I. Data controller
name: Antalóczy Law Firm
registered seat: 1106 Budapest, Fehér út 10. White Office groundfloor 17.
registered by: Budapest Bar Association
telefon: 06 30 488 6186
represented by: dr. Antalóczy Adrienn LL.M., attorney-at-law
II. Legal background
|Act V of 2013
|on the Civil Code (Civil Code)
|Act LXXVIII of 2017
|on the Activities of Lawyers (Act on the Activities of Lawyers)
|Act CVIII of 2001
|on certain aspects of electronic commerce services and information society services
|Act XLVIII of 2008
|on the Basic Conditions and Certain Restrictions on Commercial Advertising
|Act CXII of 2011
|on the Right of Informational Self-Determination and Freedom of Information (Data Privacy Act)
|Regulation (EU) No 2016/679/EU
|of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (GDPR)
|Act No LIII of 2017
|on the Prevention and Combating of Money Laundering and Terrorist Financing (Anti-Money Laundering Act)
III. Purpose of processing, scope of personal data processed, legal basis and duration of processing
The website www.antaloczy-legal.hu is maintained by the Data Controller. The website is accessible to anyone without the need to disclose personal data or reveal their identity. The content and information on the website are freely accessible.
The contents of the website do not constitute legal advice, but only general information. The Data Controller excludes all liability for any damage resulting from the use of the information contained on the website. The links on the website may lead to websites operated by others, for whose content or for any damage resulting from the use of the information contained therein the Data Controller shall not be liable.
The website uses Google Analytics to automatically collect non-personal information about visitors by sending and saving cookies to visitors’ computers, which are then sent back to the website on subsequent visits. However, no personal data can be obtained from this data.
Information about the use of this website is transmitted to and stored by Google, Inc. on servers in the United States of America. The IP address is anonymised by its abbreviation. This is usually done while the website is still in the EU or EEA member states. In some cases, however, the full IP address may be transmitted to a server in the United States of America and only then is the IP address anonymised. Google, Inc. will process the above information for and on behalf of the Data Controller in order to evaluate your use of the website, compile reports on website activity and provide other services relating to website activity and internet usage. Your IP address, which is transmitted to Google Analytics by using the website, is not and will not be linked to any other data stored by Google, Inc.
The cookies used by the Data Controller provide the Data Controller with anonymised and aggregated technical information in order to provide better user conditions and easier navigation. This allows the Data Controller to identify which content is of high interest and thus allows the Data Controller to improve the website and its services.
The information collected in this way does not allow visitors to the website to be identified individually. Individual identification can only take place if the data subjects voluntarily provide the necessary data through the website.
You can find out more about Google Analytics here:
For more information on setting cookie preferences within your web browser, see the following pages:
Activity carried out by the Data Controller: processing of personal data communicated when contacting the Data Controller or for the purpose of concluding a contract of engagement.
Purpose of data processing: contacting and maintaining contact, establishing a contract of engagement.
Legal basis for processing: the data subject’s consent [Article 6(1)(a) GDPR] and the taking of measures at the data subject’s request prior to the conclusion of the contract of engagement for the performance of the lawyer’s services [Article 6(1)(b) GDPR].
Persons under the age of 16 may consent to the processing of personal data only through the person having parental authority over them or with their consent.
Data subjects: natural persons who contact the Data Controller in person, by e-mail, telephone or by sending a message in the “Contact” section of the website or by sending a message on the “Online advice” sub-page.
Personal data processed: name (surname, given name, maiden name), e-mail address, telephone contact details, other personal data disclosed by the data subject during the contact, description of the case presented by the data subject and data and documents relating to the handling of the case, irrespective of the medium (paper or electronic).
The Data Controller shall not use the personal data provided for purposes other than those set out above. Disclosure of personal data to third parties or public authorities shall be possible, unless otherwise provided by mandatory law, with the prior, informed and explicit consent of the data subject.
Duration of data processing: until the purpose of the contact is achieved, or until the conclusion of a contract of assignment with the contacting party, or, in the case of the conclusion of an assignment, for the period specified in the Act.
IV. Data processor
registered seat: 1148 Budapest, Fogarasi út 3-5.
tax number: 13962982-2-42
Online hosting provider, technical support services, e-mail system operation.
V. The data subject
may request information about the processing of personal data relating to him/her and access to such personal data;
• request the rectification of personal data;
• request their erasure;
• request the restriction of the processing of personal data;
• object to the processing of personal data;
• exercise his or her right to data portability. The data subject shall have the right to obtain the personal data concerning him or her and the right to have those data transmitted by the controller to another controller at his or her request;
• exercise his or her right to a judicial remedy. The data subject may lodge a complaint with the National Authority for Data Protection and Freedom of Information (NAIH) or with the competent court.
The Data Controller shall provide the data subject with the opportunity to make a request for the exercise of his/her rights by any of the following means: by post, by e-mail, by telephone.
The Data Controller shall comply with the data subject’s request without undue delay, within one month of receipt of the request, and shall inform the data subject thereof in a concise, transparent, intelligible and easily accessible form, in clear and plain language.
The Data Controller shall also decide on the refusal of the request within this time limit and shall inform the data subject of the refusal, the reasons for the refusal and the data subject’s remedies in this respect.
The Data Controller shall comply with the data subject’s request primarily by electronic mail, but if the data subject expressly requests this by providing his/her postal or telephone contact details, the Data Controller shall comply with the request by post or telephone. At the request of the data subject, information may be provided by telephone only if the data subject has provided credible proof of his/her identity. The Controller shall not use the postal address or telephone number of the data subject for any other purpose, unless there is another legal basis for doing so. The Data Controller shall not charge any fees or expenses for complying with the data subject’s requests. However, in the event that a further request for the same data subject is received from the data subject within one year of the previous request having been fulfilled, the Controller reserves the right to charge a fee for the fulfilment of the request in proportion to the workload involved in fulfilling the request.
VI. The right to information and access
The Data Controller shall provide the data subject, at his/her request, with the following information in a concise, transparent, intelligible and easily accessible form, in clear and plain language:
• whether the processing of his/her personal data by the controller is ongoing;
• the name and contact details of the controller;
• whether the data are being processed, the names and contact details of the data processors specified in this notice;
• the personal data of the data subject processed by the Controller and their source;
• the purposes for which the personal data are processed and the legal basis for the processing;
• the duration of the processing;
• the recipients or categories of recipients to whom or with whom the personal data have been or will be disclosed, including in particular recipients in third countries or international organisations;
• the consequences of the processing;
• the rights of the data subject;
• the circumstances and effects of a possible personal data breach and the measures taken to deal with it.
Even in the absence of a request from the data subject, the Data Controller shall inform the data subject, by electronic mail, of any material change in the processing of personal data in relation to the provisions of this notice, the circumstances of the personal data breach, its effects and the measures taken to remedy it.
VII. The right to rectification
The Data Controller shall, at the request of the data subject, correct inaccurate personal data relating to the data subject. The Controller shall inform any recipient to whom or with whom the personal data have been disclosed of the rectification, unless this proves impossible or involves a disproportionate effort. At the request of the data subject, the controller shall inform the data subject of those recipients.
VIII. The right to erasure
At the request of the data subject, the Controller shall delete personal data concerning the data subject where one of the following grounds applies:
• the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
• the data subject objects to the processing;
• the personal data have been unlawfully processed by the Controller;
• the personal data must be erased in order to comply with a legal obligation under European Union or national law applicable to the Controller.
The Controller shall inform all recipients to whom or with whom the personal data have been disclosed of the erasure, unless this proves impossible or involves a disproportionate effort. At the request of the data subject, the controller shall inform the data subject of those recipients.
IX. The right to restriction of processing
At the request of the data subject, the Data Controller shall restrict processing if one of the following conditions is met:
• the data subject contests the accuracy of the personal data – in which case the restriction shall apply for a period of time which allows the Controller to verify the accuracy of the personal data;
• the processing is unlawful, but the data subject opposes the erasure of the data and requests instead the restriction of their use;
• the Controller no longer needs the personal data for the purposes of the processing but the data subject requires them for the establishment, exercise or defence of legal claims.
The Controller shall inform each recipient to whom or with which it has disclosed the personal data of the restriction, unless this proves impossible or involves a disproportionate effort. At the data subject’s request, the Controller shall inform the data subject of those recipients.
X. The right to data portability
The Data Controller shall, at the data subject’s request, make available to the data subject the personal data concerning the data subject which the data subject has provided. The Data Controller further undertakes that the data subject may transfer such personal data to another Data Controller without the Data Controller’s hindrance.
XI. The right to legal remedy
If the data subject considers that the Data Controller has infringed his/her right to the protection of personal data in the course of processing, he or she may, in accordance with the applicable legislation, seek redress from the competent authorities, i.e. he/she may lodge a complaint with the National Authority for Data Protection and Freedom of Information (address: 1055 Budapest, Falk Miksa Street 9-11; postal address: 1374 Budapest, PO Box 603; website: www.naih.hu; e-mail: email@example.com; telephone: +36-1/391-1400) or apply to the competent court. The Data Controller shall cooperate with the court concerned or the NCA in these proceedings, and shall disclose the data relating to the processing to the court concerned or the NCA.
The Data Controller also undertakes to compensate for any damage caused by unlawful processing of the personal data of the data subject or by a breach of data security requirements. In case of violation of the data subject’s right to privacy, the data subject may claim damages. The Controller shall be exempted from liability if the damage was caused by an unavoidable cause outside the scope of the processing and if the damage or harm caused by the infringement of the personality right results from the intentional or grossly negligent conduct of the data subject.
The Data Controller undertakes to ensure that all data processing in relation to its activities complies with the requirements set out in this notice, the Data Controller’s internal rules, which have the same requirements as this notice, and the applicable legislation.
The Data Controller reserves the right to modify this Privacy Notice at any time by informing the data subjects of any changes to all data processing on this website.
Budapest, 25 March 2021
We are online for You.