Privacy Policy
We inform you that, in the course of the operation of the informative website www.hanyuhenrietta.hu (hereinafter: Website), the Hanyu Henrietta Law Firm as data controller (hereinafter: Controller) processes the personal data of the natural persons visiting the Website, as data subjects (each of such person hereinafter: Data Subject). The Controller hereby provides the following information concerning the processing of the personal data of Data Subjects visiting the Website, in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council 27 April 2016 (hereinafter: the GDPR).
The name of the Controller:
Name: Hanyu Henrietta Law Firm
Registered seat: 1164 Budapest, Etelköz utca 10/2.
The authorised representative of the Controller:
Name: dr. Hanyu Henrietta, attorney-at-law
E-mail address: info@hanyuhenrietta.hu
Under the provisions of the GDPR, the appointment of a data protection officer is not required at the Controller; in issues related to data protection, the Controller may be contacted at the following contact details:
E-mail address: info@hanyuhenrietta.hu
4.1. Persons affected by the processing (Data Subjects), the purpose and legal basis of data processing
Natural persons sending a message to the Controller via the form available via the Website or directly to the e-mail address info@hanyuhenrietta.hu, thereby contacting the Controller.
The scope of the processed data: | The purpose of the processing: | The legal basis of the processing: |
Name, e-mail address, telephone number, and any other data provided by the Data Subject in the “Message” field. | Contact between the Controller and the Data Subjects, answering any requests, questions. | The Controller processes these data in accordance with Article 6(1)(a) of the GDPR (your consent), which is provided by the Data Subject in the case of the contact form, before sending the message, by ticking the checkbox on the page, or directly by sending the email message. |
4.2. Persons authorized to have access to the data:
The person(s) that may have access to the data within the Controller’s organisation include the head of the organisation.
4.3. Data transmission:
The Controller shall not transmit the personal data provided by Data Subjects for the purpose of contacting either to third parties within the EU, or to any third country or international organisation.
4.4. Processors:
In the interest of achieving the purpose of data processing, the Controller shall use the services of the following processor (hereinafter: the Processor):
Processor: | Processing operations carried out by the Processor: |
RACKFOREST INFORMATIKAI KERESKEDELMI SZOLGÁLTATÓ ÉS TANÁCSADÓ KFT. 132 Budapest, | Operation of servers used for data storage, hosting services. |
4.5. The place and method of processing:
The personal data provided by the Data Subject are stored by the Processor used by the Controller, on servers operated by the Processor.
4.6. Duration of data retention:
The Data Subjects’ personal data may be processed by the Controller until the Data Subject’s consent is withdrawn, but for a maximum of 2 years from the date when they were provided.
Please note that links to other websites may also be found on the Website. The use of such external websites is subject to the privacy policy or notice of such other websites, and after clicking on the external link or the appropriate button, the Controller is unable to exercise any control over the collection, storage or processing of personal data.
We inform you that the Controller is taking all the technical and organisational measures, as well as introduces such of procedural rules as necessary to enforce the rules of GDPR concerning confidentiality and the security of data processing.
The Controller shall use suitable measures to protect the data processed by it against any unlawful access, alteration, transmission, disclosure, erasure, willful or accidental destruction, or deterioration.
In the course of its operations, the Controller shall ensure the following with respect to the data:
The Controller shall ensure adequate protection for its information technology systems and networks against computer-assisted fraud, espionage, fire and floods, as well as viruses and hacking attacks. The Controller shall ensure security by way of server-level and application-level security procedures. The Controller shall monitor its systems in the interest of recording any security breach, as well as to provide evidence in case of any security event. In addition, the system monitoring also makes it possible to check the efficiency of the precautions used. The Controller shall also require compliance with the information protection measures by the processors used by the Controller under the provisions of the contracts concluded with them, and shall enforce their compliance with such provisions.
We inform you that you may, without any limitation, request the following in connection with personal data relating to you:
7.1. Right to information
7.2. The Data Subject’s right of access
The data subject shall have the right to receive information from the Controller as to whether or not personal data concerning him or her are being processed, and, where such processing is taking place, to have access to the personal data and, in accordance with the GDPR, to the details of the processing. The Controller shall provide the Data Subject with a copy of his or her personal data being processed. For any further copies requested by the Data Subject, the Controller may charge a reasonable fee based on administrative costs. At the request of the Data Subject, the Controller shall provide the information in electronic form. The Controller shall provide the information within one month after the submission of the request.
7.3. Right to rectification
The Data Subject may request the rectification of inaccurate personal data processed by the Controller and the addition of missing data.
7.4. Right to erasure
Data Subjects may request that the Controller erase the personal data pertaining to them without any undue delay in the following cases:
The erasure of the data shall not be initiated if the data is required for the purpose of exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest in the area of public health, archiving or statistical purposes; or for the establishment, exercise or defence of legal claims.
7.5. Right to restriction of processing
At the request of the Data Subject, the Controller shall restrict the processing where one of the following applies:
Where processing is restricted, such personal data shall, with the exception of storage, only be processed with the Data Subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. The Controller shall notify the Data Subject before the restriction of processing is lifted.
7.6. Right to data portability
The Data Subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller, if:
7.7. The right of objection
Data Subjects shall have the right to object, on grounds related to their particular situation, at any time to the processing of their personal data in the framework of processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or for the purposes of the legitimate interests pursued by the controller or by a third party, also including profiling based on those provisions. In case of objection, the Controller shall no longer process the personal data unless processing is justified by such compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the Data Subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. In case of objection against processing for direct marketing purposes, the personal data may not be processed for such purposes.
7.8. Automated individual decision-making, including profiling
The Data Subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. The Data Subject shall not have the above right if the processing:
We inform you that the Controller does not use automated decision making in connection with data processing specified in this document, and does not process personal data for profiling purposes.
7.9. The right to withdraw consent
The Data Subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
7.10. Procedural rules
The Controller shall provide information to the Data Subject on action taken on a request in connection with the above without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. If the Controller does not take action on the request of the Data Subject, the Controller shall inform the Data Subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
The Controller shall provide the information requested free of charge. Where requests from a Data Subject are manifestly unfounded or excessive, in particular because of their repetitive character, the Controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or may refuse to act on the request.
7.11. Right to compensation and restitution
Any person who has suffered material or non-material damage as a result of an infringement of the GDPR shall have the right to receive compensation from the Controller or the Processor for the damage suffered. A Processor shall be liable for the damage caused by processing only where it has not complied with provisions of law specifically directed to processors or where it has acted outside or contrary to lawful instructions of the Controller. Where more than one controller or processor, or both the Controller and the Processor are involved in the same processing, and where they are responsible for any damage caused by processing, each controller or processor shall be held liable for the entire damage in order to ensure effective compensation of the data subject. The Controller or the Processor shall be exempt from liability if it proves that it is not in any way responsible for the event giving rise to the damage.
If you have any complaints or problems in connection with the processing of your personal data, please do not hesitate to contact us in order to resolve the complaint. If this procedure does not prove satisfactory, in the event of detecting any infringement of your personal data, you may also contact the data protection authority or the court of competent jurisdiction based on your address of permanent or temporary residence.
We inform you that your personal data made available to the Controller on the basis of this document shall not be used for any other purposes than those indicated herein.
Your complaint addressed to the Supervisory Authority may be submitted using the following contact details: |
Name of authority: National Authority for Data Protection and Freedom of Information (http://www.naih.hu) |
Registered seat: 1055 Budapest, Falk Miksa utca 9-11. |
Postal address: 1363 Budapest, P.O. Box 9. |