Privacy Statement

The purpose of this privacy statement is to provide preliminary information for the users (hereinafter referred to as the ‘User(s)’ or ‘Data Subject(s)’) of the website www.panszky.hu (hereinafter referred to as the ‘Website’) concerning the data and facts related to the data processing performed on and by the Website.

The Users are not required to provide their personal data in order to get access to the Website; however, the use of certain services of the Website may be subject to the provision of personal data.

Hereby please kindly be informed that your personal data will be processed confidentially, in accordance with the prevailing data protection laws and regulations, under the term of this privacy statement by Pánszky Law Office (1026 Budapest, Gábor Áron u. 16., tax number: 18111978-2-41; registered by the Budapest Bar Association under reg. no. 1455; represented by dr. PÁNSZKY Gyula attorney-at-law; hereinafter referred to as the ‘Data Controller’).

Data processing methods on the Website

Website visitors’ data – server log files
The data recorded in the log files during the process of use of the Website are stored and used for technical (e.g., analysis of the safe operation of servers, subsequent controls, identification, prevention and investigation of attacks against the Website) and statistical purposes only. To this end, the internet service provider of the Website records and logs automatically the so-called server log file information, transferred to us by your web browser. These series of data will not be combined with other information from different sources by the Data Controller, suitable to identify the data, subject natural person. Should we become aware of any specific suspicion concerning the illegal or unlawful use of the Website, we reserve the right to evaluate these data subsequently.

Communication
Should you have any question or should you need any further information about the Data Controller or its services, you may contact the Data Controller by filling out the appropriate contact sheet during the use of the Website.

The scope of the data processed: name, e-mail address
The purpose of data processing: to answer the User’s questions, to provide the requested information
The legal basis of data processing: the voluntary consent of the Data Subject
The term of data processing: the personal data provided shall be deleted within 30 days following the provision of the answer or the information.

Data processing for marketing purposes
In the course of the use of the Website, the Users may subscribe to the newsletter of the Data Controller. Subscription is voluntary. The User may cancel his/her subscription at any time.

The scope of the data processed: surname, family name, e-mail address
The purpose of data processing: to send electronic newsletters to the Users about the most current information, news, changes of laws and regulations.
The legal basis of data processing: The legitimate interest of the Data Controller to provide its clients (potential, future and ex-clients) with newsletters containing professional information, news and data of legal changes.
The term of data processing: as long as the newsletter service is provided or until the cancellation of subscription to the newsletter.

The use of cookies on the Website
The proper operation of the Website may require the use and storage on your computer of specific data files (the so-called ‘cookies’), similarly to other websites and internet service providers.

What are cookies?
The cookies are small text files that are stored by the Website on the computer or mobile device of the User. The cookies enable the storage of your operations and personal settings (e.g. username, language, the size of letters and other individual settings related to the display of the Website) for a certain period of time, so that you don’t need to enter such settings every time when you visit our website or when you navigate from one site to the other.

What type of cookies do we use?

In the course of your visit to the Website, the following types of cookies are used:

Session cookies
These cookies are required to the navigation on our website and enable you to login to our client side.

Persistent cookies
These cookies enable us to recognize your web browser when you visit our website for the next time.

Performance cookies
By using these cookies we can collect anonymized data concerning your website using habits. These cookies register the links and subpages you visit. These cookies enable us to handle your preferences more precisely when you visit our website for the next time, and thus, to provide you with information and offers that fit your interest.

Functionality cookies
These cookies store your settings (like language or the size of letters) you entered on our website to improve the functionality thereof for the sake of your comfort and convenience.

Third party cookies
These cookies collect anonymized information concerning your user habits on our and other websites. Also, Google Analytics uses third-party cookies of which more detailed information is provided hereunder.

Google Analytics
This website is using Google (Universal) Analytics, the web-analyzing service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Analytics uses cookies that analyze the use of our website.

Google, including Google Inc. and its wholly-owned US subsidiaries, has certified that it adheres to the relevant Privacy Shield Principles, including for Google Analytics.

The information collected through the cookies (including your IP address and the URL addresses of the websites you visited) are used by Google for our interest, to analyze your user habits on the website, to compile reports on your activities on the website and to provide services for us related to the website and internet use. The anonymized IP address transferred by Google Analytics about your web browser will not be combined with other data stored by Google.

For further information concerning Google Analytics cookies, please visit this link.

You may prevent the collection and processing of cookie-generated data concerning the use of the website (including your IP address) by Google by means of downloading and installing the browser plugin from this link.

The legal basis for the use of cookies is your consent and our legitimate interest to achieve the specific goals described with respect to the single types of cookies.

Manage cookies
You may manage and/or delete cookies at your discretion. For the related information, please visit aboutcookies.org. You may delete all cookies stored on your computer and block the use thereof in most of the browsers by changing the settings of the browser in a way to prohibit the placement of unique identifiers on the User’s computer (the method of change of settings depends on the browser, but usually it may be made in the settings/internet settings menu point). However, if you change the settings of your browser, you might have to make some setting manually whenever you visit a website; furthermore, certain functions and services of the website may be unavailable for you or may be available with limited functionality only (for example in case of customized solutions).

Processing of job applicants’ data
The purpose of data processing
The purpose of data processing is to fill the vacant job the Data Controller has invited applicants to, and thus, the identification of and communication with applicants (hereinafter referred to as ‘Applicants’ or ‘Data Subjects’), checking the existence of the work experience, qualification or other skills required to the occupation of the job.

The scope of the data processed:
A) surname, family name, e-mail address, phone number – and any further data provided by the Data Subject
B) conclusions drawn from the evaluation of professional suitability

The legal basis of data processing:
With respect to point A) hereinabove, the consent of data subject – by sending their applications, the Applicants grant their consent to the processing of their personal data by the Data Controller in line with the provisions hereof.
With respect to point B) hereinabove, the legitimate interest of the Data Controller.

The term of data processing:
The data will be processed by the Data Controller until the achievement of the purposes of data processing; namely, once the Data Controller has selected the suitable applicant to occupy the vacant job, the personal data of other Applicants will be deleted within 5 working days following the closing of the selection procedure. This provision shall not apply if the Applicant withdraws his/her application and requests the deletion of his/her personal data, or if he/she gives expressed consent to the processing of his/her personal data by the Data Controller for a more extended, definite period of time.

In case of an expressed consent, the Data Controller will store the personal data listed in point A) hereinabove of unsuccessful applicants for additional 6 months to be able to inform them of any opening positions within this period.

Entrusting data processors
For the above purposes, the Data Controller uses the services of the following data processor:

Data Processor used for the provision of web hosting services

Name and contact details of Data Processor: WebDesign Kft. Phone/Fax: +36 1 323-1074/75; Tax number: 11889630-2-13; corporate reg. no.: 13-09-178049; registered seat: 2000 Szentendre, Fenyő utca 10/A.)

Activity related to data processing: web hosting services

Data transfer
Unless provided otherwise herein, data will not be transferred to third parties.

Data security
The Controller and the data processor(s) shall handle the Users’ personal data in a confidential manner and observe the prevailing data protection laws and regulations, in particular Act CXII of 2011 on Informational Self-Determination and Freedom of Information, Act VI of 1998 on the ratification of Strasbourg Convention of 28 January 1981 for the Protection of Individuals with regard to Automatic Processing of Personal Data and Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

In order to ensure the safe processing of data, the Data Controller shall take all IT and other measures required to the safe and secure storage, processing and transfer of data. The Data Controller shall take the expectable measures to protect the personal data processed by it against unauthorized use, alteration, disclosure, deletion, damage or destruction and to ensure the technical conditions required thereto.

The persons authorized to have access to data: The data provided by the Users will be available only for the Data Controller and its employees and agents, the performance of whose tasks and duties require the knowledge of such data.

The rights of the data subject
You are entitled to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information:
(a) the purposes of data processing:
(b) categories of the affected personal data;
(c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
(d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
(f) the right to lodge a complaint with a supervisory authority;
(g) where the personal data are not collected from the data subject, any available information as to their source;
(h) the existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Upon request, the Data Controller shall provide you with a copy of the personal data undergoing processing.

You may request at any time the correction or supplementation of erroneous personal data; the Data Controller shall take the requested measures without undue delay.

You are entitled to withdraw your consent to data processing at any time. The consent may be withdrawn by canceling the subscription by using the adequate link or, in any other case of data processing, by sending your request for canceling the subscription to the Data Controller, as described herein. In case you cancel your subscription / withdraw your consent, the Data Controller shall delete your personal data from its registration within 5 working days from the cancellation / withdrawal.

Your consent to the storage of cookies may be withdrawn according to the method described in the section titled ‘Manage cookies’ herein.

The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Upon the request of the Data Subject, the Data Controller shall delete the personal data concerning him or her, without undue delay, if

– the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
– the Data Subject withdraws consent on which the processing is based, and there is no other legal ground for the processing;
– the processing of the personal data is for direct marketing purposes, and the Data Subject objects to the processing, and there are no overriding legitimate grounds for the processing;
– the personal data have been unlawfully processed; or
– the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

Where the Data Controller has made the personal data public and is obliged pursuant to the present section to erase the personal data, the Data Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform data processors which are processing the personal data, that the Data Subject has requested the erasure by such processors of any links to, or copy or replication of, those personal data.

The above provisions shall not apply to the extent that processing is necessary:

(a) for exercising the right of freedom of expression and information;
(b) for compliance with a legal obligation which requires processing by Union or Member State law to which the Data Controller is subject or for the performance of a task carried out in the public interest or the exercise of official authority vested in the Data Controller;
(c) for reasons of public interest in the area of public health;
(d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, in so far as the right to deletion is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(e) for the establishment, exercise or defense of legal claims.

The Data Controller shall restrict data processing upon the request of the Data Subject, if

– the accuracy of the personal data is contested by the Data Subject, for a period enabling the Data Controller to verify the accuracy of the personal data;
– the processing is unlawful, and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;
– the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims; or
– if the processing of personal data takes place for direct marketing purposes and the Data Subject has objected to processing; in this case, the restriction shall be valid as long as it is verified whether the legitimate grounds of the controller override those of the Data Subject.

Where processing has been restricted according to the above, such personal data shall, with the exception of storage, only be processed with the Data Subject’s consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. A Data Subject, who has obtained restriction of processing pursuant to the above provisions, shall be informed by the Data Controller before the restriction of processing is lifted.

In addition to the above, the Data Subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Controller without hindrance from the controller to which the personal data have been provided.
Requests may be submitted via post, addressed to 1026 Budapest, Gábor Áron u. 16., or via e-mail, sent to office@panszky.hu.

For the sake of identification, correct and specific personal data shall be provided.

The Data Controller shall notify the Data Subject of the measures taken upon the request for exercising his/her rights without undue delay, but in any case, within 30 days of the receipt of the request.
Where the Data Subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the Data Subject.

The correction, restriction, and deletion of data shall be reported by the Data Controller to the concerned Data Subject and those, to whom the affected data were previously transmitted for data processing purposes.

If the Data Controller does not take action on the request of the Data Subject, the Data Controller shall inform the Data Subject without delay and at the latest within 30 days of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

The User shall have the right to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her, which is based on a legitimate interest. In such a case, the Data Controller may no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

A Data Subject, who has obtained restriction of processing pursuant to the above provisions, shall be informed by the Data Controller before the restriction of processing is lifted.

The Data Controller shall suspend the data processing and examine the objection within the shortest possible deadline, but within maximum 30 days and inform the requesting party of the result thereof in writing. If the objection is well-grounded, the Data Controller shall terminate the processing (including any further collection or transfer of data) and shall restrict the affected data. Furthermore, it shall notify of the objection and the measures taken in response thereto those, to whom the personal data affected by the objection were transmitted previously; these recipients shall also provide for the enforcement of the right to object.

In case of infringement of the rights described hereinabove, the Data Subject may turn to a court or the Hungarian National Authority for Data Protection and Freedom of Information.

Hungarian National Authority for Data Protection and Freedom of Information
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
www: http://www.naih.hu
e-mail: ugyfelszolgalat@naih.hu

The Data Controller reserves the right to amend this Privacy Statement unilaterally, provided that preliminary notice to the Users shall be given thereof. By using the service following the effective date of such amendment the User accepts the amended privacy statement.

Budapest, 25 May 2018