Bitai Ügyvédi Iroda / Bitai Law Firm (hereinafter referred to as „Law Firm”) is committed to protecting personal data of its clients and partners, with special regard to respecting the right of informational self-determination of its clients. The Law Firm manages personal data as confidential information and takes all safety, technical and organizing measures to ensure the protection of data.
Bitai Law Firm hereby informs its clients and the visitors about the personal data processed by it, the practice followed in course of processing personal data, the measures taken in order to protect personal data, and about the way and possibilities of exercising the rights of data subjects.
- The type of your personal data we collect and process in the course of partnership or client relationship related to our website, newsletter and online services;
- Where we gain such data from;
- What we use such data for;
- How we store such data;
- Whom we forward such data to/ provide access to such data;
- How we observe your data protection rights;
- How we comply with data protection provisions.
- 2011. Act CXII of 2011 on the Right of Informational SelfDetermination and on Freedom of Information (hereinafter referred to as Privacy Act);
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR);
- 2013. Act V of 2013 on the Civil Code (Civil Code);
- 2000. Act C of 2000 on Accounting (Accounting Act);Act CXXXVIof
- 2007. 2007 on the Prevention and Combating of Money Laundering and Terrorist Financing (PCMLTF);
II. DATA PROCESSOR
Name: Bitai Ügyvédi Iroda / Bitai Law Firm
Postal address: 1021 Budapest Tárogató út 47-49.
Managing Attorney at Law: Dr. Bitai Zsófia LL.M.
Registration: Budapest Bar Association, reg.no. 36057691
III. What Type Of Personal Data Do We Collect?
Data management by the Law Firm is based on contract, voluntary consent, general business interest of the parties involved and on relevant legislation. In case of data management subject to voluntary consent you are entitled to revoke your consent at any stage of data management and you are entitled to practice your right related to the access, rectification, restriction and erasure of your data.
Any information suitable for identifying you, e.g. your name, contact info etc. and information related to the usage of our website by which you are directly or indirectly identifiable, constitute personal data.
We may collect personal data when you browse our website, participate at our events, sign up for our legal newsletter or contact us etc.
We collect personal data, particularly the following type:
- First name
- Company name
- Email address
- Information related to browsing our website, our pages on Facebook and Linkedin;
- Any form of communication with or addressed to us, in letter, email, by phone, or via social media.
- Your location based on the real time IP address of your computer or device, when using location based services and allow this function on your computer or device.
- In case of applying for a job advertisement, the data given in the CV: studies, qualification, professional experience, foreign languages, driving license, computer skills.
IV. WHY, HOW LONG AND WHAT DO WE USE YOUR PERSONAL INFORMATION FOR?
If your data is collected for purposes other than business relationship, we notify you about the relevant regulatory provisions and request your preliminary written consent.
We may use your personal data for the following purposes:
- keeping business contact,
- attorney-client communication,
- contacting, legal newsletters, organizing events, writing publications and articles,
- In case of applying for a job advertisement: managing the data given in the CV sent to us in order to fill the advertised position or, if agreed, storing it in the database for a possible future employment.
- Organizing events connected to the professional activities of the Law Firm
- Security and administrative measures, health protection, prevention/detection of crime: in compliance with our legal obligation we are entitled to provide personal data to authorities and law enforcement agencies;
- Client service communication: we use your data to keep in touch with you, our clients, and to improve our services and your user experience;
- Marketing: from time to time we will send you marketing materials electronically about our services, legal news, our events etc., if you agreed to receive such materials. In this case you can indicate whether you wish to subscribe or unsubscribe from such emails. In addition, in all forms of electronic communication you may indicate that you do not want to receive direct marketing materials from us anymore.
We process your personal data only for those purposes and cases in which we have the legal basis to do so. The legal basis depends on the purpose of collecting and processing personal data.
We may process your personal data for the following reasons, as well:
- You agreed to the processing of your personal data (e.g. for marketing purposes);
- To protect your or another person’s fundamental interests (e.g. in case of emergency);
Children of minimum 16 years of age may give their personal consent. For minors below this age, parents or legal guardians shall provide consent.
We retain your data until the consent is withdrawn or the statutory deadline expires. In case of applying for a job advertisement, we retain it until the end of the given job advertisement, or if consent is given for further data storage, then until the withdrawal of the consent.
We do not retain your data after the purpose of processing is achieved. When determining the appropriate retaining time, we take into account the quantity, nature and sensitivity of personal data and the purpose of processing them and we consider whether these purposes may be achieved by other means.
V. DISCLOSING YOUR PERSONAL DATA
International data exchange
We disclose personal data to countries outside the European Economic Area only if the following conditions are met:
- if the transmit of data takes place at a location considered by the European Commission as secure for protecting personal data;
- or if we have taken the appropriate measures, for instance we entered into an agreement with a data recipient regarding the transmit of data corresponding to the measures defined by the European Commission or a data protection authority. You may request a copy of such agreements via our contact;
- or if you consented to the transmit of your data, or we are legally entitled to do so.
Our permanent partners:
- Hosting provider: MikroVPS Kft. (1096 Budapest, Sobieski János utca 19-21/A)
- Accounting services: Globalprofit Kft. (1064 Budapest, Izabella utca 77. 3. em. 3.)
- Web development services: Borítás Viktor e.v. (3525 Miskolc, Régiposta utca 16.)
- Marketing service providers: Princz Viktória e.v. (1026 Budapest, Pasaréti út 121-123., fszt. 3.)
- System Administrator: Kornos Péter
- Associated/Cooperating Attorneys: Dr. Drjenovszky Katalin (1016 Budapest, Fém utca 6., fszt. 2.), Dr. Mosolygó Mónika (1024 Budapest, Ezredes utca 13.) and Dr. Tréki-Tóth Péter (1055 Budapest, Honvéd utca 22.)
- Regulatory Manager: Dr. Tóth Karolina e.v. (1021 Budapest, Hűvösvölgyi út 64-66.), Amsztmann Róbert e.v. (1021 Budapest, Hűvösvölgyi út 64-66.)
- Technical consulting: MIX Bt. Technical consulting: MIX Bt. (1224 Budapest Kakukkhegyi út 11.), Amsztmann Róbert e.v. (1021 Budapest, Hűvösvölgyi út 64-66.)
- Email marketing platform: MailChimp (The Rocket Science Group, LLC 675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308 USA)
- Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2)
- Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)
- Government authorities, regulatory bodies; we disclose your data in compliance with legal provisions when it is required for the prevention and detection of fraud or criminal offense and/or for the maintenance of network and data security;
- Reliable service providers assisting our work, including agencies to support postal or courier services, newsletter distribution, promotions, games with marketing, remarketing and email marketing service providers of cloud based services;
- Legal and other specialized advisors, courts and enforcement agencies;
VI. STORING PERSONAL DATA, SECURITY OF DATA MANAGEMENT
The Law Firm performs electronic data processing and storing with the help of an IT software conforming to data security provisions. The software ensures that under controlled conditions only authorized persons shall have access to the specific data when it is necessary for them to perform their work. IT systems are protected by firewall and virus protection. The IT systems and other data storage devices are located at the registered seat, its branch office and its data processors. The Law Firm ensures that under controlled conditions only authorized persons shall have access to the specific data when it is necessary for them to perform their work.
When selecting and operating IT tools for personal data management the Law Firm pays special attention to ensure that:
- processed data is accessible only for authorized persons (availability);
- the validity and authentication of data is guaranteed (credibility of data management);
- the integrity of processed data can be verified (data integrity);
- processed data is protected against unauthorized access (data confidentiality).
The Law Firm takes all necessary measures to protect personal data, in particular from unauthorized access, rectification, forwarding, publishing, erasure or destruction, as well as from accidental destruction, damage or inaccessibility due to the changing of applied technology.
In order to protect electronically managed data in its registers the Law Firm ensures that stored data cannot be directly linked to data subjects – unless it is permitted by law.
With regard to the current development level of technology the Law Firm ensures the protection of data by technical, organizational and structural measures providing appropriate level of protection against any data management risks that may occur.
When managing data, the Law Firm ensures
- confidentiality: protects data so that only authorized persons can have access to them;
- integrity: protects the accuracy and integrity of data and of the method of processing;
- availability: ensures that when an authorized person needs to access information they are able to do so, and all necessary tools are available.
Informing the data subject on data protection incidents
If the data protection incident is classified by the Law Firm as high risk of affecting rights and freedoms of natural persons, we will inform you about the data protection incident without undue delay and notify you about the information referred to in point b), c) and d) of paragraph (3) of Article 33 of the GDPR.
You can contact data processor via the contact information indicated in this document and on the website.
The Law Firm deletes all received emails with the name and email address of the sender, the date, time and any other personal data contained in the email after maximum five years.
VIII. Other data management
On other data management not included here, we inform the data subject when submitting such data.
Please note that required by the court, prosecutor’s office, investigating authority, offence authority, administrative authority, the Hungarian National Authority for Data Protection and Freedom of Information, the Central Bank of Hungary and relevant regulations data processors may be required to provide access to personal data.
If the authority indicated the exact purpose and type of required data, the Law Firm may disclose such data only to the extent that is absolutely necessary for the purpose of the request.
IX. Cookies, tracking, web analytics, social media integration and google ads (adwords) cookies
For providing customized services the service provider places small files (so called cookies) to the user’s computer which carry information from one visit to the next. When the browser sends a previously saved cookie, the service provider may link the user’s visit to previous one(s) related exclusively to its own content.
Purpose of data management: to identify users, differentiate them, to identify the current sessions of users, to store data submitted during these sessions, to prevent data loss, the track users and to conduct web analytics.
The legal basis for data management: data management for statistical and direct marketing purposes, provision of appropriate user experience and proper functioning of the website (legitimate interest of data subjects) and/or the consent of data subjects.
Managed personal data: 18.104.22.168
The HTML code of websites operated by data processor may contain external links from independent, external servers with reference to external servers for web analytics purposes. Analytics cover the tracking of conversions. The web analytics service provider manages data exclusively related to web browsing and does not manage personal data suitable for identifying users. Currently, web analytic services are performed by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043), in the course of Google Analytics services.
Data processor runs so called remarketing advertisements via Facebook and Google AdWords advertising channels. These service providers may collect or gain data from the website of data processor and other sites through cookies, web beacons and related technologies. By gathering and analyzing such data they provide analytic services and target advertisements. Ads targeted this way are then launched on multiple sites within the partner network of Facebook and Google. Remarketing lists do not contain personal data of visitors, they are not suitable for personal identification.
Users may block the usage of cookies on their own computer/device and may prohibit them with their browser. These settings –depending on the particular browser- can typically be reviewed at Tools/Settings/Privacy/History/Customized settings tab.
Potential consequences of the lack of data management: the functions of the website are not completely available, analytics are inaccurate.
Your IP address is identified by Google Analytics cookies. Before storing or analyzing the address it is shortened hence anonymized, when it is technically possible. After anonymizing personal data, they lose personal attributes.
Anonymization takes place within the European Union and the European Economic Area. The complete IP address is transmitted for shortening to the Google server located in the U.S. only in exceptional cases.
We use data collected by Google Analytics cookies to analyze user behavior of visitors to our website.
Google does not merge your IP address gained from its browser related to Google Analytics services with other data.
You may block the storage of Google Analytics cookies in your browser settings (for more information please read point VI. on cookies). Please note that by blocking cookies you may not be able to use all functions of the website.
In addition, you may refuse to have your data analyzed by Google Analytics by downloading and installing the browser tool from here: http://tools.google.com/dlpage/gaoptout?hl=en.
On our website we use Google Remarketing, the remarketing service by Google, as well.
These service providers may collect or gain data from the website of data processor and other sites through cookies, web beacons and related technologies. By gathering and analyzing such data they provide analytic services and target advertisements. Ads targeted this way are then launched on multiple sites within the partner network of Facebook and Google. Remarketing lists do not contain personal data of visitors, they are not suitable for personal identification.
On our website we use the so called Facebook pixel operated by Facebook Inc. (1 Hacker Way, Menlo Park, CA 94025, USA), or Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) („Facebook“) within the EU. By Facebook pixel Facebook can manage visitors to our website By Facebook pixel Facebook can manage visitors to our website as a target group to launch ads (so called Facebook ads). Accordingly, we use Facebook pixel to ensure that embedded Facebook ads appear for those targeted users who may be interested to see our offers. Hence Facebook pixel is suitable for customizing Facebook ads to potential fields of interest of users and avoid irrelevant information spamming. In addition, with the help of Facebook pixel we can analyze the efficiency of our Facebook ads for statistics and market research revealing whether visitors to our website clicked on a Facebook ad to find us.
You can block data storage by Facebook pixel and the usage of your data for targeting Facebook ads. In order to do so open your Facebook page and follow the instructions on customizing settings at: https://www.facebook.com/settings?tab=ads, for the US site visit: http://www.aboutads.info/choices/, for the EU site visit http://www.youronlinechoices.com/. Settings are platform neutral hence they apply to computers and mobile devices alike.
Our websites display the social plugins of Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) („Facebook“). Plugins are displayed as Facebook icons (white letter „f” in a blue box, „Like” icon with a thumb up) and „Facebook Social Plugin“. The list and descriptions of Facebook social plugins are available here: https://developers.facebook.com/docs/plugins/.
When using a function which contains any of the above plugins, your device is directly linked to Facebook servers. The content of the plugin is transmitted to your device directly by Facebook. From the processed data user profiles can be generated. We cannot influence what kind of data is gained by Facebook by plugins therefore we inform users based on our information.
By embedding plugins Facebook is notified that you opened the particular website. If you are signed in to your Facebook account, the information on this visit can be linked to your Facebook account. When interacting with the plugin, for instance you click on the Like button or comment, the data are directly transmitted from your device to Facebook and will be stored by Facebook. If you are not registered to Facebook, your IP address may still be stored by Facebook.
If you are registered to Facebook and do not want Facebook to gain data when visiting our website and link them to your Facebook profile, please sign out of Facebook and delete cookies before using our online functions. For further settings and blocking of data for advertising purposes please visit your Facebook profile settings: https://www.facebook.com/settings?tab=ads, the US site is available at: http://www.aboutads.info/choices/, the EU site is available at: http://www.youronlinechoices.com/. Settings are platform neutral hence they apply to computers and mobile devices alike.
X. SOCIAL MEDIA SITES
Our Facebook site:
Our Law Firm operates the following Linkedin profile:
Only those data are available for us on your Facebook profile which are public, therefore the information accessible for us is subject to your Facebook account settings on your publicly available information. In Facebook privacy settings you can set which information you wish to display publicly and which you want to restrict (e.g. your photos, list of friends may be displayed for your friends only).
On our Facebook site we may gain data from you when you:
- follow us
- like our profile
- comment on, like our photos or posts
- write a review
- upload a photo or other content to our page
- send us a private message
- place a visitor’s post on our profile
In any case, we manage your data solely for the purpose of responding to you, your Facebook data will not be retrieved.
Our Linkedin profile
Our Law Firm operates the following Linkedin profile:
Only those data are available for us on your Linkedin profile which are public, therefore the information accessible for us is subject to your Linkedin account settings on your publicly available information. In Linkedin privacy settings you can set which information you wish to display publicly and which you want to restrict (e.g. your photos or list of contacts shall not be available publicly).
On our Linkedin platform we may gain data from you when you:
- follow us
- like our profile
- comment on our photos or posts
- write a review
- send us a private message
- place a visitor’s post on our profile
In any case, we manage your data solely for the purpose of responding to you, your Linkedin data will not be retrieved.
XI. YOUR PRIVACY RIGHTS, LEGAL REMEDIES
You may request information on the use of their personal data, furthermore may request correction and, with the exception of compulsory data processing, erasure or revocation of such, may exercise your right to recording and to object as indicated at the time of data recording a well as via the contacts of data processor specified above
Right to be informed:
Our Law Firm takes the appropriate measures to provide any information referred to in Articles 13 and 14 and any communication under GDPR Articles 15 to 22 and 34 relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language.
The information shall be provided in writing via the contacts specified in section II. When requested, the information may be provided to you orally, provided that your identity is proven by other means.
Right of access your data:
You have the right to obtain confirmation from data processor as to whether or not your personal data are being processed, and, where that is the case, access to the personal data and the following information: purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations; the envisaged period for which the personal data will be stored; the right to request rectification or erasure or restriction of processing of personal data; the right to lodge a complaint with a supervisory authority; any available information as to the source of data; the existence of automated decision-making, including profiling, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing. Where personal data are transmitted to a third country or to an international organization, you have the right to be informed about the appropriate safeguards relating to the transmitting.
The Law Firm shall provide you a copy of the personal data undergoing processing. For any further copies requested by you, data processor may charge a reasonable fee based on administrative costs. The Law Firm shall provide information to data subject by electronic means.
Information shall be provided within a maximum of one month from the request.
Right to rectification:
You may request from the Law Firm to rectify or complete the processed personal data.
Right to erasure:
You have the right to obtain from the Law Firm the erasure of personal data concerning you without undue delay where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you withdrew consent on which the processing is based and where there is no other legal ground for the processing;
- you object to the processing and there are no overriding legitimate grounds for the processing;
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law;
- the personal data have been collected in relation to the offer of information society services.
The previous (erased) data can no longer be recovered after the request for erasure or modification has been completed. Erasure of the data cannot be requested if the processing is necessary for either of the following reason: for compliance with a legal obligation which requires processing by Union or Member State law, if the data processing is necessary for the establishment, exercise or defense of legal claims of the Law Firm, if the data processing is necessary for the submission, enforcement and protection of legal claims; the data processing is necessary due to significant public interest based on Union or Member State law, if the data processing is necessary due to public interest concerning the field of public health; and or for archival purposes of public interest, for scientific or historical research purposes or for statistical purposes.
Right to restriction of processing:
You are entitled to request the Law Firm to restrict processing where one of the following applies:
- you contest the accuracy of the personal data, for a period necessary to verify the accuracy of the personal data;
- the processing is unlawful and you object to the erasure of the personal data and request the restriction of their use instead;
- data processor no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims; or
- you objected to processing; in this case restriction shall apply for a period enabling the verification whether the legitimate grounds of data processor override those of the data subject.
- where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person.
- The Law Firm informed you before the restriction of processing is lifted.
Right to data portability:
You have the right to receive the personal data concerning you, which you provided to data processor, in a structured, commonly used and machine-readable format and have the right to transmit those data to another processor.
Right to object:
You are entitled to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, including profiling based on those provisions. Data processor shall no longer process the personal data unless data processor demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Automated individual decision-making, including profiling:
You are entitled not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
The above right shall not apply if data processing
- is necessary for entering into, or performance of, a contract between you and data processor;
- is authorized by Union or Member State law to which data processor is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
- is based on your explicit consent.
Right to withdrawal:
You are entitled to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Data processor shall provide information on action taken on a request under Articles 15 to 22 to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.
Data processor shall inform you about any such extension within one month of receipt of the request, together with the reasons for the delay. If you submit the request by electronic means, the information shall be provided by electronic means where possible, unless otherwise requested.
If data processor does not take action on your request, data processor shall inform you without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
The Law Firm shall provide the requested information and any communication free of charge. Where your request is manifestly unfounded or excessive, in particular because of its repetitive character, data processor may charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested or refuse to act on the request.
Data processor shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. Data processor shall inform the data subject about those recipients if the data subject requests it.
Data processor shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, data processor may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
For any issues concerning the privacy measures of the Law Firm please refer to us.
Right to court:
In case of infringement of data subject’s rights, the data subject may bring these to the attention of the court. The court shall hear the case without delay.
Data protection authority procedures:
Complaints may be made to the National Authority for Data Protection and Freedom of Information:
Name: National Authority for Data Protection and Freedom of Information
Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal address: 1530 Budapest, Pf.: 5.