Privacy notice
for customers and partners
Dr. Kiss István Viktor, an individual lawyer, wishes to ensure the lawfulness of the processing of personal data. To this end, he wishes to inform his clients and partners (data subjects) about the details of the processing of their personal data. The purpose of this information is to provide you with adequate information about the conditions and guarantees under which Dr. István Viktor Kiss, individual lawyer, will process your personal data and for how long before you provide your personal data.
Name of data controller:
Name: Dr. Kiss István Viktor, individual lawyer
Registered office: 6728 Szeged, Napos út 7.
KASZ number: 36063151
Website: https://www.kisslegalsolutions.hu (hereinafter referred to as "Website")
E-mail address: ugyved@drkissistvan.hu
Telephone number: +36-30-413-4402
(hereinafter referred to as "Data Controller")
Applicable legislation
Regulation 2016/679 of the European Parliament and of the Council (EU) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC ("GDPR");
Act CXII of 2011 on Informational Self-Determination and Freedom of Information;
Act V of 2013 on the Civil Code;
Act C of 2000 on Accounting ("Act");
Act CL of 2017 on the Rules of Taxation;
Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions on Commercial Advertising Activities;
Act CVIII of 2001 on certain aspects of electronic commerce services and information society services;
Act LXXVIII of 2017 on the Activities of Lawyers (the "Act");
Act LIII of 2017 on the Prevention and Suppression of Money Laundering and Terrorist Financing ("Pmt.").
1.
Anyone may access the Website maintained by the Data Controller without disclosing his/her personal data or identity and may freely and without restriction obtain information from all content stored on the Website.
Some of the links on the Website may lead to websites operated by others, but the Data Controller shall not be liable for the content of such websites in the event of any damage resulting from the use of such information.
The Website, with the help of Google Analytics, automatically collects non-personal information about visitors and, to this end, sends and saves cookies on visitors' computers, which are sent back to the Website on subsequent visits. However, no personal data can be obtained from this data. You can find out more about Google Analytics activities here: https://policies.google.com/privacy?hl=hu.
For more information about setting cookie preferences in your browser, please see the following pages:
Essential cookies are essential for the secure and correct functioning of the Website. They enable you to browse the Site and use its features smoothly. Without them, the Website will not function.
Name Provider Duration (days)
PHPSESSID Webnode.com Visit
portal_referer Webnode.com 365
tu Webnode.com Visit
mfd Webnode.com 1
mfdp Webnode.com 3650
usi Webnode.com Visit
ubh Webnode.com 730
Marketing/third-party cookies
Marketing cookies allow the measurement and analysis of the activity of the Website. They are constantly updated based on data about the use of the Website to improve the performance of the Website.
Name Provider Duration (days)
_gcl_au Google.com 90
_ga Google.com 730
_gid Google.com 1
_uetvid Google.com 16
_uetsid Google.com 1
_fbp Facebook.com 90
UULE Google.com 1
OTZ Google.com 2
2. Contact us
Activity of the controller: processing of personal data provided during the contact
Purpose of processing: contacting and maintaining contact
Legal basis for processing: consent of the data subject [Article 6(1)(a) GDPR] and processing necessary to take steps at the request of the data subject before entering into a contract [Article 6(1)(b) GDPR]
Persons under the age of 16 may consent to the processing of personal data only through the person having parental authority over them or with his or her consent.
Data Subjects: natural persons who contact the Data Controller by e-mail, telephone, or by sending a message in the "Contact" section of the Website
Personal data processed: name (surname and forename), date and place of birth, e-mail address, home address, telephone contact details, other personal data disclosed during the contact, description of the case raised and how it was resolved, documents, electronic documents.
The Data Controller shall not use or process the personal data provided for purposes other than those set out above. Disclosure of personal data to third parties or public authorities, unless otherwise required by law, is possible with the prior explicit consent of the data subject.
Duration of data processing: until the purpose of the contract is fulfilled or until the conclusion of a contract of engagement with the contacted person
Data processors:
1. Name: Webnode AG
Identifier: CH - 170.3.036.124-0
Place of business: Badenerstrasse 47, 8004 Zurich, Switzerland
Contact e-mail: support@webnode.com
Tasks of the data processor: Provision of technical support, system administration, and system administration, and website operation
2. Name: FINGERPRINT KFT.
Headquarters: 6725 Szeged, Világos utca 17/A
Tasks of the data processor: Online hosting provider (operation of e-mail system)
Data subject's rights: the data subject
a) request information on the processing of personal data concerning him/her and access to such personal data,
b) request the rectification of personal data concerning him/her,
(c) request the erasure of personal data concerning him or her,
(d) request the restriction of the processing of personal data,
e) object to the processing of personal data,
(f) exercise the right to data portability. Pursuant to the latter right, the data subject shall have the right to obtain personal data concerning him or her and the right to have that data transmitted to another controller at the request of the Controller.
(g) the right to a judicial remedy. The data subject may lodge a complaint with the National Authority for Data Protection and Freedom of Information (hereinafter referred to as "the NPAI") or apply to the competent court.
3.
Activity carried out by the data controller: performance of legal activities (e.g.: representation of clients, legal advice, drafting of documents)
Purpose of processing: performance of a contract of engagement with a client, performance of a legal obligation, including client contact and invoicing
Legal basis for processing: the need to perform a contract to which the data subject is a party [Article 6(1)(b) GDPR], the performance of a legal obligation pursuant to Section 28(3) of the Act, Section 1(1)(e) and Sections 6-7 of the Act and Section 169(1)-(2) of the Civil Code [Article 6(1)(c) GDPR]
Data subjects: customers (clients) of the Data Controller
Personal data processed: name, address, place of residence, mother's name, date and place of birth, e-mail address, telephone number, nationality, number of identification documents (identity card, passport), number of address card, personal identification number, tax identification number, facial image, name of contact person, representative, e-mail address and telephone number, facts presented by the client (including information on the description of the case presented and the way it was resolved, documents, electronic documents)
The Data Controller shall not use or process the personal data provided for purposes other than those set out above. The disclosure of personal data to third parties or public authorities, unless otherwise required by law, is subject to the prior explicit consent of the data subject.
Duration of data processing: five years after the termination of the mandate, ten years after the countersigning of the deed in the case of countersigning of a deed, ten years after the registration of the right in the public register in the case of registration of a right to real estate [Article 53 (3) of the General Data Protection Act]. In the case of issuing an invoice, the duration of data processing is eight years from the date of the preparation of the annual report, annual accounts, or accounting statements for the financial year in question.
Data processors:
1. Name:Webnode AG
Identifier:CH - 170.3.036.124-0
Registered office:Badenerstrasse 47, 8004 Zurich, Switzerland
Contact e-mail: support@webnode.com
Tasks of the data processor: Provision of technical support, administrator and system administrator tasks, website operation
2. Name: FINGERPRINT KFT.
Location:6725 Szeged, Világos utca 17/A
Tasks of the data processor: Online hosting provider (operation of e-mail system)
Data subject's rights: the data subject has the rights set out in point 4, except for mandatory data processing
(a) request information about the processing of personal data concerning him or her and access to such personal data,
(b) request rectification of the personal data concerning him or her,
(c) request the erasure thereof,
(d) request the restriction of the processing of personal data,
e) object to the processing of personal data
(f) exercise the right to data portability. According to the latter right, the data subject shall have the right to obtain personal data concerning him or her and the right to have that data transmitted to another controller at the request of the Controller.
(g) the right to a judicial remedy. The data subject may complain to the NAIH or apply to the competent court.
Rights of the data subject
The controller shall ensure that the rights of the data subjects are respected as set out below.
The controller shall provide the data subject with the opportunity to request to exercise his or her data subject rights by any of the following means.
The controller shall comply with the data subject's request without undue delay, but in any event within one month of receipt of the request, and shall inform the data subject thereof in a concise, transparent, intelligible, and easily accessible form, in clear and plain language. The Data Controller shall also decide on the refusal of a request within that period and shall inform the data subject of the refusal, the reasons for the refusal, and the data subject's remedies in this respect.
The Data Controller shall, as a general rule, comply with the data subject's request by e-mail, but if the data subject explicitly requests this by providing his or her postal or telephone contact details, the Data Controller shall comply with the request by post or telephone. At the request of the data subject, information may be provided by telephone only if the data subject has provided proof of his or her identity. The Data Controller shall not use the postal address or telephone number of the data subject for any other purpose.
The Data Controller shall not charge any fees or expenses for the execution of the requests of the data subjects, as detailed below. However, if a new request for the same set of data is received from the data subject within one year of the previous request having been fulfilled, the Controller reserves the right to charge a fee for the fulfillment of the request in proportion to the workload involved in fulfilling the request.
a) Right to information and access:
The Data Controller shall provide the data subject, at his or her request, with the following information in a concise, transparent, intelligible, and easily accessible form, in clear and plain language:
whether the processing of his or her personal data by the Controller is ongoing;
the name and contact details of the Controller;
the processing of the data, the names and contact details of the data processors specified in points 1 to 3 above;
the personal data of the data subject processed by the Controller and their source;
the purposes for which the personal data are processed and the legal basis for the processing;
the duration of the processing;
the recipients or categories of recipients to whom or with whom the personal data have been or will be disclosed, including in particular recipients in third countries or international organizations;
the consequences of the processing;
the rights of the data subject;
the circumstances and effects of a possible personal data breach and the measures taken to deal with it.
The controller shall also, in the absence of a request by the data subject, inform the data subject by e-mail of any substantial change in the processing compared to the processing covered by this notice, the circumstances of the personal data breach, its effects and the measures taken to deal with it.
b) Right to rectification:
The controller shall, at the request of the data subject, correct inaccurate personal data relating to the data subject.
The controller shall inform any recipient to whom or with whom the personal data have been disclosed of the rectification unless this proves impossible or involves a disproportionate effort. At the data subject's request, the Controller shall inform the data subject of those recipients.
c) Right to erasure:
At the request of the data subject, the Controller shall erase personal data relating to the data subject where one of the following grounds applies:
the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
The data subject objects to the processing for the purposes for which the personal data are no longer used for the purpose for which they were collected or for which they were no longer necessary for the processing;
the personal data have been unlawfully processed by the Controller;
the personal data must be erased to comply with a legal obligation under Union or Hungarian law applicable to the Controller.
The Controller shall inform all recipients to whom or with whom the personal data have been disclosed of the erasure unless this proves impossible or involves a disproportionate effort. At the request of the data subject, the Controller shall inform the data subject of those recipients.
d) Right to restriction of processing:
At the request of the data subject, the Controller shall restrict processing if one of the following conditions is met:
the data subject contests the accuracy of the personal data - in which case the restriction shall apply for a period of time which allows the Controller to verify the accuracy of the personal data;
the processing is unlawful, but the data subject opposes the erasure of the data and requests instead the restriction of their use;
the Controller no longer needs the personal data for the purposes of the processing but the data subject requires them for the establishment, exercise, or defense of legal claims.
The controller shall inform all recipients to whom or with whom the personal data have been disclosed of the restriction unless this proves impossible or involves a disproportionate effort. At the request of the data subject, the Controller shall inform the data subject of those recipients.
e) Right to data portability:
The Controller shall, at the request of the data subject, make available to the data subject personal data relating to the data subject which the data subject has provided. The Data Controller further undertakes that the data subject may transfer these personal data to another controller without the Data Controller's hindrance.
(f) Right to remedy:
If the data subject considers that the Data Controller has infringed his or her right to the protection of personal data in the course of processing, he or she may, in accordance with the applicable law, seek redress from the competent authorities, i.e. lodge a complaint with the NAIH (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; postal address: 1530 Budapest, Pf. The controller undertakes to cooperate fully with the court concerned or the NAIH in these proceedings and to disclose the data relating to the processing to the court concerned or the NAIH.
The controller also undertakes to compensate for any damage caused by unlawful processing of the personal data of the data subject or by a breach of data security requirements. In case of violation of the data subject's right to privacy, the data subject may claim damages. The controller shall be exempted from liability where the damage was caused by an unavoidable cause outside the scope of the processing and where the damage or harm caused by the infringement of the personality right results from the intentional or grossly negligent conduct of the data subject.
Mixed provisions
The Data Controller undertakes to ensure that any processing of data relating to its activities complies with the requirements set out in this notice, in its internal rules which have the same requirements as this notice and in applicable law.
The Data Controller reserves the right to modify this Privacy Notice at any time, by informing the data subjects of any changes on the Website.
Last updated: 22.05.2024.