Privacy Policy

PRIVACY POLICY OF SZENTKLÁRAY LAW FIRM

Introduction

Szentkláray Law Firm (Registered office: 1054 Budapest, Bajcsy-Zsilinszky út 36-38. I/2.; Tax number: 18287905-2-41), as the data controller (hereinafter: „Attorney” or „Data Controller”), processes the data of persons registered on the website http://drszentklaray.hu and/or otherwise using the services provided by the Data Controller in accordance with the provisions of this policy.

The Data Controller intends to fully comply with legal regulations regarding the processing of personal data, particularly Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information („Infotv.”) and Regulation (EU) 2016/679 of the European Parliament and of the Council („GDPR”). This policy aims to ensure the right to transparent information as prescribed in Article 12 of the GDPR. This privacy policy was prepared based on the Regulation and with consideration of the Infotv.

 

Data Controller Details

Company Name:	Szentkláray Law Firm
Registered Office:	1054 Budapest, Bajcsy-Zsilinszky út 36-38. I/2.
Tax Number:	18287905-2-41
Statistical Code:	18287905-6910-131-01
Electronic Contact:	18287905#cegkapu
Website Name/URL:	http://drszentklaray.hu
Mailing Address:	1054 Budapest, Bajcsy-Zsilinszky út 36-38. I/2.
Email:	office@drszentklaray.hu
Phone:	+36 1 783 3578
Fax:	+36 1 783 2576
Legal Representative:	Dr. Bence Szentkláray, managing attorney

 

Definitions

• GDPR: General Data Protection Regulation (Regulation (EU) 2016/679)
  
• Data Processing: Any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
• Data Processor: A service provider used by the Attorney; a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller
  
• Personal Data: Any information relating to an identified or identifiable natural person („Data Subject”).
• Identifiable Natural Person: One who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
• Special Categories of Data: The Data Controller does not process special categories of data during its operation.
• Data Controller: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
• Transmission: Making data available to a third party as defined in this policy.
• Consent of the Data Subject: Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
• Personal Data Breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
• Recipient: A natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not.
• Erasure: Rendering data unrecognizable in such a way that its recovery is no longer possible.
• Blocking: Providing data with an identification mark for the purpose of restricting its further processing permanently or for a definite period.

 

General Principles of Data Processing

The Data Controller declares that it processes personal data in accordance with this policy and complies with the GDPR, Infotv., and all other relevant legislation, focusing on the following:

• Data must be processed lawfully, fairly, and transparently.
• Data must be collected for specified, explicit, and legitimate purposes.
• Data must be adequate, relevant, and limited to what is necessary for the purpose.
• Data must be accurate and up to date; inaccurate data must be erased without delay.
• Data must be stored only for the minimum duration necessary for the processing purpose.
• Data must be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and accidental loss.

 

Important Data Processing Information

Personal data is processed solely to exercise rights or fulfill obligations under the GDPR and Infotv., respecting the principle of purpose limitation. Data must comply with the purpose at all stages; if the purpose ceases or processing becomes unlawful, the data will be erased.

 

Data subjects have the right to:

• Request information and access their personal data.
• Request rectification of data.
• Request erasure or restriction of processing for consent-based data.
• Object to processing and exercise the right to data portability.
• Withdraw consent at any time in writing (e.g., via email), though this does not affect the lawfulness of processing prior to withdrawal
  

Note that withdrawing consent for data processing does not terminate an existing contract with the Firm or affect payment obligations. Failure to pay may independently justify continued data processing regarding payment delays.

 

Specific Data Processing Activities

Activity	Purpose	Legal Basis	Scope of Data	Duration
Legal Services & Mandate	Establishing mandate, identifying clients, exercising rights/obligations, complaint handling, and preventing abuse.	Performance of contract (GDPR Art. 6(1)(b)).	Name, birth details, mother’s maiden name, ID numbers, tax ID, address, phone, email, payment data.	5 years from the termination of the mandate.
Personal Contact	Identification, communication, and legal assistance.	Consent (GDPR Art. 6(1)(a)), contract preparation (6(1)(b)), and legal obligations under the Act on the Legal Profession.	Name, phone number, email address.	30 days if no contract is signed; otherwise, as per the Act on the Legal Profession.
Billing	Fulfilling legal billing requirements.	Legal obligation (GDPR Art. 6(1)(c)) and legitimate interest (6(1)(f)).	Name, address, claim amounts, bank account number .	End of the 8th year following invoice issuance.
Social Media	Promoting the Attorney and the website.	Voluntary consent.	Forum/blog posts, images, videos, audio, messages, public profile picture .	As per the specific social media platform’s rules.
Cookies	Extra services, identification, and tracking visitors.	Consent (unless strictly necessary for service operation).	No personal data processed by the controller via cookies.	–

 

Google Analytics

The website uses Google Analytics to evaluate user behavior and generate activity reports. Data is stored in an encrypted format on Google’s servers. Users who wish to block Google Analytics can install a browser add-on: https://support.google.com/analytics/answer/6004245?hl=hu.

 

Data Subject Rights

• Right to Information: Request details on what data is processed, for what purpose, for how long, and to whom it is transferred. The Attorney provides this within 30 days. Information is free once per year
  
• Right to Rectification: Request modification of data within 30 days.
• Right to Erasure („Right to be Forgotten”): Request deletion if data is no longer necessary, consent is withdrawn, or processing is unlawful
  
• Right to Blocking: Request data be marked for restricted use.
• Right to Object: Object to processing based on legal obligations or legitimate interests. The Attorney will investigate within 15 days
  

 

Legal Remedies and Complaints

If a data subject experiences unlawful processing, they should notify the Attorney to restore a lawful state. If the issue remains unresolved, they may contact the authority:

 

National Authority for Data Protection and Freedom of Information (NAIH)

• Postal Address: 1530 Budapest, Pf.: 5.
• Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
• Phone: +36 (1) 391-1400
• Email: ugyfelszolgalat@naih.hu
• URL: https://naih.hu

 

Governing Laws

• GDPR: Regulation (EU) 2016/679.
• Infotv.: Act CXII of 2011.
• Act LXVI of 1995 on Public Records, Public Archives, and the Protection of Private Archive Material.
• Government Decree 335/2005 (XII. 29.) on the general requirements of document management for public bodies.
• Act CVIII of 2001 on electronic commerce services and information society services.
• Act C of 2003 on electronic communications.

 

Miscellaneous Provisions

This privacy policy is effective from May 26, 2018, until withdrawn. The Data Controller reserves the right to modify this policy unilaterally at any time with prior notice. Notice of modifications will be posted on http://drszentklaray.hu at least eight calendar days before they take effect.