Last modified: 11 March 2024
1. GENERAL INFORMATION
The SimpLEGAL Madocsai Law Firm and Dr. Dániel Necz Law Firm (hereinafter collectively referred to as the “Law Firms” or “Controllers”, each a “Law Firm” or “Controller”) process information classified as personal data under Article 4 (1) of the EU General Data Protection Regulation 2016/679 (“GDPR”) regarding their clients and contractual partners, as well as the representatives and contact persons of these and other persons as specified in this Privacy Policy (the “Policy”) (collectively, the “data subject(s)”).
This Policy provides information on the processing of such personal data and on the data subjects’ rights and legal remedies in relation to the processing.
Law Firms’ contact details:
Madocsai Law Firm
Registered seat: Hungary, 1076 Budapest, Garay street 1 FL UNIT 1
Registration number at the Budapest Bar Association: 36072460
The Law Firm is registered at the Budapest Bar Association.
Mail address: madocsai.kinga@simplegal.hu; kinga.madocsai@simplegal.eu
The representative of the Law Firm and her contact details: dr. Kinga Madocsai attorney-at-law, please see her contact details above.
Dr. Necz Dániel Law Firm
Registered seat: Hungary, 1096 Budapest, Lenhossék street 3. 1H:E 1st floor 1.
Registration number at the Budapest Bar Association: 36066103
The Law Firm is registered at the Budapest Bar Association.
Mail address: necz.daniel@simplegal.hu; daniel.necz@simplegal.eu
The representative of the Law Firm and his contact details: dr. Dániel Necz attorney-at-law, please see his contact details above.
For new client enquiries, please contact Madocsai Law Firm or Dr. Kinga Madocsai and use the firm’s main e-mail address (info@simplegal.hu); the contact details of Dr. Dániel Necz Law Firm are for the guidance of former and existing clients only.
The website of SimpLEGAL: https://simplegal.hu/ (“Website”).
The Website is operated by the SimpLEGAL Madocsai Law Firm, but it also includes the cooperation partner of the SimpLEGAL Madocsai Law Firm, Dr. Necz Dániel Law Firm. It should be emphasised that in addition to the Website, the SimpLEGAL Webshop (https://simplegal.hu/webshop) is also operated by the SimpLEGAL Madocsai Law Firm, acting as a sole data controller in this respect, so please contact SimpLEGAL Madocsai Law Firm for further information regarding the operation of the Website and the SimpLEGAL Webshop.
It should also be stressed that the lawyers of the Law Firms (Dr. Kinga Blanka Madocsai and Dr. Dániel Necz) are also each other’s substitute lawyers, but the Law Firms will inform the clients concerned and their representatives of the fact of any substitution.
What data are considered personal data?
Personal data is any information relating to an identified or identifiable natural person (the data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Thus, for example, personal data include the name, e-mail address of the data subject (e.g. a client, opponent or contracting party’s representative) and data related to the engagement for that client (e.g. the fact and nature of the engagement). In addition, the rules applicable to legal privilege apply to data relating to the lawyer’s engagement, including non-personal data.
What personal data are classified as special categories of personal data?
Special categories of personal data include personal data referring to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Who can be a data subject?
The Law Firms may, in particular, but not exclusively, process the data of the following natural persons:
This Data Processing Policy does not contain information related to the data processing carried out in connection with the personal data of employees or applicants for jobs advertised by the Law Firm.
The role of the Law Firms in relation to processing of personal data:
Controller refers to the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; and where two or more controllers jointly determine the purposes and means of processing, they are joint controllers and joint processing takes place. The controller is primarily responsible for the processing, while joint controllers are jointly and severally liable, i.e. the data subject may enforce his or her rights against any of the joint controllers.
Processor refers to the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. The processor is only liable for damages caused by the processing if it did not comply with the obligations specifically imposed on processors in the GDPR or other mandatory statutory provisions, or if it disregarded or acted contrary to the controller’s legitimate instructions.
The above Law Firms act as sole controllers and data subjects may submit their data protection-related requests to the Law Firm processing personal data in the given case (especially the Law Firm handling the given case, contracting with the given person or an organization it represents or communicating with the data subject), at the contact details of each Law Firm provided in this Policy. The Website and the SimpLEGAL Webshop, as well as the info@simplegal.hu e-mail account are operated and managed by SimpLEGAL Madocsai Law Firm, therefore requests concerning the operation or data processing related to the Website and the SimpLEGAL Webshop should be addressed to SimpLEGAL Madocsai Law Firm.
We also emphasise that the Law Firms do not qualify as joint controllers with their clients and, not including those exceptional cases where the Law Firms carry out ancillary activities to practicing law, nor do they act as processors for the clients or for other persons, but rather as independent controllers, as set forth in this Policy. In exceptional cases where the Law Firms or one of them would qualify as a processor of the client, the relevant client, as the controller, must inform the data subjects in consultation with the Law Firms or Law Firm, and in cases where the Law Firms or any of them act as joint controllers together with a third party, the joint controllers will prepare and provide separate data protection policies to the data subjects.
2. UPDATE AND AVAILABILITY OF THE POLICY
The Law Firms reserve the right to unilaterally amend this Policy with effect from the date of such amendment, subject to the restrictions set out in the applicable laws, and with prior policy to data subjects, as appropriate.
This Policy may be amended, in particular, as a result of a change in the law, data protection authority practices, a business need, a new data processing purpose, a newly discovered security risk or data subject feedback. When communicating regarding matters concerning this Policy or data protection issues, as well as otherwise in contact with data subjects, the Law Firms may use the contact details of data subjects provided to the Law Firms for contact and communication purposes. Upon request, the Law Firms will, for example, send a copy of the Policy in force at any time to data subject or certify that data subjects are aware of the Policy.
3. SPECIFIC DATA PROTECTION TERMS
In the course of their data processing activities, the Law Firms must, in addition to their other legal obligations, comply with the legal obligations provided for in the following laws and Bar Association regulations:
These laws and bar association regulations define in detail and comprehensively the operations that involve the processing of personal data. The purpose of this Policy is to outline these processing operations in a comprehensible manner, however, it is not possible to describe certain details for reasons of length, so we have provided a short form only to the extent required for data subjects to have a general understanding, with a reference to the relevant statutory provision. The Law Firms are able to provide further details of the processing operations specified in the above rules and all other processing operations at the above contact details, as well as if you contact the Law Firms in person (for example, when performing client identification in person).
The Law Firms obtain any personal data relating to their clients primarily from the client – the client’s freely given data disclosure – or with respect to the client from a third party authorised to provide the personal data by the client and/or a person authorised to disclose data by statutory authorisation. Other sources of data processed by the Law Firms may be, for example, a public register, a court, an authority, or another data subject.
If a person is not entitled to provide certain personal data on their own, they must obtain the consent of the third party (e.g. a legal representative, guardian or other person on whose behalf they are acting) or provide another appropriate legal basis for providing the data, and to comply with any other data protection and data security requirements. In this context, the person providing the data must consider whether the consent of the third party is required in connection with the provision of the personal data in question. On occasion, the Law Firms will not come into direct contact with the data subject, so compliance with this clause must be ensured by the person providing the personal data concerning the data subject. Nevertheless, the Law Firms have the right to check, at all times, whether the appropriate legal basis for the processing of any particular personal data exists. For example, if the person providing the data acts on behalf of a third party, the Law Firms have the right to request the power of attorney and/or the due consent of the data subject with regard to the specific case.
4. DESCRIPTION OF DATA PROCESSING OPERATIONS – SCOPE OF DATA PROCESSED BY THE LAW FIRMS, PURPOSES OF PROCESSING, LEGAL BASIS FOR THE PROCESSING AND DURATION OF THE PROCESSING
For a detailed description of the scope of data processed by the Law Firms, the purposes of, the legal basis for, the duration and other circumstances of the processing please refer to the table that can be downloaded from the link below.
SimpLEGAL – Data processing activities – detailed table of data processing information
If processing is necessary for the purposes of the legitimate interests pursued by the Law Firms or by a third party, the interest assessment test used to establish the legitimate interest will be provided by the Law Firms upon a request submitted to one of the above contact details.
The Law Firms expressly draw the attention of data subjects to the fact that the data subject shall at any time have the right to object on grounds relating to his or her particular situation to processing of personal data based on the ground of the Law Firms’ legitimate interest. In such case, the Law Firms shall no longer process the personal data unless they demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
The primary purpose of the processing of personal data concerning a client and third parties in connection with the engagement of the Law Firms is to perform the engagement and to comply with the instructions of the client and to carry out any operations directly connected with the engagement and the purpose and interests of the client, as well as to comply with all applicable laws, including performance of any decision of any person, organisation or public body entitled to issue an official, court or other binding mandatory regulation.
The duration of each processing activity is essentially determined on the basis of the Act on Attorneys and the applicable Bar Association regulations, as well as the following statutes:
5. DATA PROCESSORS
The Law Firms use the services of the following contractual partners to perform tasks related to data processing operations. The contractual partner acts as a so-called “processor”: it processes the personal data specified in this Policy on behalf of the Law Firms.
The Law Firms may only use processors that provide adequate guarantees, in particular in terms of expertise, reliability and resources, that they will implement technical and organisational measures to ensure compliance with the requirements of the GDPR, including the security of processing. The specific tasks and responsibilities of the processor are regulated by the contract between the Law Firms and the processor. After processing the data on behalf of the Law Firms, the processor shall, at the choice of the Law Firms, return or erase the personal data unless the EU or Member State law applicable to the processor provides for the storage thereof.
| The processor | Activity |
|
Németh Numerus Adótanácsadó Kft. 1146 Budapest, Dózsa György út 11. fszt. 2., Hungary ber@nnnbt.net www.nnnbt.hu |
Preparation of tax returns and tax and accounting advice to the Law Firms, based on a service agreement concluded for an indefinite term. In performing her tasks, the processor has access to the data processed by the Law Firms that is relevant for the purpose of accounting, as well as data necessary for answering the specific tax and accounting question. This is primarily data concerning all economic events whose impact on the assets or profits of the Law Firms must be disclosed under the Accounting Act. |
|
Tresorit AG 3 Minervastrasse, 8032 Zürich, Switzerland Service provider in the EU: Tresorit Kft. Köztelek utca 6., 1092 Budapest, Hungary support@tresorit.com |
The ultra-safe cloud service provider of the Law Firms, specifically designed to guarantee the protection of clients’ digital assets and the files handled by the Law Firms through the highest security-rated cloud technology, end-to-end encryption and zero-knowledge protection. Tresorit enables cloud-based file transfer (data sharing) via encrypted links for clients who share personal data and documents (such as contracts) with the Law Firms for the purpose of electronic data sharing, as part of the lawyers’ engagement through the “file request” function of the Tresorit application. |
|
Cybot A/S Havnegade 39 1058 Copenhagen Denmark mail@cookiebot.com |
The GDPR compliant cookie banner service provider of the SimpLEGAL Madocsai Law Firm stores the data of the Website’s users specified in the Cookie policy. The service provider stores the data in the data center with Cybot’s cloud vendor, Microsoft Ireland Operations Ltd. in Dublin, Ireland. |
|
Batori Group Kft. 1054 Budapest, Szabadság tér 7. iroda@batorigroup.eu |
The SimpLEGAL Madocsai Law Firms’ web hosting provider. |
6. DATA TRANSFER TO OTHER CONTROLLERS
The Law Firms transfer personal data to the following additional controllers. The organisations act as controllers, i.e. they can determine the purpose of the processing of personal data, either individually or together with others, and may make and implement decisions regarding data processing (including the device) or have them implemented by the processor they use.
Recipient of data transfer: Law firms cooperating with the Law Firms in certain cases, individual attorneys, European Community lawyers and advisers, substitute lawyers, other experts.
Activity: practicing law, European Community legal or other advisory assistance and, where appropriate, the provision of expertise.
Legal basis of data transfer: GDPR Article 6 (1) (f) (legitimate interest of the Law Firms or third parties, in particular that of the client (principal) concerned). It is in the legitimate interest of the Law Firms to seek the assistance of law firms, individual lawyers, European Community lawyers or other advisers when necessary for the provision of expert or other specialist advice. All this is, of course, also the legitimate interest of the client concerned in the specific case, considering that in the absence of such consultation the engagement could not be, or would not be properly performed. Contracting partners will be informed of the identity, and, where appropriate, the qualifications of additional law firms, individual lawyers, European Community lawyers and advisers, taking into account the specificities of the contact, and the Law Firms will take the utmost account of the requests of their contracting partners when selecting the above persons.
In addition to the above, in connection with the following solutions, the following service providers have access to the data of the data subjects related to the use of the given solution:
7. DATA PROTECTION RIGHTS AND REMEDIES OF THE DATA SUBJECTS
7.1 Data protection rights and remedies of the data subjects
The data protection rights and remedies of the data subjects are listed in the relevant provisions of the GDPR (in particular Art. 15, 16, 17, 18, 19, 20, 21, 77. 78, 79, 80 and 82 of the GDPR). The following is a summary of the key provisions and, accordingly, the Law Firms will inform data subjects about their rights and remedies regarding data processing. The Law Firms specifically draw the attention of the data subjects to their right to object (please see point 7.8).
The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.
The Law Fims shall provide information on action taken on a request under Articles 15 to 22 to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The Law Firms shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.
If the Law Firms do not take action on the request of the data subject, the Law Firms shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
7.2 Right of access by the data subject
The data subjects shall have the right to obtain from the Law Firms confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
Where personal data are transferred to a third country or an international organisation, data subjects shall have the right to be informed of the information and appropriate safeguards relating to the transfer.
The Law Firms shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the Law Firms may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by him or her, the information shall be provided in a commonly used electronic form.
The data subject’s right of access may be exercised within the limits of the confidentiality rules of attroney-client priviledged information.
The Law Firms underline that they do not use automated decision-making or profile the data subjects based on the data available to them. Should automated decision-making or profiling occur in the future, Law Firms will inform those concerned by amending this data protection notice or by providing information tot he data subjects separately in accordance with the GDPR and other applicable legal provisions.
7.3 Right to rectification
The data subject shall have the right to obtain from the Law Firms without undue delay the rectification of inaccurate personal data concerning him or her. Furthermore, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
7.4 Right to erasure („right to be forgotten”)
Data subjects have the right to request that the Law Firms delete personal data concerning them immediately if one of the following reasons applies:
Where the Law Firms have made the personal data public and are obliged to erase the personal data, the Law Firms, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The above provisions shall not apply to the extent that processing is necessary, among others:
7.5 Right to restriction of processing
The data subject shall have the right to obtain from the Law Firms restriction of processing where one of the following applies:
Where processing has been restricted based on the above provisions, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
A data subject who has obtained restriction of processing shall be informed by the Law Firms before the restriction of processing is lifted.
7.6 Notification obligation regarding rectification or erasure of personal data or restriction of processing
The Law Firms shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The Law Firms shall inform the data subject about those recipients for request.
7.7 Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the Law Firms, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Law Firms to which the personal data have been provided, where
In exercising his or her right to data portability based on the above, the data subject shall have the right to have the personal data transmitted directly from one controller to another (e.g. from the Law Firms to another controller), where technically feasible.
The exercise of the right to data portability shall not be without prejudice to the right to erasure („right to be forgotten”) and shall not adversely affect the rights and freedoms of others.
7.8 Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on the legitimate interest of the Law Firms or is necessary for the performance of a task carried out in the exercise of official authority. In this case, the Law Firms shall no longer process the personal data unless they demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for there purposes.
Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
Where personal data are processed for scientific or historical research purposes or statistical purposes, the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
7.9 Right to lodge a complaint with a supervisory authority
The data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to you infringes the GDPR.
Further information regarding the supervisory authorities that are competent in the Member States can be found on the European Data Protection Board’s website by clicking here.
The competent authority in Hungary: Hungarian National Authority for Data Protection and Freedom of Information (website: www.naih.hu; address: Hungary,1055 Budapest, Falk Miksa street 9-11.; postal address: Hungary, 1363 Budapest, p.o.b. 9.; phone: +36-1-391-1400; fax: +36-1-391-1410; e-mail: ugyfelszolgalat@naih.hu).
7.10 Right to an effective judicial remedy against a supervisory authority
The data subject shall have the right to an effective judicial remedy against a legally binding decision of a supervisory authority concerning him or her.
The data subject shall have the right to an effective judicial remedy where the supervisory authority which is competent or outcome of the complaint lodged does not handle a complaint or does not inform the data subject within three months on the progress or outcome of the complaint lodged.
Proceedings against a supervisory authority shall be brought before the courts of the Member State where the supervisory authority is established.
7.11 Right to an effective judicial remedy against the Law Firms
Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority, each data subject shall have the right to an effective judicial remedy where he or she considers that his or her rights under GDPR have been infringed as a result of the processing of his or her personal data in non-compliance with this GDPR.
Proceedings against the Law Firms shall be brought before the courts of the Member State where the Law Firms operate (in Hungary). Alternatively, such proceedings may be brought before the courts of the Member State where the data subject has his or her habitual residence. Such a lawsuit falls within the competence of the regional courts (törvényszék) in Hungary. The action may also be brought before the court competent at the place where the data subjects resides or stays. More information on the competent regional courts and their contact details can be found on the following website: www.birosag.hu.
7.12 Charging of a reasonable fee in connection with answering data protection inquiries and completing data subject requests, refusal of taking the requested action
Information provided on the processing of personal data (information under GDPR Articles 13 and 14) and any communication and any actions taken in connection with data subject rights (under Articles 15 to 22) and personal data breaches (under Article 34) shall be provided free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the Law Firms may – taking into account the administrative costs of providing the information or communication or taking the action requested – either:
The Law Firms shall bear the burden of demonstrating the manifestly unfounded or excessive character of the request.
8. COOKIES AND TERMS OF USE
For more information on the cookies applied and the terms of use of the Website, please see the Cookie Policy and the Terms of Use.