justified, the Controller will delete the data. Where the involvement is justified, the data subject may request that the Controller block the data in an appropriate manner for the purposes of subsequent proceedings. In this case, the data subject must provide proof of the initiation of the procedure within 60 days. The Controller shall make the data and the information relating to their disclosure available to the competent body in accordance with the law applicable to that body and procedure. The Controller may also notify the user that it has received an objection to the data made available by it in the absence of proof of the data subject’s involvement.
5. We may amend our privacy notice unilaterally with prior notice to you, so that you have the opportunity to inform yourself before using our services again. The registered and logged-in User accepts the amended privacy notice by using the service after the amendment comes into force.
6. Principles of processing
a) lawfulness, fairness and transparency: data must be processed lawfully and fairly and in a transparent manner for the data subject;
b) purpose limitation: data must be collected for specified, explicit and legitimate purposes and not processed in a way incompatible with those purposes;
c) data minimisation: they must be adequate, relevant and limited to what is necessary for the purposes for which they are processed;
d) accuracy: data must be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data which are inaccurate for the purposes of the processing are erased or rectified without delay
e) limited storage: data must be kept in a form, which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
f) integrity and confidentiality: processing must be performed in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, by using appropriate technical or organisational measures
g) accountability: the Controller is responsible for compliance with the principles.
7. With regard to processing, either before or during the use of the service, we will ensure that you have the right to object to processing for advertising or market research purposes. The Controller shall ensure that the data cannot be linked to the identification data of the transferred personal data and cannot be transferred to third parties without the consent of the data subjects. The Controller shall ensure that the processed data are erased after the non-performance or termination of the contract, because the processed data shall be erased when the purpose of the processing has ceased. Unless otherwise provided for in the Accounting Act or any other law, the erasure of data shall be performed without delay. In addition to the information specified in the privacy legislation, the Controller shall ensure that the data subject is informed at any time of the purposes for which the Controller processes which types of data.
8. Security of Processing
The Controller and its employees, subcontractors and agents shall be bound by the same privacy and confidentiality obligations as the Controller. The Controller shall make every effort to protect the personal data it processes against unauthorised access, alteration, disclosure, erasure, damage, destruction or other loss, as well as against deletion, damage, destruction or other loss. Within the scope of this activity, the Controller shall in particular, but not exclusively, take the following measures:
Mirroring: To avoid the loss of personal data, the network server machine (hereinafter referred to as the server) can be secured by continuous mirroring on a physically separate storage medium.
Fire safety: The data and databases must be stored in a room equipped with fire safety and property protection equipment.
Protection against viruses: The computer equipment of administrators and employees who handle personal data must be protected against viruses.
Access protection: Access to data is only possible with a valid, personal and identifiable authorisation. Network resources can only be accessed with a valid user name and password.
Network protection: Unauthorised persons must be prevented from gaining access to servers storing data that are accessible via the network, using the computer tools available at all times.
9. Duration of data storage by the Controller
The Controller shall process the data until the termination of the service contract. The Controller shall process the data related to the performance of the invoicing until the client’s debt is settled. At the end of the period of processing, the Controller shall erase the personal data in a way that no longer makes identification impossible.
10. Cases of data transfer
Personal data processed by the Controller can be transferred and different controlled data may be interconnected with the consent of the data subject or when permitted by law and when the requirements of processing are fulfilled for all personal data. By signing the consent form for a client or principal who has a contractual relationship with the Controller, the data subject consents to the transfer of personal data processed by the Controller to its affiliated undertakings located in the European Union and involved in the provision of services for processing. An affiliated undertaking is any entity located in the territory of the European Union which directly or indirectly controls the service provider or which is owned in whole or in part by the Controller. Data processed by the Controller may be disclosed to those who perform invoicing, claims management, distribution management, client information on behalf of the Controller, and to the bodies entitled by law to settle invoicing and distribution disputes. Subject to the legal obligation, the Controller may transfer the data to the competent national security bodies, investigative authorities and the courts for the purposes of protecting national security, defence and public security, prosecuting public offences and the unauthorised or unlawful use of the data, and to the bailiff under the provisions of the Act on Judicial Enforcement. Those receiving the data as described above are bound by the same confidentiality and privacy obligations as the Controller.
11. Your rights:
a) Request for information: You can use the contact details provided to ask us what data we process, on what legal ground, for what purpose, from what source and for how long, and we will respond by e-mail within 30 days.
b) Right to rectification: You can ask us to change any of your details using the contact details provided. We will take action on your request within 30 days at the latest, and we will send you an e-mail to your e-mail address.
c) Right to erasure: You can ask us to delete any of your data using the contact details provided. We will take action on your request within 30 days at the latest, and we will send you an e-mail to your e-mail address.
d) Right to blocking: You may request the restriction of the use of your data through the contact details provided if you contest its accuracy or lawfulness, or if you object to its processing, or if the Controller no longer needs the processing but you need it to exercise your rights. The blocking lasts as long as the reason you have given makes it necessary to blocking the data. At your request, we will do so promptly, but within 30 days at the latest, by sending you an e-mail to the e-mail address you provided.
e) On the basis of data portability, you have the right to receive personal data relating to you, which have been provided to the Controller in a structured, commonly used, machine-readable format, and the right to transfer such data to another controller without hindrance from the Controller to which you have provided the personal data.
a) Withdrawal: you can withdraw your consent to the processing of your data at any time by sending us an e-mail
g) Objection to processing you may object to the processing of your personal data using the contact details provided. We will examine the objection and decide whether it is justified within the shortest possible time from the date of the request, but not later than 15 days, and inform you of our decision by e-mail.
h) Profiling and restriction or objection to automated decision-making: Before or during the use of the service, you may limit the possibility of automated decision-making or profiling, or you may object to the resulting decision, request human intervention or express your views.
i) Complaints and remedies: You can contact us directly with a complaint about the processing of your data by sending us an e-mail at the address indicated in the contact form, which we will investigate and inform you in writing within 15 days of the outcome. If you consider that the lawfulness of the processing cannot be restored, you have the possibility to further enforce your rights by notifying the authority using the following contact details:
National Authority for Data Protection and Freedom of Information
Postal address: 1530 Budapest, P.O. Box. 5.
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Phone: (+36 1) 391-1400
Fax: (+36 1) 391-1410
E-mail: ugyfelszolgalat@naih.hu
www.naih.hu
If you do not agree with our decision as a result of the investigation, you have 25 days from the date of its notification to appeal to the court. The court acts out of turn. The court has jurisdiction to hear the case. You can also choose to bring the case before the court in your place of residence or domicile.
Name and contact details of the data protection officer:
Name: Dr. Tamás Zorkóczy
Address:
phone: +36 70 367 6617
email: office@zorkolegal.com
The data protection officer contributes to and assists in taking decisions related to processing and ensuring the rights of data subjects, and monitors compliance with the provisions of the legislation on processing, as well as internal privacy and data security policies and data security requirements. The data protection officer investigates the notifications received and, if they detects unauthorised processing, request the controller or processor to stop it, propose changes to the internal privacy and data security policy, maintain privacy records and ensure privacy education.
13. Legal regulations on which the processing is based
GDPR: REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (EU) 2016/679 (27 April 2016) – on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation 95/46/EC (General Data Protection Regulation)
Privacy Act: Act CXII of 2011 on the Right of Informational Self-determination and Freedom of Information (to be amended).
Public record: Act LXVI of 1995 on Public Records, Public Archives, and the Protection of Private Archives.
Public task: Government Decree 335/2005. (29 December) on the common provisions of the document management in public administrative bodies.
E-commerce: Act CVIII of 2001 on Electronic Trading Services and Certain Issues Concerning Services in an Information Society.
E-communication: Act C of 2003 on Electronic Communication.
Consumer Protection – Act XLVII of 2008 on the Prohibition of Unfair Trade Practices against Consumers;
Advertising Act: Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities
I have read the contents of the privacy notice and accept it, I consent to the processing of my personal data, and I expressly consent to the processing of my personal data by filling in the online form.