Privacy Policy

    1. Introduction

    We inform you that, in the course of the operation of the informative website www.hanyuhenrietta.hu (hereinafter: Website), the Hanyu Henrietta Law Firm as data controller (hereinafter: Controller) processes the personal data of the natural persons visiting the Website, as data subjects (each of such person hereinafter: Data Subject). The Controller hereby provides the following information concerning the processing of the personal data of Data Subjects visiting the Website, in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council 27 April 2016 (hereinafter: the GDPR).

    1. Contact details of the Controller and its authorised representative

    The name of the Controller:

    Name: Hanyu Henrietta Law Firm

    Registered seat: 1164 Budapest, Etelköz utca 10/2.

    The authorised representative of the Controller:

    Name: dr. Hanyu Henrietta, attorney-at-law

    E-mail address: info@hanyuhenrietta.hu

    1. The name and contact information of the data protection officer

    Under the provisions of the GDPR, the appointment of a data protection officer is not required at the Controller; in issues related to data protection, the Controller may be contacted at the following contact details:

    E-mail address: info@hanyuhenrietta.hu

    1. Data processing for the purpose of maintaining contact

    4.1. Persons affected by the processing (Data Subjects), the purpose and legal basis of data processing

    Natural persons sending a message to the Controller via the form available via the Website or directly to the e-mail address info@hanyuhenrietta.hu, thereby contacting the Controller.

    The scope of the processed data:

    The purpose of the processing:

    The legal basis of the processing:

    Name, e-mail address, telephone number, and any other data provided by the Data Subject in the “Message” field.

    Contact between the Controller and the Data Subjects, answering any requests, questions.

    The Controller processes these data in accordance with Article 6(1)(a) of the GDPR (your consent), which is provided by the Data Subject in the case of the contact form, before sending the message, by ticking the checkbox on the page, or directly by sending the email message.

    4.2. Persons authorized to have access to the data:

    The person(s) that may have access to the data within the Controller’s organisation include the head of the organisation.

    4.3. Data transmission:

    The Controller shall not transmit the personal data provided by Data Subjects for the purpose of contacting either to third parties within the EU, or to any third country or international organisation.

    4.4. Processors:

    In the interest of achieving the purpose of data processing, the Controller shall use the services of the following processor (hereinafter: the Processor):

    Processor:

    Processing operations carried out by the Processor:

    RACKFOREST INFORMATIKAI KERESKEDELMI SZOLGÁLTATÓ ÉS TANÁCSADÓ KFT. 

    132 Budapest,
    Victor Hugo utca 11., 5. emelet

    Operation of servers used for data storage, hosting services.

     

    4.5. The place and method of processing:

    The personal data provided by the Data Subject are stored by the Processor used by the Controller, on servers operated by the Processor.

    4.6. Duration of data retention:

    The Data Subjects’ personal data may be processed by the Controller until the Data Subject’s consent is withdrawn, but for a maximum of 2 years from the date when they were provided.

    1. Links

    Please note that links to other websites may also be found on the Website. The use of such external websites is subject to the privacy policy or notice of such other websites, and after clicking on the external link or the appropriate button, the Controller is unable to exercise any control over the collection, storage or processing of personal data.

    1. Data security

    We inform you that the Controller is taking all the technical and organisational measures, as well as introduces such of procedural rules as necessary to enforce the rules of GDPR concerning confidentiality and the security of data processing.

    The Controller shall use suitable measures to protect the data processed by it against any unlawful access, alteration, transmission, disclosure, erasure, willful or accidental destruction, or deterioration.

    In the course of its operations, the Controller shall ensure the following with respect to the data:

    1. confidentiality: protecting the information so that only authorised persons have access to it;
    2. integrity: protecting the accuracy and completeness of the information and the method of processing;
    3. availability: ensuring that when an authorised user needs the information, they can in fact have access to it, and the equipment related to this are available for use.

    The Controller shall ensure adequate protection for its information technology systems and networks against computer-assisted fraud, espionage, fire and floods, as well as viruses and hacking attacks. The Controller shall ensure security by way of server-level and application-level security procedures. The Controller shall monitor its systems in the interest of recording any security breach, as well as to provide evidence in case of any security event. In addition, the system monitoring also makes it possible to check the efficiency of the precautions used. The Controller shall also require compliance with the information protection measures by the processors used by the Controller under the provisions of the contracts concluded with them, and shall enforce their compliance with such provisions.

    1. The rights of Data Subjects and the enforcement of such rights

    We inform you that you may, without any limitation, request the following in connection with personal data relating to you:

    1. information, access to the data;
    2. the rectification of the data;
    3. the erasure of the data;
    4. the restriction of the processing;
    5. the portability of the data;
    6. revoke his/her consent to processing;
    7. or may object to the processing of his/her personal data.

    7.1. Right to information

    1. The Controller shall take appropriate measures to provide for the Data Subjects any information referred to in Articles 13 and 14 and any communication under Articles 15 to 22 and 34 relating to the processing of the personal data in a concise, transparent, intelligible and easily accessible form, using clear and plain language. The right to information may be exercised in writing via the contact details set out in section 3 above. Information may also be provided for Data Subjects verbally, upon their request, and following confirmation of their personal identity.

    7.2. The Data Subject’s right of access

    The data subject shall have the right to receive information from the Controller as to whether or not personal data concerning him or her are being processed, and, where such processing is taking place, to have access to the personal data and, in accordance with the GDPR, to the details of the processing. The Controller shall provide the Data Subject with a copy of his or her personal data being processed. For any further copies requested by the Data Subject, the Controller may charge a reasonable fee based on administrative costs. At the request of the Data Subject, the Controller shall provide the information in electronic form. The Controller shall provide the information within one month after the submission of the request.

    7.3. Right to rectification

    The Data Subject may request the rectification of inaccurate personal data processed by the Controller and the addition of missing data.

    7.4. Right to erasure

    Data Subjects may request that the Controller erase the personal data pertaining to them without any undue delay in the following cases:

    1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    2. the Data Subject withdraws the consent on which the processing is based, and where there is no other legal ground for the processing;
    3. the Data Subject objects to the processing, and there are no overriding legitimate grounds for the processing;
    4. the personal data have been unlawfully processed;
    5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
    6. the personal data have been collected in relation to the offer of information society services referred.

    The erasure of the data shall not be initiated if the data is required for the purpose of exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest in the area of public health, archiving or statistical purposes; or for the establishment, exercise or defence of legal claims.

    7.5. Right to restriction of processing

    At the request of the Data Subject, the Controller shall restrict the processing where one of the following applies:

    1. the accuracy of the personal data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of the personal data;
    2. the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;
    3. the Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims; or
    4. the Data Subject has objected to processing, pending the verification whether the legitimate grounds of the Controller override those of the data subject.

    Where processing is restricted, such personal data shall, with the exception of storage, only be processed with the Data Subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. The Controller shall notify the Data Subject before the restriction of processing is lifted.

    7.6. Right to data portability

    The Data Subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller, if:

    1. processing is based on the consent of the Data Subject or on a contract in which the Data Subject is a party, and
    2. the processing is carried out by automated means.

    7.7. The right of objection

    Data Subjects shall have the right to object, on grounds related to their particular situation, at any time to the processing of their personal data in the framework of processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or for the purposes of the legitimate interests pursued by the controller or by a third party, also including profiling based on those provisions. In case of objection, the Controller shall no longer process the personal data unless processing is justified by such compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims.

    Where personal data are processed for direct marketing purposes, the Data Subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. In case of objection against processing for direct marketing purposes, the personal data may not be processed for such purposes.

    7.8. Automated individual decision-making, including profiling

    The Data Subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. The Data Subject shall not have the above right if the processing:

    1. is necessary for entering into, or performance of, a contract between the Data Subject and the Controller;
    2. is authorised by Union or Member State law to which the Controller is subject and which also lays down suitable measures to safeguard the Data Subject’s rights and freedoms and legitimate interests; or
    3. is based on the Data Subject’s explicit consent.

    We inform you that the Controller does not use automated decision making in connection with data processing specified in this document, and does not process personal data for profiling purposes.

    7.9. The right to withdraw consent

    The Data Subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

    7.10. Procedural rules

    The Controller shall provide information to the Data Subject on action taken on a request in connection with the above without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. If the Controller does not take action on the request of the Data Subject, the Controller shall inform the Data Subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

    The Controller shall provide the information requested free of charge. Where requests from a Data Subject are manifestly unfounded or excessive, in particular because of their repetitive character, the Controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or may refuse to act on the request.

    7.11. Right to compensation and restitution

    Any person who has suffered material or non-material damage as a result of an infringement of the GDPR shall have the right to receive compensation from the Controller or the Processor for the damage suffered. A Processor shall be liable for the damage caused by processing only where it has not complied with provisions of law specifically directed to processors or where it has acted outside or contrary to lawful instructions of the Controller. Where more than one controller or processor, or both the Controller and the Processor are involved in the same processing, and where they are responsible for any damage caused by processing, each controller or processor shall be held liable for the entire damage in order to ensure effective compensation of the data subject. The Controller or the Processor shall be exempt from liability if it proves that it is not in any way responsible for the event giving rise to the damage.

    If you have any complaints or problems in connection with the processing of your personal data, please do not hesitate to contact us in order to resolve the complaint. If this procedure does not prove satisfactory, in the event of detecting any infringement of your personal data, you may also contact the data protection authority or the court of competent jurisdiction based on your address of permanent or temporary residence.

    We inform you that your personal data made available to the Controller on the basis of this document shall not be used for any other purposes than those indicated herein.

    Your complaint addressed to the Supervisory Authority may be submitted using the following contact details:

    Name of authority: National Authority for Data Protection and Freedom of Information (http://www.naih.hu

    Registered seat: 1055 Budapest, Falk Miksa utca 9-11.

    Postal address: 1363 Budapest, P.O. Box 9.

Dr. Hanyu Henrietta logo