Data Processing
I. INTRODUCTION
Bitai Ügyvédi Iroda / Bitai Law Firm (hereinafter referred to as „Law Firm”) is committed to protecting personal data of its clients and partners, with special regard to respecting the right of informational self-determination of its clients. The Law Firm manages personal data as confidential information and takes all safety, technical and organizing measures to ensure the protection of data.
Bitai Law Firm hereby informs its clients and the visitors about the personal data processed by it, the practice followed in course of processing personal data, the measures taken in order to protect personal data, and about the way and possibilities of exercising the rights of data subjects.
This document on privacy policy sets out the following:
The type of your personal data we collect and process in the course of partnership or client relationship related to our website, newsletter and online services;
Where we gain such data from;
What we use such data for;
How we store such data;
Whom we forward such data to/ provide access to such data;
How we observe your data protection rights;
How we comply with data protection provisions.
The privacy policy principles are in line with effective data protection regulations, thus especially with the following:
Act CXII of 2011 on the Right of Informational SelfDetermination and on Freedom of Information (hereinafter referred to as Privacy Act);
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR);
Act V of 2013 on the Civil Code (Civil Code);
Act C of 2000 on Accounting (Accounting Act);
Act CXXXVI of 2007 on the Prevention and Combating of Money Laundering and Terrorist Financing (PCMLTF);
II. DATA PROCESSOR
Name: Bitai Ügyvédi Iroda / Bitai Law Firm
Postal address: 1021 Budapest Tárogató út 47-49.
Managing Attorney at Law: Dr. Bitai Zsófia LL.M.
Registration: Budapest Bar Association, reg.no. 36057691
Email: info@bitailegal
www.bitailegal.com
III. WHAT TYPE OF PERSONAL DATA DO WE COLLECT?
Data management by the Law Firm is based on contract, voluntary consent, general business interest of the parties involved and on relevant legislation. In case of data management subject to voluntary consent you are entitled to revoke your consent at any stage of data management and you are entitled to practice your right related to the access, rectification, restriction and erasure of your data.
Any information suitable for identifying you, e.g. your name, contact info etc. and information related to the usage of our website by which you are directly or indirectly identifiable, constitute personal data.
We may collect personal data when you browse our website, participate at our events, sign up for our legal newsletter or contact us etc.
We collect personal data, particularly the following type:
First name
Surname
Company name
Email address
Photo
Information related to browsing our website, our pages on Facebook and Linkedin;
Any form of communication with or addressed to us, in letter, email, by phone, or via social media.
Your location based on the real time IP address of your computer or device, when using location based services and allow this function on your computer or device.
IV. WHY, HOW LONG AND WHAT DO WE USE YOUR PERSONAL INFORMATION FOR?
Personal data is primarily used for direct business relationship based on contract, legitimate interest or user consent. No further notification is provided to you, all issues related to privacy policy are defined in this document. You have the right to decline the management of your data for general business or client relationship. In this case, your data will no longer be processed for such purposes.
If your data is collected for purposes other than business relationship, we notify you about the relevant regulatory provisions and request your preliminary written consent.
We may use your personal data for the following purposes:
keeping business contact,
attorney-client communication,
contacting, legal newsletters, organizing events, writing publications and articles,
organizing events connected to the professional activities of the Law Firm,
Administrative and legal purposes: your data is used for statistical and marketing analyses, remarketing/marketing purposes, system testing, customer satisfaction surveys, maintenance and development purposes as well as for litigating disputed issues or legal claims. Please note that based on your data we may do profiling for statistical and marketing analyses. For profiling we will need your preliminary consent and we seek to use the data adequately. By submitting any personal data, you expressly agree that we may use them for profiling purposes in accordance with this privacy policy;
Security and administrative measures, health protection, prevention/detection of crime: in compliance with our legal obligation we are entitled to provide personal data to authorities and law enforcement agencies;
Client service communication: we use your data to keep in touch with you, our clients, and to improve our services and your user experience;
Marketing: from time to time we will send you marketing materials electronically about our services, legal news, our events etc., if you agreed to receive such materials. In this case you can indicate whether you wish to subscribe or unsubscribe from such emails. In addition, in all forms of electronic communication you may indicate that you do not want to receive direct marketing materials from us anymore
We process your personal data only for those purposes and cases in which we have the legal basis to do so. The legal basis depends on the purpose of collecting and processing personal data.
We may process your personal data for the following reasons, as well:
You agreed to the processing of your personal data (e.g. for marketing purposes);
To protect your or another person’s fundamental interests (e.g. in case of emergency);
Children of minimum 16 years of age may give their personal consent. For minors below this age, parents or legal guardians shall provide consent.
We retain your data until the consent is withdrawn or the statutory deadline expires.
We do not retain your data after the purpose of processing is achieved. When determining the appropriate retaining time, we take into account the quantity, nature and sensitivity of personal data and the purpose of processing them and we consider whether these purposes may be achieved by other means.
V. DISCLOSING YOUR PERSONAL DATA
In order to comply with data protection purposes we may disclose your data to other law firms included by the same network as the Law Firm, to our contractors, associated and cooperating law firms and attorneys within the European Union in order to process data obtained through our website and/or to operate, maintain or manage our website, its services and content in accordance with this privacy policy. We do not disclose your personal data to third countries or international organizations outside the European Union.
We will notify you before disclosing your personal data to any service provider located outside the European Economic Area.
When using external companies or professionals for processing those personal data which were not provided by you, these companies or professionals are entitled to process such data exclusively in the course of performing the particular task, ensuring compliance with this privacy policy.
International data exchange
We disclose personal data to countries outside the European Economic Area only if the following conditions are met:
if the transmit of data takes place at a location considered by the European Commission as secure for protecting personal data; or
if we have taken the appropriate measures, for instance we entered into an agreement with a data recipient regarding the transmit of data corresponding to the measures defined by the European Commission or a data protection authority. You may request a copy of such agreements via our contact; or
if you consented to the transmit of your data, or we are legally entitled to do so.
In addition, we may disclose your personal data to the following external parties in accordance with the objectives of this privacy policy:
Our permanent partners:
Hosting provider: MikroVPS Kft. (1096 Budapest, Sobieski János utca 19-21/A)
Accounting services: Globalprofit Kft. (1064 Budapest, Izabella utca 77. 3. em. 3.)
Web development services: Borítás Viktor
Marketing service providers: Princz Viktória
System Administrator: Kornos Péter
Associated/Cooperating Attorneys: Dr. Drjenovszky Katalin, Dr. Mosolygó Mónika and Dr. Tréki-Tóth Péter
Regulatory Manager: Dr. Tóth Karolina e.v. Amsztmann Róbert e.v. (1021 Budapest, Hűvösvölgyi út 64-66.)
Technical consulting: MIX Bt. (1224 Budapest Kakukkhegyi út 11.), Amsztmann Róbert e.v.
Email marketing platform: MailChimp (The Rocket Science Group, LLC 675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308 USA)
Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2)
Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)
Government authorities, regulatory bodies; we disclose your data in compliance with legal provisions when it is required for the prevention and detection of fraud or criminal offense and/or for the maintenance of network and data security;
Reliable service providers assisting our work, including agencies to support postal or courier services, newsletter distribution, promotions, games with marketing, remarketing and email marketing service providers of cloud based services;
Legal and other specialized advisors, courts and enforcement agencies;
Social media: you may access social media services of third parties via our website. Please check out the privacy policy of such social media service providers in order to learn more about the procedures.
VI. STORING PERSONAL DATA, SECURITY OF DATA MANAGEMENT
The Law Firm performs electronic data processing and storing with the help of an IT software conforming to data security provisions. The software ensures that under controlled conditions only authorized persons shall have access to the specific data when it is necessary for them to perform their work. IT systems are protected by firewall and virus protection. The IT systems and other data storage devices are located at the registered seat, its branch office and its data processors. The Law Firm ensures that under controlled conditions only authorized persons shall have access to the specific data when it is necessary for them to perform their work.
When selecting and operating IT tools for personal data management the Law Firm pays special attention to ensure that:
processed data is accessible only for authorized persons (availability);
the validity and authentication of data is guaranteed (credibility of data management);
the integrity of processed data can be verified (data integrity);
processed data is protected against unauthorized access (data confidentiality).
The Law Firm takes all necessary measures to protect personal data, in particular from unauthorized access, rectification, forwarding, publishing, erasure or destruction, as well as from accidental destruction, damage or inaccessibility due to the changing of applied technology.
In order to protect electronically managed data in its registers the Law Firm ensures that stored data cannot be directly linked to data subjects – unless it is permitted by law.
With regard to the current development level of technology the Law Firm ensures the protection of data by technical, organizational and structural measures providing appropriate level of protection against any data management risks that may occur.
When managing data, the Law Firm ensures
confidentiality: protects data so that only authorized persons can have access to them;
integrity: protects the accuracy and integrity of data and of the method of processing;
availability: ensures that when an authorized person needs to access information they are able to do so, and all necessary tools are available.
VII. CONTACTING
You can contact data processor via the contact information indicated in this document and on the website.
The Law Firm deletes all received emails with the name and email address of the sender, the date, time and any other personal data contained in the email after maximum five years.
VIII. OTHER DATA MANAGEMENT
On other data management not included here, we inform the data subject when submitting such data.
Please note that required by the court, prosecutor’s office, investigating authority, offence authority, administrative authority, the Hungarian National Authority for Data Protection and Freedom of Information, the Central Bank of Hungary and relevant regulations data processors may be required to provide access to personal data.
If the authority indicated the exact purpose and type of required data, the Law Firm may disclose such data only to the extent that is absolutely necessary for the purpose of the request.
IX. COOKIES, TRACKING, WEB ANALYTICS, SOCIAL MEDIA INTEGRATION AND GOOGLE ADWORDS COOKIES
For providing customized services the service provider places small files (so called cookies) to the user’s computer which carry information from one visit to the next. When the browser sends a previously saved cookie, the service provider may link the user’s visit to previous one(s) related exclusively to its own content.
Purpose of data management: to identify users, differentiate them, to identify the current sessions of users, to store data submitted during these sessions, to prevent data loss, the track users and to conduct web analytics.
The legal basis for data management: data management for statistical and direct marketing purposes, provision of appropriate user experience and proper functioning of the website (legitimate interest of data subjects) and/or the consent of data subjects.
The HTML code of websites operated by data processor may contain external links from independent, external servers with reference to external servers for web analytics purposes. Analytics cover the tracking of conversions. The web analytics service provider manages data exclusively related to web browsing and does not manage personal data suitable for identifying users. Currently, web analytic services are performed by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043), in the course of Google Analytics services.
Data processor runs so called remarketing advertisements via Facebook and Google AdWords advertising channels. These service providers may collect or gain data from the website of data processor and other sites through cookies, web beacons and related technologies. By gathering and analyzing such data they provide analytic services and target advertisements. Ads targeted this way are then launched on multiple sites within the partner network of Facebook and Google. Remarketing lists do not contain personal data of visitors, they are not suitable for personal identification.
Users may block the usage of cookies on their own computer/device and may prohibit them with their browser. These settings –depending on the particular browser- can typically be reviewed at Tools/Settings/Privacy/History/Customized settings tab. Potential consequences of the lack of data management: the functions of the website are not completely available, analytics are inaccurate.
Google Analytics
The websites of our Law Firm may use Google Analytics services, provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) („Google“) as web analytics services. Google Analytics uses cookies.
Your IP address is identified by Google Analytics cookies. Before storing or analyzing the address it is shortened hence anonymized, when it is technically possible.
After anonymizing personal data, they lose personal attributes.
Anonymization takes place within the European Union and the European Economic Area. The complete IP address is transmitted for shortening to the Google server located in the U.S. only in exceptional cases.
We use data collected by Google Analytics cookies to analyze user behavior of visitors to our website.
Google does not merge your IP address gained from its browser related to Google Analytics services with other data.
You may block the storage of Google Analytics cookies in your browser settings (for more information please read point VI. on cookies). Please note that by blocking cookies you may not be able to use all functions of the website.
In addition, you may refuse to have your data analyzed by Google Analytics by downloading and installing the browser tool from here: http://tools.google.com/dlpage/gaoptout?hl=en.
Google Remarketing
On our website we use Google Remarketing, the remarketing service by Google, as well.
These service providers may collect or gain data from the website of data processor and other sites through cookies, web beacons and related technologies. By gathering and analyzing such data they provide analytic services and target advertisements. Ads targeted this way are then launched on multiple sites within the partner network of Facebook and Google. Remarketing lists do not contain personal data of visitors, they are not suitable for personal identification.
You can block the use of Google cookies in the Google ad settings. Via the unsubscribe tab of Network Advertising Initiative you can block the cookies of external service providers, as well.
Facebook Remarketing
On our website we use the so called Facebook pixel operated by Facebook Inc. (1 Hacker Way, Menlo Park, CA 94025, USA), or Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) („Facebook“) within the EU. By Facebook pixel Facebook can manage visitors to our website as a target group to launch ads (so called Facebook ads). Accordingly, we use Facebook pixel to ensure that embedded Facebook ads appear for those targeted users who may be interested to see our offers. Hence Facebook pixel is suitable for customizing Facebook ads to potential fields of interest of users and avoid irrelevant information spamming. In addition, with the help of Facebook pixel we can analyze the efficiency of our Facebook ads for statistics and market research revealing whether visitors to our website clicked on a Facebook ad to find us.
When opening our website Facebook directly embeds Facebook pixel which places a cookie (a small file) on your device. When signing in to Facebook again, or visiting Facebook sites while signed in, your visit to our website is recorded in your profile. Data gained about you this way are completely anonymous for us, therefore we are not able to identify you. Such data are stored and analyzed by Facebook thus they can be linked to the user’s profile. Facebook manages data in accordance with its own privacy policy. You may find more information on remarketing pixel and Facebook ads in general at: https://www.facebook.com/policy.php. You can block data storage by Facebook pixel and the usage of your data for targeting Facebook ads.
In order to do so open your Facebook page and follow the instructions on customizing settings at: https://www.facebook.com/settings?tab=ads, for the US site visit: http://www.aboutads.info/choices/, for the EU site visit http://www.youronlinechoices.com/. Settings are platform neutral hence they apply to computers and mobile devices alike.
Facebook button
Our websites display the social plugins of Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) („Facebook“). Plugins are displayed as Facebook icons (white letter „f” in a blue box, „Like” icon with a thumb up) and „Facebook Social Plugin“. The list and descriptions of Facebook social plugins are available here: https://developers.facebook.com/docs/plugins/.
When using a function which contains any of the above plugins, your device is directly linked to Facebook servers. The content of the plugin is transmitted to your device directly by Facebook. From the processed data user profiles can be generated. We cannot influence what kind of data is gained by Facebook by plugins therefore we inform users based on our information.
By embedding plugins Facebook is notified that you opened the particular website. If you are signed in to your Facebook account, the information on this visit can be linked to your Facebook account. When interacting with the plugin, for instance you click on the Like button or comment, the data are directly transmitted from your device to Facebook and will be stored by Facebook. If you are not registered to Facebook, your IP address may still be stored by Facebook.
For more detailed information on the objectives and scope of gaining, processing and using data by Facebook as well as on the right of protection of privacy and settings visit the privacy policy of Facebook at: https://www.facebook.com/about/privacy/.
If you are registered to Facebook and do not want Facebook to gain data when visiting our website and link them to your Facebook profile, please sign out of Facebook and delete cookies before using our online functions. For further settings and blocking of data for advertising purposes please visit your
Facebook profile settings: https://www.facebook.com/settings?tab=ads, the US site is available at: http://www.aboutads.info/choices/, the EU site is available at: http://www.youronlinechoices.com/. Settings are platform neutral hence they apply to computers and mobile devices alike.
For more information on Google and Facebook privacy policy visit: http://www.google.com/privacy.html and https://www.facebook.com/about/privacy/
X. SOCIAL MEDIA SITES
Our Facebook site:
Our Law Firm operates the following Facebook sites:
www.facebook.com/bitailegal
Only those data are available for us on your Facebook profile which are public, therefore the information accessible for us is subject to your Facebook account settings on your publicly available information. In Facebook privacy settings you can set which information you wish to display publicly and which you want to restrict (e.g. your photos, list of friends may be displayed for your friends only).
On our Facebook site we may gain data from you when you:
follow us
like our page
comment on, like our photos or posts
post a review of our page
upload a photo or other content to our page
send us a private message
add a visitor post to our page
In any case, we manage your data solely for the purpose of responding to you, your Facebook data will not be retrieved.
XI. YOUR PRIVACY RIGHTS, LEGAL REMEDIES
You may request information about the processing of your personal data, request the rectification, erasure or withdrawal of your personal data, except for mandatory processing, exercise your right to data portability and objection in the manner indicated when you collected the data or by contacting the controller at the above contact details.
RIGHT TO INFORMATION:
The Agency shall take appropriate measures to provide data subjects with all the information on the processing of personal data referred to in Articles 13 and 14 of the GDPR and each of the information referred to in Articles 15 to 22 and 34 of the GDPR in a concise, transparent, intelligible and easily accessible form, in clear and plain language.
The right to information may be exercised in writing through the contact details indicated in point II. Upon request, information may also be provided orally, after proof of your identity has been provided.
YOUR RIGHT OF ACCESS TO YOUR DATA:
You have the right to receive feedback from the controller as to whether or not your personal data are being processed and, if such processing is ongoing, the right to access your personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom or with which the personal data have been or will be disclosed, including in particular recipients in third countries or international organisations; the envisaged period of storage of the personal data; the right to rectification, erasure or restriction of processing and the right to object; the right to lodge a complaint with a supervisory authority; information on the data sources; the fact of automated decision-making, including profiling, and clear information on the logic used and the significance of such processing and its likely consequences for the data subject. In the event of transfer of personal data to a third country or international organisation, you are entitled to be informed of the appropriate safeguards for the transfer.
The Agency will provide you with a copy of the personal data that are the subject of the processing. For additional copies requested by you, the controller may charge a reasonable fee based on the administrative costs. At the request of the data subject, the Agency shall provide the information in electronic form.
The controller shall provide the information within a maximum of one month from the date of the request.
RIGHT OF RECTIFICATION:
You may request the correction of inaccurate personal data concerning you processed by the Agency and the completion of incomplete data.
RIGHT TO ERASURE:
You have the right to have the personal data concerning you erased by the Firm without undue delay at your request if one of the following grounds applies:
the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
you withdraw your consent on the basis of which the processing was carried out and there is no other legal basis for the processing;
you object to the processing and there are no overriding legitimate grounds for the processing;
the personal data have been unlawfully processed;
the personal data must be erased in order to comply with a legal obligation under Union or Member State law applicable to the controller;
the personal data have been collected in connection with the provision of information society services.
The erasure of the data may not be initiated if the processing is necessary: for the exercise of the right to freedom of expression and information; for compliance with an obligation under Union or Member State law to process personal data or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for public health purposes or for archiving, scientific or historical research purposes or statistical purposes in the public interest; or for the establishment, exercise or defence of legal claims.
THE RIGHT TO RESTRICTION OF PROCESSING:
At your request, the Agency will restrict the processing of your data if one of the following conditions is met:
You contest the accuracy of the personal data, in which case the restriction shall apply for the period of time necessary to allow the accuracy of the personal data to be verified;
The processing is unlawful and you oppose the erasure of the data and request instead the restriction of their use;
the controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or
you have objected to the processing; in this case, the restriction shall apply for the period until it is established whether the legitimate grounds of the controller override the legitimate grounds of the data subject.
Where processing is subject to restriction, personal data may be processed, except for storage, only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the Union or of a Member State.
The Agency will inform you in advance of the lifting of the restriction on processing.
THE RIGHT TO DATA PORTABILITY:
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used, machine-readable format and to transmit this data to another controller.
RIGHT TO OBJECT:
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions. In the event of an objection, the controller may no longer process the personal data, unless there are compelling legitimate grounds for doing so which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data is processed for the purposes of a direct general business and consumer relationship, you have the right to object at any time to the processing of personal data concerning you for those purposes, including profiling, where it relates to the direct business and consumer relationship.
In the event of an objection to the processing of personal data for the purposes of a general business and consumer relationship, the data may not be processed for those purposes.
AUTOMATED DECISION-MAKING IN INDIVIDUAL CASES, INCLUDING PROFILING:
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
The above right shall not apply where the processing
necessary for the conclusion or performance of a contract between you and the controller;
is permitted by Union or Member State law applicable to the controller which also lays down appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; or
is based on your explicit consent.
RIGHT OF WITHDRAWAL:
You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of the processing based on consent prior to its withdrawal.
PROCEDURAL RULES:
The controller shall, without undue delay and in any event within one month of receipt of the request, inform the data subject of the action taken on the request pursuant to Articles 15 to 22 of the GDPR. If necessary, taking into account the complexity of the request and the number of requests, this time limit may be extended by a further two months.
The controller shall inform you of the extension, stating the reasons for the delay, within one month of receipt of the request. If you have made the request by electronic means, the information shall be provided by electronic means unless you request otherwise.
If the controller fails to act on your request, it shall inform you without delay and at the latest within one month of receipt of the request of the reasons for the failure to act and of your right to lodge a complaint with a supervisory authority and to seek judicial remedy.
The Office will provide the information and advice requested free of charge. If your request is manifestly unfounded or excessive, in particular because of its repetitive nature, the controller may charge a reasonable fee, taking into account the administrative costs of providing the information or information requested or of taking the action requested, or refuse to act on the request.
The controller shall inform each recipient to whom or with which the personal data have been disclosed of any rectification, erasure or restriction of processing that it has carried out, unless this proves impossible or involves a disproportionate effort. The controller shall inform the data subject, at his or her request, of these recipients.
The controller shall provide the data subject with a copy of the personal data which are the subject of the processing. For additional copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject has made the request by electronic means, the information shall be provided in electronic format unless the data subject requests otherwise.
COMPLAINT:
If you have a problem with the processing of your data by the Office, please contact us.
RIGHT TO APPLY TO THE COURTS:
The data subject may take the controller to court in case of a breach of his/her rights. If the data controller has a right to data protection, the data controller may lodge a complaint with the court.
Data protection authority procedure:
A complaint can be lodged with the National Authority for Data Protection and Freedom of Information:
Name: National Authority for Data Protection and Freedom of Information
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal address: 1530 Budapest, PO Box 5.
Phone: 06.1.391.1400
Fax: 06.1.391.1410
E-mail: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu
XII Amendments to the Privacy Policy
Our Privacy Policy may be amended from time to time. We will post any changes to these statements on our website or notify you by e-mail.