Privacy Policy

I. Data Controller Details:

Dr. Ágnes Lengyel Law Office ("law office"), as the data controller, hereby informs the visitors of its website lengyellegal.com, those who share information through the website, and its clients as data subjects about the data processing activities carried out by the law office, the personal data processed, and the purpose and legal basis of such data processing.

Data Controller

Dr. Ágnes Lengyel Law Office (hereinafter: Data Controller)

Registered Office

1111 Budapest, Lágymányosi utca 12. ground floor 2.

Mobile

+36 (70) 6106262

E-mail

info@lengyellegal.com

Registry

Budapest Bar Association (www.bpbar.hu)

Chamber ID Number (KASZ)

36064520

Office Registration No.

5583

Tax Number

19431420-2-43.

Electronic Admin. ID

19431420

Hosting Provider Details:

Name

BlazeArts Kft.

Registered Office

1096 Budapest, Thaly Kálmán utca 39.

Contact

info@forpsi.hu

II. General Legislation Serving as the Basis for Data Processing

• Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR)
• Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Infotv.)
• Act V of 2013 on the Civil Code (Ptk.)
• Act CXXVII of 2007 on Value Added Tax (VAT Act)
• Act C of 2000 on Accounting (Accounting Act)
• Act LXXVIII of 2017 on the Professional Activities of Attorneys (Üttv.)
• Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing (Pmt.)
• Act CXLI of 1997 on the Real Estate Register (Inytv.)
• Act CXXX of 2016 on the Code of Civil Procedure (Pp.)
• Act XX of 1996 on Identification Methods Replacing the Personal Identification Mark.

III. Definitions

Personal Data

any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing

any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data Controller

the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Data Processor

a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller.

Recipient

a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

In the course of processing personal data, our Law Office respects the following principles of the GDPR and acts in accordance with them.

• personal data shall be processed lawfully, fairly and in a transparent manner (lawfulness, fairness and transparency)
• personal data shall be collected for specified, explicit and legitimate purposes (purpose limitation)
• personal data shall be adequate, relevant and limited to what is necessary (data minimization)
• personal data shall be accurate and, where necessary, kept up to date (accuracy)
• personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary (storage limitation)
• personal data shall be processed in a manner that ensures appropriate security (integrity and confidentiality)
• the Data Controller shall be responsible for, and be able to demonstrate compliance with the above (accountability)

IV. Data Processing Activities

IV.1 Data processing related to the website

IV.1.1 Use of Cookies

Our Law Office's website, lengyellegal.com, collects data about website usage through so-called cookies to track visitor activity and enhance user experience.

A cookie is a piece of data sent by the website to the data subject's browser, which stores certain data to restore original settings during a return visit. The purpose is to save the internet settings of the website you visited so that if you visit the same site from the same device again, the page will remember the set parameters.

The purposes of using cookies are:

• to ensure the website is functional,
• to guarantee website security,
• to make the website convenient to use,
• to provide statistical information necessary for the development of content and services to the website operators.

The cookies used on the website can be classified into four groups:

• essential cookies,
• marketing cookies,
• functional cookies,
• analytics cookies.

The use of cookies strictly necessary for operation does not require the user's special consent, as the website would not function without them. For all other types of cookies, we require your consent. You can view and set the cookies currently used on the website in the pop-up window upon entering the site.

By clicking the 'Accept' button, you accept all the above cookies. By clicking the 'Reject' button, only essential cookies will be applied, while marketing, functional, and analytical cookies will not.

All modern browsers allow changing cookie settings. Please note that since cookies aim to facilitate or enable the usability and processes of our website, preventing or deleting them may result in you being unable to use the website's functions fully or the website operating differently than intended. You can find information about cookie settings for the most popular browsers at the following links:

• Google Chrome
• Firefox
• Microsoft Internet Explorer 11
• Microsoft Internet Explorer 10
• Microsoft Internet Explorer 9
• Microsoft Internet Explorer 8
• Microsoft Edge
• Safari

IV.1.2 Online Contact Form

It is possible to send messages via the Contact page. (At least a name and email address are required; phone number and company name are optional.) By sending the message, you consent to us recording your personal data and using it for contact purposes. Please be advised that sending a message does not, in itself, establish an attorney-client relationship. The purpose of data processing is to enable communication with you.

The legal basis for processing in connection with the contact form is your consent (GDPR Article 6(1)(a)). Providing data is voluntary. If you do not provide the necessary data, we cannot contact you.

We retain your data for 1 year from the contact date if no contract is established. If a contract is established, we retain your data for 5 or 10 years pursuant to Section 53 (3) and (5) of the Act on the Professional Activities of Attorneys (Üttv.).

IV.2 Data processing within attorney mandates and attorney identification

The attorney processes personal data during attorney activities pursuant to Section 27 of the Üttv. The scope of processed data may be determined by legislation (e.g., mandatory contract elements) or by the request of an authority, court, or notary in specific proceedings.

For the attorney, fulfilling the following legal obligations involves processing personal data:

• Data processing related to identification (Üttv. Section 32 (1))
• Data processing related to the register of cases involving mandatory legal representation (Üttv. Section 33 (1))
• Data processing related to the register of identified legal persons and other organizations (Üttv. Section 32 (1))
• Data processing related to the countersigning of documents (Üttv. Sections 32 and 53)
• Data processing related to the conversion of paper-based documents into electronic format
• Data processing related to attorney deposits (Üttv. Section 158, Point 7.4 of MÜK Regulation 7/2018)
• Data processing related to case registration (Üttv. Section 53)
• Data processing for the prevention of money laundering and terrorist financing (Pmt. Sections 6-7)

The duration of data processing related to these obligations lasts for the period specified in the relevant legislation:

• For identification (Üttv. Section 32 (1)): 8 years from the termination of the contract; in case of a legal dispute, 5 years following its conclusion if that is later.
• For the register of cases with mandatory representation: 8 years from the termination of the contract.
• For countersigning documents: 10 years following countersignature; in real estate matters, 10 years from the registration of the right in the public register.
• For attorney deposits: 10 years from the termination of the deposit agreement.
• For case registration: 5 years following the termination of the mandate; 10 years if a document was countersigned.
• For money laundering prevention (Pmt.): 8 years from the termination of the contract.

Furthermore, the attorney processes contact data of representatives and partners of contractual partners and clients. The legal basis is the legitimate interest of the controller (GDPR Article 6(1)(f)) to ensure business continuity. We store this data for 8 years from the termination of the contract.

In some cases, data may be transferred to cooperating law offices, substitutes, or consultants based on the legitimate interest of the attorney and client (GDPR Article 6(1)(f)) to involve specialized experts or ensure replacement.

IV.3 Data processing related to the internal whistleblowing system

Pursuant to Section 194/A of Act LXXVIII of 2017, the internal whistleblowing system is operated by the Hungarian Bar Association. Regarding the personal data provided during whistleblowing, the Hungarian Bar Association is considered the data controller. Further information: www.mük.hu/panaszbejelentes.

V. Data Security

The Data Controller ensures password protection for electronically stored data and physical protection for paper-based data to prevent unauthorized access.

VI. Recipients of Personal Data

Your data may be accessed by the attorney and any cooperating or substitute attorneys approved by you in the engagement agreement, power of attorney, or otherwise. Personal data may be transferred for data processing purposes to the attorney’s archiving, accounting, and IT service providers. Address data will be transferred to Magyar Posta (Hungarian Post) or the designated courier service for mailing purposes. Billing data will be shared with the company performing the attorney's accounting. Personal data may also be transmitted to acting authorities, courts, opposing parties, and third parties according to the purpose of the mandate and data processing. If the attorney fulfills the mandate with the involvement of another attorney or law office, personal data will be transferred to the cooperating attorney in such cases. Furthermore, personal data may be transferred to other persons involved in fulfilling the attorney mandate (e.g., experts) or other persons used in connection with the fulfillment of the mandate whose involvement or use has been approved by the client.

In litigation or administrative proceedings, data may be transferred to the acting authorities, notaries, courts, and the opposing party. Data processors may process personal data based on a written contract with the attorney, solely according to the attorney’s instructions and exclusively in connection with the purposes indicated above. They are entitled to process the data until the time of delivery of the processed data or data destruction following the termination of the contract related to data processing, or within the period during which the attorney is entitled or obliged to process the data. The attorney uses only such data processor(s) who provide(s) sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of the GDPR and ensure the protection of the rights of the data subject.

VII. Transfer to Third Countries

The Data Controller does not transfer data to third countries.

VIII. Automated Decision-Making

No automated decision-making takes place at the law office.

IX. Rights of the Data Subject

Data Subjects may contact the Law Office using the contact details provided in Point I to exercise the following rights:

IX.1 Right of Access: You have the right to receive feedback from the Data Controller on whether your personal data is being processed. If such processing is taking place, you are entitled to access the personal data and the information specified in Article 15 of the GDPR (e.g., purposes of processing, categories of data, recipients, duration of storage).

IX.2 Right to Rectification: You have the right to request that the Data Controller rectify inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed.

IX.3 Right to Erasure ('Right to be Forgotten'): You have the right to request the erasure of your personal data if it is no longer necessary for the original purpose, if you withdraw your consent (and there is no other legal basis), or if the data has been processed unlawfully. Please note that erasure cannot be requested if processing is necessary for compliance with a legal obligation or for the establishment, exercise, or defense of legal claims.

IX.4 Right to Object: You have the right to object to the processing of your personal data at any time if the processing is based on the legitimate interests of the Data Controller or a third party. In this case, the Data Controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing.

IX.5 Right to Restriction of Processing: You may request the restriction of processing if you contest the accuracy of the data, if the processing is unlawful but you oppose erasure, or if the Data Controller no longer needs the data but you require them for legal claims.

IX.6 Right to Data Portability: You have the right to receive the personal data concerning you, which you provided to the Data Controller, in a structured, commonly used, and machine-readable format, and have the right to transmit those data to another controller.

IX.7 Right to Lodge a Complaint with the Supervisory Authority: The Data Subject is entitled to lodge a complaint with the supervisory authority if the Data Subject considers that the processing of personal data relating to him or her is unlawful or violates the provisions of the GDPR.

Authority

National Authority for Data Protection and Freedom of Information (NAIH)

Postal Address

1363 Budapest, Pf.: 9.

E-mail

ugyfelszolgalat@naih.hu

Phone

+36 (1) 391-1400

Furthermore, you are entitled to seek judicial remedy against the Data Controller or Data Processor if you experience unlawfulness in the processing of your personal data. The court acts with priority in such cases. In this case, you are free to decide whether to file your claim before the regional court (törvényszék) competent based on your place of residence or stay. The contact details for regional courts are available at: https://birosag.hu/torvenyszekek

Before lodging a complaint, we kindly ask you to contact us with your questions or concerns using the contact details provided in Point I. Our staff will be happy to provide information and assistance.

The Data Controller reserves the right to unilaterally modify this Privacy Policy. This policy may be amended in particular if necessary due to changes in legislation, data protection authority practice, business needs, or other circumstances.